diff options
| author | Vito Caputo <vito.caputo@coreos.com> | 2015-11-02 23:05:44 -0800 | 
|---|---|---|
| committer | Vito Caputo <vito.caputo@coreos.com> | 2015-11-03 11:13:26 -0800 | 
| commit | 046c93f8dbcdcebc0592cb489f7bb9ede067554b (patch) | |
| tree | 8c2071c6e3fa05a49d2a371e28dd0d8f9c8d475b | |
| parent | 2ac74784091679cf914d9e5ff5a35f8e0a3dd366 (diff) | |
sd-daemon: fix potential LISTEN_FDS overflow in sd_listen_fds()
| -rw-r--r-- | src/libsystemd/sd-daemon/sd-daemon.c | 15 | 
1 files changed, 10 insertions, 5 deletions
| diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c index 27045e25d0..f0d5d00b2e 100644 --- a/src/libsystemd/sd-daemon/sd-daemon.c +++ b/src/libsystemd/sd-daemon/sd-daemon.c @@ -58,8 +58,7 @@ static void unsetenv_all(bool unset_environment) {  _public_ int sd_listen_fds(int unset_environment) {          const char *e; -        unsigned n; -        int r, fd; +        int n, r, fd;          pid_t pid;          e = getenv("LISTEN_PID"); @@ -84,17 +83,23 @@ _public_ int sd_listen_fds(int unset_environment) {                  goto finish;          } -        r = safe_atou(e, &n); +        r = safe_atoi(e, &n);          if (r < 0)                  goto finish; -        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) n; fd ++) { +        assert_cc(SD_LISTEN_FDS_START < INT_MAX); +        if (n <= 0 || n > INT_MAX - SD_LISTEN_FDS_START) { +                r = -EINVAL; +                goto finish; +        } + +        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {                  r = fd_cloexec(fd, true);                  if (r < 0)                          goto finish;          } -        r = (int) n; +        r = n;  finish:          unsetenv_all(unset_environment); | 
