[lxc-devel] [lxc/master] log: bugfixes

Mon Oct 16 11:04:21 UTC 2017

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20171016/8bdeecea/attachment.bin>
-------------- next part --------------
From b0a507d7b4282dec24ac1576ff4dbd57b57d1bdb Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 16 Oct 2017 12:22:20 +0200
Subject: [PATCH 1/2] log: prevent stack smashing

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/log.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lxc/log.c b/src/lxc/log.c
index 6ca315bd6..a99b4c8f0 100644
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -297,7 +297,8 @@ static int log_append_logfile(const struct lxc_log_appender *appender,
 
 	if ((size_t)n < (sizeof(buffer) - 1))
 		n += vsnprintf(buffer + n, sizeof(buffer) - n, event->fmt, *event->vap);
-	else
+
+	if ((size_t)n >= sizeof(buffer))
 		n = sizeof(buffer) - 1;
 
 	buffer[n] = '\n';

From 5220b71b0c8a9aa48a58f58781669317f196aa32 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 16 Oct 2017 12:50:49 +0200
Subject: [PATCH 2/2] conf: error out on too many mappings

The kernel only allows 4k writes to most files in /proc including {g,u}id_map
so let's not try to write partial mappings. (This will obviously become a lot
more relevant when my patch to extend the idmap limit in the kernel is merged.)

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6871b83a0..719eac79b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2701,9 +2701,6 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 			pos += sprintf(mapbuf, "new%cidmap %d", u_or_g, pid);
 
 		lxc_list_for_each(iterator, idmap) {
-			/* The kernel only takes <= 4k for writes to
-			 * /proc/<nr>/[ug]id_map
-			 */
 			map = iterator->elem;
 			if (map->idtype != type)
 				continue;
@@ -2715,8 +2712,13 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
 					use_shadow ? " " : "", map->nsid,
 					map->hostid, map->range,
 					use_shadow ? "" : "\n");
-			if (fill <= 0 || fill >= left)
-				SYSERROR("Too many {g,u}id mappings defined.");
+			if (fill <= 0 || fill >= left) {
+				/* The kernel only takes <= 4k for writes to
+				 * /proc/<pid>/{g,u}id_map
+				 */
+				SYSERROR("Too many %cid mappings defined: %zu", u_or_g);
+				return -1;
+			}
 
 			pos += fill;
 		}
