From owner-svn-src-all@freebsd.org Wed Aug 7 19:30:33 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB3B9B5391; Wed, 7 Aug 2019 19:30:33 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 463hRs5Xhhz4ClP; Wed, 7 Aug 2019 19:30:33 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9FE351971D; Wed, 7 Aug 2019 19:30:33 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x77JUXdr084438; Wed, 7 Aug 2019 19:30:33 GMT (envelope-from oshogbo@FreeBSD.org) Received: (from oshogbo@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x77JUXxh084437; Wed, 7 Aug 2019 19:30:33 GMT (envelope-from oshogbo@FreeBSD.org) Message-Id: <201908071930.x77JUXxh084437@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: oshogbo set sender to oshogbo@FreeBSD.org using -f From: Mariusz Zaborski Date: Wed, 7 Aug 2019 19:30:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r350695 - head/lib/libcasper/services/cap_fileargs X-SVN-Group: head X-SVN-Commit-Author: oshogbo X-SVN-Commit-Paths: head/lib/libcasper/services/cap_fileargs X-SVN-Commit-Revision: 350695 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Aug 2019 19:30:33 -0000 Author: oshogbo Date: Wed Aug 7 19:30:33 2019 New Revision: 350695 URL: https://svnweb.freebsd.org/changeset/base/350695 Log: cap_filergs: limit size of the file name The limit of the name in fileargs is twice the size of the MAXPATH. The nvlist will not add an element with the longer name. We can detect at this point that the path is too big, and simple return the same error as open(2) would. PR: 239700 Reported by: markj Tested by: markj MFC after: 2 weeks Modified: head/lib/libcasper/services/cap_fileargs/cap_fileargs.c Modified: head/lib/libcasper/services/cap_fileargs/cap_fileargs.c ============================================================================== --- head/lib/libcasper/services/cap_fileargs/cap_fileargs.c Wed Aug 7 19:28:35 2019 (r350694) +++ head/lib/libcasper/services/cap_fileargs/cap_fileargs.c Wed Aug 7 19:30:33 2019 (r350695) @@ -185,6 +185,11 @@ fileargs_create_limit(int argc, const char * const *ar nvlist_add_number(limits, "mode", (uint64_t)mode); for (i = 0; i < argc; i++) { + if (strlen(argv[i]) >= MAXPATHLEN) { + nvlist_destroy(limits); + errno = ENAMETOOLONG; + return (NULL); + } nvlist_add_null(limits, argv[i]); }