]> git.proxmox.com Git - mirror_lxcfs.git/commitdiff
projects / mirror_lxcfs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 754c208)
Avoid theoretical underflow in prune_init_{slice,scope}
authorSeth Forshee <seth.forshee@canonical.com>
Thu, 28 Jan 2016 16:10:22 +0000 (17:10 +0100)
committerSeth Forshee <seth.forshee@canonical.com>
Thu, 28 Jan 2016 16:51:04 +0000 (17:51 +0100)
In practice these should never underflow, but in theory it's possible.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
lxcfs.c patch | blob | blame | history
pam/pam_cgfs.c patch | blob | blame | history

diff --git a/lxcfs.c b/lxcfs.c
index a561882d3e47ed0249571650acdbd0d90451649f..a57c07fba812abb791eadd7b5212980bce6c9850 100644 (file)
--- a/lxcfs.c
+++ b/lxcfs.c
@@ -664,9 +664,12 @@ out:
 static void prune_init_slice(char *cg)
 {
        char *point;
 static void prune_init_slice(char *cg)
 {
        char *point;
-       point = cg + strlen(cg) - strlen(INITSCOPE);
-       if (point < cg)
-                return;
+       size_t cg_len = strlen(cg), initscope_len = strlen(INITSCOPE);
+
+       if (cg_len < initscope_len)
+               return;
+
+       point = cg + cg_len - initscope_len;
        if (strcmp(point, INITSCOPE) == 0) {
                if (point == cg)
                        *(point+1) = '\0';
        if (strcmp(point, INITSCOPE) == 0) {
                if (point == cg)
                        *(point+1) = '\0';
diff --git a/pam/pam_cgfs.c b/pam/pam_cgfs.c
index 00da2c991bafb029740c637efaa35e32fb58aaac..070aaf3b56c4c00f68d59b86b473cf3ebf18a205 100644 (file)
--- a/pam/pam_cgfs.c
+++ b/pam/pam_cgfs.c
@@ -260,13 +260,17 @@ static void filter_controllers(const char *filter)
 static void prune_init_scope(char *cg)
 {
        char *point;
 static void prune_init_scope(char *cg)
 {
        char *point;
+       size_t cg_len, initscope_len;
 
        if (!cg)
                return;
 
 
        if (!cg)
                return;
 
-       point = cg + strlen(cg) - strlen(INIT_SCOPE);
-       if (point < cg)
+       cg_len = strlen(cg);
+       initscope_len = strlen(INIT_SCOPE);
+       if (cg_len < initscope_len)
                return;
                return;
+
+       point = cg + cg_len - initscope_len;
        if (strcmp(point, INIT_SCOPE) == 0) {
                if (point == cg)
                        *(point+1) = '\0';
        if (strcmp(point, INIT_SCOPE) == 0) {
                if (point == cg)
                        *(point+1) = '\0';
LXCFS mirror