summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-11-04 11:55:40 +0100
committerLennart Poettering <lennart@poettering.net>2015-11-04 11:55:40 +0100
commitb3d2548baf41c0f5be02ae87dcec644f0b89d840 (patch)
treee8977a039b69dc8d9646ffe6360bb431066cf4bd
parent5604b971cf16bd936570d7496c01ce0bd8348632 (diff)
parent046c93f8dbcdcebc0592cb489f7bb9ede067554b (diff)
Merge pull request #1768 from vcaputo/sd-daemon-listen-fds-overflow-bis
sd-daemon: fix potential LISTEN_FDS overflow in sd_listen_fds()
-rw-r--r--src/libsystemd/sd-daemon/sd-daemon.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
index a48fa05908..f1e9b7ed1b 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -58,8 +58,7 @@ static void unsetenv_all(bool unset_environment) {
_public_ int sd_listen_fds(int unset_environment) {
const char *e;
- unsigned n;
- int r, fd;
+ int n, r, fd;
pid_t pid;
e = getenv("LISTEN_PID");
@@ -84,17 +83,23 @@ _public_ int sd_listen_fds(int unset_environment) {
goto finish;
}
- r = safe_atou(e, &n);
+ r = safe_atoi(e, &n);
if (r < 0)
goto finish;
- for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) n; fd ++) {
+ assert_cc(SD_LISTEN_FDS_START < INT_MAX);
+ if (n <= 0 || n > INT_MAX - SD_LISTEN_FDS_START) {
+ r = -EINVAL;
+ goto finish;
+ }
+
+ for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) {
r = fd_cloexec(fd, true);
if (r < 0)
goto finish;
}
- r = (int) n;
+ r = n;
finish:
unsetenv_all(unset_environment);