diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-11-04 11:55:40 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-11-04 11:55:40 +0100 |
commit | b3d2548baf41c0f5be02ae87dcec644f0b89d840 (patch) | |
tree | e8977a039b69dc8d9646ffe6360bb431066cf4bd /src | |
parent | 5604b971cf16bd936570d7496c01ce0bd8348632 (diff) | |
parent | 046c93f8dbcdcebc0592cb489f7bb9ede067554b (diff) |
Merge pull request #1768 from vcaputo/sd-daemon-listen-fds-overflow-bis
sd-daemon: fix potential LISTEN_FDS overflow in sd_listen_fds()
Diffstat (limited to 'src')
-rw-r--r-- | src/libsystemd/sd-daemon/sd-daemon.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c index a48fa05908..f1e9b7ed1b 100644 --- a/src/libsystemd/sd-daemon/sd-daemon.c +++ b/src/libsystemd/sd-daemon/sd-daemon.c @@ -58,8 +58,7 @@ static void unsetenv_all(bool unset_environment) { _public_ int sd_listen_fds(int unset_environment) { const char *e; - unsigned n; - int r, fd; + int n, r, fd; pid_t pid; e = getenv("LISTEN_PID"); @@ -84,17 +83,23 @@ _public_ int sd_listen_fds(int unset_environment) { goto finish; } - r = safe_atou(e, &n); + r = safe_atoi(e, &n); if (r < 0) goto finish; - for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) n; fd ++) { + assert_cc(SD_LISTEN_FDS_START < INT_MAX); + if (n <= 0 || n > INT_MAX - SD_LISTEN_FDS_START) { + r = -EINVAL; + goto finish; + } + + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++) { r = fd_cloexec(fd, true); if (r < 0) goto finish; } - r = (int) n; + r = n; finish: unsetenv_all(unset_environment); |