kubelet fix websocket reference nil pointer

Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com> (cherry picked from commit 37eb7e5e8761c077a50cc62001dfb443ee4181a8)
2022-10-31 17:11:05 +08:00 · 2022-10-31 17:11:05 +08:00 · 9c9b7e8b63
commit 9c9b7e8b63
parent 32f702b6a7
2 changed files with 51 additions and 1 deletions
--- a/0008-kubelet-fix-websocket-reference-nil-pointer.patch
+++ b/0008-kubelet-fix-websocket-reference-nil-pointer.patch
@ -0,0 +1,46 @@
 From 760129610e5b54d548247490899a8595cea2d5b8 Mon Sep 17 00:00:00 2001
 From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 Date: Mon, 31 Oct 2022 17:15:51 +0800
 Subject: [PATCH] kubelet fix websocket reference nul pointer
 Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
 ---
 .../cri/streaming/remotecommand/proxy.go      | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)
 diff --git a/pkg/kubelet/cri/streaming/remotecommand/proxy.go b/pkg/kubelet/cri/streaming/remotecommand/proxy.go
 index 76222d90..f21629af 100644
 --- a/pkg/kubelet/cri/streaming/remotecommand/proxy.go
 +++ b/pkg/kubelet/cri/streaming/remotecommand/proxy.go
@@ -169,14 +169,23 @@ func connectBackend(addr, subprotocol string, r *http.Request) (*websocket.Conn,
 	websocket.DefaultDialer.ReadBufferSize = 128 * 1024
 	websocket.DefaultDialer.WriteBufferSize = 128 * 1024
 	ws, resp, err := websocket.DefaultDialer.Dial(addr, h)
 -	if err != nil {
 +	if err == nil {
 +		return ws, nil
 +	}
 +	msg := fmt.Errorf("dial failed: %v, response Body is nil", err)
 +	if resp != nil && resp.Body != nil {
 +		defer func() {
 +			//websocket buffer size maybe not enough and cause panic
 +			if e := recover(); e != nil {
 +				msg = fmt.Errorf("dial failed: %v, response panic %v", err, e)
 +			}
 +			resp.Body.Close()
 +		}()
 		var body bytes.Buffer
 		body.ReadFrom(resp.Body)
 -		defer resp.Body.Close()
 -		msg := fmt.Errorf("dial failed: %v, response is: %v", err, body.String())
 -		return nil, msg
 +		msg = fmt.Errorf("dial failed: %v, response is: %v", err, body.String())
 	}
 -	return ws, nil
 +	return nil, msg
 }
 type rwc struct {
 -- 
 2.25.1
--- a/kubernetes.spec
+++ b/kubernetes.spec
@ -3,7 +3,7 @@
 Name:         kubernetes
 Version:      1.20.2
-Release:      9
+Release:      10
 Summary:      Container cluster management
 License:      ASL 2.0
 URL:          https://k8s.io/kubernetes
@ -31,6 +31,7 @@ Patch6003: 0004-fix-CVE-2021-25737.patch
 Patch6004: 0005-fix-CVE-2021-25741.patch
 Patch6005: 0006-kubelet-support-attach-websocket-protocol.patch
 Patch6006: 0007-Add-an-option-for-aggregator.patch
 Patch6007: 0008-kubelet-fix-websocket-reference-nil-pointer.patch
 %description
 Container cluster management.
@ -262,6 +263,9 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \
 %systemd_postun kubelet kube-proxy
 %changelog
 * Mon Oct 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 1.20.2-10
 - DESC: kubelet fix websocket reference nul pointer
 * Tue Sep 27 2022 zhongtao <zhongtao17@huawei.com> - 1.20.2-9
 - DESC: fix CVE-2022-3172