fix cve CVE-2022047952 log leaks root information

Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
(cherry picked from commit 7d3cb098866927270b6f0bfe1847211f495857ff)

0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch

@@ -0,0 +1,50 @@
+From 879297c6c83424af19a47040834fd89f808ef296 Mon Sep 17 00:00:00 2001
+From: "Neil.wrz" <wangrunze13@huawei.com>
+Date: Thu, 12 Jan 2023 22:53:10 -0800
+Subject: [PATCH] update
+
+---
+ src/lxc/cmd/lxc_user_nic.c | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
+index fd34559..8b05262 100644
+--- a/src/lxc/cmd/lxc_user_nic.c
++++ b/src/lxc/cmd/lxc_user_nic.c
+@@ -1113,20 +1113,16 @@ int main(int argc, char *argv[])
+ 	} else if (request == LXC_USERNIC_DELETE) {
+ 		char opath[LXC_PROC_PID_FD_LEN];
+ 
+-		/* Open the path with O_PATH which will not trigger an actual
+-		 * open(). Don't report an errno to the caller to not leak
+-		 * information whether the path exists or not.
+-		 * When stracing setuid is stripped so this is not a concern
+-		 * either.
+-		 */
++		// Keep in mind CVE-2022-47952: It's crucial not to leak any
++		// information whether open() succeeded or failed.
+ 		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
+ 		if (netns_fd < 0) {
+-			usernic_error("Failed to open \"%s\"\n", args.pid);
++			usernic_error("Failed while opening netns file for \"%s\"\n", args.pid);
+ 			_exit(EXIT_FAILURE);
+ 		}
+ 
+ 		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
+-			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
++			usernic_error("Failed while opening netns file for \"%s\"\n", args.pid);
+ 			close(netns_fd);
+ 			_exit(EXIT_FAILURE);
+ 		}
+@@ -1140,7 +1136,7 @@ int main(int argc, char *argv[])
+ 		/* Now get an fd that we can use in setns() calls. */
+ 		ret = open(opath, O_RDONLY | O_CLOEXEC);
+ 		if (ret < 0) {
+-			CMD_SYSERROR("Failed to open \"%s\"\n", args.pid);
++			CMD_SYSERROR("Failed while opening netns file for \"%s\"\n", args.pid);
+ 			close(netns_fd);
+ 			_exit(EXIT_FAILURE);
+ 		}
+-- 
+2.25.1
+

lxc.spec

@@ -1,4 +1,4 @@
-%global _release 2022102407
+%global _release 2022102408
 
 Name:           lxc
 Version:        4.0.3
@@ -63,6 +63,7 @@ Patch0052:	0052-add-lxc-attach-add-gids-option.patch
 Patch0053:	0053-change-the-suffi-parameter-in-lxc-attach-help-output.patch
 Patch0054:	0054-rollback-strprint-code-modified.patch
 Patch0055:	0055-add-sscanf-adapation-code-for-musl.patch
+Patch0056:	0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -243,6 +244,12 @@ make check
 %endif
 
 %changelog
+* Fri Jan 13 2023 wangrunze<wangrunze13@huawei.com> - 4.0.3-2022102408
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix cve CVE-2022-47952 log leaks root information
+
 * Wed Jan 04 2023 zhongtao<zhongtao17@huawei.com> - 4.0.3-2022102407
 - Type:bugfix
 - ID:NA

series.conf

@@ -53,3 +53,4 @@
 0053-change-the-suffi-parameter-in-lxc-attach-help-output.patch
 0054-rollback-strprint-code-modified.patch
 0055-add-sscanf-adapation-code-for-musl.patch
+0056-fix-cve-CVE-2022-47952-log-leaks-root-information.patch