packages/clibcni
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!162 [sync] PR-160: Fix potential log error and empty pointer reference

Browse Source 
* Fix potential log error and empty pointer reference
This commit is contained in:
openeuler-sync-bot 2023-09-12 03:36:07 +00:00 committed by haozi007
parent f57484bcdb
commit 22f43a00d0
3 changed files with 436 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
0001-46-Check-empty-pointer-before-referenced.patch Normal file
View File

@ -0,0 +1,176 @@
From 5750fedb9125af7c8d4ec5ef41d06ae72b728244 Mon Sep 17 00:00:00 2001
From: jake <jikai11@huawei.com>
Date: Wed, 30 Aug 2023 05:06:57 +0000
Subject: [PATCH 1/2] !46 Check empty pointer before referenced * Fix empty
pointer and overflow
---
src/api.c | 8 ++++++++
src/conf.c | 3 +++
src/invoke/exec.c | 2 ++
src/types/types.c | 23 +++++++++++++++++++++++
src/utils.c | 2 +-
src/version/version.c | 5 +++++
6 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/src/api.c b/src/api.c
index 13a4ec8..460223f 100644
--- a/src/api.c
+++ b/src/api.c
@@ -844,6 +844,10 @@ int cni_conf_from_file(const char *filename, struct cni_network_conf **config, c
ERROR("Empty err");
return -1;
}
+ if (config == NULL) {
+ ERROR("Empty config");
+ return -1;
+ }
ret = conf_from_file(filename, &netconf, err);
if (ret != 0) {
ERROR("Parse conf file: %s failed: %s", filename, *err != NULL ? *err : "");
@@ -932,6 +936,10 @@ int cni_conflist_from_file(const char *filename, struct cni_network_list_conf **
ERROR("Empty err");
return -1;
}
+ if (list == NULL) {
+ ERROR("Empty list");
+ return -1;
+ }
ret = conflist_from_file(filename, &tmp_cni_net_conf_list, err);
if (ret != 0) {
return ret;
diff --git a/src/conf.c b/src/conf.c
index d1ff3d9..a3214b3 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -495,6 +495,7 @@ int load_conf(const char *dir, const char *name, struct network_config **conf, c
*err = clibcni_util_strdup_s("Out of memory");
}
ERROR("no net configurations found in %s", dir);
+ ret = -1;
goto free_out;
}
@@ -538,6 +539,7 @@ static int generate_new_conflist(const cni_net_conf_list *list, struct network_c
*err = clibcni_util_strdup_s("Out of memory");
}
ERROR("Generate conf list json failed: %s", jerr);
+ ret = -1;
goto free_out;
}
free(jerr);
@@ -551,6 +553,7 @@ static int generate_new_conflist(const cni_net_conf_list *list, struct network_c
*err = clibcni_util_strdup_s("Out of memory");
}
ERROR("Parse conf list from json failed: %s", jerr);
+ ret = -1;
goto free_out;
}
ret = 0;
diff --git a/src/invoke/exec.c b/src/invoke/exec.c
index becba55..16d53ea 100644
--- a/src/invoke/exec.c
+++ b/src/invoke/exec.c
@@ -72,6 +72,7 @@ static int do_parse_exec_stdout_str(int exec_ret, const char *cni_net_conf_json,
goto out;
}
if (clibcni_is_null_or_empty(stdout_str)) {
+ ret = -1;
ERROR("Get empty stdout message");
goto out;
}
@@ -140,6 +141,7 @@ int exec_plugin_without_result(const char *plugin_path, const char *cni_net_conf
envs = as_env(cniargs);
if (envs == NULL) {
*err = clibcni_util_strdup_s("As env failed");
+ ret = -1;
goto out;
}
}
diff --git a/src/types/types.c b/src/types/types.c
index a9a04e7..24e3f1b 100644
--- a/src/types/types.c
+++ b/src/types/types.c
@@ -453,6 +453,12 @@ static int get_ipv6_mask(const struct ipnet *value, size_t iplen, uint8_t **mask
(void)memcpy(*mask, (value->ip_mask + IPV4_TO_V6_EMPTY_PREFIX_BYTES), IPV4LEN);
return IPV4LEN;
} else {
+ *mask = clibcni_util_smart_calloc_s(IPV6LEN, sizeof(uint8_t));
+ if (*mask == NULL) {
+ *err = clibcni_util_strdup_s("Out of memory");
+ ERROR("Out of memory");
+ return 0;
+ }
(void)memcpy(*mask, value->ip_mask, IPV6LEN);
return IPV6LEN;
}
@@ -551,6 +557,10 @@ char *ipnet_to_string(const struct ipnet *value, char **err)
int nret = 0;
size_t res_len = 0;
+ if (value == NULL || err == NULL) {
+ ERROR("Invalid arg");
+ return NULL;
+ }
iplen = try_to_ipv4(value, &ip, err);
if (iplen == 0) {
goto free_out;
@@ -686,6 +696,14 @@ int parse_ip_from_str(const char *addr, uint8_t **ips, size_t *len, char **err)
ERROR("Empty address");
return -1;
}
+ if (err == NULL) {
+ ERROR("Empty err");
+ return -1;
+ }
+ if (ips == NULL || len == NULL) {
+ ERROR("Invalid argument");
+ return -1;
+ }
nret = inet_pton(AF_INET, addr, &ipv4);
if (nret < 0) {
nret = asprintf(err, "ipv4 inet_pton %s", strerror(errno));
@@ -754,6 +772,11 @@ int parse_cidr(const char *cidr_str, struct ipnet **ipnet_val, char **err)
return -1;
}
+ if (ipnet_val == NULL || err == NULL) {
+ ERROR("Invalid argument");
+ return -1;
+ }
+
work_cidr = clibcni_util_strdup_s(cidr_str);
result = clibcni_util_common_calloc_s(sizeof(struct ipnet));
diff --git a/src/utils.c b/src/utils.c
index 4308b62..8efa330 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -417,7 +417,7 @@ int clibcni_util_safe_uint(const char *numstr, unsigned int *converted)
char *err_str = NULL;
unsigned long long ull = 0;
- if (converted == NULL) {
+ if (numstr == NULL || converted == NULL) {
return -1;
}
errno = 0;
diff --git a/src/version/version.c b/src/version/version.c
index 058e30f..00aa149 100644
--- a/src/version/version.c
+++ b/src/version/version.c
@@ -75,6 +75,11 @@ struct plugin_info *plugin_supports(const char * const *supported_versions, size
size_t size = 0;
bool invalid_arg = (supported_versions == NULL || len < 1);
+ if (errmsg == NULL) {
+ ERROR("Empty errmsg");
+ return NULL;
+ }
+
if (invalid_arg) {
*errmsg = clibcni_util_strdup_s("Invalid version argument");
return NULL;
--
2.33.0

250
0002-47-remove-unnecessary-strerror.patch Normal file
View File

@ -0,0 +1,250 @@
From e782318607aa5f1b2cf2fcf003a5a12066877714 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Thu, 7 Sep 2023 07:39:18 +0000
Subject: [PATCH 2/2] !47 remove unnecessary strerror * remove unnecessary
strerror
---
src/api.c | 36 ++++++++++++++++++++----------------
src/conf.c | 12 ++++++------
src/invoke/exec.c | 17 +++++++++--------
src/invoke/tools.c | 2 +-
src/types/types.c | 6 ++++--
src/utils.c | 2 +-
6 files changed, 41 insertions(+), 34 deletions(-)
diff --git a/src/api.c b/src/api.c
index 460223f..4541496 100644
--- a/src/api.c
+++ b/src/api.c
@@ -299,6 +299,22 @@ out:
return ret;
}
+static void format_invoke_err_msg(const char *name, int save_errno, char **err)
+{
+ const char *invoke_err = get_invoke_err_msg(save_errno);
+
+ if (asprintf(err, "find plugin: \"%s\" failed: %s", name, invoke_err != NULL ? invoke_err : "") < 0) {
+ *err = clibcni_util_strdup_s("Out of memory");
+ }
+
+ if (invoke_err != NULL) {
+ ERROR("find plugin: \"%s\" failed: %s", name, invoke_err);
+ return;
+ }
+ errno = save_errno;
+ SYSERROR("find plugin: \"%s\" failed", name);
+}
+
static int run_cni_plugin(const struct network_config_list *list, size_t i, const char *operator,
const struct runtime_conf *rc, const char * const *paths, size_t paths_len,
struct result **pret, char **err)
@@ -320,10 +336,7 @@ static int run_cni_plugin(const struct network_config_list *list, size_t i, cons
ret = find_in_path(net.network->type, paths, paths_len, &plugin_path, &save_errno);
if (ret != 0) {
- if (asprintf(err, "find plugin: \"%s\" failed: %s", net.network->type, get_invoke_err_msg(save_errno)) < 0) {
- *err = clibcni_util_strdup_s("Out of memory");
- }
- ERROR("find plugin: \"%s\" failed: %s", net.network->type, get_invoke_err_msg(save_errno));
+ format_invoke_err_msg(net.network->type, save_errno, err);
goto free_out;
}
@@ -448,10 +461,7 @@ static int add_network(const struct network_config *net, const struct runtime_co
}
ret = find_in_path(net->network->type, paths, paths_len, &plugin_path, &save_errno);
if (ret != 0) {
- if (asprintf(err, "find plugin: \"%s\" failed: %s", net->network->type, get_invoke_err_msg(save_errno)) < 0) {
- *err = clibcni_util_strdup_s("Out of memory");
- }
- ERROR("find plugin: \"%s\" failed: %s", net->network->type, get_invoke_err_msg(save_errno));
+ format_invoke_err_msg(net->network->type, save_errno, err);
goto free_out;
}
@@ -496,10 +506,7 @@ static int del_network(const struct network_config *net, const struct runtime_co
}
ret = find_in_path(net->network->type, paths, paths_len, &plugin_path, &save_errno);
if (ret != 0) {
- if (asprintf(err, "find plugin: \"%s\" failed: %s", net->network->type, get_invoke_err_msg(save_errno)) < 0) {
- *err = clibcni_util_strdup_s("Out of memory");
- }
- ERROR("find plugin: \"%s\" failed: %s", net->network->type, get_invoke_err_msg(save_errno));
+ format_invoke_err_msg(net->network->type, save_errno, err);
goto free_out;
}
@@ -814,10 +821,7 @@ int cni_get_version_info(const char *plugin_type, char **paths, struct plugin_in
len = clibcni_util_array_len((const char * const *)paths);
ret = find_in_path(plugin_type, (const char * const *)paths, len, &plugin_path, &save_errno);
if (ret != 0) {
- if (asprintf(err, "find plugin: \"%s\" failed: %s", plugin_type, get_invoke_err_msg(save_errno)) < 0) {
- *err = clibcni_util_strdup_s("Out of memory");
- }
- ERROR("find plugin: \"%s\" failed: %s", plugin_type, get_invoke_err_msg(save_errno));
+ format_invoke_err_msg(plugin_type, save_errno, err);
return ret;
}
diff --git a/src/conf.c b/src/conf.c
index a3214b3..4d74b73 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -107,10 +107,10 @@ static char *do_get_cni_net_confs_json(const char *filename, char **err)
content = clibcni_util_read_text_file(filename);
if (content == NULL) {
- if (asprintf(err, "Read file %s failed: %s", filename, strerror(errno)) < 0) {
+ SYSERROR("Read file %s failed", filename);
+ if (asprintf(err, "Read file %s failed", filename) < 0) {
*err = clibcni_util_strdup_s("Read file failed");
}
- ERROR("Read file %s failed: %s", filename, strerror(errno));
}
return content;
@@ -303,10 +303,10 @@ static int check_conf_dir(const char *dir, DIR **directory, char **err)
if (errno == ENOENT) {
return 0;
}
- if (asprintf(err, "Open dir failed: %s", strerror(errno)) < 0) {
+ SYSERROR("Open dir: %s failed", dir);
+ if (asprintf(err, "Open dir: %s failed", dir) < 0) {
*err = clibcni_util_strdup_s("Out of memory");
}
- SYSERROR("Open dir failed");
return -1;
}
return 1;
@@ -319,11 +319,11 @@ static int do_check_file_is_valid(const char *fname, int *result, char **err)
nret = lstat(fname, &tmp_fstat);
if (nret != 0) {
- nret = asprintf(err, "lstat %s failed: %s", fname, strerror(errno));
+ SYSERROR("lstat %s failed", fname);
+ nret = asprintf(err, "check file %s failed", fname);
if (nret < 0) {
*err = clibcni_util_strdup_s("Out of memory");
}
- SYSERROR("lstat %s failed", fname);
*result = -1;
return -1;
}
diff --git a/src/invoke/exec.c b/src/invoke/exec.c
index 16d53ea..4ce4b5d 100644
--- a/src/invoke/exec.c
+++ b/src/invoke/exec.c
@@ -354,7 +354,8 @@ static int prepare_raw_exec(const char *plugin_path, int pipe_stdin[2], int pipe
ret = pipe2(pipe_stdin, O_CLOEXEC | O_NONBLOCK);
if (ret < 0) {
- ret = snprintf(errmsg, len, "Pipe stdin failed: %s", strerror(errno));
+ SYSERROR("Pipe stdin failed");
+ ret = snprintf(errmsg, len, "Pipe stdin failed");
if (ret < 0 || (size_t)ret >= len) {
ERROR("Sprintf failed");
}
@@ -363,7 +364,8 @@ static int prepare_raw_exec(const char *plugin_path, int pipe_stdin[2], int pipe
ret = pipe2(pipe_stdout, O_CLOEXEC | O_NONBLOCK);
if (ret < 0) {
- ret = snprintf(errmsg, len, "Pipe stdout failed: %s", strerror(errno));
+ SYSERROR("Pipe stdout failed");
+ ret = snprintf(errmsg, len, "Pipe stdout failed");
if (ret < 0 || (size_t)ret >= len) {
ERROR("Sprintf failed");
}
@@ -383,7 +385,7 @@ static int write_stdin_data_to_child(int pipe_stdin[2], const char *stdin_data,
len = strlen(stdin_data);
if (clibcni_util_write_nointr(pipe_stdin[1], stdin_data, len) != (ssize_t)len) {
- ret = snprintf(errmsg, errmsg_len, "Write stdin data failed: %s", strerror(errno));
+ ret = snprintf(errmsg, errmsg_len, "Write stdin data failed");
if (ret < 0 || (size_t)ret >= errmsg_len) {
ERROR("Sprintf failed");
}
@@ -406,8 +408,7 @@ static int read_child_stdout_msg(const int pipe_stdout[2], char *errmsg, size_t
char buffer[CLIBCNI_BUFFER_SIZE] = { 0 };
ssize_t tmp_len = clibcni_util_read_nointr(pipe_stdout[0], buffer, CLIBCNI_BUFFER_SIZE - 1);
if (tmp_len < 0) {
- ret = snprintf(errmsg, errmsg_len, "%s; read stdout failed: %s", strlen(errmsg) > 0 ? errmsg : "",
- strerror(errno));
+ ret = snprintf(errmsg, errmsg_len, "%s; read stdout failed", strlen(errmsg) > 0 ? errmsg : "");
if (ret < 0 || (size_t)ret >= errmsg_len) {
ERROR("Sprintf failed");
}
@@ -437,8 +438,7 @@ static int wait_pid_for_raw_exec_child(pid_t child_pid, const int pipe_stdout[2]
ret = read_child_stdout_msg(pipe_stdout, errmsg, errmsg_len, stdout_str);
if (wait_pid < 0) {
- ret = snprintf(errmsg, errmsg_len, "%s; waitpid failed: %s", strlen(errmsg) > 0 ? errmsg : "",
- strerror(errno));
+ ret = snprintf(errmsg, errmsg_len, "%s; waitpid failed", strlen(errmsg) > 0 ? errmsg : "");
if (ret < 0 || (size_t)ret >= errmsg_len) {
ERROR("Sprintf failed");
}
@@ -571,7 +571,8 @@ static int raw_exec(const char *plugin_path, const char *stdin_data, char * cons
child_pid = fork();
if (child_pid < 0) {
- ret = snprintf(errmsg, sizeof(errmsg), "Fork failed: %s", strerror(errno));
+ SYSERROR("Fork failed");
+ ret = snprintf(errmsg, sizeof(errmsg), "Fork failed");
if (ret < 0 || (size_t)ret >= sizeof(errmsg)) {
ERROR("Sprintf failed");
}
diff --git a/src/invoke/tools.c b/src/invoke/tools.c
index 7660be1..7c497f1 100644
--- a/src/invoke/tools.c
+++ b/src/invoke/tools.c
@@ -52,7 +52,7 @@ const char *get_invoke_err_msg(int errcode)
if (errcode <= INK_SUCCESS) {
return g_CNI_INVOKE_ERR_MSGS[errcode - (INK_ERR_MIN)];
}
- return strerror(errcode);
+ return NULL;
}
static int do_check_file(const char *plugin, const char *path, char **find_path, int *save_errno)
diff --git a/src/types/types.c b/src/types/types.c
index 24e3f1b..fad396b 100644
--- a/src/types/types.c
+++ b/src/types/types.c
@@ -665,7 +665,8 @@ static int do_parse_ipv6_from_str(const char *addr, struct in6_addr *ipv6, uint8
}
nret = inet_pton(AF_INET6, addr, ipv6);
if (nret < 0) {
- nret = asprintf(err, "ipv6 inet_pton %s", strerror(errno));
+ SYSERROR("ipv6 inet_pton for: %s", addr);
+ nret = asprintf(err, "invalid ipv6 addr %s.", addr);
if (nret < 0) {
ERROR("Sprintf failed");
*ret = 1;
@@ -706,7 +707,8 @@ int parse_ip_from_str(const char *addr, uint8_t **ips, size_t *len, char **err)
}
nret = inet_pton(AF_INET, addr, &ipv4);
if (nret < 0) {
- nret = asprintf(err, "ipv4 inet_pton %s", strerror(errno));
+ SYSERROR("ipv4 inet_pton for: %s", addr);
+ nret = asprintf(err, "invalid ipv4 addr %s.", addr);
if (nret < 0) {
ERROR("Sprintf failed");
ret = 1;
diff --git a/src/utils.c b/src/utils.c
index 8efa330..d4a8ead 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -697,7 +697,7 @@ char *clibcni_util_read_text_file(const char *path)
readlen = fread(buf, 1, (size_t)len, filp);
if (((readlen < (size_t)len) && (!feof(filp))) || (readlen > (size_t)len)) {
- ERROR("Failed to read file %s, error: %s\n", path, strerror(errno));
+ SYSERROR("Failed to read file %s", path);
free(buf);
buf = NULL;
goto err_out;
--
2.33.0

11
clibcni.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.7
%global _release 6
%global _release 7
Name: clibcni
Version: %{_version}
Release: %{_release}
@ -10,6 +10,9 @@ URL: https://gitee.com/openeuler/clibcni
Source0: https://gitee.com/openeuler/clibcni/repository/archive/v%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}
Patch0001: 0001-46-Check-empty-pointer-before-referenced.patch
Patch0002: 0002-47-remove-unnecessary-strerror.patch
%define lcrver_lower 2.0.9-0
%define lcrver_upper 2.0.10-0
@ -88,6 +91,12 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Tue Sep 12 2023 jikai<jikai11@huawei.com> - 2.0.7-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Fix potential log error and empty pointer reference
* Fri May 12 2023 Wenlong Zhang <zhangwenlong@loongson.cn> - 2.0.7-6
- Type: feature
- ID: NA