From 81216170c1c2555498573e9fe200e20d3b433b14 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Mon, 13 Apr 2015 14:35:03 -0600 Subject: [PATCH] fix integer overflow in setproctitle MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit 1. don't cast to long 2. check overflow before addition v2: just remove the cast, don't change the type of the variables Reported-by: Coverity Signed-off-by: Tycho Andersen Acked-by: Stéphane Graber --- src/lxc/utils.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 1df6e8f57..084b5563e 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1644,15 +1644,21 @@ int setproctitle(char *title) if (len >= arg_end - arg_start) { env_start = env_end; } + + /* check overflow */ + if (arg_start + len < 0) { + return -1; + } + arg_end = arg_start + len; } strcpy((char*)arg_start, title); - ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, (long)arg_start, 0, 0); - ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, (long)arg_end, 0, 0); - ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, (long)env_start, 0, 0); - ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, (long)env_end, 0, 0); + ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, arg_start, 0, 0); + ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, arg_end, 0, 0); + ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env_start, 0, 0); + ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env_end, 0, 0); return ret; } -- 2.47.2