From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 17 Apr 2005 05:21:24 +0000 (+0000)
Subject: Sanity check number of syscall args with argsize.  Not really needed
X-Git-Tag: SUDO_1_7_0~649
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=56d72a3b818ebb7ce0b5669217ab0ab074034be1;p=sudo

Sanity check number of syscall args with argsize.  Not really needed
but a little paranoia never hurts.
---

diff --git a/mon_systrace.c b/mon_systrace.c
index 1c16eee8f..3d470faed 100644
--- a/mon_systrace.c
+++ b/mon_systrace.c
@@ -566,6 +566,9 @@ update_env(fd, pid, seqnr, askp)
     char buf[ARG_MAX], *ap, *cp, *off, *envptrs[4], *offsets[4], *replace[4];
     int len, n;
 
+    if (askp->argsize < sizeof(char *) * 3)
+	return(-1);				/* need at least 3 args */
+
     /*
      * Iterate through the environment, copying the data pointers and
      * attempting to update the SUDO_* variables (space permitting).
@@ -771,6 +774,9 @@ decode_args(fd, pid, askp)
     char *off, *ap, *cp, *ep;
     static char pbuf[PATH_MAX], abuf[ARG_MAX];
 
+    if (askp->argsize < sizeof(char *) * 2)
+	return(-1);				/* need at least 2 args */
+
     memset(pbuf, 0, sizeof(pbuf));
     if (read_string(fd, pid, (void *)askp->args[0], pbuf, sizeof(pbuf)) == -1)
 	return(-1);