From 3c75d353ed3361e86792fb726e31111a0b4199a9 Mon Sep 17 00:00:00 2001 From: dautor Date: Sun, 17 Nov 2024 20:03:27 +0100 Subject: Add overflow checks to lamina --- src/lamina/main.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'src/lamina') diff --git a/src/lamina/main.c b/src/lamina/main.c index a17462e..2314019 100644 --- a/src/lamina/main.c +++ b/src/lamina/main.c @@ -217,7 +217,11 @@ command_run(string_array E) { M->run.Arg[ArgAt] = At; size_t Length = strlen(E._[i]); - // XXX: check that we do not go outside + if(At + Length >= sizeof(Buffer) - OffsetOf(message, run.ArgData)) + { + fprintf(stderr, "command too long\n"); + return -1; + } memcpy(M->run.ArgData + At, E._[i], Length); M->run.ArgData[At + Length] = 0; At += Length + 1; @@ -245,7 +249,11 @@ command_chdir(string_array E) message *M = (message *)Buffer; M->Type = message_type_chdir; size_t Length = strlen(E._[0]); - // XXX: check bounds + if(Length >= sizeof(Buffer) - OffsetOf(message, chdir.Path)) + { + fprintf(stderr, "chdir path too long\n"); + return -1; + } memcpy(M->chdir.Path, E._[0], Length); M->chdir.Path[Length] = 0; send(SlaveSocket, M, OffsetOf(message, chdir.Path) + Length + 1, 0); @@ -270,7 +278,11 @@ command_user(string_array E) message *M = (message *)Buffer; M->Type = message_type_user; size_t Length = strlen(E._[0]); - // XXX: check bounds + if(Length >= sizeof(Buffer) - OffsetOf(message, user.Username)) + { + fprintf(stderr, "username too long\n"); + return -1; + } memcpy(M->user.Username, E._[0], Length); M->user.Username[Length] = 0; send(SlaveSocket, M, OffsetOf(message, user.Username) + Length + 1, 0); @@ -443,7 +455,6 @@ slave(fd FD) E.Count = M->run.ArgCount; E._ = reallocarray(E._, E.Count + 1, sizeof(*E._)); E._[E.Count] = NULL; - // XXX: add checking for(size_t i = 0; i < M->run.ArgCount; ++i) E._[i] = M->run.ArgData + M->run.Arg[i]; Result = slave_command_run(E); free(E._); -- cgit v1.2.3