commit: 674085dfb15cb489526870849c3d1e1d5bb8c004
parent b4f92de9131cdd1a60f288fc373d4b1517b27161
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sat, 23 Mar 2024 04:58:22 +0100
cmd/chroot: Add length-check on $SHELL
Diffstat:
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/cmd/chroot.c b/cmd/chroot.c
@@ -3,12 +3,15 @@
// SPDX-License-Identifier: MPL-2.0
#define _DEFAULT_SOURCE // chroot isn't POSIX
-#include <assert.h> // assert
-#include <errno.h> // errno
-#include <stdbool.h> // false
-#include <stdio.h> // fprintf, perror
-#include <stdlib.h> // getenv
-#include <unistd.h> // chroot, execl, execv
+
+#include <assert.h> // assert
+#include <errno.h> // errno
+#include <limits.h> // PATH_MAX
+#include <stdbool.h> // false
+#include <stdio.h> // fprintf, perror
+#include <stdlib.h> // getenv
+#include <string.h> // strlen
+#include <unistd.h> // chroot, execl, execv
int
main(int argc, char *argv[])
@@ -20,6 +23,7 @@ main(int argc, char *argv[])
return 125;
}
+ /* flawfinder: ignore. chdir(/) done, can't close more fds, shouldn't drop root */
if(chroot(argv[1]) < 0)
{
perror("chroot");
@@ -36,8 +40,16 @@ main(int argc, char *argv[])
errno = 0;
if(argc == 2)
{
+ /* flawfinder: ignore. NULL and length are checked */
char *shell = getenv("SHELL");
if(shell == NULL) shell = "/bin/sh";
+ if(strnlen(shell, PATH_MAX) >= PATH_MAX)
+ {
+ fprintf(stderr,
+ "chroot: Warning: $SHELL is longer than {PATH_MAX}(= %d), using '/bin/sh'\n",
+ PATH_MAX);
+ shell = "/bin/sh";
+ }
/* flawfinder: ignore. No restrictions on commands is intended */
ret = execlp(shell, shell, "-i", NULL);
