[lxc-devel] [lxc/master] bugfixes
brauner on Github
lxc-bot at linuxcontainers.org
Thu Jun 14 20:27:48 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180614/ae41fc68/attachment.bin>
-------------- next part --------------
From b29e05d62973511aa6aed81f2787b6c451a3f43b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 21:56:52 +0200
Subject: [PATCH 1/8] coverity: #1425748
Time of check time of use
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/conf.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index d4a16cd2b..6bcbe38cc 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1581,13 +1581,13 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);
/* Remove any pre-existing /dev/ptmx file. */
- ret = access("/dev/ptmx", F_OK);
- if (!ret) {
- ret = remove("/dev/ptmx");
- if (ret < 0) {
+ ret = remove("/dev/ptmx");
+ if (ret < 0) {
+ if (errno != ENOENT) {
SYSERROR("Failed to remove existing \"/dev/ptmx\" file");
return -1;
}
+ } else {
DEBUG("Removed existing \"/dev/ptmx\" file");
}
From d3ccc04e7921888f8debb57aa7088893891a1f35 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:00:22 +0200
Subject: [PATCH 2/8] coverity: #1425758
Time of check time of use
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/conf.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6bcbe38cc..938762551 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -924,16 +924,9 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
/* If we populated /dev, then we need to create
* /dev/ttyN
*/
- ret = access(path, F_OK);
- if (ret < 0) {
- ret = creat(path, 0660);
- if (ret < 0) {
- SYSERROR("Failed to create \"%s\"", path);
- /* this isn't fatal, continue */
- } else {
- close(ret);
- }
- }
+ ret = mknod(path, S_IFREG | 0000, 0);
+ if (ret < 0) /* this isn't fatal, continue */
+ ERROR("%s - Failed to create \"%s\"", strerror(errno), path);
ret = mount(tty->name, path, "none", MS_BIND, 0);
if (ret < 0) {
@@ -941,8 +934,7 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
continue;
}
- DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name,
- path);
+ DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name, path);
}
if (!append_ttyname(&conf->ttys.tty_names, tty->name)) {
From 76356656118a90f3f23edd56fcf0dd1b3e10898c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:05:09 +0200
Subject: [PATCH 3/8] coverity: #1425760
Use of untrusted scalar value
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/tools/lxc_ls.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c
index 4089b9361..c152d6155 100644
--- a/src/lxc/tools/lxc_ls.c
+++ b/src/lxc/tools/lxc_ls.c
@@ -1136,17 +1136,27 @@ static int ls_serialize(int wpipefd, struct ls *n)
static int ls_recv_str(int fd, char **buf)
{
+ ssize_t ret;
size_t slen = 0;
- if (lxc_read_nointr(fd, &slen, sizeof(slen)) != sizeof(slen))
+
+ ret = lxc_read_nointr(fd, &slen, sizeof(slen));
+ if (ret != sizeof(slen))
return -1;
+
if (slen > 0) {
*buf = malloc(sizeof(char) * (slen + 1));
if (!*buf)
return -1;
- if (lxc_read_nointr(fd, *buf, slen) != (ssize_t)slen)
+
+ ret = lxc_read_nointr(fd, *buf, slen);
+ if (ret != (ssize_t)slen) {
+ free(*buf);
return -1;
+ }
+
(*buf)[slen] = '\0';
}
+
return 0;
}
From 1f080b1d66ffef2207be0951beab04fdfdc29d99 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:07:56 +0200
Subject: [PATCH 4/8] coverity: #1425764
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/lxccontainer.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 4a8a56072..de4a49e62 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1564,7 +1564,12 @@ static bool create_run_template(struct lxc_container *c, char *tpath,
snprintf(txtuid, 20, "%d", hostuid_mapped);
n2[n2args - 4] = txtuid;
n2[n2args - 3] = "--mapped-gid";
- snprintf(txtgid, 20, "%d", hostgid_mapped);
+ ret = snprintf(txtgid, 20, "%d", hostgid_mapped);
+ if (ret < 0 || ret >= 20) {
+ free(newargv);
+ free(n2);
+ _exit(EXIT_FAILURE);
+ }
n2[n2args - 2] = txtgid;
n2[n2args - 1] = NULL;
free(newargv);
From fd610d8a76949768420e3ce2536a85082c200e91 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:09:14 +0200
Subject: [PATCH 5/8] coverity: #1425766
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/criu.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index eab650d7e..0bb5430c5 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -900,6 +900,7 @@ static bool criu_ok(struct lxc_container *c, char **criu_version)
static bool restore_net_info(struct lxc_container *c)
{
+ int ret
struct lxc_list *it;
bool has_error = true;
@@ -913,7 +914,9 @@ static bool restore_net_info(struct lxc_container *c)
if (netdev->type != LXC_NET_VETH)
continue;
- snprintf(template, sizeof(template), "vethXXXXXX");
+ ret = snprintf(template, sizeof(template), "vethXXXXXX");
+ if (ret < 0 || ret >= sizeof(template))
+ goto out_unlock;
if (netdev->priv.veth_attr.pair[0] == '\0' &&
netdev->priv.veth_attr.veth1[0] == '\0') {
From 76baaab499fc2bedc08246b345acb6c60fc0e954 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:10:26 +0200
Subject: [PATCH 6/8] coverity: #1425767
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/storage/btrfs.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c
index be07aeb6f..e3cc7bd41 100644
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -675,7 +675,11 @@ static bool do_remove_btrfs_children(struct my_btrfs_tree *tree, u64 root_id,
ERROR("Out of memory");
return false;
}
- snprintf(newpath, len, "%s/%s", path, tree->nodes[i].dirname);
+ ret = snprintf(newpath, len, "%s/%s", path, tree->nodes[i].dirname);
+ if (ret < 0 || ret >= len) {
+ free(newpath);
+ return false;
+ }
if (!do_remove_btrfs_children(tree, tree->nodes[i].objid, newpath)) {
ERROR("Failed to prune %s\n", tree->nodes[i].name);
free(newpath);
From e70848113cce3c45857fe1f703f0d34ee0a84e8b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:17:08 +0200
Subject: [PATCH 7/8] coverity: #1425768
Untrusted array index read
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/state.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/lxc/state.c b/src/lxc/state.c
index aea3a1847..06aa3208a 100644
--- a/src/lxc/state.c
+++ b/src/lxc/state.c
@@ -104,7 +104,7 @@ static int fillwaitedstates(const char *strstates, lxc_state_t *states)
extern int lxc_wait(const char *lxcname, const char *states, int timeout,
const char *lxcpath)
{
- int state;
+ int state = -1;
lxc_state_t s[MAX_STATE] = {0};
if (fillwaitedstates(states, s))
@@ -129,6 +129,11 @@ extern int lxc_wait(const char *lxcname, const char *states, int timeout,
sleep(1);
}
+ if (state < 0) {
+ ERROR("Failed to retrieve state from monitor");
+ return -1;
+ }
+
TRACE("Retrieved state of container %s", lxc_state2str(state));
if (!s[state])
return -1;
From 26640e4da69a33f2231c363bc37e5f720ed340f9 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 14 Jun 2018 22:26:52 +0200
Subject: [PATCH 8/8] parse: fix memory leak
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/parse.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/parse.c b/src/lxc/parse.c
index 01801c582..a1025c5af 100644
--- a/src/lxc/parse.c
+++ b/src/lxc/parse.c
@@ -68,7 +68,7 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
void *data)
{
int fd;
- char *buf, *line;
+ char *buf, *chop, *line;
struct stat st;
int ret = 0;
char *saveptr = NULL;
@@ -94,7 +94,7 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback,
return -1;
}
- for (; (line = strtok_r(buf, "\n\0", &saveptr)); buf = NULL) {
+ for (chop = buf; (line = strtok_r(chop, "\n\0", &saveptr)); chop = NULL) {
ret = callback(line, data);
if (ret) {
/* Callback rv > 0 means stop here callback rv < 0 means
More information about the lxc-devel
mailing list