projects / project / procd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2e8bf6)
instance: strdup string attributes
authorDaniel Golle <daniel@makrotopia.org>
Sat, 4 Jan 2020 14:16:12 +0000 (16:16 +0200)
committerPetr Štetiar <ynezz@true.cz>
Sun, 5 Jan 2020 11:50:55 +0000 (12:50 +0100)
Previously string attributes were set to pointers returned by
blobmsg_get_string() which caused use-after-free problems.
Use strdup() to have copies of all stored strings and free them
during cleanup.

Reviewed-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
service/instance.c patch | blob | history

diff --git a/service/instance.c b/service/instance.c
index abd1f34649120f7de40640652ac98e1d429d1788..b0c98079d5b9fabdf50506113138cd6cada3ed46 100644 (file)
--- a/service/instance.c
+++ b/service/instance.c
@@ -805,11 +805,11 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr)
        jail->argc = 2;
 
        if (tb[JAIL_ATTR_NAME]) {
-               jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]);
+               jail->name = strdup(blobmsg_get_string(tb[JAIL_ATTR_NAME]));
                jail->argc += 2;
        }
        if (tb[JAIL_ATTR_HOSTNAME]) {
-               jail->hostname = blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME]);
+               jail->hostname = strdup(blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME]));
                jail->argc += 2;
        }
        if (tb[JAIL_ATTR_PROCFS]) {
@@ -957,12 +957,12 @@ instance_config_parse(struct service_instance *in)
                in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]);
 
        if (!in->trace && tb[INSTANCE_ATTR_SECCOMP])
-               in->seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
+               in->seccomp = strdup(blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]));
 
        if (tb[INSTANCE_ATTR_PIDFILE]) {
                char *pidfile = blobmsg_get_string(tb[INSTANCE_ATTR_PIDFILE]);
                if (pidfile)
-                       in->pidfile = pidfile;
+                       in->pidfile = strdup(pidfile);
        }
 
        if (tb[INSTANCE_ATTR_RELOADSIG])
@@ -1077,6 +1077,10 @@ instance_free(struct service_instance *in)
        free(in->config);
        free(in->user);
        free(in->group);
+       free(in->jail.name);
+       free(in->jail.hostname);
+       free(in->seccomp);
+       free(in->pidfile);
        free(in);
 }
 
OpenWrt service / process manager