[lxc-devel] [lxc/master] lxc-usernsexec: fix default map functionality

CameronNemo on Github lxc-bot at linuxcontainers.org
Thu Nov 29 05:00:52 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 547 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20181129/1795ccca/attachment.bin>
-------------- next part --------------
From 923ed2e5f0407eedbee99a0a5a502e8eb8ef8f10 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <camerontnorman at gmail.com>
Date: Wed, 28 Nov 2018 19:42:29 -0800
Subject: [PATCH] lxc-usernsexec: fix default map functionality

* Place NULL bytes at the end of strings so that
  lxc_safe_ulong() can parse them correctly

* Only free the newly created id_map on error,
  to avoid passing garbage to lxc_map_ids()

Signed-off-by: Cameron Nemo <camerontnorman at gmail.com>
---
 src/lxc/cmd/lxc_usernsexec.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 10557dd519..2c541a69cd 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -200,6 +200,7 @@ static int read_default_map(char *fnam, int which, char *user)
 {
 	size_t len;
 	char *p1, *p2;
+	unsigned long ul1, ul2;
 	FILE *fin;
 	int ret = -1;
 	size_t sz = 0;
@@ -224,37 +225,42 @@ static int read_default_map(char *fnam, int which, char *user)
 		if (!p2)
 			continue;
 
-		newmap = malloc(sizeof(*newmap));
-		if (!newmap)
-			goto on_error;
+		line[strlen(line) - 1] = '\0';
+		*p2 = '\0';
 
-		ret = lxc_safe_ulong(p1 + 1, &newmap->hostid);
+		ret = lxc_safe_ulong(p1 + 1, &ul1);
 		if (ret < 0)
-			goto on_error;
+			break;
 
-		ret = lxc_safe_ulong(p2 + 1, &newmap->range);
+		ret = lxc_safe_ulong(p2 + 1, &ul2);
 		if (ret < 0)
-			goto on_error;
+			break;
+
+		newmap = malloc(sizeof(*newmap));
+		if (!newmap)
+			break;
 
 		newmap->nsid = 0;
 		newmap->idtype = which;
+		newmap->hostid = ul1;
+		newmap->range = ul2;
 
 		ret = -1;
 		tmp = malloc(sizeof(*tmp));
-		if (!tmp)
-			goto on_error;
+		if (!tmp) {
+			free(newmap);
+			break;
+		}
 
 		tmp->elem = newmap;
 		lxc_list_add_tail(&active_map, tmp);
+
+		ret = 0;
 		break;
 	}
 
-	ret = 0;
-
-on_error:
 	fclose(fin);
 	free(line);
-	free(newmap);
 
 	return ret;
 }


More information about the lxc-devel mailing list