[lxc-devel] [lxc/master] container.conf: Fix parsing of config options:

blenk92 on Github lxc-bot at linuxcontainers.org
Wed Feb 5 17:38:55 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 1162 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200205/39b15648/attachment.bin>
-------------- next part --------------
From 1e9bcf2dcb110c5b3e9156deefd01fb714bb3e5a Mon Sep 17 00:00:00 2001
From: Maximilian Blenk <Maximilian.Blenk at bmw.de>
Date: Wed, 5 Feb 2020 15:03:39 +0100
Subject: [PATCH] container.conf: Fix parsing of config options:

When parsing config options, the order in which the option has been
added to config_jump_table is important. If a more specific option,
such as lxc.selinux.context.keyring, is added after a less specific
(i.e. lxc.selinux.context), the less specific option is taken. This
is unexpected and lead to the mistake that lxc.selinux.context.keyring
has been added at the wrong place. This patch proposes a different
strategy of option parsing: always take the longest match.

In addition, this commit fixes a off by 2 in config option parsing
(due to missing parenthesis). The error occurs if for instance
lxc.net.0.type is parsed. In that case, the .0 is removed from the
string. However, due to the missing parenthesis, the null terminating
character is off by two which means the modified config option would
be lxc.net.typepe instead of lxc.net.type.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk at bmw.de>
---
 src/lxc/confile.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index ae28163bb1..39894cfa59 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -255,12 +255,23 @@ static const size_t config_jump_table_size = sizeof(config_jump_table) / sizeof(
 struct lxc_config_t *lxc_get_config(const char *key)
 {
 	size_t i;
+	size_t key_len = strlen(key);
 
-	for (i = 0; i < config_jump_table_size; i++)
-		if (!strncmp(config_jump_table[i].name, key, strlen(config_jump_table[i].name)))
-			return &config_jump_table[i];
+	struct lxc_config_t *best_match = NULL;
+	size_t best_match_name_len = 0;
 
-	return NULL;
+	for (i = 0; i < config_jump_table_size; i++) {
+		size_t opt_len = strlen(config_jump_table[i].name);
+		if (opt_len <= best_match_name_len)
+			continue;
+
+		if (!strncmp(config_jump_table[i].name, key, opt_len)) {
+			best_match = &config_jump_table[i];
+			best_match_name_len = opt_len;
+		}
+	}
+
+	return best_match;
 }
 
 static int set_config_net(const char *key, const char *value,
@@ -4929,7 +4940,7 @@ static struct lxc_config_t *get_network_config_ops(const char *key,
 		}
 
 		memmove(copy + 8, idx_end + 1, strlen(idx_end + 1));
-		copy[strlen(key) - numstrlen + 1] = '\0';
+		copy[strlen(key) - (numstrlen + 1)] = '\0';
 
 		config = lxc_get_config(copy);
 		if (!config) {


More information about the lxc-devel mailing list