diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-22 15:26:53 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-22 15:53:34 -0300 |
| commit | 615ce15623d152122f7bf8369d834c3561b1e468 (patch) | |
| tree | f952e837aebbfe55d7d8143e11e1833a25b8ba49 /src | |
| parent | util.c: [ref] move group find/copy into new functions (diff) | |
| download | firejail-615ce15623d152122f7bf8369d834c3561b1e468.tar.gz firejail-615ce15623d152122f7bf8369d834c3561b1e468.tar.zst firejail-615ce15623d152122f7bf8369d834c3561b1e468.zip | |
util.c: check array size on copy_group_ifcont
Check if new_groups already is full before trying to add to it.
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/util.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index 6fc8a663f..5bb5c257b 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
| @@ -117,13 +117,19 @@ static int find_group(gid_t group, const gid_t *groups, int ngroups) { | |||
| 117 | // "groups". Always returns the current value of new_ngroups. | 117 | // "groups". Always returns the current value of new_ngroups. |
| 118 | static int copy_group_ifcont(const char *groupname, | 118 | static int copy_group_ifcont(const char *groupname, |
| 119 | const gid_t *groups, int ngroups, | 119 | const gid_t *groups, int ngroups, |
| 120 | gid_t *new_groups, int *new_ngroups) { | 120 | gid_t *new_groups, int *new_ngroups, int new_sz) { |
| 121 | if (*new_ngroups >= new_sz) { | ||
| 122 | errno = ERANGE; | ||
| 123 | goto out; | ||
| 124 | } | ||
| 125 | |||
| 121 | gid_t g = get_group_id(groupname); | 126 | gid_t g = get_group_id(groupname); |
| 122 | if (g && find_group(g, groups, ngroups) >= 0) { | 127 | if (g && find_group(g, groups, ngroups) >= 0) { |
| 123 | new_groups[*new_ngroups] = g; | 128 | new_groups[*new_ngroups] = g; |
| 124 | (*new_ngroups)++; | 129 | (*new_ngroups)++; |
| 125 | } | 130 | } |
| 126 | 131 | ||
| 132 | out: | ||
| 127 | return *new_ngroups; | 133 | return *new_ngroups; |
| 128 | } | 134 | } |
| 129 | 135 | ||
| @@ -151,7 +157,7 @@ static void clean_supplementary_groups(gid_t gid) { | |||
| 151 | int i = 0; | 157 | int i = 0; |
| 152 | while (allowed[i]) { | 158 | while (allowed[i]) { |
| 153 | copy_group_ifcont(allowed[i], groups, ngroups, | 159 | copy_group_ifcont(allowed[i], groups, ngroups, |
| 154 | new_groups, &new_ngroups); | 160 | new_groups, &new_ngroups, MAX_GROUPS); |
| 155 | i++; | 161 | i++; |
| 156 | } | 162 | } |
| 157 | 163 | ||