maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

treewide: reject impossible user-supplied fd

Browse Source 
These are all trusted user input, however this check reduces the likelihood of hard to debug errors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-11-10 20:31:26 +09:00
parent bb92e3ada9
commit d7e0104ae4
2 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/outcome/main.go
View File

@@ -4,13 +4,26 @@ import (
"context"
"log"
"time"
_ "unsafe" // for go:linkname
"hakurei.app/hst"
"hakurei.app/message"
)
// IsPollDescriptor reports whether fd is the descriptor being used by the poller.
//
//go:linkname IsPollDescriptor internal/poll.IsPollDescriptor
func IsPollDescriptor(fd uintptr) bool
// Main runs an app according to [hst.Config] and terminates. Main does not return.
func Main(ctx context.Context, msg message.Msg, config *hst.Config, fd int) {
// avoids runtime internals or standard streams
if fd >= 0 {
if IsPollDescriptor(uintptr(fd)) || fd < 3 {
log.Fatalf("invalid identifier fd %d", fd)
}
}
var id hst.ID
if err := hst.NewInstanceID(&id); err != nil {
log.Fatal(err.Error())