[lxc-devel] [lxc/master] Fix errors in configuration file parsing
flx42 on Github
lxc-bot at linuxcontainers.org
Tue Nov 28 07:21:04 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 377 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171128/1b99947f/attachment.bin>
-------------- next part --------------
From ffc87df2c77abc1bcdbd27f068b56a537936f8d1 Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Mon, 27 Nov 2017 22:53:20 -0800
Subject: [PATCH 1/3] confile: fix memory leak
Signed-off-by: Felix Abecassis <fabecassis at nvidia.com>
---
src/lxc/confile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 17f48762c..c6a0aeef9 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2060,7 +2060,7 @@ static int parse_line(char *buffer, void *data)
}
if (empty_line)
- return 0;
+ goto on_error;
line += lxc_char_left_gc(line, strlen(line));
From ce21ca88e9b5ec1720031af59604029da66ec48f Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Mon, 27 Nov 2017 22:54:51 -0800
Subject: [PATCH 2/3] confile: error out if a network configuration key has no
subkey
This prevent an infinite recursion in the case of "lxc.net.0. = a"
Signed-off-by: Felix Abecassis <fabecassis at nvidia.com>
---
src/lxc/confile.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index c6a0aeef9..a2e5ba7c1 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -3801,6 +3801,10 @@ static struct lxc_config_t *get_network_config_ops(const char *key,
/* lxc.net.<idx>.<subkey> */
if (idx_end) {
*idx_end = '.';
+ if (strlen(idx_end + 1) == 0) {
+ ERROR("No subkey in network configuration key \"%s\"", key);
+ goto on_error;
+ }
memmove(copy + 8, idx_end + 1, strlen(idx_end + 1));
copy[strlen(key) - numstrlen + 1] = '\0';
From 7bf3ebf03815c4b83538fa861a76f866c8569095 Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis at nvidia.com>
Date: Mon, 27 Nov 2017 23:07:23 -0800
Subject: [PATCH 3/3] confile_utils: simplify lxc_config_net_hwaddr
In addition to the memory corruption fixed in ee3e84df78424d26fc6c90862fbe0fa92a686b0d,
this function was also performing invalid memory accesses for the following inputs:
- `lxc.net`
- `lxc.net.`
- `lxc.net.0.`
- `lxc.network`
- `lxc.network.0.`
Signed-off-by: Felix Abecassis <fabecassis at nvidia.com>
---
src/lxc/confile_utils.c | 57 ++++++-------------------------------------------
1 file changed, 6 insertions(+), 51 deletions(-)
diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c
index 50f42ef8c..c2901116c 100644
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -545,63 +545,18 @@ int rand_complete_hwaddr(char *hwaddr)
bool lxc_config_net_hwaddr(const char *line)
{
- char *copy, *p;
+ unsigned index;
+ char tmp[7];
if (strncmp(line, "lxc.net", 7) != 0)
return false;
- if (strncmp(line, "lxc.network.hwaddr", 18) == 0)
- return true;
-
- /* We have to dup the line, if line is something like
- * "lxc.net.[i].xxx = xxxxx ", we need to remove
- * '[i]' and compare its key with 'lxc.net.hwaddr'*/
- copy = strdup(line);
- if (!copy) {
- SYSERROR("failed to allocate memory");
- return false;
- }
- if (*(copy + 8) >= '0' && *(copy + 8) <= '9') {
- p = strchr(copy + 8, '.');
- if (!p) {
- free(copy);
- return false;
- }
- /* strlen("hwaddr") = 6 */
- if (strlen(p + 1) >= 6)
- memmove(copy + 8, p + 1, 6);
- copy[8 + 6] = '\0';
- }
- if (strncmp(copy, "lxc.net.hwaddr", 14) == 0) {
- free(copy);
+ if (strncmp(line, "lxc.net.hwaddr", 14) == 0)
return true;
- }
- free(copy);
-
- /* We have to dup the line second time, if line is something like
- * "lxc.network.[i].xxx = xxxxx ", we need to remove
- * '[i]' and compare its key with 'lxc.network.hwaddr'*/
- copy = strdup(line);
- if (!copy) {
- SYSERROR("failed to allocate memory");
- return false;
- }
- if (*(copy + 12) >= '0' && *(copy + 12) <= '9') {
- p = strchr(copy + 12, '.');
- if (!p) {
- free(copy);
- return false;
- }
- /* strlen("hwaddr") = 6 */
- if (strlen(p + 1) >= 6)
- memmove(copy + 12, p + 1, 6);
- copy[12 + 6] = '\0';
- }
- if (strncmp(copy, "lxc.network.hwaddr", 18) == 0) {
- free(copy);
+ if (strncmp(line, "lxc.network.hwaddr", 18) == 0)
return true;
- }
+ if (sscanf(line, "lxc.net.%u.%6s", &index, tmp) == 2 || sscanf(line, "lxc.network.%u.%6s", &index, tmp) == 2)
+ return strncmp(tmp, "hwaddr", 6) == 0;
- free(copy);
return false;
}
More information about the lxc-devel
mailing list