[lxc-devel] [PATCH 1/1] confile: sanity-check netdev->type before setting netdev->priv elements

Stéphane Graber stgraber at ubuntu.com
Mon Jul 14 18:54:44 UTC 2014 

On Mon, Jul 14, 2014 at 06:51:41PM +0000, Serge Hallyn wrote:
> The netdev->priv is shared for the netdev types.  A bad config file
> could mix configuration for different types, resulting in a bad
> netdev->priv when starting or even destroying a container.  So sanity
> check the netdev->type before setting a netdev->priv element.
> 
> This should fix https://github.com/lxc/lxc/issues/254
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/confile.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> index 69d1bb6..42b29d1 100644
> --- a/src/lxc/confile.c
> +++ b/src/lxc/confile.c
> @@ -595,6 +595,10 @@ static int config_network_veth_pair(const char *key, const char *value,
>  	if (!netdev)
>  		return -1;
>  
> +	if (netdev->type != LXC_NET_VETH) {
> +		ERROR("Invalid veth pair for a non-veth netdev")
> +		return -1;
> +	}
>  	return network_ifname(&netdev->priv.veth_attr.pair, value);
>  }
>  
> @@ -607,6 +611,10 @@ static int config_network_macvlan_mode(const char *key, const char *value,
>  	if (!netdev)
>  		return -1;
>  
> +	if (netdev->type != LXC_NET_MACVLAN) {
> +		ERROR("Invalid macvlan.mode for a non-macvlan netdev")
> +		return -1;
> +	}
>  	return macvlan_mode(&netdev->priv.macvlan_attr.mode, value);
>  }
>  
> @@ -647,6 +655,10 @@ static int config_network_vlan_id(const char *key, const char *value,
>  	if (!netdev)
>  		return -1;
>  
> +	if (netdev->type != LXC_NET_VLAN) {
> +		ERROR("Invalid vlan.id for a non-macvlan netdev")
> +		return -1;
> +	}
>  	if (get_u16(&netdev->priv.vlan_attr.vid, value, 0))
>  		return -1;
>  
> -- 
> 1.9.1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140714/9030a05b/attachment.sig>

More information about the lxc-devel mailing list