From e2c58d317e4f1b8cff2fc5221110544038ee7030 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 8 Jul 2024 12:32:59 +0000
Subject: [PATCH 23/23] fix invalid args len set in execute_lxc_attach

Signed-off-by: jikai <jikai11@huawei.com>
---
 src/lcrcontainer_execute.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c
index 6c1f9fc..45f0203 100644
--- a/src/lcrcontainer_execute.c
+++ b/src/lcrcontainer_execute.c
@@ -840,7 +840,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
         exit(EXIT_FAILURE);
     }
 
-    args_len = args_len + request->args_len + request->env_len;
+    if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2
+        || args_len + request->args_len > SIZE_MAX - request->env_len * 2) {
+        COMMAND_ERROR("Too many arguments");
+        exit(EXIT_FAILURE);
+    }
+
+    args_len = args_len + request->args_len + request->env_len * 2;
 
     if (args_len > (SIZE_MAX / sizeof(char *))) {
         exit(EXIT_FAILURE);
-- 
2.33.0