packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

codecheck fix

Browse Source 
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
(cherry picked from commit 7e6d92b3dce2cff7d06c4073cce6a4d27514b239)
This commit is contained in:
zhangxiaoyu 2023-09-06 15:51:02 +08:00 committed by openeuler-sync-bot
parent 427bf47f20
commit dbbcadfc9c
4 changed files with 684 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0027-add-loongarch64-support-for-lxc.patch
View File

@ -9,10 +9,10 @@ Subject: [PATCH] add loongarch64 support for lxc
2 files changed, 77 insertions(+)
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index ebbba80..94dc23a 100644
index a6e6d42..cba1031 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -310,6 +310,7 @@ enum lxc_hostarch_t {
@@ -306,6 +306,7 @@ enum lxc_hostarch_t {
lxc_seccomp_arch_ppc64,
lxc_seccomp_arch_ppc64le,
lxc_seccomp_arch_ppc,
@ -20,7 +20,7 @@ index ebbba80..94dc23a 100644
lxc_seccomp_arch_mips,
lxc_seccomp_arch_mips64,
lxc_seccomp_arch_mips64n32,
@@ -344,6 +345,8 @@ int get_hostarch(void)
@@ -340,6 +341,8 @@ int get_hostarch(void)
return lxc_seccomp_arch_ppc64;
else if (strncmp(uts.machine, "ppc", 3) == 0)
return lxc_seccomp_arch_ppc;
@ -29,7 +29,7 @@ index ebbba80..94dc23a 100644
else if (strncmp(uts.machine, "mips64", 6) == 0)
return MIPS_ARCH_N64;
else if (strncmp(uts.machine, "mips", 4) == 0)
@@ -400,6 +403,11 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch,
@@ -396,6 +399,11 @@ scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch,
arch = SCMP_ARCH_PPC;
break;
#endif
@ -41,7 +41,7 @@ index ebbba80..94dc23a 100644
#ifdef SCMP_ARCH_MIPS
case lxc_seccomp_arch_mips:
arch = SCMP_ARCH_MIPS;
@@ -738,6 +746,16 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
@@ -739,6 +747,16 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
goto bad;
#endif
#endif
@ -58,7 +58,7 @@ index ebbba80..94dc23a 100644
#ifdef SCMP_ARCH_MIPS
} else if (native_arch == lxc_seccomp_arch_mips64) {
cur_rule_arch = lxc_seccomp_arch_all;
@@ -906,6 +924,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
@@ -904,6 +922,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
cur_rule_arch = lxc_seccomp_arch_ppc;
}
#endif
@ -76,7 +76,7 @@ index ebbba80..94dc23a 100644
#ifdef SCMP_ARCH_MIPS
else if (strcmp(line, "[mips64]") == 0 ||
strcmp(line, "[MIPS64]") == 0) {
@@ -1263,6 +1292,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
@@ -1237,6 +1266,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
goto bad;
#endif
#endif
@ -94,7 +94,7 @@ index ebbba80..94dc23a 100644
#ifdef SCMP_ARCH_MIPS
} else if (native_arch == lxc_seccomp_arch_mips64) {
cur_rule_arch = lxc_seccomp_arch_all;
@@ -1434,6 +1474,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
@@ -1408,6 +1448,17 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
cur_rule_arch = lxc_seccomp_arch_ppc;
}
#endif
@ -113,10 +113,10 @@ index ebbba80..94dc23a 100644
else if (strcmp(line, "[mips64]") == 0 ||
strcmp(line, "[MIPS64]") == 0) {
diff --git a/src/lxc/syscall_numbers.h b/src/lxc/syscall_numbers.h
index c68cf24..01aa68d 100644
index 803eab7..44a6494 100644
--- a/src/lxc/syscall_numbers.h
+++ b/src/lxc/syscall_numbers.h
@@ -49,6 +49,8 @@
@@ -51,6 +51,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_keyctl 5241
#endif
@ -125,7 +125,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_keyctl not defined for your architecture"
@@ -84,6 +86,8 @@
@@ -88,6 +90,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64
#define __NR_memfd_create 5314
#endif
@ -134,7 +134,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_memfd_create not defined for your architecture"
@@ -117,6 +121,8 @@
@@ -123,6 +127,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_pivot_root 5151
#endif
@ -143,7 +143,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_pivot_root not defined for your architecture"
@@ -150,6 +156,8 @@
@@ -158,6 +164,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_setns 5303
#endif
@ -152,7 +152,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_setns not defined for your architecture"
@@ -183,6 +191,8 @@
@@ -193,6 +201,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_sethostname 5165
#endif
@ -161,7 +161,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_sethostname not defined for your architecture"
@@ -216,6 +226,8 @@
@@ -228,6 +238,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_signalfd 5276
#endif
@ -170,7 +170,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_signalfd not defined for your architecture"
@@ -249,6 +261,8 @@
@@ -263,6 +275,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_signalfd4 5283
#endif
@ -179,7 +179,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_signalfd4 not defined for your architecture"
@@ -282,6 +296,8 @@
@@ -298,6 +312,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_unshare 5262
#endif
@ -188,7 +188,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_unshare not defined for your architecture"
@@ -315,6 +331,8 @@
@@ -333,6 +349,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_bpf 5315
#endif
@ -197,7 +197,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_bpf not defined for your architecture"
@@ -348,6 +366,8 @@
@@ -368,6 +386,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_faccessat 5259
#endif
@ -206,7 +206,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_faccessat not defined for your architecture"
@@ -401,6 +421,8 @@
@@ -425,6 +445,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_seccomp 5312
#endif
@ -215,7 +215,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_seccomp not defined for your architecture"
@@ -434,6 +456,8 @@
@@ -460,6 +482,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_gettid 5178
#endif
@ -224,7 +224,7 @@ index c68cf24..01aa68d 100644
#else
#define -1
#warning "__NR_gettid not defined for your architecture"
@@ -471,6 +495,8 @@
@@ -499,6 +523,8 @@
#if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */
#define __NR_execveat 5316
#endif
@ -234,5 +234,5 @@ index c68cf24..01aa68d 100644
#define -1
#warning "__NR_execveat not defined for your architecture"
--
2.33.0
2.25.1

6
0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch
View File

@ -22,10 +22,10 @@ Signed-off-by: Mohammed Ajmal Siddiqui <ajmalsiddiqui21@gmail.com>
1 file changed, 2 insertions(+)
diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
index fa303c7b4..6482b0aee 100644
index fc0529a..96ed27b 100644
--- a/src/lxc/tools/lxc_attach.c
+++ b/src/lxc/tools/lxc_attach.c
@@ -399,6 +399,8 @@ int lxc_attach_main(int argc, char *argv[])
@@ -844,6 +844,8 @@ int main(int argc, char *argv[])
}
if (WIFEXITED(ret))
wexit = WEXITSTATUS(ret);
@ -35,5 +35,5 @@ index fa303c7b4..6482b0aee 100644
out:
lxc_container_put(c);
--
2.33.0
2.25.1

650
0035-codecheck-fix.patch Normal file
View File

@ -0,0 +1,650 @@
From 103aff2c11b16a2b53b0339b0033a77b3348fec3 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 6 Sep 2023 15:14:06 +0800
Subject: [PATCH] codecheck fix
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/lxc/af_unix.c | 4 +--
src/lxc/attach.c | 2 +-
src/lxc/commands.c | 27 +++++++++++++----
src/lxc/conf.c | 46 +++++++++++++++++++++++++++--
src/lxc/exec_commands.c | 2 +-
src/lxc/file_utils.c | 2 +-
src/lxc/isulad_utils.c | 23 ++++++++++-----
src/lxc/json/json_common.c | 4 +--
src/lxc/path.c | 32 ++++++++++++++++++--
src/lxc/start.c | 60 +++++++++++++++++++++++++++++++-------
src/lxc/terminal.c | 24 ++++++++++++---
11 files changed, 186 insertions(+), 40 deletions(-)
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 0be9368..d98a1f9 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -170,10 +170,10 @@ int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
#ifdef HAVE_ISULAD
static int lxc_abstract_unix_recv_fds_iov(int fd, int *recvfds, int num_recvfds,
struct iovec *iov, size_t iovlen, unsigned int timeout)
-#else
+#else
static int lxc_abstract_unix_recv_fds_iov(int fd, int *recvfds, int num_recvfds,
struct iovec *iov, size_t iovlen)
-#endif
+#endif
{
__do_free char *cmsgbuf = NULL;
int ret;
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 24d020d..0ac37cc 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -735,7 +735,7 @@ static int attach_child_main(struct attach_clone_payload *payload)
ret = sigfillset(&mask);
if (ret < 0) {
SYSERROR("Failed to fill signal mask");
- goto on_error;;
+ goto on_error;
}
ret = sigprocmask(SIG_UNBLOCK, &mask, NULL);
if (ret < 0) {
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index c2a5665..d6b9939 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1504,17 +1504,32 @@ int lxc_cmd_set_terminal_fifos(const char *name, const char *lxcpath, const char
const char *out_fifo, const char *err_fifo)
{
int ret = 0, stopped = 0;
- int len = 0;
+ size_t len = 0;
char *tmp = NULL;
const char *split = "&&&&", *none_fifo_name = "none";
const char *cmd_in_fifo = in_fifo ? in_fifo : none_fifo_name;
const char *cmd_out_fifo = out_fifo ? out_fifo : none_fifo_name;
const char *cmd_err_fifo = err_fifo ? err_fifo : none_fifo_name;
- if (len + strlen(cmd_in_fifo) + strlen(split) + strlen(cmd_out_fifo) +
- strlen(split) + strlen(cmd_err_fifo) == SIZE_MAX)
+ if (name == NULL) {
return -1;
- len += strlen(cmd_in_fifo) + strlen(split) + strlen(cmd_out_fifo) + strlen(split) + strlen(cmd_err_fifo) + 1;
+ }
+
+ // format: cmd_in_fifo + split + cmd_out_fifo + split + cmd_err_fifo + '\0'
+ if (strlen(cmd_in_fifo) > SIZE_MAX - strlen(split) - strlen(split) - 1) {
+ return -1;
+ }
+ len += strlen(cmd_in_fifo) + strlen(split) + strlen(split) + 1;
+
+ if (strlen(cmd_out_fifo) > SIZE_MAX - len) {
+ return -1;
+ }
+ len += strlen(cmd_out_fifo);
+
+ if (strlen(cmd_err_fifo) > SIZE_MAX - len) {
+ return -1;
+ }
+ len += strlen(cmd_err_fifo);
tmp = malloc(len);
if (tmp == NULL)
return -1;
@@ -1556,7 +1571,7 @@ static int lxc_cmd_set_terminal_fifos_callback(int fd, struct lxc_cmd_req *req,
struct lxc_cmd_rsp rsp;
memset(&rsp, 0, sizeof(rsp));
- rsp.ret = lxc_terminal_add_fifos(handler->conf, req->data);;
+ rsp.ret = lxc_terminal_add_fifos(handler->conf, req->data);
return lxc_cmd_rsp_send(fd, &rsp);
}
@@ -1602,7 +1617,7 @@ static int lxc_cmd_set_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
struct lxc_cmd_set_terminal_winch_request *data = (struct lxc_cmd_set_terminal_winch_request *)(req->data);
memset(&rsp, 0, sizeof(rsp));
- rsp.ret = lxc_set_terminal_winsz(&handler->conf->console, data->height, data->width);;
+ rsp.ret = lxc_set_terminal_winsz(&handler->conf->console, data->height, data->width);
return lxc_cmd_rsp_send(fd, &rsp);
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a5573ac..3e31691 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4640,7 +4640,11 @@ static struct lxc_list *get_minimal_idmap(const struct lxc_conf *conf,
int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data,
const char *fn_name)
{
+#ifdef HAVE_ISULAD
+ struct lxc_list *idmap = NULL;
+#else
call_cleaner(lxc_free_idmap) struct lxc_list *idmap = NULL;
+#endif
int ret = -1, status = -1;
char c = '1';
struct userns_fn_data d = {
@@ -4659,8 +4663,16 @@ int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data,
return ret_errno(ENOENT);
ret = pipe2(pipe_fds, O_CLOEXEC);
+#ifdef HAVE_ISULAD
+ if (ret < 0) {
+ lxc_free_idmap(idmap);
+ free(idmap);
+ return -errno;
+ }
+#else
if (ret < 0)
return -errno;
+#endif
d.p[0] = pipe_fds[0];
d.p[1] = pipe_fds[1];
@@ -4710,6 +4722,11 @@ on_error:
if (status < 0)
ret = -1;
+#ifdef HAVE_ISULAD
+ lxc_free_idmap(idmap);
+ free(idmap);
+#endif
+
return ret;
}
@@ -4717,7 +4734,11 @@ int userns_exec_minimal(const struct lxc_conf *conf,
int (*fn_parent)(void *), void *fn_parent_data,
int (*fn_child)(void *), void *fn_child_data)
{
+#ifdef HAVE_ISULAD
+ struct lxc_list *idmap = NULL;
+#else
call_cleaner(lxc_free_idmap) struct lxc_list *idmap = NULL;
+#endif
uid_t resuid = LXC_INVALID_UID;
gid_t resgid = LXC_INVALID_GID;
char c = '1';
@@ -4733,8 +4754,16 @@ int userns_exec_minimal(const struct lxc_conf *conf,
return ret_errno(ENOENT);
ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, sock_fds);
+#ifdef HAVE_ISULAD
+ if (ret < 0) {
+ lxc_free_idmap(idmap);
+ free(idmap);
+ return -errno;
+ }
+#else
if (ret < 0)
return -errno;
+#endif
pid = fork();
if (pid < 0) {
@@ -4830,6 +4859,11 @@ on_error:
close_prot_errno_disarm(sock_fds[0]);
close_prot_errno_disarm(sock_fds[1]);
+#ifdef HAVE_ISULAD
+ lxc_free_idmap(idmap);
+ free(idmap);
+#endif
+
/* Wait for child to finish. */
if (pid < 0)
return -1;
@@ -5468,6 +5502,10 @@ int lxc_drop_caps(struct lxc_conf *conf)
struct lxc_list *caps = NULL;
int *caplist = NULL;
+ if (conf == NULL) {
+ return -1;
+ }
+
if (lxc_list_empty(&conf->keepcaps))
return 0;
@@ -5654,7 +5692,7 @@ static int mount_entry_with_loop_dev(const char *src, const char *dest, const ch
if (srcfd < 0)
return srcfd;
ret = snprintf(srcbuf, sizeof(srcbuf), "/proc/self/fd/%d", srcfd);
- if (ret < 0 || ret > sizeof(srcbuf)) {
+ if (ret < 0 || (size_t)ret >= sizeof(srcbuf)) {
close(srcfd);
ERROR("Failed to print string");
return -EINVAL;
@@ -5673,7 +5711,7 @@ static int mount_entry_with_loop_dev(const char *src, const char *dest, const ch
}
ret = snprintf(destbuf, sizeof(destbuf), "/proc/self/fd/%d", destfd);
- if (ret < 0 || ret > sizeof(destbuf)) {
+ if (ret < 0 || (size_t)ret >= sizeof(destbuf)) {
if (srcfd != -1)
close(srcfd);
close(destfd);
@@ -6245,6 +6283,7 @@ static char **merge_ocihook_env(char **oldenvs, size_t env_len, size_t *merge_en
size_t env_buf_len = 0;
tmpenv = getenv(lxc_envs[j]);
if (tmpenv && i < (result_len - 1)) {
+ int nret = 0;
if (strlen(tmpenv) > (SIZE_MAX - 1 - 1 - strlen(lxc_envs[j]))) {
lxc_free_array((void **)result, free);
return NULL;
@@ -6255,7 +6294,8 @@ static char **merge_ocihook_env(char **oldenvs, size_t env_len, size_t *merge_en
lxc_free_array((void **)result, free);
return NULL;
}
- if (snprintf(lxcenv_buf, env_buf_len, "%s=%s", lxc_envs[j], tmpenv) < 0) {
+ nret = snprintf(lxcenv_buf, env_buf_len, "%s=%s", lxc_envs[j], tmpenv);
+ if (nret < 0 || nret >= env_buf_len) {
free(lxcenv_buf);
continue;
}
diff --git a/src/lxc/exec_commands.c b/src/lxc/exec_commands.c
index 50246fa..52067e1 100644
--- a/src/lxc/exec_commands.c
+++ b/src/lxc/exec_commands.c
@@ -228,7 +228,7 @@ static int lxc_exec_cmd_set_terminal_winch_callback(int fd, struct lxc_exec_cmd_
struct lxc_exec_cmd_set_terminal_winch_request *data = (struct lxc_exec_cmd_set_terminal_winch_request *)(req->data);
memset(&rsp, 0, sizeof(rsp));
- rsp.ret = lxc_set_terminal_winsz(handler->terminal, data->height, data->width);;
+ rsp.ret = lxc_set_terminal_winsz(handler->terminal, data->height, data->width);
return lxc_exec_cmd_rsp_send(fd, &rsp);
diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 681207b..1c18769 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -128,7 +128,7 @@ ssize_t lxc_write_nointr_for_fifo(int fd, const char *buf, size_t count)
ssize_t nret = 0;
ssize_t nwritten;
- if (buf == NULL) {
+ if (fd < 0 || buf == NULL) {
return -1;
}
diff --git a/src/lxc/isulad_utils.c b/src/lxc/isulad_utils.c
index ee39302..c71bb5b 100644
--- a/src/lxc/isulad_utils.c
+++ b/src/lxc/isulad_utils.c
@@ -42,14 +42,14 @@ int lxc_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize)
{
void *tmp = NULL;
- if (newsize == 0) {
- goto err_out;
+ if (newptr == NULL || newsize == 0) {
+ return -1;
}
tmp = lxc_common_calloc_s(newsize);
if (tmp == NULL) {
ERROR("Failed to malloc memory");
- goto err_out;
+ return -1;
}
if (oldptr != NULL) {
@@ -62,9 +62,6 @@ int lxc_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize)
*newptr = tmp;
return 0;
-
-err_out:
- return -1;
}
char *safe_strdup(const char *src)
@@ -87,6 +84,10 @@ int lxc_open(const char *filename, int flags, mode_t mode)
{
char rpath[PATH_MAX] = {0x00};
+ if (filename == NULL) {
+ return -1;
+ }
+
if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) {
return -1;
}
@@ -101,6 +102,10 @@ FILE *lxc_fopen(const char *filename, const char *mode)
{
char rpath[PATH_MAX] = {0x00};
+ if (filename == NULL || mode == NULL || strlen(mode) == 0) {
+ return NULL;
+ }
+
if (cleanpath(filename, rpath, sizeof(rpath)) == NULL) {
return NULL;
}
@@ -137,6 +142,10 @@ int lxc_file2str(const char *filename, char ret[], int cap)
{
int fd, num_read;
+ if (filename == NULL || ret == NULL || cap == 0) {
+ return -1;
+ }
+
if ((fd = lxc_open(filename, O_RDONLY | O_CLOEXEC, 0)) == -1)
return -1;
if ((num_read = read(fd, ret, cap - 1)) <= 0)
@@ -455,7 +464,7 @@ static int parse_line_pw(const char delim, char *line, struct passwd *result)
return 0;
}
-char *util_left_trim_space(char *str)
+static char *util_left_trim_space(char *str)
{
char *begin = str;
char *tmp = str;
diff --git a/src/lxc/json/json_common.c b/src/lxc/json/json_common.c
index ec20c59..dd4dfcd 100755
--- a/src/lxc/json/json_common.c
+++ b/src/lxc/json/json_common.c
@@ -682,7 +682,7 @@ yajl_gen_status gen_json_map_int_string(void *ctx, json_map_int_string *map, str
if (yajl_gen_status_ok != stat) {
GEN_SET_ERROR_AND_RETURN(stat, err);
}
- stat = reformat_string(g, map->values[i], strlen(map->values[i]));;
+ stat = reformat_string(g, map->values[i], strlen(map->values[i]));
if (yajl_gen_status_ok != stat) {
GEN_SET_ERROR_AND_RETURN(stat, err);
}
@@ -1048,7 +1048,7 @@ yajl_gen_status gen_json_map_string_string(void *ctx, json_map_string_string *ma
if (yajl_gen_status_ok != stat) {
GEN_SET_ERROR_AND_RETURN(stat, err);
}
- stat = reformat_string(g, map->values[i], strlen(map->values[i]));;
+ stat = reformat_string(g, map->values[i], strlen(map->values[i]));
if (yajl_gen_status_ok != stat) {
GEN_SET_ERROR_AND_RETURN(stat, err);
}
diff --git a/src/lxc/path.c b/src/lxc/path.c
index c0529b7..25dd68d 100644
--- a/src/lxc/path.c
+++ b/src/lxc/path.c
@@ -30,6 +30,10 @@ bool specify_current_dir(const char *path)
char *basec = NULL, *bname = NULL;
bool res = false;
+ if (path == NULL) {
+ return false;
+ }
+
basec = safe_strdup(path);
bname = basename(basec);
@@ -59,6 +63,10 @@ char *preserve_trailing_dot_or_separator(const char *cleanedpath,
char *respath = NULL;
size_t len;
+ if (cleanedpath == NULL || originalpath == NULL) {
+ return NULL;
+ }
+
if (strlen(cleanedpath) > (SIZE_MAX - 3)) {
return NULL;
}
@@ -96,6 +104,10 @@ bool filepath_split(const char *path, char **dir, char **base)
ssize_t i;
size_t len;
+ if (path == NULL || dir == NULL || base == NULL) {
+ return false;
+ }
+
len = strlen(path);
if (len >= PATH_MAX) {
ERROR("Invalid path");
@@ -138,7 +150,7 @@ static bool do_clean_path_continue(const char *endpos, const char *stpos, const
return false;
}
-int do_clean_path(const char *respath, const char *limit_respath,
+static int do_clean_path(const char *respath, const char *limit_respath,
const char *stpos, char **dst)
{
char *dest = *dst;
@@ -515,6 +527,11 @@ char *follow_symlink_in_scope(const char *fullpath, const char *rootpath)
char resfull[PATH_MAX] = {0}, *full = NULL;
char resroot[PATH_MAX] = {0}, *root = NULL;
+ if (fullpath == NULL || rootpath == NULL) {
+ ERROR("Invalid arguments");
+ return NULL;
+ }
+
full = cleanpath(fullpath, resfull, PATH_MAX);
if (!full) {
ERROR("Failed to get cleaned path");
@@ -544,6 +561,7 @@ int get_resource_path(const char *rootpath, const char *path,
char resolved[PATH_MAX] = {0}, *cleanedpath = NULL;
char *fullpath = NULL;
size_t len;
+ int nret = 0;
if (!rootpath || !path || !scopepath)
return -1;
@@ -562,7 +580,12 @@ int get_resource_path(const char *rootpath, const char *path,
ERROR("Out of memory");
return -1;
}
- snprintf(fullpath, len, "%s%s", rootpath, cleanedpath);
+ nret = snprintf(fullpath, len, "%s%s", rootpath, cleanedpath);
+ if (nret < 0 || nret >= len) {
+ ERROR("Failed to snprintf");
+ free(fullpath);
+ return -1;
+ }
*scopepath = follow_symlink_in_scope(fullpath, rootpath);
@@ -584,6 +607,11 @@ char *path_relative(const char *basepath, const char *targpath)
char restarg[PATH_MAX] = {0}, *targ = NULL;
size_t bl = 0, tl = 0, b0 = 0, bi = 0, t0 = 0, ti = 0;
+ if (basepath == NULL || targpath == NULL) {
+ ERROR("Invalid arguments");
+ return NULL;
+ }
+
base = cleanpath(basepath, resbase, PATH_MAX);
if (!base) {
ERROR("Failed to get cleaned path");
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 6fe1203..5de444d 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -906,7 +906,7 @@ struct start_timeout_conf {
int errfd;
};
-void trim_line(char *s)
+static void trim_line(char *s)
{
size_t len;
@@ -1005,7 +1005,7 @@ static int _recursive_read_cgroup_procs(const char *dirpath, pid_t **pids, size_
return failed ? -1 : 0;
}
-int get_all_pids(struct cgroup_ops *cg_ops, pid_t **pids, size_t *len)
+static int get_all_pids(struct cgroup_ops *cg_ops, pid_t **pids, size_t *len)
{
const char *devices_path = NULL;
@@ -2875,6 +2875,7 @@ static int clean_resource_set_env(struct lxc_handler *handler)
}
for (; i < conf->ocihooks->poststop_len; i++) {
+ int nret = 0;
size_t cap = conf->ocihooks->poststop[i]->env_len;
size_t newcap = cap + len + 1;
if (lxc_grow_array((void ***)&(conf->ocihooks->poststop[i]->env), &cap, newcap, 1) != 0) {
@@ -2883,38 +2884,70 @@ static int clean_resource_set_env(struct lxc_handler *handler)
j = conf->ocihooks->poststop[i]->env_len;
/* Start of environment variable setup for hooks. */
if (name) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_NAME=%s", name);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_NAME=%s", name);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
if (conf->rcfile) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_CONFIG_FILE=%s", conf->rcfile);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CONFIG_FILE=%s", conf->rcfile);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
if (conf->rootfs.mount) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_MOUNT=%s", conf->rootfs.mount);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_MOUNT=%s", conf->rootfs.mount);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
if (conf->rootfs.path) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_PATH=%s", conf->rootfs.path);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_PATH=%s", conf->rootfs.path);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
if (conf->console.path) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE=%s", conf->console.path);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE=%s", conf->console.path);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
if (conf->console.log_path) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE_LOGPATH=%s", conf->console.log_path);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE_LOGPATH=%s", conf->console.log_path);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
conf->ocihooks->poststop[i]->env[j++] = safe_strdup("LXC_CGNS_AWARE=1");
+ conf->ocihooks->poststop[i]->env_len++;
- snprintf(bufstr, PATH_MAX + 1, "LXC_PID=%d", handler->pid);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_PID=%d", handler->pid);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
if (handler->cgroup_ops->container_cgroup) {
- snprintf(bufstr, PATH_MAX + 1, "LXC_CGROUP_PATH=%s", handler->cgroup_ops->container_cgroup);
+ nret = snprintf(bufstr, PATH_MAX + 1, "LXC_CGROUP_PATH=%s", handler->cgroup_ops->container_cgroup);
+ if (nret < 0 || nret > PATH_MAX) {
+ return -1;
+ }
conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ conf->ocihooks->poststop[i]->env_len++;
}
- conf->ocihooks->poststop[i]->env_len = j;
/* End of environment variable setup for hooks. */
}
return 0;
@@ -3075,6 +3108,11 @@ int do_lxcapi_get_pids(char *name, char *lxcpath, struct lxc_conf *conf, pid_t *
struct lxc_handler *handler = NULL;
struct cgroup_ops *cg_ops = NULL;
+ if (conf == NULL || pids == NULL || pids_len == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
handler = lxc_init_pids_handler(name, lxcpath, conf);
if (!handler) {
ERROR("Failed to init container %s clean handler", name);
diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c
index 0539eca..88d4d94 100644
--- a/src/lxc/terminal.c
+++ b/src/lxc/terminal.c
@@ -194,6 +194,11 @@ int lxc_set_terminal_winsz(struct lxc_terminal *terminal, unsigned int height, u
int ret = 0;
struct winsize wsz;
+ if (terminal == NULL) {
+ ERROR("Invalid arguments");
+ return -1;
+ }
+
if (terminal->ptmx < 0) {
return 0;
}
@@ -225,6 +230,10 @@ static int lxc_terminal_rename_old_log_file(struct lxc_terminal *terminal)
char tmp[PATH_MAX] = {0};
char *rename_fname = NULL;
+ if (terminal->log_rotate == 0) {
+ return 0;
+ }
+
for (i = terminal->log_rotate - 1; i > 1; i--) {
ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i);
if (ret < 0 || ret >= PATH_MAX) {
@@ -413,10 +422,12 @@ static bool get_time_buffer(struct timespec *timestamp, char *timebuffer,
seconds = (time_t)timestamp->tv_sec;
gmtime_r(&seconds, &tm_utc);
- strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc);
+ len = strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc);
+ if (len == 0) {
+ return false;
+ }
nanos = (int32_t)timestamp->tv_nsec;
- len = strlen(timebuffer);
ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos);
if (ret < 0 || ret >= (maxsize - len)) {
return false;
@@ -1548,7 +1559,7 @@ static int terminal_fifo_open(const char *fifo_path, int flags)
return fd;
}
-bool fifo_exists(const char *path)
+static bool fifo_exists(const char *path)
{
struct stat sb;
int ret;
@@ -1715,11 +1726,16 @@ err:
int lxc_terminal_add_fifos(struct lxc_conf *conf, const char *fifonames)
{
int ret = 0;
- struct lxc_terminal *terminal = &conf->console;
+ struct lxc_terminal *terminal = NULL;
int fifofd_in = -1;
char *tmp = NULL, *saveptr = NULL, *in = NULL, *out = NULL, *err = NULL;
const char *none_fifo_name = "none";
+ if (conf == NULL || fifonames == NULL) {
+ return -1;
+ }
+
+ terminal = &conf->console;
tmp = safe_strdup(fifonames);
in = strtok_r(tmp, "&&&&", &saveptr);
--
2.25.1

9
lxc.spec
View File

@ -1,4 +1,4 @@
%global _release 2022102421
%global _release 2022102422
Name: lxc
Version: 4.0.3
@ -42,6 +42,7 @@ Patch0031: 0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch
Patch0032: 0032-fix-load-bpf-failed.patch
Patch0033: 0033-fix-mount-device-path-incorrect.patch
Patch0034: 0034-add-secure-compile-macro.patch
Patch0035: 0035-codecheck-fix.patch
BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath
BuildRequires: pkgconfig(libseccomp)
@ -228,6 +229,12 @@ rm -rf %{buildroot}%{_sysconfdir}/default/%{name}
%endif
%changelog
* Wed Sep 06 2023 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022102422
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: codecheck fix
* Mon Jul 10 2023 mzzhou<1362843687@qq.com> - 4.0.3-2022102421
- Type:enhancement
- ID:NA