Warn when the number of allocated parameters for the jail argv does not
match the number of used parameters. This normally leads to a buffer
overflow.
Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
---
service/instance.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/service/instance.c b/service/instance.c
index 4bb2207..3098ff3 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -337,8 +337,12 @@ instance_run(struct service_instance *in, int _stdout, int
_stderr)
ULOG_WARN("Seccomp support for %s::%s not available\n",
in->srv->name, in->name);
#endif
- if (in->has_jail)
+ if (in->has_jail) {
argc = jail_run(in, argv);
+ if (argc != in->jail.argc)
+ ULOG_WARN("expected %i jail params, used %i for
%s::%s\n",
+ in->jail.argc, argc, in->srv->name, in->name);
+ }
blobmsg_for_each_attr(cur, in->command, rem)
argv[argc++] = blobmsg_data(cur);
--
2.20.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
