Don't let clobber jailparam values when checking for modification of

init-only parameters.

Compare string parameter values with strncmp, not memcmp.

PR:		230487
Reported by:	Jason Mader
MFC after:	3 days
This commit is contained in:
Jamie Gritton 2018-08-15 20:23:17 +00:00
parent f9be038601
commit 92bceb9756

View File

@ -803,8 +803,10 @@ rdtun_params(struct cfjail *j, int dofail)
exit(1);
}
for (jp = j->jp; jp < j->jp + j->njp; jp++)
if (JP_RDTUN(jp) && strcmp(jp->jp_name, "jid"))
if (JP_RDTUN(jp) && strcmp(jp->jp_name, "jid")) {
*++rtjp = *jp;
rtjp->jp_value = NULL;
}
rval = 0;
if (jailparam_get(rtparams, nrt,
bool_param(j->intparams[IP_ALLOW_DYING]) ? JAIL_DYING : 0) > 0) {
@ -815,8 +817,11 @@ rdtun_params(struct cfjail *j, int dofail)
jp->jp_valuelen == 0 &&
*(int *)jp->jp_value) &&
!(rtjp->jp_valuelen == jp->jp_valuelen &&
!memcmp(rtjp->jp_value, jp->jp_value,
jp->jp_valuelen))) {
!((jp->jp_ctltype & CTLTYPE) ==
CTLTYPE_STRING ? strncmp(rtjp->jp_value,
jp->jp_value, jp->jp_valuelen) :
memcmp(rtjp->jp_value, jp->jp_value,
jp->jp_valuelen)))) {
if (dofail) {
jail_warnx(j, "%s cannot be "
"changed after creation",