From 7452ee8aba5da0addc4dd614d17a4a7c3a462aa9 Mon Sep 17 00:00:00 2001
From: HappyDrink-okk <liu7529@yeah.net>
Date: Sun, 10 Mar 2024 15:45:34 +0800
Subject: [PATCH] lxc-unshare: fix an buffer overflow issue in lxc_unshare

If the input parameter length is greater than PATH_MAX, a buffer overflow will occur.

Signed-off-by: HappyDrink-okk <liu7529@yeah.net>
---
 src/lxc/tools/lxc_unshare.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c
index a92b450a3..206c13146 100644
--- a/src/lxc/tools/lxc_unshare.c
+++ b/src/lxc/tools/lxc_unshare.c
@@ -164,7 +164,7 @@ static bool lookup_user(const char *oparg, uid_t *uid)
 
 	if (sscanf(oparg, "%u", uid) < 1) {
 		/* not a uid -- perhaps a username */
-		if (sscanf(oparg, "%s", name) < 1) {
+		if (strlen(name) >= PATH_MAX || sscanf(oparg, "%s", name) < 1) {
 			free(buf);
 			return false;
 		}
-- 
2.47.2