[lxc-devel] [PATCH 1/6] fix integer overflow in setproctitle
Stéphane Graber
stgraber at ubuntu.com
Mon Apr 13 21:50:52 UTC 2015
On Mon, Apr 13, 2015 at 02:35:03PM -0600, Tycho Andersen wrote:
> 1. don't cast to long
> 2. check overflow before addition
>
> v2: just remove the cast, don't change the type of the variables
>
> Reported-by: Coverity
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/utils.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index 1df6e8f..084b556 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -1644,15 +1644,21 @@ int setproctitle(char *title)
> if (len >= arg_end - arg_start) {
> env_start = env_end;
> }
> +
> + /* check overflow */
> + if (arg_start + len < 0) {
> + return -1;
> + }
> +
> arg_end = arg_start + len;
> }
>
> strcpy((char*)arg_start, title);
>
> - ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, (long)arg_start, 0, 0);
> - ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, (long)arg_end, 0, 0);
> - ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, (long)env_start, 0, 0);
> - ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, (long)env_end, 0, 0);
> + ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, arg_start, 0, 0);
> + ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, arg_end, 0, 0);
> + ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env_start, 0, 0);
> + ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env_end, 0, 0);
>
> return ret;
> }
> --
> 2.1.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150413/e27fea0e/attachment.sig>
More information about the lxc-devel
mailing list