From: HappyDrink-okk <liu7529@yeah.net>
Date: Sun, 10 Mar 2024 07:45:34 +0000 (+0800)
Subject: lxc-unshare: fix an buffer overflow issue in lxc_unshare
X-Git-Tag: v6.0.0~16^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7452ee8aba5da0addc4dd614d17a4a7c3a462aa9;p=thirdparty%2Flxc.git

lxc-unshare: fix an buffer overflow issue in lxc_unshare

If the input parameter length is greater than PATH_MAX, a buffer overflow will occur.

Signed-off-by: HappyDrink-okk <liu7529@yeah.net>
---

diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c
index a92b450a3..206c13146 100644
--- a/src/lxc/tools/lxc_unshare.c
+++ b/src/lxc/tools/lxc_unshare.c
@@ -164,7 +164,7 @@ static bool lookup_user(const char *oparg, uid_t *uid)
 
 	if (sscanf(oparg, "%u", uid) < 1) {
 		/* not a uid -- perhaps a username */
-		if (sscanf(oparg, "%s", name) < 1) {
+		if (strlen(name) >= PATH_MAX || sscanf(oparg, "%s", name) < 1) {
 			free(buf);
 			return false;
 		}