[lxc-devel] [lxc/master] bugfixes

brauner on Github lxc-bot at linuxcontainers.org
Thu Jun 14 20:27:48 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180614/ae41fc68/attachment.bin>
-------------- next part --------------
From b29e05d62973511aa6aed81f2787b6c451a3f43b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 21:56:52 +0200
Subject: [PATCH 1/8] coverity: #1425748

Time of check time of use

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index d4a16cd2b..6bcbe38cc 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1581,13 +1581,13 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
 	DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);
 
 	/* Remove any pre-existing /dev/ptmx file. */
-	ret = access("/dev/ptmx", F_OK);
-	if (!ret) {
-		ret = remove("/dev/ptmx");
-		if (ret < 0) {
+	ret = remove("/dev/ptmx");
+	if (ret < 0) {
+		if (errno != ENOENT) {
 			SYSERROR("Failed to remove existing \"/dev/ptmx\" file");
 			return -1;
 		}
+	} else {
 		DEBUG("Removed existing \"/dev/ptmx\" file");
 	}
 

From d3ccc04e7921888f8debb57aa7088893891a1f35 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:00:22 +0200
Subject: [PATCH 2/8] coverity: #1425758

Time of check time of use

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6bcbe38cc..938762551 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -924,16 +924,9 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
 			/* If we populated /dev, then we need to create
 			 * /dev/ttyN
 			 */
-			ret = access(path, F_OK);
-			if (ret < 0) {
-				ret = creat(path, 0660);
-				if (ret < 0) {
-					SYSERROR("Failed to create \"%s\"", path);
-					/* this isn't fatal, continue */
-				} else {
-					close(ret);
-				}
-			}
+			ret = mknod(path, S_IFREG | 0000, 0);
+			if (ret < 0) /* this isn't fatal, continue */
+				ERROR("%s - Failed to create \"%s\"", strerror(errno), path);
 
 			ret = mount(tty->name, path, "none", MS_BIND, 0);
 			if (ret < 0) {
@@ -941,8 +934,7 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
 				continue;
 			}
 
-			DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name,
-			      path);
+			DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name, path);
 		}
 
 		if (!append_ttyname(&conf->ttys.tty_names, tty->name)) {

From 76356656118a90f3f23edd56fcf0dd1b3e10898c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:05:09 +0200
Subject: [PATCH 3/8] coverity: #1425760

Use of untrusted scalar value

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/tools/lxc_ls.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c
index 4089b9361..c152d6155 100644
--- a/src/lxc/tools/lxc_ls.c
+++ b/src/lxc/tools/lxc_ls.c
@@ -1136,17 +1136,27 @@ static int ls_serialize(int wpipefd, struct ls *n)
 
 static int ls_recv_str(int fd, char **buf)
 {
+	ssize_t ret;
 	size_t slen = 0;
-	if (lxc_read_nointr(fd, &slen, sizeof(slen)) != sizeof(slen))
+
+	ret = lxc_read_nointr(fd, &slen, sizeof(slen));
+	if (ret != sizeof(slen))
 		return -1;
+
 	if (slen > 0) {
 		*buf = malloc(sizeof(char) * (slen + 1));
 		if (!*buf)
 			return -1;
-		if (lxc_read_nointr(fd, *buf, slen) != (ssize_t)slen)
+
+		ret = lxc_read_nointr(fd, *buf, slen);
+		if (ret != (ssize_t)slen) {
+			free(*buf);
 			return -1;
+		}
+
 		(*buf)[slen] = '\0';
 	}
+
 	return 0;
 }
 

From 1f080b1d66ffef2207be0951beab04fdfdc29d99 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:07:56 +0200
Subject: [PATCH 4/8] coverity: #1425764

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxccontainer.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 4a8a56072..de4a49e62 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1564,7 +1564,12 @@ static bool create_run_template(struct lxc_container *c, char *tpath,
 			snprintf(txtuid, 20, "%d", hostuid_mapped);
 			n2[n2args - 4] = txtuid;
 			n2[n2args - 3] = "--mapped-gid";
-			snprintf(txtgid, 20, "%d", hostgid_mapped);
+			ret = snprintf(txtgid, 20, "%d", hostgid_mapped);
+			if (ret < 0 || ret >= 20) {
+				free(newargv);
+				free(n2);
+				_exit(EXIT_FAILURE);
+			}
 			n2[n2args - 2] = txtgid;
 			n2[n2args - 1] = NULL;
 			free(newargv);

From fd610d8a76949768420e3ce2536a85082c200e91 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:09:14 +0200
Subject: [PATCH 5/8] coverity: #1425766

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/criu.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index eab650d7e..0bb5430c5 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -900,6 +900,7 @@ static bool criu_ok(struct lxc_container *c, char **criu_version)
 
 static bool restore_net_info(struct lxc_container *c)
 {
+	int ret
 	struct lxc_list *it;
 	bool has_error = true;
 
@@ -913,7 +914,9 @@ static bool restore_net_info(struct lxc_container *c)
 		if (netdev->type != LXC_NET_VETH)
 			continue;
 
-		snprintf(template, sizeof(template), "vethXXXXXX");
+		ret = snprintf(template, sizeof(template), "vethXXXXXX");
+		if (ret < 0 || ret >= sizeof(template))
+			goto out_unlock;
 
 		if (netdev->priv.veth_attr.pair[0] == '\0' &&
 		    netdev->priv.veth_attr.veth1[0] == '\0') {

From 76baaab499fc2bedc08246b345acb6c60fc0e954 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:10:26 +0200
Subject: [PATCH 6/8] coverity: #1425767

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/storage/btrfs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c
index be07aeb6f..e3cc7bd41 100644
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -675,7 +675,11 @@ static bool do_remove_btrfs_children(struct my_btrfs_tree *tree, u64 root_id,
 				ERROR("Out of memory");
 				return false;
 			}
-			snprintf(newpath, len, "%s/%s", path, tree->nodes[i].dirname);
+			ret = snprintf(newpath, len, "%s/%s", path, tree->nodes[i].dirname);
+			if (ret < 0 || ret >= len) {
+				free(newpath);
+				return false;
+			}
 			if (!do_remove_btrfs_children(tree, tree->nodes[i].objid, newpath)) {
 				ERROR("Failed to prune %s\n", tree->nodes[i].name);
 				free(newpath);

From e70848113cce3c45857fe1f703f0d34ee0a84e8b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:17:08 +0200
Subject: [PATCH 7/8] coverity: #1425768

Untrusted array index read

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/state.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lxc/state.c b/src/lxc/state.c
index aea3a1847..06aa3208a 100644
--- a/src/lxc/state.c
+++ b/src/lxc/state.c
@@ -104,7 +104,7 @@ static int fillwaitedstates(const char *strstates, lxc_state_t *states)
 extern int lxc_wait(const char *lxcname, const char *states, int timeout,
 		    const char *lxcpath)
 {
-	int state;
+	int state = -1;
 	lxc_state_t s[MAX_STATE] = {0};
 
 	if (fillwaitedstates(states, s))
@@ -129,6 +129,11 @@ extern int lxc_wait(const char *lxcname, const char *states, int timeout,
 		sleep(1);
 	}
 
+	if (state < 0) {
+		ERROR("Failed to retrieve state from monitor");
+		return -1;
+	}
+
 	TRACE("Retrieved state of container %s", lxc_state2str(state));
 	if (!s[state])
 		return -1;

From 26640e4da69a33f2231c363bc37e5f720ed340f9 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:26:52 +0200
Subject: [PATCH 8/8] parse: fix memory leak

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/parse.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/parse.c b/src/lxc/parse.c
index 01801c582..a1025c5af 100644
--- a/src/lxc/parse.c
+++ b/src/lxc/parse.c
@@ -68,7 +68,7 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
 				void *data)
 {
 	int fd;
-	char *buf, *line;
+	char *buf, *chop, *line;
 	struct stat st;
 	int ret = 0;
 	char *saveptr = NULL;
@@ -94,7 +94,7 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
 		return -1;
 	}
 
-	for (; (line = strtok_r(buf, "\n\0", &saveptr)); buf = NULL) {
+	for (chop = buf; (line = strtok_r(chop, "\n\0", &saveptr)); chop = NULL) {
 		ret = callback(line, data);
 		if (ret) {
 			/* Callback rv > 0 means stop here callback rv < 0 means

More information about the lxc-devel mailing list