From b2aed1dc699adbac63bd35ffb5b014384a58fb94 Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Tue, 9 May 2023 16:28:58 +0200
Subject: seitan: add check for limits to op_cmp

Adding the offset limits checks and unit tests.
---
 operations.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'operations.c')

diff --git a/operations.c b/operations.c
index af86568..382474c 100644
--- a/operations.c
+++ b/operations.c
@@ -332,12 +332,19 @@ int op_inject_a(const struct seccomp_notif *req, int notifier, struct gluten *g,
 int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g,
 	   struct op_cmp *op)
 {
-	int res = memcmp(gluten_ptr(&req->data, g, op->x),
-			 gluten_ptr(&req->data, g, op->y), op->size);
+	const void *px = gluten_ptr(&req->data, g, op->x);
+	const void *py = gluten_ptr(&req->data, g, op->y);
 	enum op_cmp_type cmp = op->cmp;
+	int res;
 
 	(void)notifier;
 
+	if (px == NULL || py == NULL || !check_gluten_limits(op->x, op->size) ||
+	    !check_gluten_limits(op->y, op->size))
+		return -1;
+
+	res = memcmp(px, py, op->size);
+
 	if ((res == 0 && (cmp == CMP_EQ || cmp == CMP_LE || cmp == CMP_GE)) ||
 	    (res < 0 && (cmp == CMP_LT || cmp == CMP_LE)) ||
 	    (res > 0 && (cmp == CMP_GT || cmp == CMP_GE)) ||
-- 
cgit v1.2.3