diff options
author | Kyle Evans <kevans@FreeBSD.org> | 2019-05-24 01:28:07 +0000 |
---|---|---|
committer | Kyle Evans <kevans@FreeBSD.org> | 2019-05-24 01:28:07 +0000 |
commit | a9cefddd40444c1dc0c7fd69e69a2938f08bf9c6 (patch) | |
tree | 208480bdc9e09d21996c3b9a2896c9a0bd8a5df4 /lib/libjail | |
parent | 1b52cd455351d97d6116f672b099b29dcafcc470 (diff) | |
download | src-a9cefddd40444c1dc0c7fd69e69a2938f08bf9c6.tar.gz src-a9cefddd40444c1dc0c7fd69e69a2938f08bf9c6.zip |
jail_getid(3): validate jid string input
Currently, if jail_getid(3) is passed in a numeric string, it assumes that
this is a jid string and passes it back converted to an int without checking
that it's a valid/existing jid. This breaks consumers that might use
jail_getid(3) to see if it can trivially grab a jid from a name if that name
happens to be numeric but not actually the name/jid of the jail. Instead of
returning -1 for the jail not existing, it'll return the int version of the
input and the consumer will not fallback to trying other methods.
Pass the numeric input to jail_get(2) as the jid for validation, rather than
the name. This works well- the kernel enforces that jid=name if name is
numeric, so doing the safe thing and checking numeric input as a jid will
still DTRT based on the description of jail_getid.
Reported by: Wes Maag
Reviewed by: jamie, Wes Maag
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D20388
Notes
Notes:
svn path=/head/; revision=348215
Diffstat (limited to 'lib/libjail')
-rw-r--r-- | lib/libjail/jail_getid.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/lib/libjail/jail_getid.c b/lib/libjail/jail_getid.c index 6ab6d9eff98a..f99a175fd398 100644 --- a/lib/libjail/jail_getid.c +++ b/lib/libjail/jail_getid.c @@ -53,13 +53,18 @@ jail_getid(const char *name) struct iovec jiov[4]; jid = strtoul(name, &ep, 10); - if (*name && !*ep) - return jid; - jiov[0].iov_base = __DECONST(char *, "name"); - jiov[0].iov_len = sizeof("name"); - jiov[1].iov_len = strlen(name) + 1; - jiov[1].iov_base = alloca(jiov[1].iov_len); - strcpy(jiov[1].iov_base, name); + if (*name && !*ep) { + jiov[0].iov_base = __DECONST(char *, "jid"); + jiov[0].iov_len = sizeof("jid"); + jiov[1].iov_base = &jid; + jiov[1].iov_len = sizeof(jid); + } else { + jiov[0].iov_base = __DECONST(char *, "name"); + jiov[0].iov_len = sizeof("name"); + jiov[1].iov_len = strlen(name) + 1; + jiov[1].iov_base = alloca(jiov[1].iov_len); + strcpy(jiov[1].iov_base, name); + } jiov[2].iov_base = __DECONST(char *, "errmsg"); jiov[2].iov_len = sizeof("errmsg"); jiov[3].iov_base = jail_errmsg; |