git: f059a2c832f8 - stable/12 - mfc jail: handle jailsys parameters in modification permission test
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Mar 2022 23:41:30 UTC
The branch stable/12 has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=f059a2c832f8cff0d3c0db142a3216b13b4c0480 commit f059a2c832f8cff0d3c0db142a3216b13b4c0480 Author: Jamie Gritton <jamie@FreeBSD.org> AuthorDate: 2022-03-26 02:16:51 +0000 Commit: Jamie Gritton <jamie@FreeBSD.org> CommitDate: 2022-03-28 23:41:12 +0000 mfc jail: handle jailsys parameters in modification permission test Avoid a null dereference when a value-less jailsys parameter is passed to "jail -m". There was already code to handle boolean parameters, but in reality any parameter could be passed without a value. PR: 262471 Reported by: jcaplan at blackberry.com (cherry picked from commit 8f1543785f77086494c73310ba8f5d09b61ff7eb) --- usr.sbin/jail/jail.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index eb3b19f2cb82..63096146f176 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -790,7 +790,9 @@ static int rdtun_params(struct cfjail *j, int dofail) { struct jailparam *jp, *rtparams, *rtjp; - int nrt, rval; + const void *jp_value; + size_t jp_valuelen; + int nrt, rval, bool_true; if (j->flags & JF_RDTUN) return 0; @@ -818,15 +820,25 @@ rdtun_params(struct cfjail *j, int dofail) rtjp = rtparams + 1; for (jp = j->jp; rtjp < rtparams + nrt; jp++) { if (JP_RDTUN(jp) && strcmp(jp->jp_name, "jid")) { - if (!((jp->jp_flags & (JP_BOOL | JP_NOBOOL)) && - jp->jp_valuelen == 0 && - *(int *)jp->jp_value) && - !(rtjp->jp_valuelen == jp->jp_valuelen && - !((jp->jp_ctltype & CTLTYPE) == - CTLTYPE_STRING ? strncmp(rtjp->jp_value, - jp->jp_value, jp->jp_valuelen) : - memcmp(rtjp->jp_value, jp->jp_value, - jp->jp_valuelen)))) { + jp_value = jp->jp_value; + jp_valuelen = jp->jp_valuelen; + if (jp_value == NULL && jp_valuelen > 0) { + if (jp->jp_flags & (JP_BOOL | + JP_NOBOOL | JP_JAILSYS)) { + bool_true = 1; + jp_value = &bool_true; + jp_valuelen = sizeof(bool_true); + } else if ((jp->jp_ctltype & CTLTYPE) == + CTLTYPE_STRING) + jp_value = ""; + else + jp_valuelen = 0; + } + if (rtjp->jp_valuelen != jp_valuelen || + (CTLTYPE_STRING ? strncmp(rtjp->jp_value, + jp_value, jp_valuelen) + : memcmp(rtjp->jp_value, jp_value, + jp_valuelen))) { if (dofail) { jail_warnx(j, "%s cannot be " "changed after creation",