[lxc-devel] [lxc/master] verify cgroup controller name
Blub on Github
lxc-bot at linuxcontainers.org
Mon Mar 30 14:14:38 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 485 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200330/2a4bb720/attachment.bin>
-------------- next part --------------
From e6bc68d691796adb535b56d93d27bf2f85b4bcd3 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: Mon, 30 Mar 2020 16:01:07 +0200
Subject: [PATCH] verify cgroup controller name
validate that a cgroup controller name is a valid
zero-terminated string before passing it to
`cgroup_ops->get_cgroup()`.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
src/lxc/commands.c | 37 +++++++++++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 8b2d0e0b7a..991bca290e 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -325,6 +325,34 @@ int lxc_try_cmd(const char *name, const char *lxcpath)
return 0;
}
+/*
+ * Validate that the input is a proper string parameter. If not,
+ * send an EINVAL response and return -1.
+ *
+ * Precondition: there is non-zero-length data available.
+ */
+static int validate_string_request(int fd, const struct lxc_cmd_req *req)
+{
+ int ret;
+ size_t maxlen = req->datalen - 1;
+ const char *data = req->data;
+
+ if (data[maxlen] == 0 && strnlen(data, maxlen) == maxlen)
+ return 0;
+
+ struct lxc_cmd_rsp rsp = {
+ .ret = -EINVAL,
+ .datalen = 0,
+ .data = NULL,
+ };
+
+ ret = lxc_cmd_rsp_send(fd, &rsp);
+ if (ret < 0)
+ return LXC_CMD_REAP_CLIENT_FD;
+
+ return -1;
+}
+
/* Implementations of the commands and their callbacks */
/*
@@ -506,10 +534,15 @@ static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
struct lxc_cmd_rsp rsp;
struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
- if (req->datalen > 0)
+ if (req->datalen > 0) {
+ ret = validate_string_request(fd, req);
+ if (ret != 0)
+ return ret;
+
path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
- else
+ } else {
path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
+ }
if (!path)
return -1;
More information about the lxc-devel
mailing list