Sanity check number of syscall args with argsize. Not really needed

author Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 17 Apr 2005 05:21:24 +0000 (05:21 +0000)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Sun, 17 Apr 2005 05:21:24 +0000 (05:21 +0000)
author Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 17 Apr 2005 05:21:24 +0000 (05:21 +0000)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Sun, 17 Apr 2005 05:21:24 +0000 (05:21 +0000)
diff --git a/mon_systrace.c b/mon_systrace.c

index 1c16eee8f14b84b7f8897e1bbb6255dee2f5ebd3..3d470faedf0dc5fba343a4d3158805a66600708d 100644 (file)
--- a/mon_systrace.c
+++ b/mon_systrace.c
@@ -566,6 +566,9 @@ update_env(fd, pid, seqnr, askp)
      char buf[ARG_MAX], *ap, *cp, *off, *envptrs[4], *offsets[4], *replace[4];
      int len, n;
  
+    if (askp->argsize < sizeof(char *) * 3)
+       return(-1);                             /* need at least 3 args */
+
      /*
       * Iterate through the environment, copying the data pointers and
       * attempting to update the SUDO_* variables (space permitting).
@@ -771,6 +774,9 @@ decode_args(fd, pid, askp)
      char *off, *ap, *cp, *ep;
      static char pbuf[PATH_MAX], abuf[ARG_MAX];
  
+    if (askp->argsize < sizeof(char *) * 2)
+       return(-1);                             /* need at least 2 args */
+
      memset(pbuf, 0, sizeof(pbuf));
      if (read_string(fd, pid, (void *)askp->args[0], pbuf, sizeof(pbuf)) == -1)
         return(-1);
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 17 Apr 2005 05:21:24 +0000 (05:21 +0000)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Sun, 17 Apr 2005 05:21:24 +0000 (05:21 +0000)