From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sat, 30 Jun 2018 09:15:36 +0000 (+0200)
Subject: terminal: safely retrieve path of slave device
X-Git-Tag: lxc-3.1.0~224^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f15bdd9ca7bc2b163c272728f9cc3871800584b;p=thirdparty%2Flxc.git

terminal: safely retrieve path of slave device

openpty() is a horrible function that uses strcpy() into the char *name
argument if name != NULL. We can't rely on the path being sane in all cases so
let's split out the name retrieval to ttyname_r().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c
index 614c07a13..338d33cd4 100644
--- a/src/lxc/terminal.c
+++ b/src/lxc/terminal.c
@@ -570,13 +570,20 @@ static int lxc_terminal_peer_proxy_alloc(struct lxc_terminal *terminal,
 	/* This is the proxy terminal that will be given to the client, and
 	 * that the real terminal master will send to / recv from.
 	 */
-	ret = openpty(&terminal->proxy.master, &terminal->proxy.slave,
-		      terminal->proxy.name, NULL, NULL);
+	ret = openpty(&terminal->proxy.master, &terminal->proxy.slave, NULL,
+		      NULL, NULL);
 	if (ret < 0) {
 		SYSERROR("Failed to open proxy terminal");
 		return -1;
 	}
 
+	ret = ttyname_r(terminal->proxy.slave, terminal->proxy.name,
+			sizeof(terminal->proxy.name));
+	if (ret < 0) {
+		SYSERROR("Failed to retrieve name of proxy terminal slave");
+		goto on_error;
+	}
+
 	ret = lxc_setup_tios(terminal->proxy.slave, &oldtermio);
 	if (ret < 0)
 		goto on_error;
@@ -862,12 +869,18 @@ int lxc_terminal_create(struct lxc_terminal *terminal)
 {
 	int ret;
 
-	ret = openpty(&terminal->master, &terminal->slave, terminal->name, NULL, NULL);
+	ret = openpty(&terminal->master, &terminal->slave, NULL, NULL, NULL);
 	if (ret < 0) {
 		SYSERROR("Failed to open terminal");
 		return -1;
 	}
 
+	ret = ttyname_r(terminal->slave, terminal->name, sizeof(terminal->name));
+	if (ret < 0) {
+		SYSERROR("Failed to retrieve name of terminal slave");
+		goto err;
+	}
+
 	ret = fcntl(terminal->master, F_SETFD, FD_CLOEXEC);
 	if (ret < 0) {
 		SYSERROR("Failed to set FD_CLOEXEC flag on terminal master");