From ac7f14ac9b4fc3cebe6bd58f199d1bf0fcbf981a Mon Sep 17 00:00:00 2001 From: openeuler-sync-bot Date: Sat, 26 Aug 2023 10:10:17 +0000 Subject: [PATCH] !607 [sync] PR-606: code improvements and bugfix for code review * code improvements and bugfix for code review --- 0107-improve-coding.patch | 490 ++++++ ...n-up-sensitive-information-in-memory.patch | 280 +++ 0109-2118-Fix-exec-buffer-overflow.patch | 26 + ...ength-of-runtime-args-and-increase-t.patch | 172 ++ ...re-argument-of-interface-is-not-null.patch | 966 +++++++++++ ...for-snprintf-and-fix-some-codecheck-.patch | 1516 +++++++++++++++++ ...-in-isulad-check.sh-and-use-EANBLE_I.patch | 44 + ...udge-the-snprintf-result-of-hostname.patch | 31 + ...-of-loaded-and-pulled-image-is-valid.patch | 199 +++ ...-Limit-the-response-size-of-ExecSync.patch | 31 + iSulad.spec | 18 +- 11 files changed, 3772 insertions(+), 1 deletion(-) create mode 100644 0107-improve-coding.patch create mode 100644 0108-2116-clean-up-sensitive-information-in-memory.patch create mode 100644 0109-2118-Fix-exec-buffer-overflow.patch create mode 100644 0110-2117-limit-the-length-of-runtime-args-and-increase-t.patch create mode 100644 0111-ensure-argument-of-interface-is-not-null.patch create mode 100644 0112-2123-add-verify-for-snprintf-and-fix-some-codecheck-.patch create mode 100644 0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch create mode 100644 0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch create mode 100644 0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch create mode 100644 0116-2129-Limit-the-response-size-of-ExecSync.patch diff --git a/0107-improve-coding.patch b/0107-improve-coding.patch new file mode 100644 index 0000000..2f4265d --- /dev/null +++ b/0107-improve-coding.patch @@ -0,0 +1,490 @@ +From a305fe5feaf32e5d72c0951b6ef0a522f7a5830d Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 15 Aug 2023 19:08:34 +0800 +Subject: [PATCH 01/10] improve coding + +Signed-off-by: haozi007 +--- + .../connect/grpc/grpc_containers_client.cc | 2 +- + .../container/container_events_handler.c | 4 ++-- + src/daemon/modules/container/container_unix.c | 2 +- + .../modules/runtime/isula/isula_rt_ops.c | 2 +- + src/utils/buffer/buffer.c | 6 +----- + src/utils/cutils/error.h | 2 +- + src/utils/cutils/util_atomic.h | 3 ++- + src/utils/cutils/utils.c | 2 +- + src/utils/cutils/utils_base64.c | 10 +++++++--- + src/utils/cutils/utils_file.c | 18 ++++++++++++------ + src/utils/cutils/utils_fs.c | 2 +- + src/utils/cutils/utils_mount_spec.c | 3 +-- + src/utils/cutils/utils_string.c | 7 +++---- + src/utils/cutils/utils_string.h | 2 +- + src/utils/cutils/utils_timestamp.c | 4 ++-- + src/utils/http/http.c | 2 +- + src/utils/tar/isulad_tar.c | 4 +--- + src/utils/tar/isulad_tar.h | 2 -- + src/utils/tar/util_archive.c | 16 ++++++++++------ + src/utils/tar/util_gzip.c | 6 +++--- + 20 files changed, 52 insertions(+), 47 deletions(-) + +diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc +index 301e172b..314f381f 100644 +--- a/src/client/connect/grpc/grpc_containers_client.cc ++++ b/src/client/connect/grpc/grpc_containers_client.cc +@@ -17,7 +17,7 @@ + #include "container.grpc.pb.h" + #include "isula_libutils/container_copy_to_request.h" + #include "isula_libutils/container_exec_request.h" +-#include "isulad_tar.h" ++#include "util_archive.h" + #include "stoppable_thread.h" + #include "utils.h" + #include +diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c +index 55dbfbe6..d78e6fc1 100644 +--- a/src/daemon/modules/container/container_events_handler.c ++++ b/src/daemon/modules/container/container_events_handler.c +@@ -131,7 +131,7 @@ static int container_state_changed(container_t *cont, const struct isulad_events + + pid = container_state_get_pid(cont->state); + if (pid != (int)events->pid) { +- DEBUG("Container's pid \'%d\' is not equal to event's pid \'%d\', ignore STOPPED event", pid, ++ DEBUG("Container's pid \'%d\' is not equal to event's pid \'%u\', ignore STOPPED event", pid, + events->pid); + container_unlock(cont); + ret = 0; +@@ -212,7 +212,7 @@ static int handle_one(container_t *cont, container_events_handler_t *handler) + events_handler_unlock(handler); + + events = (struct isulad_events_format *)it->elem; +- INFO("Received event %s with pid %d", events->id, events->pid); ++ INFO("Received event %s with pid %u", events->id, events->pid); + + if (container_state_changed(cont, events)) { + ERROR("Failed to change container %s state", cont->common_config->id); +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index 9910b3c8..9392cf0d 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -438,7 +438,7 @@ out: + int container_v2_spec_merge_contaner_spec(container_config_v2_common_config *v2_spec) + { + int ret = 0; +- int i = 0; ++ size_t i = 0; + container_config *container_spec = NULL; + + if (v2_spec == NULL) { +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 0f18926a..817d663f 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -704,7 +704,7 @@ static int status_to_exit_code(int status) + shim_exit_code records the exit code of isulad-shim, obtained through waitpid; + */ + static int shim_create(bool fg, const char *id, const char *workdir, const char *bundle, const char *runtime_cmd, +- int *exit_code, const char* timeout, int* shim_exit_code) ++ int *exit_code, const char *timeout, int *shim_exit_code) + { + pid_t pid = 0; + int shim_stderr_pipe[2] = { -1, -1 }; +diff --git a/src/utils/buffer/buffer.c b/src/utils/buffer/buffer.c +index 19a933cd..7f6bc527 100644 +--- a/src/utils/buffer/buffer.c ++++ b/src/utils/buffer/buffer.c +@@ -36,11 +36,7 @@ Buffer *buffer_alloc(size_t initial_size) + return NULL; + } + +- if (initial_size > SIZE_MAX / sizeof(char)) { +- free(buf); +- return NULL; +- } +- tmp = calloc(1, initial_size * sizeof(char)); ++ tmp = util_smart_calloc_s(sizeof(char), initial_size); + if (tmp == NULL) { + free(buf); + return NULL; +diff --git a/src/utils/cutils/error.h b/src/utils/cutils/error.h +index e3946cf2..537f4d12 100644 +--- a/src/utils/cutils/error.h ++++ b/src/utils/cutils/error.h +@@ -60,11 +60,11 @@ static inline void format_errorf(char **err, const char *format, ...) + char errbuf[BUFSIZ + 1] = { 0 }; + + va_list argp; +- va_start(argp, format); + + if (err == NULL) { + return; + } ++ va_start(argp, format); + + ret = vsnprintf(errbuf, BUFSIZ, format, argp); + va_end(argp); +diff --git a/src/utils/cutils/util_atomic.h b/src/utils/cutils/util_atomic.h +index 6fa2a662..5fa2c3d6 100644 +--- a/src/utils/cutils/util_atomic.h ++++ b/src/utils/cutils/util_atomic.h +@@ -129,7 +129,8 @@ static inline bool atomic_int_compare_exchange(volatile uint64_t *atomic, uint64 + + atomic_mutex_lock(&g_atomic_lock); + +- if ((success = (*atomic == oldval))) { ++ success = (*atomic == oldval); ++ if (success) { + *atomic = newval; + } + +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 3cede76a..a29de20e 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -1389,7 +1389,7 @@ static char *get_cpu_variant() + int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant) + { + int ret = 0; +- int i = 0; ++ size_t i; + struct utsname uts; + char *tmp_variant = NULL; + +diff --git a/src/utils/cutils/utils_base64.c b/src/utils/cutils/utils_base64.c +index 8301e4f9..3871140e 100644 +--- a/src/utils/cutils/utils_base64.c ++++ b/src/utils/cutils/utils_base64.c +@@ -173,13 +173,13 @@ out: + return ret; + } + +-size_t util_base64_decode_len(const char *input, size_t len) ++static size_t util_base64_decode_len(const char *input, size_t len) + { + size_t padding_count = 0; + + if (input == NULL || len < 4 || len % 4 != 0) { + ERROR("Invalid param for base64 decode length, length is %zu", len); +- return -1; ++ return 0; + } + + if (input[len - 1] == '=') { +@@ -189,7 +189,7 @@ size_t util_base64_decode_len(const char *input, size_t len) + } + } + +- return (strlen(input) / 4 * 3) - padding_count; ++ return (((strlen(input) / 4) * 3) - padding_count); + } + + int util_base64_decode(const char *input, size_t len, unsigned char **out, size_t *out_len) +@@ -219,6 +219,10 @@ int util_base64_decode(const char *input, size_t len, unsigned char **out, size_ + io = BIO_push(base64, io); + + out_put_len = util_base64_decode_len(input, len); ++ if (out_put_len == 0) { ++ ret = -1; ++ goto out; ++ } + out_put = util_common_calloc_s(out_put_len + 1); // '+1' for '\0' + if (out_put == NULL) { + ERROR("out of memory"); +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 4c62aaa6..9000b0dc 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -120,14 +120,19 @@ int util_path_remove(const char *path) + + ssize_t util_write_nointr_in_total(int fd, const char *buf, size_t count) + { +- ssize_t nret = 0; +- ssize_t nwritten; ++ size_t nwritten; + + if (buf == NULL) { + return -1; + } + ++ if (count > SSIZE_MAX) { ++ ERROR("Too large data to write"); ++ return -1; ++ } ++ + for (nwritten = 0; nwritten < count;) { ++ ssize_t nret; + nret = write(fd, buf + nwritten, count - nwritten); + if (nret < 0) { + if (errno == EINTR || errno == EAGAIN) { +@@ -140,7 +145,7 @@ ssize_t util_write_nointr_in_total(int fd, const char *buf, size_t count) + } + } + +- return nwritten; ++ return (ssize_t)nwritten; + } + + ssize_t util_write_nointr(int fd, const void *buf, size_t count) +@@ -1700,9 +1705,10 @@ int util_set_file_group(const char *fname, const char *group) + grp = getgrnam(group); + if (grp != NULL) { + gid = grp->gr_gid; +- DEBUG("Group %s found, gid: %d", group, gid); ++ DEBUG("Group %s found, gid: %u", group, gid); ++ // set owner to -1, will not change owner + if (chown(fname, -1, gid) != 0) { +- ERROR("Failed to chown %s to gid: %d", fname, gid); ++ ERROR("Failed to chown %s to gid: %u", fname, gid); + ret = -1; + goto out; + } +@@ -2032,7 +2038,7 @@ static int copy_file(char *copy_dst, char *copy_src, struct stat *src_stat, map_ + } else if (S_ISCHR(src_stat->st_mode) || S_ISBLK(src_stat->st_mode)) { + ret = copy_device(copy_dst, copy_src, src_stat); + } else { // fifo and socket +- ERROR("copy %s failed, unsupported type %d", copy_src, src_stat->st_mode); ++ ERROR("copy %s failed, unsupported type %u", copy_src, src_stat->st_mode); + return -1; + } + if (ret != 0) { +diff --git a/src/utils/cutils/utils_fs.c b/src/utils/cutils/utils_fs.c +index e7165f26..a8c65f86 100644 +--- a/src/utils/cutils/utils_fs.c ++++ b/src/utils/cutils/utils_fs.c +@@ -111,7 +111,7 @@ static struct fs_element const g_fs_names[] = { + struct mount_option_element { + const char *option; + bool clear; +- int flag; ++ unsigned long flag; + }; + + static struct mount_option_element const g_mount_options[] = { +diff --git a/src/utils/cutils/utils_mount_spec.c b/src/utils/cutils/utils_mount_spec.c +index 6793f93b..5386c115 100644 +--- a/src/utils/cutils/utils_mount_spec.c ++++ b/src/utils/cutils/utils_mount_spec.c +@@ -67,8 +67,6 @@ static int parse_mount_item_type(const char *value, char *mount_str, mount_spec + + static int parse_mount_item_src(const char *value, char *mount_str, mount_spec *m, char *errmsg) + { +- char srcpath[PATH_MAX] = { 0 }; +- + /* If value of source is NULL, ignore it */ + if (value == NULL) { + return 0; +@@ -87,6 +85,7 @@ static int parse_mount_item_src(const char *value, char *mount_str, mount_spec * + #endif + + if (value[0] == '/') { ++ char srcpath[PATH_MAX] = { 0 }; + if (!util_clean_path(value, srcpath, sizeof(srcpath))) { + CACHE_ERRMSG(errmsg, "Invalid mount specification '%s'.Can't translate source path to clean path", + mount_str); +diff --git a/src/utils/cutils/utils_string.c b/src/utils/cutils/utils_string.c +index de1cc60e..ba7dd5b4 100644 +--- a/src/utils/cutils/utils_string.c ++++ b/src/utils/cutils/utils_string.c +@@ -83,11 +83,10 @@ bool util_strings_contains_word(const char *str, const char *substr) + return false; + } + +-int util_strings_count(const char *str, unsigned char c) ++size_t util_strings_count(const char *str, unsigned char c) + { +- size_t i = 0; +- int res = 0; +- size_t len = 0; ++ size_t i, len; ++ size_t res = 0; + + if (str == NULL) { + return 0; +diff --git a/src/utils/cutils/utils_string.h b/src/utils/cutils/utils_string.h +index 4e97c574..0de2266c 100644 +--- a/src/utils/cutils/utils_string.h ++++ b/src/utils/cutils/utils_string.h +@@ -28,7 +28,7 @@ bool util_strings_contains_any(const char *str, const char *substr); + + bool util_strings_contains_word(const char *str, const char *substr); + +-int util_strings_count(const char *str, unsigned char c); ++size_t util_strings_count(const char *str, unsigned char c); + + bool util_strings_in_slice(const char **strarray, size_t alen, const char *str); + +diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c +index 85551d51..3a440ca9 100644 +--- a/src/utils/cutils/utils_timestamp.c ++++ b/src/utils/cutils/utils_timestamp.c +@@ -495,7 +495,7 @@ bool util_get_tm_from_str(const char *str, struct tm *tm, int32_t *nanos) + if (util_strings_contains_any(str, ".")) { + format = rFC339NanoLocal; + } else if (util_strings_contains_any(str, "T")) { +- int tcolons = util_strings_count(str, ':'); ++ size_t tcolons = util_strings_count(str, ':'); + switch (tcolons) { + case 0: + format = "2016-01-02T15"; +@@ -952,7 +952,7 @@ err_out: + int util_to_unix_nanos_from_str(const char *str, int64_t *nanos) + { + struct tm tm = { 0 }; +- struct types_timezone tz; ++ struct types_timezone tz = { 0 }; + int32_t nano = 0; + types_timestamp_t ts; + const int s_hour = 3600; +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 2b514666..6759a28d 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -266,7 +266,6 @@ static void free_rpath(char *rpath) + + static void check_buf_len(struct http_get_options *options, char *errbuf, CURLcode curl_result) + { +- int nret = 0; + size_t len = 0; + + if (options == NULL || options->errmsg != NULL) { +@@ -275,6 +274,7 @@ static void check_buf_len(struct http_get_options *options, char *errbuf, CURLco + + len = strlen(errbuf); + if (len == 0) { ++ int nret = 0; + nret = snprintf(errbuf, CURL_ERROR_SIZE, "curl response error code %d", curl_result); + if (nret < 0 || (size_t)nret >= CURL_ERROR_SIZE) { + ERROR("Failed to print string for error buffer, errcode %d", curl_result); +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 228e091a..d7d69eb2 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -307,10 +307,8 @@ struct archive_copy_info *copy_info_destination_path(const char *path, char **er + nret = copy_info_destination_path_ret(info, st, err, ret, path); + if (nret == 0) { + return info; +- } else { +- goto cleanup; + } +-cleanup: ++ + free(info); + return NULL; + } +diff --git a/src/utils/tar/isulad_tar.h b/src/utils/tar/isulad_tar.h +index 31d2d24a..ec085c25 100644 +--- a/src/utils/tar/isulad_tar.h ++++ b/src/utils/tar/isulad_tar.h +@@ -31,8 +31,6 @@ struct io_read_wrapper; + extern "C" { + #endif + +-#define ARCHIVE_BLOCK_SIZE (32 * 1024) +- + struct archive_copy_info { + char *path; + bool exists; +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index c72e63b8..c63fd00b 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -776,9 +776,8 @@ int archive_unpack(const struct io_read_wrapper *content, const char *dstdir, co + child_out: + if (ret != 0) { + exit(EXIT_FAILURE); +- } else { +- exit(EXIT_SUCCESS); + } ++ exit(EXIT_SUCCESS); + } + close(pipe_stderr[1]); + pipe_stderr[1] = -1; +@@ -1037,6 +1036,12 @@ static ssize_t stream_write_data(struct archive *a, void *client_data, const voi + struct io_write_wrapper *writer = (struct io_write_wrapper *)client_data; + size_t written_length = 0; + size_t size = 0; ++ ++ if (length > SSIZE_MAX) { ++ ERROR("Too large data to write."); ++ return -1; ++ } ++ + while (length > written_length) { + if (length - written_length > ARCHIVE_WRITE_BUFFER_SIZE) { + size = ARCHIVE_WRITE_BUFFER_SIZE; +@@ -1050,7 +1055,7 @@ static ssize_t stream_write_data(struct archive *a, void *client_data, const voi + written_length += size; + } + +- return size; ++ return (ssize_t)written_length; + } + + static int tar_all(const struct io_write_wrapper *writer, const char *tar_dir, const char *src_base, +@@ -1264,7 +1269,7 @@ static int close_wait_pid(struct archive_context *ctx, int *status) + + if (ctx->pid > 0) { + if (waitpid(ctx->pid, status, 0) != ctx->pid) { +- ERROR("Failed to wait pid %u", ctx->pid); ++ ERROR("Failed to wait pid %d", ctx->pid); + ret = -1; + } + } +@@ -1409,9 +1414,8 @@ int archive_chroot_untar_stream(const struct io_read_wrapper *context, const cha + child_out: + if (ret != 0) { + exit(EXIT_FAILURE); +- } else { +- exit(EXIT_SUCCESS); + } ++ exit(EXIT_SUCCESS); + } + + close(pipe_stderr[1]); +diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c +index 2f4750be..2665e6df 100644 +--- a/src/utils/tar/util_gzip.c ++++ b/src/utils/tar/util_gzip.c +@@ -32,7 +32,6 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + int srcfd = 0; + gzFile stream = NULL; + ssize_t size = 0; +- size_t n = 0; + void *buffer = 0; + const char *gzerr = NULL; + int errnum = 0; +@@ -58,6 +57,7 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + } + + while (true) { ++ int n; + size = util_read_nointr(srcfd, buffer, BLKSIZE); + if (size < 0) { + ERROR("read file %s failed: %s", srcfile, strerror(errno)); +@@ -68,7 +68,7 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + } + + n = gzwrite(stream, buffer, size); +- if (n <= 0 || n != (size_t)size) { ++ if (n <= 0 || n != size) { + gzerr = gzerror(stream, &errnum); + if (gzerr != NULL && strcmp(gzerr, "") != 0) { + ERROR("gzread error: %s", gzerr); +@@ -104,7 +104,6 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + int ret = 0; + size_t size = 0; + void *buffer = NULL; +- size_t n = 0; + + stream = gzopen(srcfile, "r"); + if (stream == NULL) { +@@ -120,6 +119,7 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + } + + while (true) { ++ size_t n; + n = gzread(stream, buffer, BLKSIZE); + if (n <= 0) { + gzerr = gzerror(stream, &errnum); +-- +2.25.1 + diff --git a/0108-2116-clean-up-sensitive-information-in-memory.patch b/0108-2116-clean-up-sensitive-information-in-memory.patch new file mode 100644 index 0000000..9682191 --- /dev/null +++ b/0108-2116-clean-up-sensitive-information-in-memory.patch @@ -0,0 +1,280 @@ +From 939caf2a4fb27a1652ca60873551c94377203188 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 23 Aug 2023 01:44:18 +0000 +Subject: [PATCH 02/10] !2116 clean up sensitive information in memory * clean + up sensitive information in memory + +--- + src/client/connect/rest/rest_images_client.c | 2 ++ + .../entry/connect/grpc/grpc_images_service.cc | 2 ++ + .../entry/connect/rest/rest_images_service.c | 3 +++ + src/daemon/modules/image/oci/registry/auths.c | 2 ++ + .../modules/image/oci/registry/http_request.c | 18 +++++++------ + .../image/oci/registry/registry_apiv2.c | 2 +- + src/daemon/modules/image/oci/registry_type.c | 2 +- + src/utils/cutils/utils_array.c | 27 +++++++++++++++++++ + src/utils/cutils/utils_array.h | 4 +++ + src/utils/http/http.c | 2 +- + 10 files changed, 53 insertions(+), 11 deletions(-) + +diff --git a/src/client/connect/rest/rest_images_client.c b/src/client/connect/rest/rest_images_client.c +index 726d5ba5..ea7934af 100644 +--- a/src/client/connect/rest/rest_images_client.c ++++ b/src/client/connect/rest/rest_images_client.c +@@ -618,6 +618,7 @@ static int image_login_request_to_rest(const struct isula_login_request *request + + out: + free(err); ++ util_memset_sensitive_string(crequest->password); + free_image_login_request(crequest); + return ret; + } +@@ -654,6 +655,7 @@ out: + if (output != NULL) { + buffer_free(output); + } ++ util_memset_sensitive_string(body); + put_body(body); + return ret; + } +diff --git a/src/daemon/entry/connect/grpc/grpc_images_service.cc b/src/daemon/entry/connect/grpc/grpc_images_service.cc +index b1ca98b8..f078711e 100644 +--- a/src/daemon/entry/connect/grpc/grpc_images_service.cc ++++ b/src/daemon/entry/connect/grpc/grpc_images_service.cc +@@ -517,6 +517,8 @@ Status ImagesServiceImpl::Login(ServerContext *context, const LoginRequest *requ + (void)cb->image.login(image_req, &image_res); + response_to_grpc(image_res, reply); + ++ util_memset_sensitive_string(image_req->password); ++ + free_image_login_request(image_req); + free_image_login_response(image_res); + +diff --git a/src/daemon/entry/connect/rest/rest_images_service.c b/src/daemon/entry/connect/rest/rest_images_service.c +index bd367f29..d7d77826 100644 +--- a/src/daemon/entry/connect/rest/rest_images_service.c ++++ b/src/daemon/entry/connect/rest/rest_images_service.c +@@ -19,6 +19,7 @@ + #include "isula_libutils/log.h" + #include "callback.h" + #include "image.rest.h" ++#include "utils.h" + #include "rest_service_common.h" + + /* image load request check */ +@@ -569,6 +570,7 @@ static int image_login_request_from_rest(evhtp_request_t *req, image_login_reque + } + + out: ++ util_memset_sensitive_string(body); + put_body(body); + free(err); + return ret; +@@ -629,6 +631,7 @@ static void rest_image_login_cb(evhtp_request_t *req, void *arg) + evhtp_send_image_login_repsponse(req, cresponse, RESTFUL_RES_OK); + + out: ++ util_memset_sensitive_string(crequest->password); + free_image_login_request(crequest); + free_image_login_response(cresponse); + } +diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c +index ce67d51b..1fbe2bd3 100644 +--- a/src/daemon/modules/image/oci/registry/auths.c ++++ b/src/daemon/modules/image/oci/registry/auths.c +@@ -213,6 +213,7 @@ int auths_load(char *host, char **username, char **password) + } + + out: ++ // it is not nessasary to clean auths, because it has been encrypted and load from file. + free_registry_auths(auths); + auths = NULL; + free(err); +@@ -397,6 +398,7 @@ int auths_save(char *host, char *username, char *password) + } + + out: ++ // it is not nessasary to clean auth, auths and json, because it has been encrypted and write to file. + free(json); + json = NULL; + free_registry_auths(auths); +diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c +index f29c2017..10b8bf3c 100644 +--- a/src/daemon/modules/image/oci/registry/http_request.c ++++ b/src/daemon/modules/image/oci/registry/http_request.c +@@ -164,11 +164,11 @@ static char *encode_auth(const char *username, const char *password) + } + + out: +- free(auth); ++ util_free_sensitive_string(auth); + auth = NULL; + + if (ret != 0) { +- free(auth_base64); ++ util_free_sensitive_string(auth_base64); + auth_base64 = NULL; + } + +@@ -236,10 +236,10 @@ static char *basic_auth_header(const char *schema, const char *username, const c + } + + out: +- free(auth_base64); ++ util_free_sensitive_string(auth_base64); + auth_base64 = NULL; + if (ret != 0) { +- free(auth_header); ++ util_free_sensitive_string(auth_header); + auth_header = NULL; + } + +@@ -273,7 +273,7 @@ static int setup_auth_basic(pull_descriptor *desc, char ***custom_headers) + } + + out: +- free(auth_header); ++ util_free_sensitive_string(auth_header); + auth_header = NULL; + + return ret; +@@ -297,7 +297,7 @@ static int get_bearer_token(pull_descriptor *desc, challenge *c) + return 0; + } + +- free(c->cached_token); ++ util_free_sensitive_string(c->cached_token); + c->cached_token = NULL; + c->expires_time = 0; + +@@ -317,8 +317,10 @@ static int get_bearer_token(pull_descriptor *desc, challenge *c) + + if (token->token != NULL) { + c->cached_token = util_strdup_s(token->token); ++ util_memset_sensitive_string(token->token); + } else if (token->access_token != NULL) { + c->cached_token = util_strdup_s(token->access_token); ++ util_memset_sensitive_string(token->access_token); + } else { + ret = -1; + ERROR("no valid token found"); +@@ -399,7 +401,7 @@ static int setup_auth_challenges(pull_descriptor *desc, char ***custom_headers) + goto out; + } + count++; +- free(auth_header); ++ util_free_sensitive_string(auth_header); + auth_header = NULL; + } + +@@ -408,7 +410,7 @@ static int setup_auth_challenges(pull_descriptor *desc, char ***custom_headers) + } + + out: +- free(auth_header); ++ util_free_sensitive_string(auth_header); + auth_header = NULL; + + return ret; +diff --git a/src/daemon/modules/image/oci/registry/registry_apiv2.c b/src/daemon/modules/image/oci/registry/registry_apiv2.c +index d5bfa723..885302cb 100644 +--- a/src/daemon/modules/image/oci/registry/registry_apiv2.c ++++ b/src/daemon/modules/image/oci/registry/registry_apiv2.c +@@ -193,7 +193,7 @@ static int parse_auth(pull_descriptor *desc, char *auth) + } + + out: +- free(origin_tmp_auth); ++ util_free_sensitive_string(origin_tmp_auth); + origin_tmp_auth = NULL; + + return ret; +diff --git a/src/daemon/modules/image/oci/registry_type.c b/src/daemon/modules/image/oci/registry_type.c +index 51fc1697..4556617f 100644 +--- a/src/daemon/modules/image/oci/registry_type.c ++++ b/src/daemon/modules/image/oci/registry_type.c +@@ -32,7 +32,7 @@ void free_challenge(challenge *c) + c->realm = NULL; + free(c->service); + c->service = NULL; +- free(c->cached_token); ++ util_free_sensitive_string(c->cached_token); + c->cached_token = NULL; + c->expires_time = 0; + +diff --git a/src/utils/cutils/utils_array.c b/src/utils/cutils/utils_array.c +index 4e2ed6fd..2d7dc556 100644 +--- a/src/utils/cutils/utils_array.c ++++ b/src/utils/cutils/utils_array.c +@@ -38,6 +38,22 @@ void util_free_array_by_len(char **array, size_t len) + free(array); + } + ++void util_free_sensitive_array_by_len(char **array, size_t len) ++{ ++ size_t i = 0; ++ ++ if (array == NULL) { ++ return; ++ } ++ ++ for (; i < len; i++) { ++ util_free_sensitive_string(array[i]); ++ array[i] = NULL; ++ } ++ ++ free(array); ++} ++ + size_t util_array_len(const char **array) + { + const char **pos; +@@ -60,6 +76,17 @@ void util_free_array(char **array) + free(array); + } + ++void util_free_sensitive_array(char **array) ++{ ++ char **p; ++ ++ for (p = array; p != NULL && *p != NULL; p++) { ++ util_free_sensitive_string(*p); ++ *p = NULL; ++ } ++ free(array); ++} ++ + int util_array_append(char ***array, const char *element) + { + size_t len; +diff --git a/src/utils/cutils/utils_array.h b/src/utils/cutils/utils_array.h +index de465d2a..c1403f85 100644 +--- a/src/utils/cutils/utils_array.h ++++ b/src/utils/cutils/utils_array.h +@@ -36,6 +36,10 @@ int util_grow_array(char ***orig_array, size_t *orig_capacity, size_t size, + + int util_array_append(char ***array, const char *element); + ++void util_free_sensitive_array(char **array); ++ ++void util_free_sensitive_array_by_len(char **array, size_t len); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 6759a28d..2b77c422 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -65,7 +65,7 @@ void free_http_get_options(struct http_get_options *options) + free(options->unix_socket_path); + options->unix_socket_path = NULL; + +- util_free_array(options->custom_headers); ++ util_free_sensitive_array(options->custom_headers); + options->custom_headers = NULL; + + free(options->ca_file); +-- +2.25.1 + diff --git a/0109-2118-Fix-exec-buffer-overflow.patch b/0109-2118-Fix-exec-buffer-overflow.patch new file mode 100644 index 0000000..db93caf --- /dev/null +++ b/0109-2118-Fix-exec-buffer-overflow.patch @@ -0,0 +1,26 @@ +From d4b763c6359d67e1efe9b5e1fde41c0b82eb3d58 Mon Sep 17 00:00:00 2001 +From: xuxuepeng +Date: Wed, 23 Aug 2023 01:51:35 +0000 +Subject: [PATCH 03/10] !2118 Fix exec buffer overflow * Fix buffer overflow + for exec + +--- + src/daemon/modules/service/service_container.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 9960ace1..0f4a1ed6 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -2016,7 +2016,7 @@ static void get_exec_command(const container_exec_request *request, char *exec_c + for (i = 0; i < request->argv_len; i++) { + if (strlen(request->argv[i]) < len - strlen(exec_command)) { + (void)strcat(exec_command, request->argv[i]); +- if (i != (request->argv_len - 1)) { ++ if (i != (request->argv_len - 1) && len - strlen(exec_command) > 1) { + (void)strcat(exec_command, " "); + } + } else { +-- +2.25.1 + diff --git a/0110-2117-limit-the-length-of-runtime-args-and-increase-t.patch b/0110-2117-limit-the-length-of-runtime-args-and-increase-t.patch new file mode 100644 index 0000000..462242b --- /dev/null +++ b/0110-2117-limit-the-length-of-runtime-args-and-increase-t.patch @@ -0,0 +1,172 @@ +From b3dcf63e7eab586cad660e74bcbaf0385c690ac3 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 23 Aug 2023 02:24:45 +0000 +Subject: [PATCH 04/10] !2117 limit the length of runtime args and increase the + length of exec param * limit the length of runtime args and increase the + length of exec param + +--- + src/cmd/isulad-shim/common.h | 2 +- + .../modules/runtime/isula/isula_rt_ops.c | 57 +++++++++++++++---- + src/utils/cutils/utils.h | 2 + + 3 files changed, 49 insertions(+), 12 deletions(-) + +diff --git a/src/cmd/isulad-shim/common.h b/src/cmd/isulad-shim/common.h +index a5991cc3..f6bc24b5 100644 +--- a/src/cmd/isulad-shim/common.h ++++ b/src/cmd/isulad-shim/common.h +@@ -50,7 +50,7 @@ extern "C" { + #define MAX_RT_NAME_LEN 64 + #define MAX_CONSOLE_SOCK_LEN 32 + +-#define MAX_RUNTIME_ARGS 20 ++#define MAX_RUNTIME_ARGS 100 + + #define SHIM_BINARY "isulad-shim" + #define SHIM_LOG_NAME "shim-log.json" +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 817d663f..7374c3c6 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -314,7 +314,7 @@ out: + } + } + +-static int get_runtime_args(const char *runtime, const char ***args) ++static int get_runtime_args(const char *runtime, const char ***args, size_t *args_len) + { + int ret = 0; + struct service_arguments *gargs = NULL; +@@ -344,11 +344,18 @@ static int get_runtime_args(const char *runtime, const char ***args) + } + + for (i = 0; i < runtimes->len; i++) { +- if (strcmp(runtime, runtimes->keys[i]) == 0) { ++ if (strcmp(runtime, runtimes->keys[i]) != 0) { ++ continue; ++ } ++ if (runtimes->values[i]->runtime_args_len > MAX_OCI_RUNTIME_ARGS) { ++ isulad_set_error_message("Too many runtimeArgs, runtimeArgs must be less than %d", MAX_OCI_RUNTIME_ARGS); ++ ERROR("Too many runtimeArgs, runtimeArgs must be less than %d", MAX_OCI_RUNTIME_ARGS); ++ ret = -1; ++ } else { + *args = (const char **)runtimes->values[i]->runtime_args; +- ret = runtimes->values[i]->runtime_args_len; +- goto unlock_out; ++ *args_len = runtimes->values[i]->runtime_args_len; + } ++ goto unlock_out; + } + unlock_out: + if (isulad_server_conf_unlock()) { +@@ -438,12 +445,16 @@ static void runtime_exec_param_init(runtime_exec_info *rei) + } + } + +-static void runtime_exec_info_init(runtime_exec_info *rei, const char *workdir, const char *runtime, const char *subcmd, ++static int runtime_exec_info_init(runtime_exec_info *rei, const char *workdir, const char *runtime, const char *subcmd, + const char **opts, size_t opts_len, const char *id, char **params, size_t params_num) + { ++ int ret = 0; + rei->workdir = workdir; + rei->runtime = runtime; +- rei->args_len = get_runtime_args(runtime, &rei->args); ++ ret = get_runtime_args(runtime, &rei->args, &rei->args_len); ++ if (ret != 0) { ++ return -1; ++ } + get_runtime_cmd(runtime, &rei->cmd); + rei->subcmd = subcmd; + rei->opts = opts; +@@ -454,6 +465,7 @@ static void runtime_exec_info_init(runtime_exec_info *rei, const char *workdir, + + runtime_exec_param_init(rei); + runtime_exec_param_dump((const char **)rei->params); ++ return 0; + } + + static void runtime_exec_func(void *arg) +@@ -507,7 +519,12 @@ static int runtime_call_status(const char *workdir, const char *runtime, const c + int ret = 0; + char *params[PARAM_NUM] = { 0 }; + +- runtime_exec_info_init(&rei, workdir, runtime, "state", NULL, 0, id, params, PARAM_NUM); ++ ret = runtime_exec_info_init(&rei, workdir, runtime, "state", NULL, 0, id, params, PARAM_NUM); ++ if (ret != 0) { ++ ERROR("Failed to init runtime exec info"); ++ ret = -1; ++ goto out; ++ } + + if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) { + ERROR("call runtime status failed: %s", stderr_msg); +@@ -557,7 +574,12 @@ static int runtime_call_stats(const char *workdir, const char *runtime, const ch + char *params[PARAM_NUM] = { 0 }; + const char *opts[1] = { "--stats" }; + +- runtime_exec_info_init(&rei, workdir, runtime, "events", opts, 1, id, params, PARAM_NUM); ++ ret = runtime_exec_info_init(&rei, workdir, runtime, "events", opts, 1, id, params, PARAM_NUM); ++ if (ret != 0) { ++ ERROR("Failed to init runtime exec info"); ++ ret = -1; ++ goto out; ++ } + + if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) { + ERROR("call runtime events --stats failed: %s", stderr_msg); +@@ -610,7 +632,12 @@ static int runtime_call_simple(const char *workdir, const char *runtime, const c + int ret = 0; + char *params[PARAM_NUM] = { 0 }; + +- runtime_exec_info_init(&rei, workdir, runtime, subcmd, opts, opts_len, id, params, PARAM_NUM); ++ ret = runtime_exec_info_init(&rei, workdir, runtime, subcmd, opts, opts_len, id, params, PARAM_NUM); ++ if (ret != 0) { ++ ERROR("Failed to init runtime exec info"); ++ return -1; ++ } ++ + if (!util_exec_cmd(runtime_exec_func, &rei, NULL, &stdout_msg, &stderr_msg)) { + ERROR("call runtime %s failed stderr %s", subcmd, stderr_msg); + ret = -1; +@@ -940,7 +967,11 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + return -1; + } + config = params->oci_config_data; +- runtime_args_len = get_runtime_args(runtime, &runtime_args); ++ ret = get_runtime_args(runtime, &runtime_args, &runtime_args_len); ++ if (ret != 0) { ++ ERROR("Failed to get runtime args"); ++ return -1; ++ } + + if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) { + INFO("make full workdir failed"); +@@ -1186,7 +1217,11 @@ static int preparation_exec(const char *id, const char *runtime, const char *wor + } + + process = params->spec; +- runtime_args_len = get_runtime_args(runtime, &runtime_args); ++ ret = get_runtime_args(runtime, &runtime_args, &runtime_args_len); ++ if (ret < 0) { ++ ERROR("Failed to get runtime args"); ++ return -1; ++ } + + p.exec = true; + p.isulad_stdin = (char *)params->console_fifos[0]; +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index d14d048e..8489ca63 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -76,6 +76,8 @@ int malloc_trim(size_t pad); + + #define PARAM_NUM 100 + ++#define MAX_OCI_RUNTIME_ARGS 50 ++ + /* image error start */ + #define EIMAGEBUSY 2 + #define ENAMECONFLICT 3 +-- +2.25.1 + diff --git a/0111-ensure-argument-of-interface-is-not-null.patch b/0111-ensure-argument-of-interface-is-not-null.patch new file mode 100644 index 0000000..af0422b --- /dev/null +++ b/0111-ensure-argument-of-interface-is-not-null.patch @@ -0,0 +1,966 @@ +From c60b974f2b3279b132d7562071a9b9c6549366d1 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 22 Aug 2023 14:25:17 +0800 +Subject: [PATCH 05/10] ensure argument of interface is not null + +Signed-off-by: haozi007 +--- + src/common/constants.h | 2 +- + src/daemon/modules/container/container_unix.c | 15 +++-------- + .../container/health_check/health_check.c | 3 ++- + .../leftover_cleanup/clean_context.c | 2 +- + .../restart_manager/restartmanager.c | 2 +- + .../modules/container/supervisor/supervisor.c | 3 ++- + src/daemon/modules/events/collector.c | 4 +-- + src/daemon/modules/image/oci/registry/auths.c | 3 +++ + src/daemon/modules/log/log_gather.c | 5 ++++ + src/daemon/modules/plugin/plugin.c | 18 +++++++++++-- + src/daemon/modules/runtime/runtime.c | 18 ++++++------- + src/daemon/modules/runtime/shim/shim_rt_ops.c | 10 +++++-- + src/utils/buffer/buffer.c | 6 ++++- + src/utils/console/console.c | 5 ++++ + src/utils/cutils/filters.c | 1 + + src/utils/cutils/mainloop.c | 26 ++++++++++++++++++- + src/utils/cutils/path.c | 4 +++ + src/utils/cutils/utils.c | 14 ++++++++++ + src/utils/cutils/utils_file.c | 26 +++++++++++++++---- + src/utils/cutils/utils_fs.c | 16 ++++++++++++ + src/utils/cutils/utils_network.c | 8 +++++- + src/utils/cutils/utils_string.c | 8 ++++++ + src/utils/cutils/utils_timestamp.c | 6 ++++- + src/utils/http/http.c | 5 ++++ + src/utils/http/parser.c | 4 +-- + src/utils/tar/isulad_tar.c | 16 ++++++++++-- + src/utils/tar/util_archive.c | 4 +-- + src/utils/tar/util_gzip.c | 8 ++++++ + test/cutils/utils_file/utils_file_ut.cc | 3 +++ + 29 files changed, 196 insertions(+), 49 deletions(-) + +diff --git a/src/common/constants.h b/src/common/constants.h +index 37854291..e968d8cd 100644 +--- a/src/common/constants.h ++++ b/src/common/constants.h +@@ -42,7 +42,7 @@ extern "C" { + + #define SECURE_CONFIG_FILE_MODE 0600 + +-#define ARCH_LOG_FILE_MODE 0440 ++#define ARCH_LOG_FILE_MODE 0400 + + #define WORKING_LOG_FILE_MODE 0640 + +diff --git a/src/daemon/modules/container/container_unix.c b/src/daemon/modules/container/container_unix.c +index 9392cf0d..d9706f08 100644 +--- a/src/daemon/modules/container/container_unix.c ++++ b/src/daemon/modules/container/container_unix.c +@@ -410,16 +410,11 @@ static int pack_path_and_args_from_container_spec(const container_config *contai + v2_spec->path = util_strdup_s(container_spec->cmd[0]); + total = container_spec->cmd_len - 1; + +- if (total > SIZE_MAX / sizeof(char *)) { +- ERROR("Container oci spec process args elements is too much!"); +- ret = -1; +- goto out; +- } + if (total == 0) { + goto out; + } + +- v2_spec->args = util_common_calloc_s(total * sizeof(char *)); ++ v2_spec->args = util_smart_calloc_s(sizeof(char *), total); + if (v2_spec->args == NULL) { + ERROR("Out of memory"); + ret = -1; +@@ -1137,19 +1132,15 @@ int container_exit_on_next(container_t *cont) + /* this function should be called in container_lock*/ + int container_wait_stop(container_t *cont, int timeout) + { +- int ret = 0; +- + if (cont == NULL) { + return -1; + } + + if (!container_is_running(cont->state)) { +- goto unlock; ++ return 0; + } + +- ret = container_wait_stop_cond_wait(cont, timeout); +-unlock: +- return ret; ++ return container_wait_stop_cond_wait(cont, timeout); + } + + /* container wait stop locking */ +diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c +index e9dcbdb9..2b840228 100644 +--- a/src/daemon/modules/container/health_check/health_check.c ++++ b/src/daemon/modules/container/health_check/health_check.c +@@ -376,6 +376,7 @@ static void *stop_container_on_unhealthy(void *arg) + ret = pthread_detach(pthread_self()); + if (ret != 0) { + CRIT("Set thread detach fail"); ++ return NULL; + } + + if (arg == NULL) { +@@ -603,7 +604,7 @@ static void health_check_run(const char *container_id) + cont = containers_store_get(container_id); + if (cont == NULL) { + ERROR("Failed to get container info"); +- goto out; ++ return; + } + + config = cont->common_config->config; +diff --git a/src/daemon/modules/container/leftover_cleanup/clean_context.c b/src/daemon/modules/container/leftover_cleanup/clean_context.c +index 6ccc39ed..517d3cbd 100644 +--- a/src/daemon/modules/container/leftover_cleanup/clean_context.c ++++ b/src/daemon/modules/container/leftover_cleanup/clean_context.c +@@ -62,7 +62,7 @@ void clean_ctx_fill_broken_rootfs(struct clean_ctx *ctx, const char *id) + struct linked_list *new_node = NULL; + char *broken_id = NULL; + +- if (!ctx->inited) { ++ if (ctx == NULL || !ctx->inited) { + return; + } + +diff --git a/src/daemon/modules/container/restart_manager/restartmanager.c b/src/daemon/modules/container/restart_manager/restartmanager.c +index 7bd0f4d5..e5fffcb6 100644 +--- a/src/daemon/modules/container/restart_manager/restartmanager.c ++++ b/src/daemon/modules/container/restart_manager/restartmanager.c +@@ -431,7 +431,7 @@ bool restart_manager_should_restart(const char *id, uint32_t exit_code, bool has + restart_manager_set_items(rm, exit_code, exec_duration); + + restart = should_be_restart(rm, exit_code, has_been_manually_stopped); +- if (restart) { ++ if (restart && timeout != NULL) { + *timeout = (uint64_t)rm->timeout; + } + +diff --git a/src/daemon/modules/container/supervisor/supervisor.c b/src/daemon/modules/container/supervisor/supervisor.c +index d5997b63..3ce4ec1e 100644 +--- a/src/daemon/modules/container/supervisor/supervisor.c ++++ b/src/daemon/modules/container/supervisor/supervisor.c +@@ -170,6 +170,7 @@ static void *clean_resources_thread(void *arg) + ret = pthread_detach(pthread_self()); + if (ret != 0) { + CRIT("Set thread detach fail"); ++ return NULL; + } + + prctl(PR_SET_NAME, "Clean resource"); +@@ -217,7 +218,7 @@ retry: + } + + /* new clean resources thread */ +-int new_clean_resources_thread(struct supervisor_handler_data *data) ++static int new_clean_resources_thread(struct supervisor_handler_data *data) + { + int ret = 0; + pthread_t clean_thread; +diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c +index b3c7622a..3c1eae1a 100644 +--- a/src/daemon/modules/events/collector.c ++++ b/src/daemon/modules/events/collector.c +@@ -514,8 +514,6 @@ out: + static void events_append(const struct isulad_events_format *event) + { + struct isulad_events_format *tmpevent = NULL; +- struct linked_list *newnode = NULL; +- struct linked_list *firstnode = NULL; + + if (pthread_mutex_lock(&g_events_buffer.event_mutex)) { + WARN("Failed to lock"); +@@ -523,6 +521,7 @@ static void events_append(const struct isulad_events_format *event) + } + + if (g_events_buffer.size < EVENTSLIMIT) { ++ struct linked_list *newnode = NULL; + newnode = util_common_calloc_s(sizeof(struct linked_list)); + if (newnode == NULL) { + CRIT("Memory allocation error."); +@@ -547,6 +546,7 @@ static void events_append(const struct isulad_events_format *event) + linked_list_add_tail(&g_events_buffer.event_list, newnode); + g_events_buffer.size++; + } else { ++ struct linked_list *firstnode = NULL; + firstnode = linked_list_first_node(&g_events_buffer.event_list); + if (firstnode != NULL) { + linked_list_del(firstnode); +diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c +index 1fbe2bd3..98202cf6 100644 +--- a/src/daemon/modules/image/oci/registry/auths.c ++++ b/src/daemon/modules/image/oci/registry/auths.c +@@ -103,6 +103,9 @@ static int decode_auth_aes(char *encoded, char **username, char **password) + goto out; + } + ++ free(*username); ++ util_free_sensitive_string(*password); ++ + *username = util_strdup_s(auth_parts[0]); + *password = util_strdup_s(auth_parts[1]); + (void)memset(auth_parts[0], 0, strlen(auth_parts[0])); +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index 414c9ad1..8c19f33b 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -89,6 +89,11 @@ static int file_rotate_me(const char *file_name) + return -1; + } + ++ if (chmod(tmp_path, ARCH_LOG_FILE_MODE) != 0) { ++ ERROR("Change mode of %s failed", tmp_path); ++ return -1; ++ } ++ + if (gzip(tmp_path, sizeof(tmp_path))) { + WARN("Gzip file failed"); + return -2; +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index 1c0af368..e08479ab 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -794,7 +794,7 @@ static int plugin_set_activated(plugin_t *plugin, bool activated, const char *er + + int plugin_set_manifest(plugin_t *plugin, const plugin_manifest_t *manifest) + { +- if (manifest == NULL) { ++ if (plugin == NULL || manifest == NULL) { + return -1; + } + +@@ -974,7 +974,7 @@ static bool plugin_useby_container(const plugin_t *plugin, const container_t *co + } + + free(plugin_names); +- free(pnames); ++ util_free_array(pnames); + return ok; + } + +@@ -1175,6 +1175,11 @@ out: + int pm_add_plugin(plugin_t *plugin) + { + int ok = 0; ++ ++ if (plugin == NULL) { ++ return -1; ++ } ++ + pm_wrlock(); + ok = map_insert(g_plugin_manager->np, (void *)plugin->name, plugin); + pm_unlock(); +@@ -1191,6 +1196,11 @@ int pm_add_plugin(plugin_t *plugin) + int pm_del_plugin(const plugin_t *plugin) + { + int ok; ++ ++ if (plugin == NULL) { ++ return -1; ++ } ++ + pm_wrlock(); + /* plugin_put() called in map_remove() by pm_np_item_free() */ + ok = map_remove(g_plugin_manager->np, (void *)plugin->name); +@@ -1204,6 +1214,10 @@ int pm_del_plugin(const plugin_t *plugin) + + int pm_get_plugin(const char *name, plugin_t **rplugin) + { ++ if (rplugin == NULL) { ++ return -1; ++ } ++ + if (do_get_plugin(name, rplugin) == 0) { + return 0; + } +diff --git a/src/daemon/modules/runtime/runtime.c b/src/daemon/modules/runtime/runtime.c +index 93ce987f..f2222315 100644 +--- a/src/daemon/modules/runtime/runtime.c ++++ b/src/daemon/modules/runtime/runtime.c +@@ -121,7 +121,7 @@ int runtime_create(const char *name, const char *runtime, const rt_create_params + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL) { + ERROR("Invalide arguments for runtime create"); + ret = -1; + goto out; +@@ -145,7 +145,7 @@ int runtime_start(const char *name, const char *runtime, const rt_start_params_t + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL || pid_info == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL || pid_info == NULL) { + ERROR("Invalide arguments for runtime start"); + ret = -1; + goto out; +@@ -169,7 +169,7 @@ int runtime_kill(const char *name, const char *runtime, const rt_kill_params_t * + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL) { + ERROR("Invalid arguments for runtime kill"); + ret = -1; + goto out; +@@ -193,7 +193,7 @@ int runtime_restart(const char *name, const char *runtime, const rt_restart_para + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL) { + ERROR("Invalide arguments for runtime restart"); + ret = -1; + goto out; +@@ -217,7 +217,7 @@ int runtime_clean_resource(const char *name, const char *runtime, const rt_clean + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL) { + ERROR("Invalide arguments for runtime clean"); + ret = -1; + goto out; +@@ -241,7 +241,7 @@ int runtime_rm(const char *name, const char *runtime, const rt_rm_params_t *para + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL) { + ERROR("Invalide arguments for runtime rm"); + ret = -1; + goto out; +@@ -266,7 +266,7 @@ int runtime_status(const char *name, const char *runtime, const rt_status_params + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL || status == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL || status == NULL) { + ERROR("Invalide arguments for runtime status"); + ret = -1; + goto out; +@@ -291,7 +291,7 @@ int runtime_resources_stats(const char *name, const char *runtime, const rt_stat + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL || rs_stats == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL || rs_stats == NULL) { + ERROR("Invalide arguments for runtime stats"); + ret = -1; + goto out; +@@ -315,7 +315,7 @@ int runtime_exec(const char *name, const char *runtime, const rt_exec_params_t * + int ret = 0; + const struct rt_ops *ops = NULL; + +- if (name == NULL || runtime == NULL || exit_code == NULL) { ++ if (name == NULL || runtime == NULL || params == NULL || exit_code == NULL) { + ERROR("Invalide arguments for runtime exec"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 9afb9ce7..8cdf0138 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -188,12 +188,14 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + } + + close(exec_fd[1]); ++ exec_fd[1] = -1; + if (util_read_nointr(exec_fd[0], exec_buff, sizeof(exec_buff) - 1) > 0) { + ERROR("exec failed: %s", exec_buff); + ret = -1; + goto out; + } + close(exec_fd[0]); ++ exec_fd[0] = -1; + + status = util_wait_for_pid_status(pid); + if (status < 0) { +@@ -207,9 +209,13 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + close(out_fd[1]); + util_read_nointr(out_fd[0], stdout_buff, sizeof(stdout_buff) - 1); + close(out_fd[0]); ++ out_fd[0] = -1; ++ out_fd[1] = -1; + close(err_fd[1]); + util_read_nointr(err_fd[0], stderr_buff, sizeof(stderr_buff) - 1); + close(err_fd[0]); ++ err_fd[0] = -1; ++ err_fd[1] = -1; + + if (status != 0) { + ERROR("shim-v2 binary %d exit in %d with %s, %s", pid, status, stdout_buff, stderr_buff); +@@ -342,7 +348,7 @@ int rt_shim_clean_resource(const char *id, const char *runtime, const rt_clean_p + int ret = 0; + int nret = 0; + char workdir[PATH_MAX] = {0}; +- struct DeleteResponse res = {}; ++ struct DeleteResponse res = {0}; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("Invalid input params"); +@@ -518,7 +524,7 @@ int rt_shim_status(const char *id, const char *runtime, const rt_status_params_t + char address[PATH_MAX] = {0}; + int ret = 0; + int nret = 0; +- struct State ss = {}; ++ struct State ss = {0}; + + if (id == NULL || params == NULL || status == NULL) { + ERROR("Invalid input params"); +diff --git a/src/utils/buffer/buffer.c b/src/utils/buffer/buffer.c +index 7f6bc527..172809a2 100644 +--- a/src/utils/buffer/buffer.c ++++ b/src/utils/buffer/buffer.c +@@ -78,7 +78,7 @@ void buffer_empty(Buffer *buf) + } + + /* buffer grow */ +-int buffer_grow(Buffer *buffer, size_t min_size) ++static int buffer_grow(Buffer *buffer, size_t min_size) + { + size_t factor = 0; + size_t new_size = 0; +@@ -128,6 +128,10 @@ int buffer_append(Buffer *buf, const char *append, size_t len) + return -1; + } + ++ if (append == NULL || len == 0) { ++ return 0; ++ } ++ + desired_length = len + 1; + if ((buf->total_size - buf->bytes_used) < desired_length) { + int status = buffer_grow(buf, desired_length); +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index d5e5d9af..a160d685 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -208,6 +208,11 @@ int console_fifo_create(const char *fifo_path) + { + int ret; + ++ if (fifo_path == NULL || strlen(fifo_path) > PATH_MAX) { ++ ERROR("Invalid input!"); ++ return -1; ++ } ++ + ret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0); + if (ret < 0 && errno != EEXIST) { + ERROR("Failed to mknod monitor fifo %s: %s.", fifo_path, strerror(errno)); +diff --git a/src/utils/cutils/filters.c b/src/utils/cutils/filters.c +index 43ccde20..bb0d81be 100644 +--- a/src/utils/cutils/filters.c ++++ b/src/utils/cutils/filters.c +@@ -287,6 +287,7 @@ bool filters_args_match(const struct filters_args *filters, const char *field, c + map_t *field_values_map = NULL; + map_itor *itor = NULL; + ++ // if filters == NULL, filters_args_exact_match will return true + if (filters_args_exact_match(filters, field, source)) { + return true; + } +diff --git a/src/utils/cutils/mainloop.c b/src/utils/cutils/mainloop.c +index 1028087a..365d1e53 100644 +--- a/src/utils/cutils/mainloop.c ++++ b/src/utils/cutils/mainloop.c +@@ -37,6 +37,10 @@ int epoll_loop(struct epoll_descr *descr, int t) + struct epoll_loop_handler *epoll_handler = NULL; + struct epoll_event evs[MAX_EVENTS]; + ++ if (descr == NULL) { ++ return -1; ++ } ++ + while (1) { + int ep_fds = epoll_wait(descr->fd, evs, MAX_EVENTS, t); + if (ep_fds < 0) { +@@ -77,6 +81,10 @@ int epoll_loop_add_handler(struct epoll_descr *descr, int fd, epoll_loop_callbac + struct epoll_loop_handler *epoll_handler = NULL; + struct linked_list *node = NULL; + ++ if (descr == NULL) { ++ return -1; ++ } ++ + epoll_handler = util_common_calloc_s(sizeof(*epoll_handler)); + if (epoll_handler == NULL) { + goto fail_out; +@@ -114,6 +122,10 @@ int epoll_loop_del_handler(struct epoll_descr *descr, int fd) + struct epoll_loop_handler *epoll_handler = NULL; + struct linked_list *index = NULL; + ++ if (descr == NULL) { ++ return -1; ++ } ++ + linked_list_for_each(index, &descr->handler_list) { + epoll_handler = index->elem; + +@@ -136,6 +148,10 @@ fail_out: + /* epoll loop open */ + int epoll_loop_open(struct epoll_descr *descr) + { ++ if (descr == NULL) { ++ return -1; ++ } ++ + descr->fd = epoll_create1(EPOLL_CLOEXEC); + if (descr->fd < 0) { + return -1; +@@ -152,6 +168,11 @@ int epoll_loop_close(struct epoll_descr *descr) + { + struct linked_list *index = NULL; + struct linked_list *next = NULL; ++ int ret = 0; ++ ++ if (descr == NULL) { ++ return ret; ++ } + + linked_list_for_each_safe(index, &(descr->handler_list), next) { + linked_list_del(index); +@@ -159,5 +180,8 @@ int epoll_loop_close(struct epoll_descr *descr) + free(index); + } + +- return close(descr->fd); ++ ret = close(descr->fd); ++ descr->fd = -1; ++ ++ return ret; + } +diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c +index 5a743632..d586e981 100644 +--- a/src/utils/cutils/path.c ++++ b/src/utils/cutils/path.c +@@ -567,6 +567,10 @@ char *util_get_resource_path(const char *rootpath, const char *path) + char tmppath[PATH_MAX] = { 0 }; + char fullpath[PATH_MAX] = { 0 }; + ++ if (rootpath == NULL) { ++ return NULL; ++ } ++ + nret = snprintf(tmppath, sizeof(tmppath), "/%s/%s", rootpath, path); + if (nret < 0 || (size_t)nret >= sizeof(tmppath)) { + return NULL; +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index a29de20e..d628e1f6 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -1182,6 +1182,10 @@ int util_input_readall(char *buf, size_t maxlen) + size_t i = 0; + int ret = 0; + ++ if (buf == NULL) { ++ return 0; ++ } ++ + for (;;) { + int c = getchar(); + if (c == EOF) { +@@ -1234,12 +1238,18 @@ static int util_input(char *buf, size_t maxlen, bool echo_back) + // Get input from stdin, echo back if get any character. + int util_input_echo(char *buf, size_t maxlen) + { ++ if (buf == NULL) { ++ return 0; ++ } + return util_input(buf, maxlen, true); + } + + // Get input from stdin, no echo back. + int util_input_noecho(char *buf, size_t maxlen) + { ++ if (buf == NULL) { ++ return 0; ++ } + return util_input(buf, maxlen, false); + } + +@@ -1269,6 +1279,10 @@ int util_generate_random_str(char *id, size_t len) + size_t i; + const int m = 256; + ++ if (id == NULL) { ++ return -1; ++ } ++ + len = len / 2; + fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) { +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 9000b0dc..5fa556f3 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -41,7 +41,7 @@ + #include "utils_array.h" + #include "utils_string.h" + +-int copy_dir_recursive(char *copy_dst, char *copy_src, map_t *inodes); ++static int copy_dir_recursive(char *copy_dst, char *copy_src, map_t *inodes); + static void do_calculate_dir_size_without_hardlink(const char *dirpath, int recursive_depth, int64_t *total_size, + int64_t *total_inode, map_t *map); + +@@ -303,14 +303,18 @@ out: + + bool util_force_remove_file(const char *fname, int *saved_errno) + { ++ if (fname == NULL) { ++ return true; ++ } ++ + if (unlink(fname) == 0) { + return true; + } + +- WARN("Failed to delete %s: %s", fname, strerror(errno)); +- if (*saved_errno == 0) { ++ if (saved_errno != NULL && *saved_errno == 0) { + *saved_errno = errno; + } ++ WARN("Failed to delete %s: %s", fname, strerror(errno)); + + if (mark_file_mutable(fname) != 0) { + WARN("Failed to mark file mutable"); +@@ -711,6 +715,10 @@ int util_gzip_compressed(const char *filename, bool *gzip) + FILE *f = NULL; + int ret = 0; + ++ if (filename == NULL || gzip == NULL) { ++ return -1; ++ } ++ + f = fopen(filename, "rb"); + if (f == NULL) { + ERROR("Failed to open file %s: %s", filename, strerror(errno)); +@@ -1663,7 +1671,7 @@ int util_proc_file_line_by_line(FILE *fp, read_line_callback_t cb, void *context + ssize_t nret = 0; + int ret = 0; + +- if (fp == NULL) { ++ if (fp == NULL || cb == NULL) { + ERROR("Invalid parameter"); + return -1; + } +@@ -1730,6 +1738,10 @@ int util_recursive_remove_path(const char *path) + { + int ret = 0; + ++ if (path == NULL) { ++ return -1; ++ } ++ + if (unlink(path) != 0 && errno != ENOENT) { + ret = util_recursive_rmdir(path, 0); + } +@@ -2053,6 +2065,10 @@ int util_copy_dir_recursive(char *copy_dst, char *copy_src) + int ret = 0; + map_t *inodes = NULL; + ++ if (copy_dst == NULL || copy_src == NULL) { ++ return -1; ++ } ++ + // key: source inode, value: target file path + inodes = map_new(MAP_INT_STR, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); + if (inodes == NULL) { +@@ -2067,7 +2083,7 @@ int util_copy_dir_recursive(char *copy_dst, char *copy_src) + return ret; + } + +-int copy_dir_recursive(char *copy_dst, char *copy_src, map_t *inodes) ++static int copy_dir_recursive(char *copy_dst, char *copy_src, map_t *inodes) + { + char **entries = NULL; + size_t entry_num = 0; +diff --git a/src/utils/cutils/utils_fs.c b/src/utils/cutils/utils_fs.c +index a8c65f86..ae71f3ba 100644 +--- a/src/utils/cutils/utils_fs.c ++++ b/src/utils/cutils/utils_fs.c +@@ -362,6 +362,10 @@ bool util_detect_mounted(const char *path) + size_t length = 0; + bool bret = false; + ++ if (path == NULL) { ++ return false; ++ } ++ + fp = util_fopen("/proc/self/mountinfo", "r"); + if (fp == NULL) { + ERROR("Failed opening /proc/self/mountinfo"); +@@ -396,6 +400,10 @@ bool util_deal_with_mount_info(mount_info_call_back_t cb, const char *pattern) + bool bret = true; + int nret = 0; + ++ if (cb == NULL) { ++ return false; ++ } ++ + fp = util_fopen("/proc/self/mountinfo", "r"); + if (fp == NULL) { + ERROR("Failed opening /proc/self/mountinfo"); +@@ -582,6 +590,10 @@ int util_mount_from(const char *base, const char *src, const char *dst, const ch + pid_t pid = -1; + int keepfds[] = { -1 }; + ++ if (base == NULL || src == NULL || dst == NULL || mtype == NULL) { ++ return -1; ++ } ++ + pid = fork(); + if (pid == (pid_t) -1) { + ERROR("Failed to fork: %s", strerror(errno)); +@@ -628,6 +640,10 @@ bool util_check_readonly_fs(const char *path) + const int max_retry = 10; + struct statfs fsbuf; + ++ if (path == NULL) { ++ return false; ++ } ++ + for (i = 0; i < max_retry; i++) { + if (statfs(path, &fsbuf) == 0) { + break; +diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c +index c77edc3c..7f67b326 100644 +--- a/src/utils/cutils/utils_network.c ++++ b/src/utils/cutils/utils_network.c +@@ -102,6 +102,10 @@ int util_mount_namespace(const char *netns_path) + int ret = 0; + void *status = NULL; + ++ if (netns_path == NULL) { ++ return -1; ++ } ++ + ret = pthread_create(&newns_thread, NULL, mount_netns, (void *)netns_path); + if (ret != 0) { + ERROR("Failed to create thread"); +@@ -135,8 +139,10 @@ out: + int util_umount_namespace(const char *netns_path) + { + int i = 0; ++ + if (netns_path == NULL) { +- WARN("Invalid path to umount"); ++ WARN("Empty netns path to umount"); ++ return 0; + } + + for (i = 0; i < 50; i++) { +diff --git a/src/utils/cutils/utils_string.c b/src/utils/cutils/utils_string.c +index ba7dd5b4..64afb570 100644 +--- a/src/utils/cutils/utils_string.c ++++ b/src/utils/cutils/utils_string.c +@@ -190,6 +190,10 @@ int util_parse_size_int_and_float(const char *numstr, int64_t mlt, int64_t *conv + char *dot = NULL; + int nret; + ++ if (numstr == NULL || converted == NULL) { ++ return -1; ++ } ++ + dot = strchr(numstr, '.'); + if (dot != NULL) { + char tmp; +@@ -824,6 +828,10 @@ int util_string_array_unique(const char **elements, size_t length, char ***uniqu + char **tmp_elements = NULL; + size_t tmp_elements_len = 0; + ++ if (unique_elements == NULL || unique_elements_len == NULL) { ++ return -1; ++ } ++ + if (elements == NULL || length == 0) { + return 0; + } +diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c +index 3a440ca9..2f378078 100644 +--- a/src/utils/cutils/utils_timestamp.c ++++ b/src/utils/cutils/utils_timestamp.c +@@ -214,6 +214,10 @@ out: + /* get time buffer */ + bool util_get_time_buffer(const types_timestamp_t *timestamp, char *timebuffer, size_t maxsize) + { ++ if (timestamp == NULL) { ++ return false; ++ } ++ + return get_time_buffer_help(timestamp, timebuffer, maxsize, false); + } + +@@ -382,7 +386,7 @@ bool util_parsing_time(const char *format, const char *time, struct tm *tm, int3 + size_t len_time = 0; + size_t index_nanos = 0; + +- if (format == NULL || time == NULL) { ++ if (format == NULL || time == NULL || tm == NULL || nanos == NULL) { + return false; + } + +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 2b77c422..47d17455 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -528,6 +528,11 @@ int authz_http_request(const char *username, const char *action, char **resp) + int nret = 0; + size_t length = 0; + struct http_get_options *options = NULL; ++ ++ if (username == NULL || action == NULL || resp == NULL) { ++ return -1; ++ } ++ + if (strlen(username) > ((SIZE_MAX - strlen(action)) - strlen(":")) - 1) { + ERROR("Invalid arguments"); + return -1; +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index 30b26a00..5f61d336 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -307,8 +307,7 @@ int parse_http(const char *buf, size_t len, struct parsed_http_message *m, + + parser = parser_init(type, m); + if (parser == NULL) { +- ret = -1; +- goto out; ++ return -1; + } + + nparsed = parse(buf, len, parser); +@@ -320,7 +319,6 @@ int parse_http(const char *buf, size_t len, struct parsed_http_message *m, + + free_out: + parser_free(parser); +-out: + return ret; + } + +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index d7d69eb2..7264282f 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -97,7 +97,7 @@ cleanup: + return ret; + } + +-int resolve_host_source_path(const char *path, bool follow_link, char **resolved_path, char **rebase_name, char **err) ++static int resolve_host_source_path(const char *path, bool follow_link, char **resolved_path, char **rebase_name, char **err) + { + int ret = -1; + int nret = 0; +@@ -174,6 +174,10 @@ struct archive_copy_info *copy_info_source_path(const char *path, bool follow_li + char *resolved_path = NULL; + char *rebase_name = NULL; + ++ if (path == NULL || err == NULL) { ++ return NULL; ++ } ++ + info = util_common_calloc_s(sizeof(struct archive_copy_info)); + if (info == NULL) { + ERROR("Out of memory"); +@@ -283,7 +287,7 @@ cleanup: + return -1; + } + +-struct archive_copy_info *copy_info_destination_path(const char *path, char **err) ++static struct archive_copy_info *copy_info_destination_path(const char *path, char **err) + { + struct archive_copy_info *info = NULL; + struct stat st; +@@ -389,6 +393,10 @@ int archive_copy_to(const struct io_read_wrapper *content, const struct archive_ + char *src_base = NULL; + char *dst_base = NULL; + ++ if (err == NULL || dstpath == NULL || srcinfo == NULL || content == NULL) { ++ return -1; ++ } ++ + dstinfo = copy_info_destination_path(dstpath, err); + if (dstinfo == NULL) { + ERROR("Can not get destination info: %s", dstpath); +@@ -444,5 +452,9 @@ cleanup: + + int tar_resource(const struct archive_copy_info *info, struct io_read_wrapper *archive_reader, char **err) + { ++ if (info == NULL || archive_reader == NULL || err == NULL) { ++ return -1; ++ } ++ + return tar_resource_rebase(info->path, info->rebase_name, archive_reader, err); + } +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index c63fd00b..08116589 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -66,7 +66,7 @@ struct archive_content_data { + char buff[ARCHIVE_READ_BUFFER_SIZE]; + }; + +-ssize_t read_content(struct archive *a, void *client_data, const void **buff) ++static ssize_t read_content(struct archive *a, void *client_data, const void **buff) + { + struct archive_content_data *mydata = client_data; + +@@ -535,8 +535,6 @@ static void try_to_replace_exited_dst(const char *dst_path, struct archive_entry + if (util_recursive_remove_path(dst_path) != 0) { + ERROR("Failed to remove path %s while unpack", dst_path); + } +- +- return; + } + + int archive_unpack_handler(const struct io_read_wrapper *content, const struct archive_options *options) +diff --git a/src/utils/tar/util_gzip.c b/src/utils/tar/util_gzip.c +index 2665e6df..bf649300 100644 +--- a/src/utils/tar/util_gzip.c ++++ b/src/utils/tar/util_gzip.c +@@ -36,6 +36,10 @@ int util_gzip_z(const char *srcfile, const char *dstfile, const mode_t mode) + const char *gzerr = NULL; + int errnum = 0; + ++ if (srcfile == NULL || dstfile == NULL) { ++ return -1; ++ } ++ + srcfd = util_open(srcfile, O_RDONLY, SECURE_CONFIG_FILE_MODE); + if (srcfd < 0) { + ERROR("Open src file: %s, failed: %s", srcfile, strerror(errno)); +@@ -105,6 +109,10 @@ int util_gzip_d(const char *srcfile, const FILE *dstfp) + size_t size = 0; + void *buffer = NULL; + ++ if (srcfile == NULL || dstfp == NULL) { ++ return -1; ++ } ++ + stream = gzopen(srcfile, "r"); + if (stream == NULL) { + ERROR("gzopen %s failed: %s", srcfile, strerror(errno)); +diff --git a/test/cutils/utils_file/utils_file_ut.cc b/test/cutils/utils_file/utils_file_ut.cc +index 78c07e60..cacfef45 100644 +--- a/test/cutils/utils_file/utils_file_ut.cc ++++ b/test/cutils/utils_file/utils_file_ut.cc +@@ -197,8 +197,11 @@ TEST(utils_file, test_util_proc_file_line_by_line) + fp = util_fopen(path.c_str(), "r"); + checked_layers = map_new(MAP_STR_BOOL, MAP_DEFAULT_CMP_FUNC, MAP_DEFAULT_FREE_FUNC); + ASSERT_EQ(util_proc_file_line_by_line(fp, parse_checked_layer_cb, (void *)checked_layers), 0); ++ ASSERT_EQ(util_proc_file_line_by_line(fp, nullptr, (void *)checked_layers), -1); + fclose(fp); + ASSERT_EQ(util_path_remove(path.c_str()), 0); ++ ++ ASSERT_EQ(util_proc_file_line_by_line(nullptr, parse_checked_layer_cb, (void *)checked_layers), -1); + } + + TEST(utils_file, test_util_recursive_remove_path) +-- +2.25.1 + diff --git a/0112-2123-add-verify-for-snprintf-and-fix-some-codecheck-.patch b/0112-2123-add-verify-for-snprintf-and-fix-some-codecheck-.patch new file mode 100644 index 0000000..1efffeb --- /dev/null +++ b/0112-2123-add-verify-for-snprintf-and-fix-some-codecheck-.patch @@ -0,0 +1,1516 @@ +From e49f172a3b73ce3caa9a3c61c164b6bfdf03ee4b Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 23 Aug 2023 03:48:42 +0000 +Subject: [PATCH 06/10] !2123 add verify for snprintf and fix some codecheck + error * add verify for snprintf and fix some codecheck error + +--- + src/cmd/isula/extend/events.c | 68 ++++++++++++++---- + src/cmd/isula/images/images.c | 2 +- + src/cmd/isula/information/ps.c | 4 +- + src/cmd/isula/isula_host_spec.c | 2 +- + src/cmd/isulad-shim/common.c | 17 +++-- + src/cmd/isulad-shim/process.c | 10 +-- + src/cmd/isulad-shim/terminal.c | 33 +++++---- + src/cmd/isulad/isulad_commands.c | 12 ++-- + src/cmd/isulad/main.c | 2 +- + src/daemon/common/selinux_label.c | 8 +-- + src/daemon/config/isulad_config.c | 15 ++-- + src/daemon/entry/cri/sysctl_tools.c | 6 +- + src/daemon/executor/container_cb/execution.c | 2 +- + .../executor/container_cb/execution_create.c | 3 +- + .../executor/container_cb/execution_network.c | 12 ++-- + .../executor/container_cb/execution_stream.c | 6 +- + .../container/leftover_cleanup/cleanup.c | 4 +- + src/daemon/modules/events/collector.c | 14 ++-- + .../graphdriver/devmapper/deviceset.c | 6 +- + .../graphdriver/devmapper/driver_devmapper.c | 2 +- + .../graphdriver/overlay2/driver_overlay2.c | 12 ++-- + .../graphdriver/quota/project_quota.c | 4 +- + .../oci/storage/layer_store/layer_store.c | 6 +- + .../overlay_remote_impl.c | 4 +- + src/daemon/modules/log/log_gather.c | 6 +- + src/daemon/modules/plugin/plugin.c | 8 +-- + .../modules/runtime/engines/lcr/lcr_rt_ops.c | 6 +- + .../modules/runtime/isula/isula_rt_ops.c | 69 ++++++++++++------- + src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 +- + src/daemon/modules/service/io_handler.c | 4 +- + .../modules/service/service_container.c | 8 ++- + src/daemon/modules/spec/specs.c | 2 +- + src/daemon/modules/spec/specs_mount.c | 6 +- + src/utils/cutils/utils_file.c | 14 ++-- + src/utils/cutils/utils_timestamp.c | 2 +- + src/utils/cutils/utils_verify.c | 2 +- + src/utils/tar/isulad_tar.c | 2 +- + src/utils/tar/util_archive.c | 6 +- + 38 files changed, 239 insertions(+), 154 deletions(-) + +diff --git a/src/cmd/isula/extend/events.c b/src/cmd/isula/extend/events.c +index b35f246a..43b36005 100644 +--- a/src/cmd/isula/extend/events.c ++++ b/src/cmd/isula/extend/events.c +@@ -34,36 +34,71 @@ struct client_arguments g_cmd_events_args = { + .until = NULL, + }; + +-static size_t calacute_annotations_msg_len(const container_events_format_t *event) ++static bool calacute_annotations_msg_len(const container_events_format_t *event, size_t max, size_t *anno_len) + { +- size_t annos_msg_len = 0; + size_t i; + ++ if (event->annotations_len == 0) { ++ return true; ++ } ++ ++ if (event->annotations_len > (max - 3) / 2) { ++ ERROR("Annotations len is too long"); ++ return false; ++ } ++ ++ max = max - event->annotations_len * 2 - 3; ++ + for (i = 0; i < event->annotations_len; i++) { +- annos_msg_len += strlen(event->annotations[i]); ++ if (strlen(event->annotations[i]) > max) { ++ ERROR("Annotations is too long"); ++ return false; ++ } ++ max = max - strlen(event->annotations[i]); ++ *anno_len += strlen(event->annotations[i]); + } +- annos_msg_len += event->annotations_len * 2; + +- return annos_msg_len; ++ // For each annotation, it needs to add two characters(',' and ' '). ++ *anno_len += event->annotations_len * 2; ++ // For the entire annotation, it needs to add three characters('(' and ')' and '\0). ++ *anno_len += 3; ++ ++ return true; + } + +-static size_t calacute_event_msg_len(const container_events_format_t *event, const char *timebuffer) ++static bool calacute_event_msg_len(const container_events_format_t *event, const char *timebuffer, size_t *msg_len) + { +- size_t msg_len = 0; ++ size_t anno_len = 0; ++ bool ret = false; ++ ++ // The addition of lengths will not overflow, no need to judge overflow + // format : timestamp (container|image opt) id (annotaions) +- msg_len += strlen(timebuffer) + 1 + strlen(event->opt) + 1 + strlen(event->id) + 1; +- msg_len += calacute_annotations_msg_len(event); +- msg_len += 1; // '\0' ++ *msg_len += strlen(timebuffer) + 1 + strlen(event->opt) + 1 + strlen(event->id) + 1; + +- return msg_len; ++ ret = calacute_annotations_msg_len(event, SIZE_MAX - *msg_len, &anno_len); ++ if (!ret) { ++ ERROR("Failed to calacute annotations msg len"); ++ return false; ++ } ++ ++ *msg_len += anno_len; ++ ++ return true; + } + + static int generate_annotations_msg(const container_events_format_t *event, char **anno_msg) + { + size_t i; +- size_t anno_msg_len = calacute_annotations_msg_len(event) + 1; ++ size_t anno_msg_len = 0; ++ bool ret = false; ++ ++ ret = calacute_annotations_msg_len(event, SIZE_MAX, &anno_msg_len); ++ if (!ret) { ++ ERROR("Failed to calacute annotations msg len"); ++ return -1; ++ } + +- if (anno_msg_len == 1) { ++ if (anno_msg_len == 0) { + return 0; + } + +@@ -127,6 +162,7 @@ static void print_events_callback(const container_events_format_t *event) + char timebuffer[TIME_STR_SIZE] = { 0 }; + char *msg = NULL; + size_t msg_len = 0; ++ bool ret = false; + + if (event == NULL) { + return; +@@ -136,7 +172,11 @@ static void print_events_callback(const container_events_format_t *event) + (void)strcpy(timebuffer, "-"); + } + +- msg_len = calacute_event_msg_len(event, timebuffer); ++ ret = calacute_event_msg_len(event, timebuffer, &msg_len); ++ if (!ret) { ++ printf("Failed to calacute calacute event msg len"); ++ return; ++ } + + msg = generate_event_msg(event, timebuffer, msg_len); + if (msg == NULL) { +diff --git a/src/cmd/isula/images/images.c b/src/cmd/isula/images/images.c +index e4b28f5a..bff07f76 100644 +--- a/src/cmd/isula/images/images.c ++++ b/src/cmd/isula/images/images.c +@@ -71,7 +71,7 @@ static char *trans_time(int64_t created) + + nret = snprintf(formated_time, sizeof(formated_time), "%04d-%02d-%02d %02d:%02d:%02d", t.tm_year + 1900, + t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec); +- if (nret < 0 || nret >= sizeof(formated_time)) { ++ if (nret < 0 || (size_t)nret >= sizeof(formated_time)) { + ERROR("format created time failed"); + return NULL; + } +diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c +index 57d34aa3..4332b6fb 100644 +--- a/src/cmd/isula/information/ps.c ++++ b/src/cmd/isula/information/ps.c +@@ -182,14 +182,14 @@ static int handle_running_status(const char *start_at, const struct isula_contai + + if (in->health_state != NULL) { + nret = snprintf(status, len, "Up %s (%s)", start_at, in->health_state); +- if (nret < 0 || nret >= len) { ++ if (nret < 0 || (size_t)nret >= len) { + ERROR("Failed to compose string"); + ret = -1; + goto out; + } + } else { + nret = snprintf(status, len, "Up %s", start_at); +- if (nret < 0 || nret >= len) { ++ if (nret < 0 || (size_t)nret >= len) { + ERROR("Failed to compose string"); + ret = -1; + goto out; +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 11e3eed3..7304130d 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -992,7 +992,7 @@ static int append_seccomp_to_security_opts(const char *full_opt, const char *sec + goto out; + } + nret = snprintf(tmp_str, size, "seccomp=%s", seccomp_json); +- if (nret < 0 || nret >= size) { ++ if (nret < 0 || (size_t)nret >= size) { + COMMAND_ERROR("failed to sprintf buffer!"); + ret = -1; + goto out; +diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c +index 27836a8c..c88de736 100644 +--- a/src/cmd/isulad-shim/common.c ++++ b/src/cmd/isulad-shim/common.c +@@ -220,13 +220,15 @@ int generate_random_str(char *id, size_t len) + } + for (i = 0; i < len; i++) { + int nret; ++ size_t tmp_len; + if (read_nointr(fd, &num, sizeof(int)) < 0) { + close(fd); + return SHIM_ERR; + } + unsigned char rs = (unsigned char)(num % m); +- nret = snprintf((id + i * 2), ((len - i) * 2 + 1), "%02x", (unsigned int)rs); +- if (nret < 0) { ++ tmp_len = ((len - i) * 2 + 1); ++ nret = snprintf((id + i * 2), tmp_len, "%02x", (unsigned int)rs); ++ if (nret < 0 || (size_t)nret >= tmp_len) { + close(fd); + return SHIM_ERR; + } +@@ -252,10 +254,17 @@ void write_message(const char *level, const char *fmt, ...) + + va_list arg_list; + va_start(arg_list, fmt); +- vsnprintf(buf, MAX_MESSAGE_CONTENT_LEN, fmt, arg_list); ++ nwrite = vsnprintf(buf, MAX_MESSAGE_CONTENT_LEN, fmt, arg_list); + va_end(arg_list); ++ if (nwrite < 0) { ++ return; ++ } ++ ++ nwrite = snprintf(msg, MAX_MESSAGE_LEN - 1, "{\"level\": \"%s\", \"msg\": \"%s\"}\n", level, buf); ++ if (nwrite < 0 || (size_t)nwrite >= (MAX_MESSAGE_LEN - 1)) { ++ return; ++ } + +- snprintf(msg, MAX_MESSAGE_LEN - 1, "{\"level\": \"%s\", \"msg\": \"%s\"}\n", level, buf); + nwrite = write_nointr_in_total(g_log_fd, msg, strlen(msg)); + if (nwrite < 0 || (size_t)nwrite != strlen(msg)) { + return; +diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c +index a9e65fcb..a91c3c16 100644 +--- a/src/cmd/isulad-shim/process.c ++++ b/src/cmd/isulad-shim/process.c +@@ -462,7 +462,7 @@ static int new_temp_console_path(process_t *p) + return SHIM_ERR; + } + int nret = snprintf(p->console_sock_path, MAX_CONSOLE_SOCK_LEN, "/run/isulad%s-pty.sock", str_rand); +- if (nret < 0 || nret >= MAX_CONSOLE_SOCK_LEN) { ++ if (nret < 0 || (size_t)nret >= MAX_CONSOLE_SOCK_LEN) { + free(p->console_sock_path); + p->console_sock_path = NULL; + return SHIM_ERR; +@@ -998,7 +998,7 @@ static void process_delete(process_t *p) + return; + } + int nret = snprintf(log_path, PATH_MAX, "%s/log.json", cwd); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + free(cwd); + return; + } +@@ -1055,11 +1055,11 @@ static void exec_runtime_process(process_t *p, int exec_fd) + } + + int nret = snprintf(log_path, PATH_MAX, "%s/log.json", cwd); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + _exit(EXIT_FAILURE); + } + nret = snprintf(pid_path, PATH_MAX, "%s/pid", cwd); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + _exit(EXIT_FAILURE); + } + +@@ -1071,7 +1071,7 @@ static void exec_runtime_process(process_t *p, int exec_fd) + _exit(EXIT_FAILURE); + } + nret = snprintf(process_desc, PATH_MAX, "%s/process.json", cwd); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + _exit(EXIT_FAILURE); + } + } +diff --git a/src/cmd/isulad-shim/terminal.c b/src/cmd/isulad-shim/terminal.c +index 29726ce2..23783244 100644 +--- a/src/cmd/isulad-shim/terminal.c ++++ b/src/cmd/isulad-shim/terminal.c +@@ -38,35 +38,34 @@ + + static int shim_rename_old_log_file(log_terminal *terminal) + { +- int ret; ++ int nret; ++ int ret = SHIM_ERR; + unsigned int i; + char tmp[PATH_MAX] = { 0 }; + char *rename_fname = NULL; + + for (i = terminal->log_maxfile - 1; i > 1; i--) { +- ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i); +- if (ret < 0 || ret >= PATH_MAX) { +- free(rename_fname); +- return SHIM_ERR; ++ nret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ goto out; + } + free(rename_fname); + rename_fname = safe_strdup(tmp); + +- ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, (i - 1)); +- if (ret < 0 || ret >= PATH_MAX) { +- free(rename_fname); +- return SHIM_ERR; ++ nret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, (i - 1)); ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { ++ goto out; + } + +- ret = rename(tmp, rename_fname); +- if (ret < 0 && errno != ENOENT) { +- free(rename_fname); +- return SHIM_ERR; ++ nret = rename(tmp, rename_fname); ++ if (nret < 0 && errno != ENOENT) { ++ goto out; + } + } +- ++ ret = SHIM_OK; ++out: + free(rename_fname); +- return SHIM_OK; ++ return ret; + } + + static int shim_dump_log_file(log_terminal *terminal) +@@ -86,7 +85,7 @@ static int shim_dump_log_file(log_terminal *terminal) + return SHIM_ERR; + } + +- file_newname = calloc(len_path, 1); ++ file_newname = util_smart_calloc_s(1, len_path); + if (file_newname == NULL) { + return SHIM_ERR; + } +@@ -192,7 +191,7 @@ static bool util_get_time_buffer(struct timespec *timestamp, char *timebuffer, s + nanos = (int32_t)timestamp->tv_nsec; + len = strlen(timebuffer); + ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos); +- if (ret < 0 || ret >= (maxsize - len)) { ++ if (ret < 0 || (size_t)ret >= (maxsize - len)) { + return false; + } + +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index e814109e..5db8128c 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -584,7 +584,7 @@ static int ulimit_flag_join(char *out_msg, const size_t msg_len, const size_t de + char *tmp = NULL; + + int nret = snprintf(out_msg, msg_len, "["); +- if (nret < 0 || nret >= msg_len) { ++ if (nret < 0 || (size_t)nret >= msg_len) { + ERROR("Failed to print string"); + goto out; + } +@@ -593,7 +593,7 @@ static int ulimit_flag_join(char *out_msg, const size_t msg_len, const size_t de + tmp = util_strdup_s(out_msg); + nret = snprintf(out_msg, msg_len, "%s %s=%lld:%lld", tmp, default_ulimit[i]->name, + (long long int)default_ulimit[i]->soft, (long long int)default_ulimit[i]->hard); +- if (nret < 0 || nret >= msg_len) { ++ if (nret < 0 || (size_t)nret >= msg_len) { + ERROR("Failed to print string"); + goto out; + } +@@ -603,7 +603,7 @@ static int ulimit_flag_join(char *out_msg, const size_t msg_len, const size_t de + + tmp = util_strdup_s(out_msg); + nret = snprintf(out_msg, msg_len, "%s ]", tmp); +- if (nret < 0 || nret >= msg_len) { ++ if (nret < 0 || (size_t)nret >= msg_len) { + ERROR("Failed to print string"); + goto out; + } +@@ -624,7 +624,7 @@ static int ulimit_file_join(char *out_msg, const size_t msg_len, + isulad_daemon_configs_default_ulimits_element *ptr = NULL; + + int nret = snprintf(out_msg, msg_len, "["); +- if (nret < 0 || nret >= msg_len) { ++ if (nret < 0 || (size_t)nret >= msg_len) { + ERROR("Failed to print string"); + goto out; + } +@@ -633,7 +633,7 @@ static int ulimit_file_join(char *out_msg, const size_t msg_len, + tmp = util_strdup_s(out_msg); + nret = snprintf(out_msg, msg_len, "%s %s=%lld:%lld", tmp, ptr->name, (long long int)(ptr->soft), + (long long int)(ptr->hard)); +- if (nret < 0 || nret >= msg_len) { ++ if (nret < 0 || (size_t)nret >= msg_len) { + ERROR("Failed to print string"); + goto out; + } +@@ -643,7 +643,7 @@ static int ulimit_file_join(char *out_msg, const size_t msg_len, + + tmp = util_strdup_s(out_msg); + nret = snprintf(out_msg, msg_len, "%s ]", tmp); +- if (nret < 0 || nret >= msg_len) { ++ if (nret < 0 || (size_t)nret >= msg_len) { + ERROR("Failed to print string"); + goto out; + } +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 1e51a8e7..8c8fcc40 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -472,7 +472,7 @@ int check_and_save_pid(const char *fn) + } + + len = snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)getpid()); +- if (len < 0 || len >= sizeof(pidbuf)) { ++ if (len < 0 || (size_t)len >= sizeof(pidbuf)) { + ERROR("failed sprint pidbuf"); + ret = -1; + goto out; +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index 173f3acb..d8bc1e08 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -239,7 +239,7 @@ static int get_current_label(char **content) + char path[PATH_MAX] = { 0 }; + + nret = snprintf(path, sizeof(path), "/proc/self/task/%ld/attr/current", (long int)syscall(__NR_gettid)); +- if (nret < 0 || nret >= sizeof(path)) { ++ if (nret < 0 || (size_t)nret >= sizeof(path)) { + ERROR("Humanize sprintf failed!"); + return -1; + } +@@ -482,7 +482,7 @@ static int uniq_mcs(unsigned int range, char *mcs, size_t len) + } + + nret = snprintf(mcs, len, "s0:c%u,c%u", c1, c2); +- if (nret < 0 || nret >= len) { ++ if (nret < 0 || (size_t)nret >= len) { + ERROR("Failed to compose mcs"); + return -1; + } +@@ -911,7 +911,7 @@ static int recurse_set_file_label(const char *basePath, const char *label) + continue; + } else { + int nret = snprintf(base, sizeof(base), "%s/%s", basePath, ptr->d_name); +- if (nret < 0 || nret >= sizeof(base)) { ++ if (nret < 0 || (size_t)nret >= sizeof(base)) { + ERROR("Failed to get path"); + ret = -1; + goto out; +@@ -1032,7 +1032,7 @@ static int append_security_opt_string(const char *field, const char *value, char + goto out; + } + nret = snprintf(sec_opt, temp_len, "%s%s", field, value); +- if (nret < 0 || nret >= temp_len) { ++ if (nret < 0 || (size_t)nret >= temp_len) { + ERROR("Out of memory"); + ret = -1; + goto out; +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index d9644756..17c9d3b5 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -535,13 +535,14 @@ static char *get_parent_mount_dir(char *graph) + size_t len; + char *rootfsdir = NULL; + +- len = strlen(graph) + strlen("/mnt/rootfs") + 1; +- if (len > PATH_MAX) { +- ERROR("The size of path exceeds the limit"); ++ if (strlen(graph) > (PATH_MAX - strlen("/mnt/rootfs") - 1)) { ++ ERROR("Graph path is too long"); + return NULL; + } + +- rootfsdir = util_common_calloc_s(len); ++ len = strlen(graph) + strlen("/mnt/rootfs") + 1; ++ ++ rootfsdir = util_smart_calloc_s(sizeof(char), len); + if (rootfsdir == NULL) { + ERROR("Out of memory"); + return NULL; +@@ -783,6 +784,12 @@ char *conf_get_engine_log_file() + ERROR("conf_get_isulad_log_gather_fifo_path failed"); + goto out; + } ++ ++ if (strlen(logfile) > (SIZE_MAX - strlen(prefix) - 1)) { ++ ERROR("Logfile path is too long"); ++ return NULL; ++ } ++ + len = strlen(prefix) + strlen(logfile) + 1; + if (len > PATH_MAX) { + ERROR("The size of path exceeds the limit"); +diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c +index 3c558fa1..847c36e9 100644 +--- a/src/daemon/entry/cri/sysctl_tools.c ++++ b/src/daemon/entry/cri/sysctl_tools.c +@@ -34,7 +34,7 @@ int get_sysctl(const char *sysctl, char **err) + char buff[MAX_BUFFER_SIZE + 1] = { 0 }; + + ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl); +- if (ret < 0 || ret >= PATH_MAX) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + *err = util_strdup_s("Out of memory"); + goto free_out; + } +@@ -81,12 +81,12 @@ int set_sysctl(const char *sysctl, int new_value, char **err) + char buff[ISULAD_NUMSTRLEN64] = { 0 }; + + ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl); +- if (ret < 0 || ret >= PATH_MAX) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + *err = util_strdup_s("Out of memory"); + goto free_out; + } + ret = snprintf(buff, ISULAD_NUMSTRLEN64, "%d", new_value); +- if (ret < 0 || ret >= ISULAD_NUMSTRLEN64) { ++ if (ret < 0 || (size_t)ret >= ISULAD_NUMSTRLEN64) { + *err = util_strdup_s("Out of memory"); + goto free_out; + } +diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c +index 130bdaa4..fe9d7aaa 100644 +--- a/src/daemon/executor/container_cb/execution.c ++++ b/src/daemon/executor/container_cb/execution.c +@@ -326,7 +326,7 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const + } + + ret = snprintf(fpath, sizeof(fpath), "%s/%s", path, file); +- if (ret < 0 || ret >= sizeof(fpath)) { ++ if (ret < 0 || (size_t)ret >= sizeof(fpath)) { + ERROR("Failed to print string"); + return -1; + } +diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c +index 4d10e9e0..6097dd7e 100644 +--- a/src/daemon/executor/container_cb/execution_create.c ++++ b/src/daemon/executor/container_cb/execution_create.c +@@ -263,7 +263,7 @@ static int do_set_default_log_path_for_json_file(const char *id, const char *roo + char default_path[PATH_MAX] = { 0 }; + + nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", root, id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Create default log path for container %s failed", id); + return -1; + } +@@ -672,6 +672,7 @@ static int conf_get_image_id(const char *image, char **id) + goto out; + } + ++ // it can guarantee that ir->id is not too long internally, and there is no need to judge overflow + len = strlen("sha256:") + strlen(ir->id) + 1; + image_id = (char *)util_smart_calloc_s(sizeof(char), len); + if (image_id == NULL) { +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index b738d02f..09aadd9b 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -720,7 +720,7 @@ static int merge_network_for_universal_container(const host_config *host_spec, c + } + + nret = snprintf(root_path, PATH_MAX, "%s/%s", runtime_root, id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out; +@@ -925,7 +925,9 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh + } else { + // max length of hostname from ID is 12 + '\0' + nret = snprintf(hostname, 13, "%s", id); +- ret = nret < 0 ? 1 : 0; ++ if (nret < 0 || (size_t)nret >= 13) { ++ ret = -1; ++ } + } + if (ret != 0) { + ERROR("Create hostname error"); +@@ -935,7 +937,7 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh + } + + nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hostname"); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out; +@@ -1012,7 +1014,7 @@ static int create_default_hosts(const char *id, const char *rootpath, bool share + char file_path[PATH_MAX] = { 0x0 }; + + ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts"); +- if (ret < 0 || ret >= PATH_MAX) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out; +@@ -1049,7 +1051,7 @@ static int create_default_resolv(const char *id, const char *rootpath, container + char file_path[PATH_MAX] = { 0x0 }; + + ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf"); +- if (ret < 0 || ret >= PATH_MAX) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out; +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 7e928cf7..32721e68 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -1127,7 +1127,7 @@ static int do_read_all_container_logs(int64_t require_line, const char *path, co + + for (; i > 0; i--) { + int nret = snprintf(log_path, PATH_MAX, "%s.%d", path, i); +- if (nret >= PATH_MAX || nret < 0) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Sprintf failed"); + goto out; + } +@@ -1166,7 +1166,7 @@ static int do_show_all_logs(const struct container_log_config *conf, const strea + + while (index > 0) { + int nret = snprintf(log_path, PATH_MAX, "%s.%d", conf->path, index); +- if (nret >= PATH_MAX || nret < 0) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Sprintf failed"); + ret = -1; + goto out; +@@ -1301,7 +1301,7 @@ static int do_tail_container_logs(int64_t require_line, const struct container_l + left -= get_line; + get_line = 0; + int nret = snprintf(log_path, PATH_MAX, "%s.%d", conf->path, i); +- if (nret >= PATH_MAX || nret < 0) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Sprintf failed"); + goto out; + } +diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c +index eb9b5afb..c86e3db9 100644 +--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c ++++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c +@@ -151,7 +151,7 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su + } + + nret = snprintf(tmpdir, PATH_MAX, "%s/%s", path_name, sub_dir->d_name); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + WARN("Failed to snprintf for %s", sub_dir->d_name); + return true; + } +@@ -176,7 +176,7 @@ static void cleanup_path(char *dir) + char cleanpath[PATH_MAX] = { 0 }; + + nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", dir); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to snprintf"); + return; + } +diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c +index 3c1eae1a..2729c6be 100644 +--- a/src/daemon/modules/events/collector.c ++++ b/src/daemon/modules/events/collector.c +@@ -199,7 +199,7 @@ static int supplement_operator_for_container_msg(const struct monitord_msg *msg, + } else { + nret = snprintf(opt, sizeof(opt), "container %s", isulad_event_sta2str(msg->value)); + } +- if (nret < 0 || nret >= sizeof(opt)) { ++ if (nret < 0 || (size_t)nret >= sizeof(opt)) { + return -1; + } + +@@ -220,7 +220,7 @@ static int supplement_pid_for_container_msg(const container_t *cont, const struc + } + + nret = snprintf(info, sizeof(info), "pid=%u", cont->state->state->pid); +- if (nret < 0 || nret >= sizeof(info)) { ++ if (nret < 0 || (size_t)nret >= sizeof(info)) { + return -1; + } + +@@ -250,7 +250,7 @@ static int supplement_exitcode_for_container_msg(const container_t *cont, const + } + + nret = snprintf(info, sizeof(info), "exitCode=%d", exit_code); +- if (nret < 0 || nret >= sizeof(info)) { ++ if (nret < 0 || (size_t)nret >= sizeof(info)) { + return -1; + } + +@@ -273,7 +273,7 @@ static int supplement_image_for_container_msg(const container_t *cont, const str + } + + nret = snprintf(info, sizeof(info), "image=%s", cont->common_config->image); +- if (nret < 0 || nret >= sizeof(info)) { ++ if (nret < 0 || (size_t)nret >= sizeof(info)) { + return -1; + } + +@@ -296,7 +296,7 @@ static int supplement_name_for_container_msg(const container_t *cont, const stru + } + + nret = snprintf(info, sizeof(info), "name=%s", cont->common_config->name); +- if (nret < 0 || nret >= sizeof(info)) { ++ if (nret < 0 || (size_t)nret >= sizeof(info)) { + return -1; + } + +@@ -322,7 +322,7 @@ static int supplement_labels_for_container_msg(const container_t *cont, const st + char info[EVENT_EXTRA_ANNOTATION_MAX] = { 0x00 }; + int nret = snprintf(info, sizeof(info), "%s=%s", cont->common_config->config->labels->keys[i], + cont->common_config->config->labels->values[i]); +- if (nret < 0 || nret >= sizeof(info)) { ++ if (nret < 0 || (size_t)nret >= sizeof(info)) { + return -1; + } + +@@ -407,7 +407,7 @@ static int supplement_msg_for_image(struct monitord_msg *msg, struct isulad_even + format_msg->id = util_strdup_s(msg->name); + + nret = snprintf(opt, sizeof(opt), "image %s", isulad_image_event_sta2str(msg->value)); +- if (nret < 0 || nret >= sizeof(opt)) { ++ if (nret < 0 || (size_t)nret >= sizeof(opt)) { + ERROR("Get operator operator info failed"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 76059b81..97919603 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -769,7 +769,7 @@ static int device_file_walk(struct device_set *devset) + + (void)memset(fname, 0, sizeof(fname)); + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", metadir, entry->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + continue; + } +@@ -3351,7 +3351,7 @@ struct status *device_set_status(struct device_set *devset) + char msg[PATH_MAX] = { 0 }; + + msg_len = snprintf(msg, PATH_MAX, "system semaphore nums has attached limit: %d", sem_usz); +- if (msg_len < 0 || msg_len >= PATH_MAX) { ++ if (msg_len < 0 || (size_t)msg_len >= PATH_MAX) { + ERROR("Cannot get semaphore err msg"); + free_devmapper_status(st); + st = NULL; +@@ -3398,7 +3398,7 @@ static int umount_deactivate_dev_all(const struct device_set *devset) + + (void)memset(fname, 0, sizeof(fname)); + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", mnt_root, entry->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + continue; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +index c83d3e54..c8e78e48 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c +@@ -520,7 +520,7 @@ static void status_append(const char *name, const char *value, uint64_t u_data, + break; + } + +- if (nret < 0 || nret >= MAX_INFO_LENGTH) { ++ if (nret < 0 || (size_t)nret >= MAX_INFO_LENGTH) { + ERROR("Failed to print status"); + return; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 4f7be30d..7e851a26 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -231,7 +231,7 @@ static void rm_invalid_symlink(const char *dirpath) + (void)memset(fname, 0, sizeof(fname)); + + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + continue; + } +@@ -475,14 +475,14 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom + char clean_path[PATH_MAX] = { 0 }; + + nret = snprintf(target_path, PATH_MAX, "../%s/diff", id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to get target path %s", id); + ret = -1; + goto out; + } + + nret = snprintf(link_path, PATH_MAX, "%s/%s/%s", driver_home, OVERLAY_LINK_DIR, link_id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to get link path %s", link_id); + ret = -1; + goto out; +@@ -723,7 +723,7 @@ static char *get_lower(const char *parent, const char *driver_home) + } else { + nret = snprintf(lower, lower_len, "%s/%s", OVERLAY_LINK_DIR, parent_link); + } +- if (nret < 0 || nret >= lower_len) { ++ if (nret < 0 || (size_t)nret >= lower_len) { + ERROR("lower %s too large", parent_link); + goto err_out; + } +@@ -1167,7 +1167,7 @@ int overlay2_rm_layer(const char *id, const struct graphdriver *driver) + link_id = read_layer_link_file(layer_dir); + if (link_id != NULL) { + nret = snprintf(link_path, PATH_MAX, "%s/%s/%s", driver->home, OVERLAY_LINK_DIR, link_id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to get link path %s", link_id); + ret = -1; + goto out; +@@ -2071,7 +2071,7 @@ int overlay2_get_driver_status(const struct graphdriver *driver, struct graphdri + status->backing_fs = util_strdup_s(driver->backing_fs); + + nret = snprintf(tmp, MAX_INFO_LENGTH, "%s: %s\n", BACK_FS, driver->backing_fs); +- if (nret < 0 || nret >= MAX_INFO_LENGTH) { ++ if (nret < 0 || (size_t)nret >= MAX_INFO_LENGTH) { + ERROR("Failed to get backing fs"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c +index 2bcfb0ee..e27fd044 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c +@@ -45,7 +45,7 @@ static char *make_backing_fs_device(const char *home_dir) + struct stat current_stat = { 0 }; + + ret = snprintf(full_path, PATH_MAX, "%s/%s", home_dir, "backingFsBlockDev"); +- if (ret < 0 || ret >= PATH_MAX) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("Failed to get backing fs device"); + goto err_out; + } +@@ -276,7 +276,7 @@ static void get_next_project_id(const char *dirpath, struct pquota_control *ctrl + (void)memset(fname, 0, sizeof(fname)); + + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + continue; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +index 08c7e4a6..4751f020 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c +@@ -2121,7 +2121,7 @@ static int valid_crc64(storage_entry *entry, char *rootfs) + char *fname = NULL; + + nret = snprintf(file, PATH_MAX, "%s/%s", rootfs, entry->name); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("snprintf %s/%s failed", rootfs, entry->name); + ret = -1; + goto out; +@@ -2195,7 +2195,7 @@ static tar_split *new_tar_split(layer_t *l, const char *tspath) + } + + nret = snprintf(path, sizeof(path), ".%s.tmp", tspath); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("sprintf .%s.tmp failed", tspath); + ret = -1; + goto out; +@@ -2401,7 +2401,7 @@ static layer_t *load_one_layer_from_json(const char *id) + bool layer_valid = false; + + nret = snprintf(tmpdir, PATH_MAX, "%s/%s", g_root_dir, id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Sprintf: %s failed", id); + return NULL; + } +diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +index 238506c2..e44c64ef 100644 +--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c ++++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c +@@ -112,14 +112,14 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom + char clean_path[PATH_MAX] = { 0 }; + + nret = snprintf(target_path, PATH_MAX, "../%s/diff", id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to get target path %s", id); + ret = -1; + goto out; + } + + nret = snprintf(link_path, PATH_MAX, "%s/%s/%s", driver_home, OVERLAY_LINK_DIR, link_id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to get link path %s", link_id); + ret = -1; + goto out; +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index 8c19f33b..9b400f00 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -54,13 +54,13 @@ static int file_rotate_gz(const char *file_name, int i) + char to_path[PATH_MAX] = { 0 }; + + ret = snprintf(from_path, PATH_MAX, "%s.%d.gz", file_name, (i - 1)); +- if (ret >= PATH_MAX || ret < 0) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("sprint zip file name failed"); + return -1; + } + + ret = snprintf(to_path, PATH_MAX, "%s.%d.gz", file_name, i); +- if (ret >= PATH_MAX || ret < 0) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("sprint zip file name failed"); + return -1; + } +@@ -79,7 +79,7 @@ static int file_rotate_me(const char *file_name) + char tmp_path[PATH_MAX] = { 0 }; + + ret = snprintf(tmp_path, PATH_MAX, "%s.1", file_name); +- if (ret >= PATH_MAX || ret < 0) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("Out of memory"); + return -1; + } +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index e08479ab..b4d78dc9 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -389,7 +389,7 @@ static int get_plugin_addr_and_name(char *plugin_addr, char *plugin_name, const + + plugin_name[str_length - PLUGIN_SOCKET_FILE_SUFFIX_LEN] = 0; + nret = snprintf(plugin_addr, PATH_MAX, "%s/%s", plugin_dir, filename); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("get plugin addr failed %s", filename); + goto out; + } +@@ -577,7 +577,7 @@ static int reload_plugin(const char *name) + } + + ret = snprintf(filename, PATH_MAX, "%s.sock", name); +- if (ret < 0 || ret >= PATH_MAX) { ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("get plugin addr failed %s", filename); + return -1; + } +@@ -914,7 +914,7 @@ int pm_activate_plugin(plugin_t *plugin) + + body_len = strlen(body) + 1; + nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("get plugin socket failed"); + ret = -1; + goto out; +@@ -1136,7 +1136,7 @@ static int pm_init_plugin(const plugin_t *plugin) + + body_len = strlen(body) + 1; + nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("get plugin socket failed %s", plugin->addr); + ret = -1; + goto out; +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +index f2eec6d2..2b9cf39c 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c +@@ -323,13 +323,13 @@ static int generate_user_string_by_uid_gid(const defs_process_user *puser, char + int nret = 0; + + nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid); +- if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) { ++ if (nret < 0 || (size_t)nret >= ISULAD_NUMSTRLEN32) { + ERROR("Invalid UID:%u", (unsigned int)puser->uid); + return -1; + } + + nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid); +- if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) { ++ if (nret < 0 || (size_t)nret >= ISULAD_NUMSTRLEN32) { + ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid); + return -1; + } +@@ -369,7 +369,7 @@ static char **covert_gids_to_string(const gid_t *gids, const size_t gids_len) + char gid_str[ISULAD_NUMSTRLEN32] = { 0 }; + + nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)gids[i]); +- if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) { ++ if (nret < 0 || (size_t)nret >= ISULAD_NUMSTRLEN32) { + ERROR("Invalid gid :%u", (unsigned int)gids[i]); + util_free_array_by_len(result, len); + return NULL; +diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c +index 7374c3c6..a218519a 100644 +--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c ++++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c +@@ -239,8 +239,9 @@ static int create_process_json_file(const char *workdir, const shim_client_proce + char fname[PATH_MAX] = { 0 }; + int retcode = 0; + +- if (snprintf(fname, sizeof(fname), "%s/process.json", workdir) < 0) { +- ERROR("failed make process.json full path"); ++ int nret = snprintf(fname, sizeof(fname), "%s/process.json", workdir); ++ if (nret < 0 || (size_t)nret >= sizeof(fname)) { ++ ERROR("Failed make process.json full path"); + return -1; + } + +@@ -743,6 +744,7 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + const char *params[PARAM_NUM] = { 0 }; + int i = 0; + int status = 0; ++ int nret = 0; + + params[i++] = SHIM_BINARY; + params[i++] = id; +@@ -755,8 +757,9 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char + } + runtime_exec_param_dump(params); + +- if (snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir) < 0) { +- ERROR("Failed make shim-pid full path"); ++ nret = snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir); ++ if (nret < 0 || (size_t)nret >= sizeof(fpid)) { ++ ERROR("failed make shim-pid full path"); + return -1; + } + +@@ -896,7 +899,8 @@ static int get_container_process_pid(const char *workdir) + struct timespec beg = { 0 }; + struct timespec end = { 0 }; + +- if (snprintf(fname, sizeof(fname), "%s/pid", workdir) < 0) { ++ int nret = snprintf(fname, sizeof(fname), "%s/pid", workdir); ++ if (nret < 0 || (size_t)nret >= sizeof(fname)) { + ERROR("failed make pid full path"); + return -1; + } +@@ -934,7 +938,8 @@ static void shim_kill_force(const char *workdir) + int pid = 0; + char fpid[PATH_MAX] = { 0 }; + +- if (snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir) < 0) { ++ int nret = snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir); ++ if (nret < 0 || (size_t)nret >= sizeof(fpid)) { + INFO("shim-pid not exist"); + return; + } +@@ -961,6 +966,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + char workdir[PATH_MAX] = { 0 }; + shim_client_process_state p = { 0 }; + int shim_exit_code = 0; ++ int nret = 0; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("nullptr arguments not allowed"); +@@ -973,7 +979,8 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_ + return -1; + } + +- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) { ++ nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); ++ if (nret < 0 || (size_t)nret >= sizeof(workdir)) { + INFO("make full workdir failed"); + ret = -1; + goto out; +@@ -1018,18 +1025,21 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t + int splice_ret = 0; + proc_t *proc = NULL; + proc_t *p_proc = NULL; ++ int nret = 0; + + if (id == NULL || runtime == NULL || params == NULL || pid_info == NULL) { + ERROR("nullptr arguments not allowed"); + return -1; + } +- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) { ++ ++ nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); ++ if (nret < 0 || (size_t)nret >= sizeof(workdir)) { + ERROR("%s: missing shim workdir", id); + return -1; + } + + splice_ret = snprintf(shim_pid_file_name, sizeof(shim_pid_file_name), "%s/shim-pid", workdir); +- if (splice_ret < 0 || splice_ret >= sizeof(shim_pid_file_name)) { ++ if (splice_ret < 0 || (size_t)splice_ret >= sizeof(shim_pid_file_name)) { + ERROR("%s: wrong shim workdir", id); + return -1; + } +@@ -1090,7 +1100,7 @@ int rt_isula_restart(const char *name, const char *runtime, const rt_restart_par + int rt_isula_clean_resource(const char *id, const char *runtime, const rt_clean_params_t *params) + { + char workdir[PATH_MAX] = { 0 }; +- int nret; ++ int nret = 0; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("nullptr arguments not allowed"); +@@ -1102,7 +1112,8 @@ int rt_isula_clean_resource(const char *id, const char *runtime, const rt_clean_ + return -1; + } + +- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->statepath, id) < 0) { ++ nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->statepath, id); ++ if (nret < 0 || (size_t)nret >= sizeof(workdir)) { + ERROR("failed get shim workdir"); + return -1; + } +@@ -1135,6 +1146,7 @@ int rt_isula_clean_resource(const char *id, const char *runtime, const rt_clean_ + int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *params) + { + char libdir[PATH_MAX] = { 0 }; ++ int nret = 0; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("nullptr arguments not allowed"); +@@ -1144,7 +1156,9 @@ int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *param + ERROR("missing root path"); + return -1; + } +- if (snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id) < 0) { ++ ++ nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id); ++ if (nret < 0 || (size_t)nret >= sizeof(libdir)) { + ERROR("failed get shim workdir"); + return -1; + } +@@ -1205,7 +1219,7 @@ static int preparation_exec(const char *id, const char *runtime, const char *wor + } + + ret = snprintf(resize_fifo_dir, sizeof(resize_fifo_dir), "%s/%s", workdir, RESIZE_FIFO_NAME); +- if (ret < 0) { ++ if (ret < 0 || (size_t)ret >= sizeof(resize_fifo_dir)) { + ERROR("failed join resize fifo full path"); + return -1; + } +@@ -1258,7 +1272,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + } + + ret = snprintf(bundle, sizeof(bundle), "%s/%s", params->rootpath, id); +- if (ret < 0) { ++ if (ret < 0 || (size_t)ret >= sizeof(bundle)) { + ERROR("failed join bundle path for exec"); + return -1; + } +@@ -1275,7 +1289,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p + } + + ret = snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, exec_id); +- if (ret < 0) { ++ if (ret < 0 || (size_t)ret >= sizeof(workdir)) { + ERROR("failed join exec full path"); + goto out; + } +@@ -1349,7 +1363,7 @@ int rt_isula_status(const char *id, const char *runtime, const rt_status_params_ + } + + ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); +- if (ret < 0) { ++ if (ret < 0 || (size_t)ret >= sizeof(workdir)) { + ERROR("failed join full workdir %s/%s", params->rootpath, id); + goto out; + } +@@ -1531,13 +1545,15 @@ del_out: + int rt_isula_pause(const char *id, const char *runtime, const rt_pause_params_t *params) + { + char workdir[PATH_MAX] = { 0 }; ++ int ret = 0; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("nullptr arguments not allowed"); + return -1; + } + +- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) { ++ ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); ++ if (ret < 0 || (size_t)ret >= sizeof(workdir)) { + ERROR("failed join workdir %s/%s", params->state, id); + return -1; + } +@@ -1548,13 +1564,15 @@ int rt_isula_pause(const char *id, const char *runtime, const rt_pause_params_t + int rt_isula_resume(const char *id, const char *runtime, const rt_resume_params_t *params) + { + char workdir[PATH_MAX] = { 0 }; ++ int ret = 0; + + if (id == NULL || runtime == NULL || params == NULL) { + ERROR("nullptr arguments not allowed"); + return -1; + } + +- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) { ++ ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); ++ if (ret < 0 || (size_t)ret >= sizeof(workdir)) { + ERROR("failed join workdir %s/%s", params->state, id); + return -1; + } +@@ -1581,7 +1599,7 @@ int rt_isula_resources_stats(const char *id, const char *runtime, const rt_stats + } + + ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id); +- if (ret < 0) { ++ if (ret < 0 || (size_t)ret >= sizeof(workdir)) { + ERROR("failed join full workdir %s/%s", params->rootpath, id); + goto out; + } +@@ -1625,17 +1643,20 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi + return 0; + } + +- if (snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, params->suffix) < 0) { +- ERROR("failed to join exec workdir path"); +- return -1; ++ ret = snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, params->suffix); ++ if (ret < 0 || (size_t)ret >= sizeof(workdir)) { ++ ERROR("failed join full workdir %s/%s", params->rootpath, id); ++ goto out; + } + +- if (snprintf(resize_fifo_path, sizeof(resize_fifo_path), "%s/%s", workdir, RESIZE_FIFO_NAME) < 0) { ++ ret = snprintf(resize_fifo_path, sizeof(resize_fifo_path), "%s/%s", workdir, RESIZE_FIFO_NAME); ++ if (ret < 0 || (size_t)ret >= sizeof(resize_fifo_path)) { + ERROR("failed to join exec fifo path"); + return -1; + } + +- if (snprintf(data, sizeof(data), "%u %u", params->width, params->height) < 0) { ++ ret = snprintf(data, sizeof(data), "%u %u", params->width, params->height); ++ if (ret < 0 || (size_t)ret >= sizeof(data)) { + ERROR("failed to write resize data"); + return -1; + } +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 8cdf0138..a437399d 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -362,7 +362,7 @@ int rt_shim_clean_resource(const char *id, const char *runtime, const rt_clean_p + } + + nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->statepath, id); +- if (nret < 0 || nret >= sizeof(workdir)) { ++ if (nret < 0 || (size_t)nret >= sizeof(workdir)) { + ERROR("failed to get shim workdir"); + ret = -1; + goto out; +@@ -406,7 +406,7 @@ int rt_shim_rm(const char *id, const char *runtime, const rt_rm_params_t *params + } + + nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id); +- if (nret < 0 || nret >= sizeof(libdir)) { ++ if (nret < 0 || (size_t)nret >= sizeof(libdir)) { + ERROR("failed to get shim workdir"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c +index 98c763a4..0cb9fda9 100644 +--- a/src/daemon/modules/service/io_handler.c ++++ b/src/daemon/modules/service/io_handler.c +@@ -134,13 +134,13 @@ int create_daemon_fifos(const char *id, const char *runtime, bool attach_stdin, + + nret = snprintf(subpath, PATH_MAX, "%s/%s/%u_%u_%u", id, operation, (unsigned int)tid, (unsigned int)now.tv_sec, + (unsigned int)(now.tv_nsec)); +- if (nret >= PATH_MAX || nret < 0) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); + goto cleanup; + } + + nret = snprintf(fifodir, PATH_MAX, "%s/%s", statepath, subpath); +- if (nret >= PATH_MAX || nret < 0) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); + goto cleanup; + } +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 0f4a1ed6..43968c63 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -310,6 +310,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_ + int fd = -1; + size_t i = 0; + ssize_t nret = 0; ++ int env_max = 4096; + + ret = create_env_path_dir(env_path); + if (ret < 0) { +@@ -324,6 +325,11 @@ static int write_env_content(const char *env_path, const char **env, size_t env_ + } + if (env != NULL) { + for (i = 0; i < env_len; i++) { ++ if (strlen(env[i]) > env_max) { ++ ERROR("Env is too long"); ++ ret = -1; ++ goto out; ++ } + size_t len = strlen(env[i]) + strlen("\n") + 1; + char *env_content = NULL; + env_content = util_common_calloc_s(len); +@@ -1505,7 +1511,7 @@ int cleanup_mounts_by_id(const char *id, const char *engine_root_path) + int nret = 0; + + nret = snprintf(target, PATH_MAX, "%s/%s", engine_root_path, id); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Sprintf failed"); + return -1; + } +diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c +index ad6d01d2..9fec586e 100644 +--- a/src/daemon/modules/spec/specs.c ++++ b/src/daemon/modules/spec/specs.c +@@ -2303,7 +2303,7 @@ int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec + parser_error err = NULL; + + nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); + ret = -1; + goto out_free; +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index c312e08e..7ee4c5f9 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -197,7 +197,7 @@ static bool valid_dirent_info(const char *dir, const struct dirent *info_archivo + } + + nret = snprintf(fullpath, PATH_MAX, "%s/%s", dir, info_archivo->d_name); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("get_devices: Failed to combine device path"); + return false; + } +@@ -310,7 +310,7 @@ static int get_devices(const char *dir, char ***devices, size_t *device_len, int + return -1; + } + nret = snprintf(fullpath, PATH_MAX, "%s/%s", dir, info_archivo->d_name); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("get_devices: Failed to combine device path"); + closedir(midir); + free(fullpath); +@@ -2603,7 +2603,7 @@ static char *get_prepare_share_shm_path(const char *truntime, const char *cid) + } + + nret = snprintf(spath, slen, "%s/%s/mounts/shm", real_root_path, cid); +- if (nret < 0 || nret >= slen) { ++ if (nret < 0 || (size_t)nret >= slen) { + ERROR("Sprintf failed"); + goto err_out; + } +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 5fa556f3..0b73e652 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -381,7 +381,7 @@ static int recursive_rmdir_helper(const char *dirpath, int recursive_depth, int + (void)memset(fname, 0, sizeof(fname)); + + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + failure = 1; + continue; +@@ -490,7 +490,7 @@ char *util_path_join(const char *dir, const char *file) + } + + nret = snprintf(path, PATH_MAX, "%s/%s", dir, file); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("dir or file too long failed"); + return NULL; + } +@@ -611,7 +611,7 @@ char *util_human_size(uint64_t val) + } + + ret = snprintf(out, len, "%llu%s", (unsigned long long)ui, uf[index]); +- if (ret < 0 || ret >= len) { ++ if (ret < 0 || (size_t)ret >= len) { + ERROR("Failed to print string"); + free(out); + return NULL; +@@ -637,7 +637,7 @@ char *util_human_size_decimal(int64_t val) + } else { + nret = snprintf(out, sizeof(out), "%lldB", (long long int)val); + } +- if (nret < 0 || nret >= sizeof(out)) { ++ if (nret < 0 || (size_t)nret >= sizeof(out)) { + ERROR("Failed to print string"); + return NULL; + } +@@ -1258,7 +1258,7 @@ static void recursive_cal_dir_size_helper(const char *dirpath, int recursive_dep + (void)memset(fname, 0, sizeof(fname)); + + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + continue; + } +@@ -1346,7 +1346,7 @@ static void recursive_cal_dir_size__without_hardlink_helper(const char *dirpath, + (void)memset(fname, 0, sizeof(fname)); + + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + continue; + } +@@ -1478,7 +1478,7 @@ static char *get_random_tmp_file(const char *fname) + } + + nret = snprintf(rpath, PATH_MAX, ".tmp-%s-%s", base, random_tmp); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to generate tmp base file"); + goto out; + } +diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c +index 2f378078..7435e2fa 100644 +--- a/src/utils/cutils/utils_timestamp.c ++++ b/src/utils/cutils/utils_timestamp.c +@@ -844,7 +844,7 @@ static bool time_human_duration(int64_t seconds, char *str, size_t len) + } + } + +- if (nret < 0 || nret >= len) { ++ if (nret < 0 || (size_t)nret >= len) { + ERROR("Sprintf buffer failed"); + return false; + } +diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c +index c2836ae3..6fec2c9a 100644 +--- a/src/utils/cutils/utils_verify.c ++++ b/src/utils/cutils/utils_verify.c +@@ -231,7 +231,7 @@ bool util_valid_cap(const char *cap) + } + + nret = snprintf(tmpcap, sizeof(tmpcap), "CAP_%s", cap); +- if (nret < 0 || nret >= sizeof(tmpcap)) { ++ if (nret < 0 || (size_t)nret >= sizeof(tmpcap)) { + ERROR("Failed to print string"); + return false; + } +diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c +index 7264282f..48ac96da 100644 +--- a/src/utils/tar/isulad_tar.c ++++ b/src/utils/tar/isulad_tar.c +@@ -57,7 +57,7 @@ static int get_rebase_name(const char *path, const char *real_path, char **resol + char *resolved_base = NULL; + + nret = snprintf(resolved, PATH_MAX, "%s", real_path); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to print string"); + return -1; + } +diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c +index 08116589..a6946413 100644 +--- a/src/utils/tar/util_archive.c ++++ b/src/utils/tar/util_archive.c +@@ -114,7 +114,7 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir) + } + + nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to snprintf"); + return -1; + } +@@ -125,7 +125,7 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir) + } + + nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", cleanpath); +- if (nret < 0 || nret >= PATH_MAX) { ++ if (nret < 0 || (size_t)nret >= PATH_MAX) { + ERROR("Failed to snprintf string"); + return -1; + } +@@ -305,7 +305,7 @@ static int remove_files_in_opq_dir(const char *dirpath, int recursive_depth, map + (void)memset(fname, 0, sizeof(fname)); + + pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name); +- if (pathname_len < 0 || pathname_len >= PATH_MAX) { ++ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) { + ERROR("Pathname too long"); + ret = -1; + continue; +-- +2.25.1 + diff --git a/0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch b/0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch new file mode 100644 index 0000000..a111d06 --- /dev/null +++ b/0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch @@ -0,0 +1,44 @@ +From deb3e52ca981edb943fa77f2f2d5ef4ea2f6839a Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 23 Aug 2023 16:39:14 +1400 +Subject: [PATCH 07/10] clear author msg in isulad-check.sh and use + EANBLE_IMAGE_LIBARAY to isolate image_api.h + +Signed-off-by: zhongtao +--- + CMakeLists.txt | 6 ++++-- + src/contrib/sysmonitor/isulad-check.sh | 1 - + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index d1ec1cc1..a22a3702 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -91,8 +91,10 @@ ENDIF(ENABLE_FUZZ AND (NOT ENABLE_UT)) + # install all files + install(FILES ${CMAKE_BINARY_DIR}/conf/isulad.pc + DESTINATION ${LIB_INSTALL_DIR_DEFAULT}/pkgconfig PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE) +-install(FILES src/daemon/modules/api/image_api.h +- DESTINATION include/isulad) ++if (EANBLE_IMAGE_LIBARAY) ++ install(FILES src/daemon/modules/api/image_api.h ++ DESTINATION include/isulad) ++endif() + + # install config files + set(conf_prefix "/etc") +diff --git a/src/contrib/sysmonitor/isulad-check.sh b/src/contrib/sysmonitor/isulad-check.sh +index 0df88a44..adb1700e 100755 +--- a/src/contrib/sysmonitor/isulad-check.sh ++++ b/src/contrib/sysmonitor/isulad-check.sh +@@ -10,7 +10,6 @@ + # - PURPOSE. + # - See the Mulan PSL v2 for more details. + ##- @Description: isulad check +-##- @Author: maoweiyong + ##- @Create: 2019-02-25 + #######################################################################*/ + +-- +2.25.1 + diff --git a/0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch b/0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch new file mode 100644 index 0000000..eb47868 --- /dev/null +++ b/0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch @@ -0,0 +1,31 @@ +From eb6beefdfb9b854f7dd761830d50713e1ab45627 Mon Sep 17 00:00:00 2001 +From: zhongtao +Date: Wed, 23 Aug 2023 07:25:50 +0000 +Subject: [PATCH 08/10] !2126 do not judge the snprintf result of hostname * do + not judge the snprintf result of hostname + +--- + src/daemon/executor/container_cb/execution_network.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c +index 09aadd9b..95cfcce3 100644 +--- a/src/daemon/executor/container_cb/execution_network.c ++++ b/src/daemon/executor/container_cb/execution_network.c +@@ -924,10 +924,10 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh + ret = gethostname(hostname, sizeof(hostname)); + } else { + // max length of hostname from ID is 12 + '\0' ++ // the purpose is to truncate the first 12 bits of id, ++ // nret is 64, no need to judge + nret = snprintf(hostname, 13, "%s", id); +- if (nret < 0 || (size_t)nret >= 13) { +- ret = -1; +- } ++ ret = nret < 0 ? 1 : 0; + } + if (ret != 0) { + ERROR("Create hostname error"); +-- +2.25.1 + diff --git a/0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch b/0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch new file mode 100644 index 0000000..8460045 --- /dev/null +++ b/0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch @@ -0,0 +1,199 @@ +From abcd0d5cf419224d6a016b5ebee0786e96544be3 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 23 Aug 2023 15:42:42 +0800 +Subject: [PATCH 09/10] [image] ensure id of loaded and pulled image is valid + +Signed-off-by: haozi007 +--- + src/daemon/modules/image/oci/oci_import.c | 14 ++++++++++--- + src/daemon/modules/image/oci/oci_load.c | 21 ++++++------------- + .../modules/image/oci/registry/registry.c | 8 ++++++- + src/daemon/modules/image/oci/utils_images.c | 15 +++++++++++++ + src/daemon/modules/image/oci/utils_images.h | 3 +++ + src/utils/cutils/utils.h | 2 -- + src/utils/sha256/sha256.c | 1 - + 7 files changed, 42 insertions(+), 22 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c +index 335ee8d4..b261188d 100644 +--- a/src/daemon/modules/image/oci/oci_import.c ++++ b/src/daemon/modules/image/oci/oci_import.c +@@ -97,7 +97,7 @@ static int register_layer(import_desc *desc) + return -1; + } + +- id = util_without_sha256_prefix(desc->uncompressed_digest); ++ id = oci_image_id_from_digest(desc->uncompressed_digest); + if (id == NULL) { + ERROR("Invalid NULL param"); + return -1; +@@ -318,8 +318,16 @@ static int register_image(import_desc *desc) + opts.create_time = &desc->now_time; + opts.digest = desc->manifest_digest; + +- image_id = util_without_sha256_prefix(desc->config_digest); +- top_layer_id = util_without_sha256_prefix(desc->uncompressed_digest); ++ image_id = oci_image_id_from_digest(desc->config_digest); ++ if (image_id == NULL) { ++ ret = -1; ++ goto out; ++ } ++ top_layer_id = oci_image_id_from_digest(desc->uncompressed_digest); ++ if (top_layer_id == NULL) { ++ ret = -1; ++ goto out; ++ } + ret = storage_img_create(image_id, top_layer_id, NULL, &opts); + if (ret != 0) { + pre_top_layer = storage_get_img_top_layer(image_id); +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 64ef2a1a..01b9ef6e 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -283,16 +283,6 @@ out: + return full_digest; + } + +-static char *oci_load_without_sha256_prefix(char *digest) +-{ +- if (digest == NULL) { +- ERROR("Invalid digest NULL when strip sha256 prefix"); +- return NULL; +- } +- +- return digest + strlen(SHA256_PREFIX); +-} +- + static int registry_layer_from_tarball(const load_layer_blob_t *layer, const char *id, const char *parent) + { + int ret = 0; +@@ -338,7 +328,7 @@ static int oci_load_register_layers(load_image_t *desc) + } + + for (i = 0; i < desc->layers_len; i++) { +- id = oci_load_without_sha256_prefix(desc->layers[i]->chain_id); ++ id = oci_image_id_from_digest(desc->layers[i]->chain_id); + if (id == NULL) { + ERROR("layer %zu have NULL digest for image %s", i, desc->im_id); + ret = -1; +@@ -450,7 +440,7 @@ static int oci_load_create_image(load_image_t *desc, const char *dst_tag) + top_layer_index = desc->layers_len - 1; + opts.create_time = ×tamp; + opts.digest = desc->manifest_digest; +- top_layer_id = oci_load_without_sha256_prefix(desc->layers[top_layer_index]->chain_id); ++ top_layer_id = oci_image_id_from_digest(desc->layers[top_layer_index]->chain_id); + if (top_layer_id == NULL) { + ERROR("NULL top layer id found for image %s", desc->im_id); + ret = -1; +@@ -735,7 +725,7 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + } + parent_chain_id_sha256 = im->layers[i]->chain_id; + +- id = oci_load_without_sha256_prefix(im->layers[i]->chain_id); ++ id = oci_image_id_from_digest(im->layers[i]->chain_id); + if (id == NULL) { + ERROR("Wipe out sha256 prefix failed from layer with chain id : %s", im->layers[i]->chain_id); + ret = -1; +@@ -803,7 +793,8 @@ static load_image_t *oci_load_process_manifest(const image_manifest_items_elemen + goto out; + } + +- image_id = oci_load_without_sha256_prefix(image_digest); ++ // call util_valid_digest to ensure digest is valid, so image id is valid ++ image_id = oci_image_id_from_digest(image_digest); + if (image_id == NULL) { + ret = -1; + ERROR("Remove sha256 prefix error from image digest %s", image_digest); +@@ -843,7 +834,7 @@ static int64_t get_layer_size_from_storage(char *chain_id_pre) + return -1; + } + +- id = oci_load_without_sha256_prefix(chain_id_pre); ++ id = oci_image_id_from_digest(chain_id_pre); + if (id == NULL) { + ERROR("Get chain id failed from value:%s", chain_id_pre); + size = -1; +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index 14e84f81..402863a0 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -869,7 +869,13 @@ static int register_image(pull_descriptor *desc) + + // lock when create image to make sure image content all exist + mutex_lock(&g_shared->image_mutex); +- image_id = util_without_sha256_prefix(desc->config.digest); ++ image_id = oci_image_id_from_digest(desc->config.digest); ++ if (image_id == NULL) { ++ ERROR("Invalid digest: %s", desc->config.digest); ++ isulad_try_set_error_message("invalid image digest: %s", desc->config.digest); ++ ret = -1; ++ goto out; ++ } + ret = create_image(desc, image_id, &reuse); + if (ret != 0) { + ERROR("create image %s failed", desc->image_name); +diff --git a/src/daemon/modules/image/oci/utils_images.c b/src/daemon/modules/image/oci/utils_images.c +index 794f0d16..6acbbb12 100644 +--- a/src/daemon/modules/image/oci/utils_images.c ++++ b/src/daemon/modules/image/oci/utils_images.c +@@ -639,3 +639,18 @@ out: + + return ret; + } ++ ++char *oci_image_id_from_digest(char *digest) ++{ ++ if (digest == NULL) { ++ ERROR("Empty digest"); ++ return NULL; ++ } ++ ++ if (!util_valid_digest(digest)) { ++ ERROR("Load image with invalid digest: %s", digest); ++ return NULL; ++ } ++ ++ return digest + strlen(SHA256_PREFIX); ++} +diff --git a/src/daemon/modules/image/oci/utils_images.h b/src/daemon/modules/image/oci/utils_images.h +index 53bce4e0..86c1b2a7 100644 +--- a/src/daemon/modules/image/oci/utils_images.h ++++ b/src/daemon/modules/image/oci/utils_images.h +@@ -58,6 +58,9 @@ char *get_hostname_to_strip(); + + char *oci_image_digest_pos(const char *name); + ++// return a pointer to digest string without 'sha256:' prefix ++char *oci_image_id_from_digest(char *digest); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/utils/cutils/utils.h b/src/utils/cutils/utils.h +index 8489ca63..bb510062 100644 +--- a/src/utils/cutils/utils.h ++++ b/src/utils/cutils/utils.h +@@ -379,8 +379,6 @@ int util_generate_random_str(char *id, size_t len); + + int util_check_inherited_exclude_fds(bool closeall, int *fds_to_ignore, size_t len_fds); + +-char *util_without_sha256_prefix(char *digest); +- + int util_normalized_host_os_arch(char **host_os, char **host_arch, char **host_variant); + + int util_read_pid_ppid_info(uint32_t pid, pid_ppid_info_t *pid_info); +diff --git a/src/utils/sha256/sha256.c b/src/utils/sha256/sha256.c +index 938e3692..81375111 100644 +--- a/src/utils/sha256/sha256.c ++++ b/src/utils/sha256/sha256.c +@@ -390,7 +390,6 @@ char *sha256_full_digest_str(char *str) + char *util_without_sha256_prefix(char *digest) + { + if (digest == NULL || !util_has_prefix(digest, SHA256_PREFIX)) { +- ERROR("Invalid digest when strip sha256 prefix"); + return NULL; + } + +-- +2.25.1 + diff --git a/0116-2129-Limit-the-response-size-of-ExecSync.patch b/0116-2129-Limit-the-response-size-of-ExecSync.patch new file mode 100644 index 0000000..48a8736 --- /dev/null +++ b/0116-2129-Limit-the-response-size-of-ExecSync.patch @@ -0,0 +1,31 @@ +From df06219fd70592e049d392a03662ace9d40c2988 Mon Sep 17 00:00:00 2001 +From: jake +Date: Thu, 24 Aug 2023 02:20:23 +0000 +Subject: [PATCH 10/10] !2129 Limit the response size of ExecSync * Limit the + response size of ExecSync + +--- + src/daemon/entry/cri/cri_container_manager_service_impl.cc | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/daemon/entry/cri/cri_container_manager_service_impl.cc b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +index 101824ae..ed9e8e72 100644 +--- a/src/daemon/entry/cri/cri_container_manager_service_impl.cc ++++ b/src/daemon/entry/cri/cri_container_manager_service_impl.cc +@@ -1316,7 +1316,13 @@ static auto WriteToString(void *context, const void *data, size_t len) -> ssize_ + return 0; + } + ++ // Limit the response size of ExecSync, outside of the response limit will never be seen ++ // Allow last write to exceed the limited size since every single write has a limit len ++ const size_t max_stream_size = 1024 * 1024 * 16; + std::string *str = reinterpret_cast(context); ++ if (str->length() >= max_stream_size) { ++ return (ssize_t)len; ++ } + + str->append(reinterpret_cast(data), len); + return (ssize_t)len; +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index 1fa4ce2..e562c40 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.18 -%global _release 11 +%global _release 12 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -119,6 +119,16 @@ Patch0103: 0103-Added-restrictions-on-container-health-checks.patch Patch0104: 0104-add-testcases-for-restrictions-on-container-health-c.patch Patch0105: 0105-link-libcap-for-storage_layers_ut-and-storage_d.patch Patch0106: 0106-modify-the-help-information-of-health-timeout.patch +Patch0107: 0107-improve-coding.patch +Patch0108: 0108-2116-clean-up-sensitive-information-in-memory.patch +Patch0109: 0109-2118-Fix-exec-buffer-overflow.patch +Patch0110: 0110-2117-limit-the-length-of-runtime-args-and-increase-t.patch +Patch0111: 0111-ensure-argument-of-interface-is-not-null.patch +Patch0112: 0112-2123-add-verify-for-snprintf-and-fix-some-codecheck-.patch +Patch0113: 0113-clear-author-msg-in-isulad-check.sh-and-use-EANBLE_I.patch +Patch0114: 0114-2126-do-not-judge-the-snprintf-result-of-hostname.patch +Patch0115: 0115-image-ensure-id-of-loaded-and-pulled-image-is-valid.patch +Patch0116: 0116-2129-Limit-the-response-size-of-ExecSync.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -363,6 +373,12 @@ fi %endif %changelog +* THU Aug 24 2023 zhongtao - 2.0.18-12 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: code improvements and bugfix for code review + * Tue Aug 15 2023 zhongtao - 2.0.18-11 - Type: bugfix - ID: NA