[PATCH v2] ACRN: tool: Fix buffer overflow risk in acrnctl


Shuo A Liu
 

From: Long Liu <long.liu@...>

There will be a buffer overflow fisk in delete runc functions.
If the shell command function return length longer or equal to
the length of the buffer, at that time execute strstr function it
will cause buffer overflow issue. Set buffer's last byte to Zero
will avoid the risk.

Signed-off-by: Long Liu <long.liu@...>
---
tools/acrn-manager/acrnctl.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/tools/acrn-manager/acrnctl.c b/tools/acrn-manager/acrnctl.c
index 645b9b0..2086360 100644
--- a/tools/acrn-manager/acrnctl.c
+++ b/tools/acrn-manager/acrnctl.c
@@ -455,6 +455,7 @@ static inline int del_runC(char *argv)
return -1;
}
shell_cmd(cmd, cmd_out, sizeof(cmd_out));
+ cmd_out[PATH_LEN * 2 - 1] = '\0';
if (strstr(cmd_out, argv) != NULL) {
/* If the container is still running stop it by runc pause */
if (strstr(cmd_out, "stopped") == NULL) {
--
2.7.4

Join acrn-dev@lists.projectacrn.org to automatically receive all group messages.