ruri
ruri copied to clipboard
Moe-hacker
Replace unsafe string functions with bounds-checked alternatives
Multiple buffer overflow and integer overflow vulnerabilities exist in container initialization and cgroup management code due to unchecked string operations and arithmetic.
Changes
Buffer overflow fixes
-
cgroup.c: Replaced 42
sprintf()calls withsnprintf()in cgroup v1/v2 path construction -
chroot.c: Replaced 14
sprintf()and 3strcpy()/strcat()calls in mount operations and QEMU binary handling -
mount.c, umount.c, rootless.c, unshare.c: Fixed 13 additional
sprintf()calls in loop device paths, namespace files, and ID mapping
Integer overflow protection
-
cgroup.c: Added overflow checks in
memory_to_bytes()before KB/MB/GB multiplication - Changed
atoi()toatol()withLONG_MAXvalidation to prevent wraparound
Example
Before:
char memory_cgroup_path[PATH_MAX] = { '\0' };
sprintf(memory_cgroup_path, "/sys/fs/cgroup/memory/%d", container->container_id);
int megabytes = atoi(bytes);
sprintf(ret, "%d", megabytes * 1024 * 1024);
After:
char memory_cgroup_path[PATH_MAX] = { '\0' };
snprintf(memory_cgroup_path, sizeof(memory_cgroup_path), "/sys/fs/cgroup/memory/%d", container->container_id);
long megabytes = atol(bytes);
if (megabytes < 0 || megabytes > LONG_MAX / (1024 * 1024)) {
ruri_error("Memory value out of range\n");
}
snprintf(ret, 1024, "%ld", megabytes * 1024 * 1024);
Total: 72 unsafe string operations eliminated across 6 files.
[!WARNING]
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
esm.ubuntu.com
- Triggering command:
/usr/lib/apt/methods/https(dns block)If you need me to access, download, or install something from one of these locations, you can either:
- Configure Actions setup steps to set up my environment, which run before the firewall is enabled
- Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)
Original prompt
Identify and suggest improvements to insecure code
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.
