[lxc-devel] [lxc/master] coverity: bug smash

brauner on Github lxc-bot at linuxcontainers.org
Thu Feb 8 23:26:38 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180208/51e85352/attachment.bin>
-------------- next part --------------
From bd01b7d552bdf20706dd01bc64cc3a55c7defe86 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 15:31:59 +0100
Subject: [PATCH 1/7] coverity: #1429139

Resource leak

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 53963d1bb..de98080c6 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1143,6 +1143,7 @@ static bool cg_hybrid_init(void)
 	f = fopen("/proc/self/mountinfo", "r");
 	if (!f) {
 		CGFSNG_DEBUG("Failed to open \"/proc/self/mountinfo\"\n");
+		free(basecginfo);
 		return false;
 	}
 

From fa456191d07b60109e625e6ce1984d6ff6f5cbb3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 15:42:16 +0100
Subject: [PATCH 2/7] coverity: #1426734

Argument cannot be negative

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/monitor.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index 644d2a52f..09fb14d42 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -239,7 +239,6 @@ int lxc_monitor_open(const char *lxcpath)
 
 	if (fd < 0) {
 		ERROR("Failed to connect to monitor socket: %s.", strerror(errno));
-		close(fd);
 		return -1;
 	}
 

From d3ceb1fc8a57c90d3db2cce0e4cace690a79cb02 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 15:47:32 +0100
Subject: [PATCH 3/7] coverity: #1426126

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/start.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 1cbfcae35..d0d3f52b9 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1657,7 +1657,10 @@ static int lxc_spawn(struct lxc_handler *handler)
 		DEBUG("Preserved cgroup namespace via fd %d", ret);
 	}
 
-	snprintf(pidstr, 20, "%d", handler->pid);
+	ret = snprintf(pidstr, 20, "%d", handler->pid);
+	if (ret < 0 || ret > = 20)
+		goto out_delete_net;
+
 	if (setenv("LXC_PID", pidstr, 1))
 		SYSERROR("Failed to set environment variable: LXC_PID=%s.", pidstr);
 

From 8130ee8229b38e3b8eb7352ad062e3c1ffcc66f4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 15:48:15 +0100
Subject: [PATCH 4/7] start: use goto instead of simple return

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/start.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index d0d3f52b9..eb97128df 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1667,7 +1667,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	/* Run any host-side start hooks */
 	if (run_lxc_hooks(name, "start-host", conf, NULL)) {
 		ERROR("Failed to run lxc.hook.start-host for container \"%s\".", name);
-		return -1;
+		goto out_delete_net;
 	}
 
 	/* Tell the child to complete its initialization and wait for it to exec
@@ -1677,7 +1677,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 	 * value, causing us to error out).
 	 */
 	if (lxc_sync_barrier_child(handler, LXC_SYNC_READY_START))
-		return -1;
+		goto out_delete_net;
 
 	if (lxc_network_recv_name_and_ifindex_from_child(handler) < 0) {
 		ERROR("Failed to receive names and ifindices for network "

From 7f4ff80e79947f61450da6658ec5e572154e3fee Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 15:57:02 +0100
Subject: [PATCH 5/7] lxccontainer: satisfy coverity

The container name can't be NULL so don't give coverity the impression that it
could be.

Silences coverity #1426123.
Silences coverity #1426124.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxccontainer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 465d27fb8..f0191c177 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -2727,7 +2727,7 @@ static bool container_destroy(struct lxc_container *c,
 
 	if (conf && !lxc_list_empty(&conf->hooks[LXCHOOK_DESTROY])) {
 		/* Start of environment variable setup for hooks */
-		if (c->name && setenv("LXC_NAME", c->name, 1))
+		if (setenv("LXC_NAME", c->name, 1))
 			SYSERROR("Failed to set environment variable for container name");
 
 		if (conf->rcfile && setenv("LXC_CONFIG_FILE", conf->rcfile, 1))
@@ -3425,7 +3425,7 @@ static int clone_update_rootfs(struct clone_update_data *data)
 		if (c0->name && setenv("LXC_SRC_NAME", c0->name, 1)) {
 			SYSERROR("failed to set environment variable for source container name");
 		}
-		if (c->name && setenv("LXC_NAME", c->name, 1)) {
+		if (setenv("LXC_NAME", c->name, 1)) {
 			SYSERROR("failed to set environment variable for container name");
 		}
 		if (conf->rcfile && setenv("LXC_CONFIG_FILE", conf->rcfile, 1)) {

From a249be9b69ddda30ce640c498035c755a2d14139 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 16:04:03 +0100
Subject: [PATCH 6/7] coverity: #1426083

Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/tests/share_ns.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tests/share_ns.c b/src/tests/share_ns.c
index 70a755946..d65aef85a 100644
--- a/src/tests/share_ns.c
+++ b/src/tests/share_ns.c
@@ -56,7 +56,7 @@ void *ns_sharing_wrapper(void *data)
 	c = lxc_container_new(name, NULL);
 	if (!c) {
 		lxc_error("Failed to create container \"%s\"\n", name);
-		goto out;
+		return NULL;
 	}
 
 	if (c->is_defined(c)) {

From 4d610513f94c7322f1446ba8fecaf931773148b7 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 16:06:31 +0100
Subject: [PATCH 7/7] coverity: #1425971

Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cgroups/cgfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c
index 89aec91f7..a2630efa4 100644
--- a/src/lxc/cgroups/cgfs.c
+++ b/src/lxc/cgroups/cgfs.c
@@ -523,6 +523,8 @@ static bool find_hierarchy_mountpts( struct cgroup_meta_data *meta_data, char **
 			}
 		}
 		lxc_free_array((void **)subsystems, free);
+		if (!h)
+			goto out;
 
 		r = lxc_grow_array((void ***)&meta_data->mount_points, &mount_point_capacity, mount_point_count + 1, 12);
 		if (r < 0)

More information about the lxc-devel mailing list