Skip to content

Comments

various fixes to issues reported by @trailofbits#28

Merged
openwrt-bot merged 3 commits intoopenwrt:masterfrom
dangowrt:procd-fixes
Feb 9, 2026
Merged

various fixes to issues reported by @trailofbits#28
openwrt-bot merged 3 commits intoopenwrt:masterfrom
dangowrt:procd-fixes

Conversation

@dangowrt
Copy link
Member

@dangowrt dangowrt commented Feb 9, 2026

Trail of Bits has reported a bunch issue for various OpenWrt sub-projects. This series addresses 3 data validation issues with rating "Informational" which were found in procd.

Due to a bug in hotplug-dispatch, the PATH env variable wasn't
filtered, allowing authrorized callers the execution of commands
via PATH environment variable filter bypass.

Replace the call to strcmp with strncmp and limit the comparision
to 5 characters to account for each character in "PATH=".

Fixes: TOB-OWRT-4
Fixes: 08938fe ("procd: add hotplug-call dispatcher")
Reported-by: Trail of Bits (@trailofbits)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Check if any cgroups have been selected and string subtree_control has a
length greater than 0 before reducing its length by 1, preventing to
write outside of the bounds of the array in case no cgroups are
selected.

Fixes: ID: TOB-OWRT-6
Fixes: 16159bb ("jail: parse OCI cgroups resources")
Reported-by: Trail of Bits
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
A stack buffer overflow may occur during path construction in
instance_add_cgroup if the snprintf calls before the strcat call fill
the 256-byte stack buffer.

Check the length at all stages when creating and appending the string in
the buffer and return an error in case it gets to long.

Fixes: 83053b6 ("instance: add instances into unified cgroup hierarchy")
Fixes: TOB-OWRT-8
Reported-by: Trail of Bits
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
@openwrt-bot openwrt-bot merged commit 7e5b324 into openwrt:master Feb 9, 2026
0 of 2 checks passed
@dangowrt dangowrt deleted the procd-fixes branch February 9, 2026 11:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants