[lxc-devel] [PATCH 1/6] fix integer overflow in setproctitle
Tycho Andersen
tycho.andersen at canonical.com
Mon Apr 13 20:35:03 UTC 2015
1. don't cast to long
2. check overflow before addition
v2: just remove the cast, don't change the type of the variables
Reported-by: Coverity
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
src/lxc/utils.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 1df6e8f..084b556 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1644,15 +1644,21 @@ int setproctitle(char *title)
if (len >= arg_end - arg_start) {
env_start = env_end;
}
+
+ /* check overflow */
+ if (arg_start + len < 0) {
+ return -1;
+ }
+
arg_end = arg_start + len;
}
strcpy((char*)arg_start, title);
- ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, (long)arg_start, 0, 0);
- ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, (long)arg_end, 0, 0);
- ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, (long)env_start, 0, 0);
- ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, (long)env_end, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, arg_start, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, arg_end, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env_start, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env_end, 0, 0);
return ret;
}
--
2.1.0
More information about the lxc-devel
mailing list