packages/lcr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix invalid args len set in execute lxc attach

Browse Source 
(cherry picked from commit 16b18817baff82a8672ad20cc74c41b84d7344a8)
This commit is contained in:
武积超 2024-10-17 20:13:24 +08:00 committed by openeuler-sync-bot
parent b8814d57e4
commit c6ab3f9955
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
0023-fix-invalid-args-len-set-in-execute_lxc_attach.patch Normal file
View File

@ -0,0 +1,32 @@
From e2c58d317e4f1b8cff2fc5221110544038ee7030 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 8 Jul 2024 12:32:59 +0000
Subject: [PATCH 23/23] fix invalid args len set in execute_lxc_attach
Signed-off-by: jikai <jikai11@huawei.com>
---
src/lcrcontainer_execute.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c
index 6c1f9fc..45f0203 100644
--- a/src/lcrcontainer_execute.c
+++ b/src/lcrcontainer_execute.c
@@ -840,7 +840,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
exit(EXIT_FAILURE);
}
- args_len = args_len + request->args_len + request->env_len;
+ if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2
+ || args_len + request->args_len > SIZE_MAX - request->env_len * 2) {
+ COMMAND_ERROR("Too many arguments");
+ exit(EXIT_FAILURE);
+ }
+
+ args_len = args_len + request->args_len + request->env_len * 2;
if (args_len > (SIZE_MAX / sizeof(char *))) {
exit(EXIT_FAILURE);
--
2.33.0

9
lcr.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.9 %global _version 2.0.9
%global _release 10 %global _release 11
%global _inner_name isula_libutils %global _inner_name isula_libutils
Name: lcr Name: lcr
@ -34,6 +34,7 @@ Patch0019: 0019-300-add-blkio-info-for-runtime-stats.patch
Patch0020: 0020-drop-atomic-config-write-for-partial-file-does.patch Patch0020: 0020-drop-atomic-config-write-for-partial-file-does.patch
Patch0021: 0021-remove-lcr-created-spec-only-if-create-failed.patch Patch0021: 0021-remove-lcr-created-spec-only-if-create-failed.patch
Patch0022: 0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch Patch0022: 0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch
Patch0023: 0023-fix-invalid-args-len-set-in-execute_lxc_attach.patch
%define lxcver_lower 4.0.3-2022102400 %define lxcver_lower 4.0.3-2022102400
%define lxcver_upper 4.0.3-2022102500 %define lxcver_upper 4.0.3-2022102500
@ -117,6 +118,12 @@ rm -rf %{buildroot}
%{_includedir}/%{_inner_name}/*.h %{_includedir}/%{_inner_name}/*.h
%changelog %changelog
* Thu Oct 17 2024 wujichao<wujichao1@huawei.com> - 2.0.9-11
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix invalid args len set in execute lxc attach
* Tue Jun 11 2024 jikai<jikai11@huawei.com> - 2.0.9-10 * Tue Jun 11 2024 jikai<jikai11@huawei.com> - 2.0.9-10
- Type:enhancement - Type:enhancement
- CVE:NA - CVE:NA