Add overflow checks to lamina

1 files changed, 15 insertions, 4 deletions

diff --git a/src/lamina/main.c b/src/lamina/main.c
index a17462e..2314019 100644
--- a/src/lamina/main.c
+++ b/src/lamina/main.c
@@ -217,7 +217,11 @@ command_run(string_array E)
 	{
 		M->run.Arg[ArgAt] = At;
 		size_t Length     = strlen(E._[i]);
-		// XXX: check that we do not go outside
+		if(At + Length >= sizeof(Buffer) - OffsetOf(message, run.ArgData))
+		{
+			fprintf(stderr, "command too long\n");
+			return -1;
+		}
 		memcpy(M->run.ArgData + At, E._[i], Length);
 		M->run.ArgData[At + Length] = 0;
 		At += Length + 1;
@@ -245,7 +249,11 @@ command_chdir(string_array E)
 	message *M    = (message *)Buffer;
 	M->Type       = message_type_chdir;
 	size_t Length = strlen(E._[0]);
-	// XXX: check bounds
+	if(Length >= sizeof(Buffer) - OffsetOf(message, chdir.Path))
+	{
+		fprintf(stderr, "chdir path too long\n");
+		return -1;
+	}
 	memcpy(M->chdir.Path, E._[0], Length);
 	M->chdir.Path[Length] = 0;
 	send(SlaveSocket, M, OffsetOf(message, chdir.Path) + Length + 1, 0);
@@ -270,7 +278,11 @@ command_user(string_array E)
 	message *M    = (message *)Buffer;
 	M->Type       = message_type_user;
 	size_t Length = strlen(E._[0]);
-	// XXX: check bounds
+	if(Length >= sizeof(Buffer) - OffsetOf(message, user.Username))
+	{
+		fprintf(stderr, "username too long\n");
+		return -1;
+	}
 	memcpy(M->user.Username, E._[0], Length);
 	M->user.Username[Length] = 0;
 	send(SlaveSocket, M, OffsetOf(message, user.Username) + Length + 1, 0);
@@ -443,7 +455,6 @@ slave(fd FD)
 				E.Count      = M->run.ArgCount;
 				E._          = reallocarray(E._, E.Count + 1, sizeof(*E._));
 				E._[E.Count] = NULL;
-				// XXX: add checking
 				for(size_t i = 0; i < M->run.ArgCount; ++i) E._[i] = M->run.ArgData + M->run.Arg[i];
 				Result = slave_command_run(E);
 				free(E._);