lxc-unshare: fix an buffer overflow issue in lxc_unshare

If the input parameter length is greater than PATH_MAX, a buffer overflow will occur.

Signed-off-by: HappyDrink-okk <liu7529@yeah.net>

diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c
index a92b450a3a287099f1aec052c77451bb78f3bc79..206c13146a69878d174c92f94f24b43ae1311182 100644 (file)
--- a/src/lxc/tools/lxc_unshare.c
+++ b/src/lxc/tools/lxc_unshare.c
@@ -164,7 +164,7 @@ static bool lookup_user(const char *oparg, uid_t *uid)
 
        if (sscanf(oparg, "%u", uid) < 1) {
                /* not a uid -- perhaps a username */
-               if (sscanf(oparg, "%s", name) < 1) {
+               if (strlen(name) >= PATH_MAX || sscanf(oparg, "%s", name) < 1) {
                        free(buf);
                        return false;
                }