OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ACRN: tool: Fix buffer overflow risk in acrnctl 

There will be a buffer overflow fisk in delete runc functions.
If the shell command function return length longer or equal to
the length of the buffer, at that time execute strstr function it
will cause buffer overflow issue. Set buffer's last byte to Zero
will avoid the risk.

Tracked-On: #3001
Signed-off-by: Long Liu <long.liu@intel.com>
Acked-by: Like Yan <like.yan@intel.com>
This commit is contained in:
Long Liu 2019-04-19 14:27:14 +08:00 committed by wenlingz
parent 763d218302
commit 7852719a86
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/acrn-manager/acrnctl.c
View File

@ -455,6 +455,7 @@ static inline int del_runC(char *argv)
return -1; return -1;
} }
shell_cmd(cmd, cmd_out, sizeof(cmd_out)); shell_cmd(cmd, cmd_out, sizeof(cmd_out));
cmd_out[PATH_LEN * 2 - 1] = '\0';
if (strstr(cmd_out, argv) != NULL) { if (strstr(cmd_out, argv) != NULL) {
/* If the container is still running stop it by runc pause */ /* If the container is still running stop it by runc pause */
if (strstr(cmd_out, "stopped") == NULL) { if (strstr(cmd_out, "stopped") == NULL) {