nixos/modules/security/wrappers: limit argv0 to 512 bytes (#285593)

This mitigates CVE-2023-6246, crucially without a mass-rebuild. Change-Id: I762a0d489ade88dafd3775d54a09f555dc8c2527 (cherry picked from commit b4c9840652ec2fa8ac59b14a9b0349f5e474e07c) Co-authored-by: edef <edef@edef.eu>
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2024-02-01 20:10:43 +0100
committer: GitHub <noreply@github.com> 2024-02-01 20:10:43 +0100
commit: e3b81cedd4a07cecb2a00d9e6da1f8c04d85fd8a (patch)
tree: 944224145653cc0772713d3e91ceda1097ea8c05
parent: 9d2e45caa5919ac28081c9614c7cb4a5d2eccd04 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/security/wrappers/wrapper.c b/nixos/modules/security/wrappers/wrapper.c
index 3277e7ef6f799..3e126875c6872 100644
--- a/nixos/modules/security/wrappers/wrapper.c
+++ b/nixos/modules/security/wrappers/wrapper.c
@@ -172,6 +172,13 @@ static int make_caps_ambient(const char *self_path) {
 int main(int argc, char **argv) {
     ASSERT(argc >= 1);
 
+    // argv[0] goes into a lot of places, to a far greater degree than other elements
+    // of argv. glibc has had buffer overflows relating to argv[0], eg CVE-2023-6246.
+    // Since we expect the wrappers to be invoked from either $PATH or /run/wrappers/bin,
+    // there should be no reason to pass any particularly large values here, so we can
+    // be strict for strictness' sake.
+    ASSERT(strlen(argv[0]) < 512);
+
     int debug = getenv(wrapper_debug) != NULL;
 
     // Drop insecure environment variables explicitly
author	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2024-02-01 20:10:43 +0100
committer	GitHub <noreply@github.com>	2024-02-01 20:10:43 +0100
commit	e3b81cedd4a07cecb2a00d9e6da1f8c04d85fd8a (patch)
tree	944224145653cc0772713d3e91ceda1097ea8c05
parent	9d2e45caa5919ac28081c9614c7cb4a5d2eccd04 (diff)