diff options
author | Daniel Golle <daniel@makrotopia.org> | 2020-01-04 16:16:12 +0200 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2020-01-05 12:50:55 +0100 |
commit | a5af33ce9a16f6aa599f19cc7161e067fab9495d (patch) | |
tree | 5ed93f984e513fdc63104b8b0b9e922a1c8dc4d4 | |
parent | d2e8bf6ef7cf0e037475a485cdf0321756dcb928 (diff) | |
download | procd-a5af33ce9a16f6aa599f19cc7161e067fab9495d.tar.gz |
instance: strdup string attributes
Previously string attributes were set to pointers returned by
blobmsg_get_string() which caused use-after-free problems.
Use strdup() to have copies of all stored strings and free them
during cleanup.
Reviewed-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-rw-r--r-- | service/instance.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/service/instance.c b/service/instance.c index abd1f34..b0c9807 100644 --- a/service/instance.c +++ b/service/instance.c @@ -805,11 +805,11 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr) jail->argc = 2; if (tb[JAIL_ATTR_NAME]) { - jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]); + jail->name = strdup(blobmsg_get_string(tb[JAIL_ATTR_NAME])); jail->argc += 2; } if (tb[JAIL_ATTR_HOSTNAME]) { - jail->hostname = blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME]); + jail->hostname = strdup(blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME])); jail->argc += 2; } if (tb[JAIL_ATTR_PROCFS]) { @@ -957,12 +957,12 @@ instance_config_parse(struct service_instance *in) in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]); if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) - in->seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]); + in->seccomp = strdup(blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP])); if (tb[INSTANCE_ATTR_PIDFILE]) { char *pidfile = blobmsg_get_string(tb[INSTANCE_ATTR_PIDFILE]); if (pidfile) - in->pidfile = pidfile; + in->pidfile = strdup(pidfile); } if (tb[INSTANCE_ATTR_RELOADSIG]) @@ -1077,6 +1077,10 @@ instance_free(struct service_instance *in) free(in->config); free(in->user); free(in->group); + free(in->jail.name); + free(in->jail.hostname); + free(in->seccomp); + free(in->pidfile); free(in); } |