packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0112-2123-add-verify-for-snprintf-and-fix-some-codecheck-.patch
openeuler-sync-bot ac7f14ac9b !607 [sync] PR-606: code improvements and bugfix for code review 
* code improvements and bugfix for code review
2023-08-26 10:10:17 +00:00

1517 lines
62 KiB
Diff
Raw Blame History

From e49f172a3b73ce3caa9a3c61c164b6bfdf03ee4b Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Wed, 23 Aug 2023 03:48:42 +0000
Subject: [PATCH 06/10] !2123 add verify for snprintf and fix some codecheck
error * add verify for snprintf and fix some codecheck error
---
src/cmd/isula/extend/events.c | 68 ++++++++++++++----
src/cmd/isula/images/images.c | 2 +-
src/cmd/isula/information/ps.c | 4 +-
src/cmd/isula/isula_host_spec.c | 2 +-
src/cmd/isulad-shim/common.c | 17 +++--
src/cmd/isulad-shim/process.c | 10 +--
src/cmd/isulad-shim/terminal.c | 33 +++++----
src/cmd/isulad/isulad_commands.c | 12 ++--
src/cmd/isulad/main.c | 2 +-
src/daemon/common/selinux_label.c | 8 +--
src/daemon/config/isulad_config.c | 15 ++--
src/daemon/entry/cri/sysctl_tools.c | 6 +-
src/daemon/executor/container_cb/execution.c | 2 +-
.../executor/container_cb/execution_create.c | 3 +-
.../executor/container_cb/execution_network.c | 12 ++--
.../executor/container_cb/execution_stream.c | 6 +-
.../container/leftover_cleanup/cleanup.c | 4 +-
src/daemon/modules/events/collector.c | 14 ++--
.../graphdriver/devmapper/deviceset.c | 6 +-
.../graphdriver/devmapper/driver_devmapper.c | 2 +-
.../graphdriver/overlay2/driver_overlay2.c | 12 ++--
.../graphdriver/quota/project_quota.c | 4 +-
.../oci/storage/layer_store/layer_store.c | 6 +-
.../overlay_remote_impl.c | 4 +-
src/daemon/modules/log/log_gather.c | 6 +-
src/daemon/modules/plugin/plugin.c | 8 +--
.../modules/runtime/engines/lcr/lcr_rt_ops.c | 6 +-
.../modules/runtime/isula/isula_rt_ops.c | 69 ++++++++++++-------
src/daemon/modules/runtime/shim/shim_rt_ops.c | 4 +-
src/daemon/modules/service/io_handler.c | 4 +-
.../modules/service/service_container.c | 8 ++-
src/daemon/modules/spec/specs.c | 2 +-
src/daemon/modules/spec/specs_mount.c | 6 +-
src/utils/cutils/utils_file.c | 14 ++--
src/utils/cutils/utils_timestamp.c | 2 +-
src/utils/cutils/utils_verify.c | 2 +-
src/utils/tar/isulad_tar.c | 2 +-
src/utils/tar/util_archive.c | 6 +-
38 files changed, 239 insertions(+), 154 deletions(-)
diff --git a/src/cmd/isula/extend/events.c b/src/cmd/isula/extend/events.c
index b35f246a..43b36005 100644
--- a/src/cmd/isula/extend/events.c
+++ b/src/cmd/isula/extend/events.c
@@ -34,36 +34,71 @@ struct client_arguments g_cmd_events_args = {
.until = NULL,
};
-static size_t calacute_annotations_msg_len(const container_events_format_t *event)
+static bool calacute_annotations_msg_len(const container_events_format_t *event, size_t max, size_t *anno_len)
{
- size_t annos_msg_len = 0;
size_t i;
+ if (event->annotations_len == 0) {
+ return true;
+ }
+
+ if (event->annotations_len > (max - 3) / 2) {
+ ERROR("Annotations len is too long");
+ return false;
+ }
+
+ max = max - event->annotations_len * 2 - 3;
+
for (i = 0; i < event->annotations_len; i++) {
- annos_msg_len += strlen(event->annotations[i]);
+ if (strlen(event->annotations[i]) > max) {
+ ERROR("Annotations is too long");
+ return false;
+ }
+ max = max - strlen(event->annotations[i]);
+ *anno_len += strlen(event->annotations[i]);
}
- annos_msg_len += event->annotations_len * 2;
- return annos_msg_len;
+ // For each annotation, it needs to add two characters(',' and ' ').
+ *anno_len += event->annotations_len * 2;
+ // For the entire annotation, it needs to add three characters('(' and ')' and '\0).
+ *anno_len += 3;
+
+ return true;
}
-static size_t calacute_event_msg_len(const container_events_format_t *event, const char *timebuffer)
+static bool calacute_event_msg_len(const container_events_format_t *event, const char *timebuffer, size_t *msg_len)
{
- size_t msg_len = 0;
+ size_t anno_len = 0;
+ bool ret = false;
+
+ // The addition of lengths will not overflow, no need to judge overflow
// format : timestamp (container|image opt) id (annotaions)
- msg_len += strlen(timebuffer) + 1 + strlen(event->opt) + 1 + strlen(event->id) + 1;
- msg_len += calacute_annotations_msg_len(event);
- msg_len += 1; // '\0'
+ *msg_len += strlen(timebuffer) + 1 + strlen(event->opt) + 1 + strlen(event->id) + 1;
- return msg_len;
+ ret = calacute_annotations_msg_len(event, SIZE_MAX - *msg_len, &anno_len);
+ if (!ret) {
+ ERROR("Failed to calacute annotations msg len");
+ return false;
+ }
+
+ *msg_len += anno_len;
+
+ return true;
}
static int generate_annotations_msg(const container_events_format_t *event, char **anno_msg)
{
size_t i;
- size_t anno_msg_len = calacute_annotations_msg_len(event) + 1;
+ size_t anno_msg_len = 0;
+ bool ret = false;
+
+ ret = calacute_annotations_msg_len(event, SIZE_MAX, &anno_msg_len);
+ if (!ret) {
+ ERROR("Failed to calacute annotations msg len");
+ return -1;
+ }
- if (anno_msg_len == 1) {
+ if (anno_msg_len == 0) {
return 0;
}
@@ -127,6 +162,7 @@ static void print_events_callback(const container_events_format_t *event)
char timebuffer[TIME_STR_SIZE] = { 0 };
char *msg = NULL;
size_t msg_len = 0;
+ bool ret = false;
if (event == NULL) {
return;
@@ -136,7 +172,11 @@ static void print_events_callback(const container_events_format_t *event)
(void)strcpy(timebuffer, "-");
}
- msg_len = calacute_event_msg_len(event, timebuffer);
+ ret = calacute_event_msg_len(event, timebuffer, &msg_len);
+ if (!ret) {
+ printf("Failed to calacute calacute event msg len");
+ return;
+ }
msg = generate_event_msg(event, timebuffer, msg_len);
if (msg == NULL) {
diff --git a/src/cmd/isula/images/images.c b/src/cmd/isula/images/images.c
index e4b28f5a..bff07f76 100644
--- a/src/cmd/isula/images/images.c
+++ b/src/cmd/isula/images/images.c
@@ -71,7 +71,7 @@ static char *trans_time(int64_t created)
nret = snprintf(formated_time, sizeof(formated_time), "%04d-%02d-%02d %02d:%02d:%02d", t.tm_year + 1900,
t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
- if (nret < 0 || nret >= sizeof(formated_time)) {
+ if (nret < 0 || (size_t)nret >= sizeof(formated_time)) {
ERROR("format created time failed");
return NULL;
}
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 57d34aa3..4332b6fb 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -182,14 +182,14 @@ static int handle_running_status(const char *start_at, const struct isula_contai
if (in->health_state != NULL) {
nret = snprintf(status, len, "Up %s (%s)", start_at, in->health_state);
- if (nret < 0 || nret >= len) {
+ if (nret < 0 || (size_t)nret >= len) {
ERROR("Failed to compose string");
ret = -1;
goto out;
}
} else {
nret = snprintf(status, len, "Up %s", start_at);
- if (nret < 0 || nret >= len) {
+ if (nret < 0 || (size_t)nret >= len) {
ERROR("Failed to compose string");
ret = -1;
goto out;
diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c
index 11e3eed3..7304130d 100644
--- a/src/cmd/isula/isula_host_spec.c
+++ b/src/cmd/isula/isula_host_spec.c
@@ -992,7 +992,7 @@ static int append_seccomp_to_security_opts(const char *full_opt, const char *sec
goto out;
}
nret = snprintf(tmp_str, size, "seccomp=%s", seccomp_json);
- if (nret < 0 || nret >= size) {
+ if (nret < 0 || (size_t)nret >= size) {
COMMAND_ERROR("failed to sprintf buffer!");
ret = -1;
goto out;
diff --git a/src/cmd/isulad-shim/common.c b/src/cmd/isulad-shim/common.c
index 27836a8c..c88de736 100644
--- a/src/cmd/isulad-shim/common.c
+++ b/src/cmd/isulad-shim/common.c
@@ -220,13 +220,15 @@ int generate_random_str(char *id, size_t len)
}
for (i = 0; i < len; i++) {
int nret;
+ size_t tmp_len;
if (read_nointr(fd, &num, sizeof(int)) < 0) {
close(fd);
return SHIM_ERR;
}
unsigned char rs = (unsigned char)(num % m);
- nret = snprintf((id + i * 2), ((len - i) * 2 + 1), "%02x", (unsigned int)rs);
- if (nret < 0) {
+ tmp_len = ((len - i) * 2 + 1);
+ nret = snprintf((id + i * 2), tmp_len, "%02x", (unsigned int)rs);
+ if (nret < 0 || (size_t)nret >= tmp_len) {
close(fd);
return SHIM_ERR;
}
@@ -252,10 +254,17 @@ void write_message(const char *level, const char *fmt, ...)
va_list arg_list;
va_start(arg_list, fmt);
- vsnprintf(buf, MAX_MESSAGE_CONTENT_LEN, fmt, arg_list);
+ nwrite = vsnprintf(buf, MAX_MESSAGE_CONTENT_LEN, fmt, arg_list);
va_end(arg_list);
+ if (nwrite < 0) {
+ return;
+ }
+
+ nwrite = snprintf(msg, MAX_MESSAGE_LEN - 1, "{\"level\": \"%s\", \"msg\": \"%s\"}\n", level, buf);
+ if (nwrite < 0 || (size_t)nwrite >= (MAX_MESSAGE_LEN - 1)) {
+ return;
+ }
- snprintf(msg, MAX_MESSAGE_LEN - 1, "{\"level\": \"%s\", \"msg\": \"%s\"}\n", level, buf);
nwrite = write_nointr_in_total(g_log_fd, msg, strlen(msg));
if (nwrite < 0 || (size_t)nwrite != strlen(msg)) {
return;
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index a9e65fcb..a91c3c16 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -462,7 +462,7 @@ static int new_temp_console_path(process_t *p)
return SHIM_ERR;
}
int nret = snprintf(p->console_sock_path, MAX_CONSOLE_SOCK_LEN, "/run/isulad%s-pty.sock", str_rand);
- if (nret < 0 || nret >= MAX_CONSOLE_SOCK_LEN) {
+ if (nret < 0 || (size_t)nret >= MAX_CONSOLE_SOCK_LEN) {
free(p->console_sock_path);
p->console_sock_path = NULL;
return SHIM_ERR;
@@ -998,7 +998,7 @@ static void process_delete(process_t *p)
return;
}
int nret = snprintf(log_path, PATH_MAX, "%s/log.json", cwd);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
free(cwd);
return;
}
@@ -1055,11 +1055,11 @@ static void exec_runtime_process(process_t *p, int exec_fd)
}
int nret = snprintf(log_path, PATH_MAX, "%s/log.json", cwd);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
_exit(EXIT_FAILURE);
}
nret = snprintf(pid_path, PATH_MAX, "%s/pid", cwd);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
_exit(EXIT_FAILURE);
}
@@ -1071,7 +1071,7 @@ static void exec_runtime_process(process_t *p, int exec_fd)
_exit(EXIT_FAILURE);
}
nret = snprintf(process_desc, PATH_MAX, "%s/process.json", cwd);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
_exit(EXIT_FAILURE);
}
}
diff --git a/src/cmd/isulad-shim/terminal.c b/src/cmd/isulad-shim/terminal.c
index 29726ce2..23783244 100644
--- a/src/cmd/isulad-shim/terminal.c
+++ b/src/cmd/isulad-shim/terminal.c
@@ -38,35 +38,34 @@
static int shim_rename_old_log_file(log_terminal *terminal)
{
- int ret;
+ int nret;
+ int ret = SHIM_ERR;
unsigned int i;
char tmp[PATH_MAX] = { 0 };
char *rename_fname = NULL;
for (i = terminal->log_maxfile - 1; i > 1; i--) {
- ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i);
- if (ret < 0 || ret >= PATH_MAX) {
- free(rename_fname);
- return SHIM_ERR;
+ nret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i);
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ goto out;
}
free(rename_fname);
rename_fname = safe_strdup(tmp);
- ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, (i - 1));
- if (ret < 0 || ret >= PATH_MAX) {
- free(rename_fname);
- return SHIM_ERR;
+ nret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, (i - 1));
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
+ goto out;
}
- ret = rename(tmp, rename_fname);
- if (ret < 0 && errno != ENOENT) {
- free(rename_fname);
- return SHIM_ERR;
+ nret = rename(tmp, rename_fname);
+ if (nret < 0 && errno != ENOENT) {
+ goto out;
}
}
-
+ ret = SHIM_OK;
+out:
free(rename_fname);
- return SHIM_OK;
+ return ret;
}
static int shim_dump_log_file(log_terminal *terminal)
@@ -86,7 +85,7 @@ static int shim_dump_log_file(log_terminal *terminal)
return SHIM_ERR;
}
- file_newname = calloc(len_path, 1);
+ file_newname = util_smart_calloc_s(1, len_path);
if (file_newname == NULL) {
return SHIM_ERR;
}
@@ -192,7 +191,7 @@ static bool util_get_time_buffer(struct timespec *timestamp, char *timebuffer, s
nanos = (int32_t)timestamp->tv_nsec;
len = strlen(timebuffer);
ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos);
- if (ret < 0 || ret >= (maxsize - len)) {
+ if (ret < 0 || (size_t)ret >= (maxsize - len)) {
return false;
}
diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c
index e814109e..5db8128c 100644
--- a/src/cmd/isulad/isulad_commands.c
+++ b/src/cmd/isulad/isulad_commands.c
@@ -584,7 +584,7 @@ static int ulimit_flag_join(char *out_msg, const size_t msg_len, const size_t de
char *tmp = NULL;
int nret = snprintf(out_msg, msg_len, "[");
- if (nret < 0 || nret >= msg_len) {
+ if (nret < 0 || (size_t)nret >= msg_len) {
ERROR("Failed to print string");
goto out;
}
@@ -593,7 +593,7 @@ static int ulimit_flag_join(char *out_msg, const size_t msg_len, const size_t de
tmp = util_strdup_s(out_msg);
nret = snprintf(out_msg, msg_len, "%s %s=%lld:%lld", tmp, default_ulimit[i]->name,
(long long int)default_ulimit[i]->soft, (long long int)default_ulimit[i]->hard);
- if (nret < 0 || nret >= msg_len) {
+ if (nret < 0 || (size_t)nret >= msg_len) {
ERROR("Failed to print string");
goto out;
}
@@ -603,7 +603,7 @@ static int ulimit_flag_join(char *out_msg, const size_t msg_len, const size_t de
tmp = util_strdup_s(out_msg);
nret = snprintf(out_msg, msg_len, "%s ]", tmp);
- if (nret < 0 || nret >= msg_len) {
+ if (nret < 0 || (size_t)nret >= msg_len) {
ERROR("Failed to print string");
goto out;
}
@@ -624,7 +624,7 @@ static int ulimit_file_join(char *out_msg, const size_t msg_len,
isulad_daemon_configs_default_ulimits_element *ptr = NULL;
int nret = snprintf(out_msg, msg_len, "[");
- if (nret < 0 || nret >= msg_len) {
+ if (nret < 0 || (size_t)nret >= msg_len) {
ERROR("Failed to print string");
goto out;
}
@@ -633,7 +633,7 @@ static int ulimit_file_join(char *out_msg, const size_t msg_len,
tmp = util_strdup_s(out_msg);
nret = snprintf(out_msg, msg_len, "%s %s=%lld:%lld", tmp, ptr->name, (long long int)(ptr->soft),
(long long int)(ptr->hard));
- if (nret < 0 || nret >= msg_len) {
+ if (nret < 0 || (size_t)nret >= msg_len) {
ERROR("Failed to print string");
goto out;
}
@@ -643,7 +643,7 @@ static int ulimit_file_join(char *out_msg, const size_t msg_len,
tmp = util_strdup_s(out_msg);
nret = snprintf(out_msg, msg_len, "%s ]", tmp);
- if (nret < 0 || nret >= msg_len) {
+ if (nret < 0 || (size_t)nret >= msg_len) {
ERROR("Failed to print string");
goto out;
}
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 1e51a8e7..8c8fcc40 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -472,7 +472,7 @@ int check_and_save_pid(const char *fn)
}
len = snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)getpid());
- if (len < 0 || len >= sizeof(pidbuf)) {
+ if (len < 0 || (size_t)len >= sizeof(pidbuf)) {
ERROR("failed sprint pidbuf");
ret = -1;
goto out;
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 173f3acb..d8bc1e08 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -239,7 +239,7 @@ static int get_current_label(char **content)
char path[PATH_MAX] = { 0 };
nret = snprintf(path, sizeof(path), "/proc/self/task/%ld/attr/current", (long int)syscall(__NR_gettid));
- if (nret < 0 || nret >= sizeof(path)) {
+ if (nret < 0 || (size_t)nret >= sizeof(path)) {
ERROR("Humanize sprintf failed!");
return -1;
}
@@ -482,7 +482,7 @@ static int uniq_mcs(unsigned int range, char *mcs, size_t len)
}
nret = snprintf(mcs, len, "s0:c%u,c%u", c1, c2);
- if (nret < 0 || nret >= len) {
+ if (nret < 0 || (size_t)nret >= len) {
ERROR("Failed to compose mcs");
return -1;
}
@@ -911,7 +911,7 @@ static int recurse_set_file_label(const char *basePath, const char *label)
continue;
} else {
int nret = snprintf(base, sizeof(base), "%s/%s", basePath, ptr->d_name);
- if (nret < 0 || nret >= sizeof(base)) {
+ if (nret < 0 || (size_t)nret >= sizeof(base)) {
ERROR("Failed to get path");
ret = -1;
goto out;
@@ -1032,7 +1032,7 @@ static int append_security_opt_string(const char *field, const char *value, char
goto out;
}
nret = snprintf(sec_opt, temp_len, "%s%s", field, value);
- if (nret < 0 || nret >= temp_len) {
+ if (nret < 0 || (size_t)nret >= temp_len) {
ERROR("Out of memory");
ret = -1;
goto out;
diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c
index d9644756..17c9d3b5 100644
--- a/src/daemon/config/isulad_config.c
+++ b/src/daemon/config/isulad_config.c
@@ -535,13 +535,14 @@ static char *get_parent_mount_dir(char *graph)
size_t len;
char *rootfsdir = NULL;
- len = strlen(graph) + strlen("/mnt/rootfs") + 1;
- if (len > PATH_MAX) {
- ERROR("The size of path exceeds the limit");
+ if (strlen(graph) > (PATH_MAX - strlen("/mnt/rootfs") - 1)) {
+ ERROR("Graph path is too long");
return NULL;
}
- rootfsdir = util_common_calloc_s(len);
+ len = strlen(graph) + strlen("/mnt/rootfs") + 1;
+
+ rootfsdir = util_smart_calloc_s(sizeof(char), len);
if (rootfsdir == NULL) {
ERROR("Out of memory");
return NULL;
@@ -783,6 +784,12 @@ char *conf_get_engine_log_file()
ERROR("conf_get_isulad_log_gather_fifo_path failed");
goto out;
}
+
+ if (strlen(logfile) > (SIZE_MAX - strlen(prefix) - 1)) {
+ ERROR("Logfile path is too long");
+ return NULL;
+ }
+
len = strlen(prefix) + strlen(logfile) + 1;
if (len > PATH_MAX) {
ERROR("The size of path exceeds the limit");
diff --git a/src/daemon/entry/cri/sysctl_tools.c b/src/daemon/entry/cri/sysctl_tools.c
index 3c558fa1..847c36e9 100644
--- a/src/daemon/entry/cri/sysctl_tools.c
+++ b/src/daemon/entry/cri/sysctl_tools.c
@@ -34,7 +34,7 @@ int get_sysctl(const char *sysctl, char **err)
char buff[MAX_BUFFER_SIZE + 1] = { 0 };
ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl);
- if (ret < 0 || ret >= PATH_MAX) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
*err = util_strdup_s("Out of memory");
goto free_out;
}
@@ -81,12 +81,12 @@ int set_sysctl(const char *sysctl, int new_value, char **err)
char buff[ISULAD_NUMSTRLEN64] = { 0 };
ret = snprintf(fullpath, PATH_MAX, "%s/%s", SYSCTL_BASE, sysctl);
- if (ret < 0 || ret >= PATH_MAX) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
*err = util_strdup_s("Out of memory");
goto free_out;
}
ret = snprintf(buff, ISULAD_NUMSTRLEN64, "%d", new_value);
- if (ret < 0 || ret >= ISULAD_NUMSTRLEN64) {
+ if (ret < 0 || (size_t)ret >= ISULAD_NUMSTRLEN64) {
*err = util_strdup_s("Out of memory");
goto free_out;
}
diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c
index 130bdaa4..fe9d7aaa 100644
--- a/src/daemon/executor/container_cb/execution.c
+++ b/src/daemon/executor/container_cb/execution.c
@@ -326,7 +326,7 @@ static int maybe_create_cpu_realtime_file(int64_t value, const char *file, const
}
ret = snprintf(fpath, sizeof(fpath), "%s/%s", path, file);
- if (ret < 0 || ret >= sizeof(fpath)) {
+ if (ret < 0 || (size_t)ret >= sizeof(fpath)) {
ERROR("Failed to print string");
return -1;
}
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 4d10e9e0..6097dd7e 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -263,7 +263,7 @@ static int do_set_default_log_path_for_json_file(const char *id, const char *roo
char default_path[PATH_MAX] = { 0 };
nret = snprintf(default_path, PATH_MAX, "%s/%s/console.log", root, id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Create default log path for container %s failed", id);
return -1;
}
@@ -672,6 +672,7 @@ static int conf_get_image_id(const char *image, char **id)
goto out;
}
+ // it can guarantee that ir->id is not too long internally, and there is no need to judge overflow
len = strlen("sha256:") + strlen(ir->id) + 1;
image_id = (char *)util_smart_calloc_s(sizeof(char), len);
if (image_id == NULL) {
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index b738d02f..09aadd9b 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -720,7 +720,7 @@ static int merge_network_for_universal_container(const host_config *host_spec, c
}
nret = snprintf(root_path, PATH_MAX, "%s/%s", runtime_root, id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
@@ -925,7 +925,9 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh
} else {
// max length of hostname from ID is 12 + '\0'
nret = snprintf(hostname, 13, "%s", id);
- ret = nret < 0 ? 1 : 0;
+ if (nret < 0 || (size_t)nret >= 13) {
+ ret = -1;
+ }
}
if (ret != 0) {
ERROR("Create hostname error");
@@ -935,7 +937,7 @@ static int create_default_hostname(const char *id, const char *rootpath, bool sh
}
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hostname");
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
@@ -1012,7 +1014,7 @@ static int create_default_hosts(const char *id, const char *rootpath, bool share
char file_path[PATH_MAX] = { 0x0 };
ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "hosts");
- if (ret < 0 || ret >= PATH_MAX) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
@@ -1049,7 +1051,7 @@ static int create_default_resolv(const char *id, const char *rootpath, container
char file_path[PATH_MAX] = { 0x0 };
ret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, "resolv.conf");
- if (ret < 0 || ret >= PATH_MAX) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out;
diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c
index 7e928cf7..32721e68 100644
--- a/src/daemon/executor/container_cb/execution_stream.c
+++ b/src/daemon/executor/container_cb/execution_stream.c
@@ -1127,7 +1127,7 @@ static int do_read_all_container_logs(int64_t require_line, const char *path, co
for (; i > 0; i--) {
int nret = snprintf(log_path, PATH_MAX, "%s.%d", path, i);
- if (nret >= PATH_MAX || nret < 0) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf failed");
goto out;
}
@@ -1166,7 +1166,7 @@ static int do_show_all_logs(const struct container_log_config *conf, const strea
while (index > 0) {
int nret = snprintf(log_path, PATH_MAX, "%s.%d", conf->path, index);
- if (nret >= PATH_MAX || nret < 0) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf failed");
ret = -1;
goto out;
@@ -1301,7 +1301,7 @@ static int do_tail_container_logs(int64_t require_line, const struct container_l
left -= get_line;
get_line = 0;
int nret = snprintf(log_path, PATH_MAX, "%s.%d", conf->path, i);
- if (nret >= PATH_MAX || nret < 0) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf failed");
goto out;
}
diff --git a/src/daemon/modules/container/leftover_cleanup/cleanup.c b/src/daemon/modules/container/leftover_cleanup/cleanup.c
index eb9b5afb..c86e3db9 100644
--- a/src/daemon/modules/container/leftover_cleanup/cleanup.c
+++ b/src/daemon/modules/container/leftover_cleanup/cleanup.c
@@ -151,7 +151,7 @@ static bool walk_isulad_tmpdir_cb(const char *path_name, const struct dirent *su
}
nret = snprintf(tmpdir, PATH_MAX, "%s/%s", path_name, sub_dir->d_name);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
WARN("Failed to snprintf for %s", sub_dir->d_name);
return true;
}
@@ -176,7 +176,7 @@ static void cleanup_path(char *dir)
char cleanpath[PATH_MAX] = { 0 };
nret = snprintf(tmp_dir, PATH_MAX, "%s/isulad_tmpdir", dir);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to snprintf");
return;
}
diff --git a/src/daemon/modules/events/collector.c b/src/daemon/modules/events/collector.c
index 3c1eae1a..2729c6be 100644
--- a/src/daemon/modules/events/collector.c
+++ b/src/daemon/modules/events/collector.c
@@ -199,7 +199,7 @@ static int supplement_operator_for_container_msg(const struct monitord_msg *msg,
} else {
nret = snprintf(opt, sizeof(opt), "container %s", isulad_event_sta2str(msg->value));
}
- if (nret < 0 || nret >= sizeof(opt)) {
+ if (nret < 0 || (size_t)nret >= sizeof(opt)) {
return -1;
}
@@ -220,7 +220,7 @@ static int supplement_pid_for_container_msg(const container_t *cont, const struc
}
nret = snprintf(info, sizeof(info), "pid=%u", cont->state->state->pid);
- if (nret < 0 || nret >= sizeof(info)) {
+ if (nret < 0 || (size_t)nret >= sizeof(info)) {
return -1;
}
@@ -250,7 +250,7 @@ static int supplement_exitcode_for_container_msg(const container_t *cont, const
}
nret = snprintf(info, sizeof(info), "exitCode=%d", exit_code);
- if (nret < 0 || nret >= sizeof(info)) {
+ if (nret < 0 || (size_t)nret >= sizeof(info)) {
return -1;
}
@@ -273,7 +273,7 @@ static int supplement_image_for_container_msg(const container_t *cont, const str
}
nret = snprintf(info, sizeof(info), "image=%s", cont->common_config->image);
- if (nret < 0 || nret >= sizeof(info)) {
+ if (nret < 0 || (size_t)nret >= sizeof(info)) {
return -1;
}
@@ -296,7 +296,7 @@ static int supplement_name_for_container_msg(const container_t *cont, const stru
}
nret = snprintf(info, sizeof(info), "name=%s", cont->common_config->name);
- if (nret < 0 || nret >= sizeof(info)) {
+ if (nret < 0 || (size_t)nret >= sizeof(info)) {
return -1;
}
@@ -322,7 +322,7 @@ static int supplement_labels_for_container_msg(const container_t *cont, const st
char info[EVENT_EXTRA_ANNOTATION_MAX] = { 0x00 };
int nret = snprintf(info, sizeof(info), "%s=%s", cont->common_config->config->labels->keys[i],
cont->common_config->config->labels->values[i]);
- if (nret < 0 || nret >= sizeof(info)) {
+ if (nret < 0 || (size_t)nret >= sizeof(info)) {
return -1;
}
@@ -407,7 +407,7 @@ static int supplement_msg_for_image(struct monitord_msg *msg, struct isulad_even
format_msg->id = util_strdup_s(msg->name);
nret = snprintf(opt, sizeof(opt), "image %s", isulad_image_event_sta2str(msg->value));
- if (nret < 0 || nret >= sizeof(opt)) {
+ if (nret < 0 || (size_t)nret >= sizeof(opt)) {
ERROR("Get operator operator info failed");
ret = -1;
goto out;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 76059b81..97919603 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -769,7 +769,7 @@ static int device_file_walk(struct device_set *devset)
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", metadir, entry->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
continue;
}
@@ -3351,7 +3351,7 @@ struct status *device_set_status(struct device_set *devset)
char msg[PATH_MAX] = { 0 };
msg_len = snprintf(msg, PATH_MAX, "system semaphore nums has attached limit: %d", sem_usz);
- if (msg_len < 0 || msg_len >= PATH_MAX) {
+ if (msg_len < 0 || (size_t)msg_len >= PATH_MAX) {
ERROR("Cannot get semaphore err msg");
free_devmapper_status(st);
st = NULL;
@@ -3398,7 +3398,7 @@ static int umount_deactivate_dev_all(const struct device_set *devset)
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", mnt_root, entry->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
continue;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
index c83d3e54..c8e78e48 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/driver_devmapper.c
@@ -520,7 +520,7 @@ static void status_append(const char *name, const char *value, uint64_t u_data,
break;
}
- if (nret < 0 || nret >= MAX_INFO_LENGTH) {
+ if (nret < 0 || (size_t)nret >= MAX_INFO_LENGTH) {
ERROR("Failed to print status");
return;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 4f7be30d..7e851a26 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -231,7 +231,7 @@ static void rm_invalid_symlink(const char *dirpath)
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
continue;
}
@@ -475,14 +475,14 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom
char clean_path[PATH_MAX] = { 0 };
nret = snprintf(target_path, PATH_MAX, "../%s/diff", id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to get target path %s", id);
ret = -1;
goto out;
}
nret = snprintf(link_path, PATH_MAX, "%s/%s/%s", driver_home, OVERLAY_LINK_DIR, link_id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to get link path %s", link_id);
ret = -1;
goto out;
@@ -723,7 +723,7 @@ static char *get_lower(const char *parent, const char *driver_home)
} else {
nret = snprintf(lower, lower_len, "%s/%s", OVERLAY_LINK_DIR, parent_link);
}
- if (nret < 0 || nret >= lower_len) {
+ if (nret < 0 || (size_t)nret >= lower_len) {
ERROR("lower %s too large", parent_link);
goto err_out;
}
@@ -1167,7 +1167,7 @@ int overlay2_rm_layer(const char *id, const struct graphdriver *driver)
link_id = read_layer_link_file(layer_dir);
if (link_id != NULL) {
nret = snprintf(link_path, PATH_MAX, "%s/%s/%s", driver->home, OVERLAY_LINK_DIR, link_id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to get link path %s", link_id);
ret = -1;
goto out;
@@ -2071,7 +2071,7 @@ int overlay2_get_driver_status(const struct graphdriver *driver, struct graphdri
status->backing_fs = util_strdup_s(driver->backing_fs);
nret = snprintf(tmp, MAX_INFO_LENGTH, "%s: %s\n", BACK_FS, driver->backing_fs);
- if (nret < 0 || nret >= MAX_INFO_LENGTH) {
+ if (nret < 0 || (size_t)nret >= MAX_INFO_LENGTH) {
ERROR("Failed to get backing fs");
ret = -1;
goto out;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c
index 2bcfb0ee..e27fd044 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/quota/project_quota.c
@@ -45,7 +45,7 @@ static char *make_backing_fs_device(const char *home_dir)
struct stat current_stat = { 0 };
ret = snprintf(full_path, PATH_MAX, "%s/%s", home_dir, "backingFsBlockDev");
- if (ret < 0 || ret >= PATH_MAX) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("Failed to get backing fs device");
goto err_out;
}
@@ -276,7 +276,7 @@ static void get_next_project_id(const char *dirpath, struct pquota_control *ctrl
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
continue;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 08c7e4a6..4751f020 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -2121,7 +2121,7 @@ static int valid_crc64(storage_entry *entry, char *rootfs)
char *fname = NULL;
nret = snprintf(file, PATH_MAX, "%s/%s", rootfs, entry->name);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("snprintf %s/%s failed", rootfs, entry->name);
ret = -1;
goto out;
@@ -2195,7 +2195,7 @@ static tar_split *new_tar_split(layer_t *l, const char *tspath)
}
nret = snprintf(path, sizeof(path), ".%s.tmp", tspath);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("sprintf .%s.tmp failed", tspath);
ret = -1;
goto out;
@@ -2401,7 +2401,7 @@ static layer_t *load_one_layer_from_json(const char *id)
bool layer_valid = false;
nret = snprintf(tmpdir, PATH_MAX, "%s/%s", g_root_dir, id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf: %s failed", id);
return NULL;
}
diff --git a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
index 238506c2..e44c64ef 100644
--- a/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
+++ b/src/daemon/modules/image/oci/storage/remote_layer_support/overlay_remote_impl.c
@@ -112,14 +112,14 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom
char clean_path[PATH_MAX] = { 0 };
nret = snprintf(target_path, PATH_MAX, "../%s/diff", id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to get target path %s", id);
ret = -1;
goto out;
}
nret = snprintf(link_path, PATH_MAX, "%s/%s/%s", driver_home, OVERLAY_LINK_DIR, link_id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to get link path %s", link_id);
ret = -1;
goto out;
diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c
index 8c19f33b..9b400f00 100644
--- a/src/daemon/modules/log/log_gather.c
+++ b/src/daemon/modules/log/log_gather.c
@@ -54,13 +54,13 @@ static int file_rotate_gz(const char *file_name, int i)
char to_path[PATH_MAX] = { 0 };
ret = snprintf(from_path, PATH_MAX, "%s.%d.gz", file_name, (i - 1));
- if (ret >= PATH_MAX || ret < 0) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("sprint zip file name failed");
return -1;
}
ret = snprintf(to_path, PATH_MAX, "%s.%d.gz", file_name, i);
- if (ret >= PATH_MAX || ret < 0) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("sprint zip file name failed");
return -1;
}
@@ -79,7 +79,7 @@ static int file_rotate_me(const char *file_name)
char tmp_path[PATH_MAX] = { 0 };
ret = snprintf(tmp_path, PATH_MAX, "%s.1", file_name);
- if (ret >= PATH_MAX || ret < 0) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("Out of memory");
return -1;
}
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
index e08479ab..b4d78dc9 100644
--- a/src/daemon/modules/plugin/plugin.c
+++ b/src/daemon/modules/plugin/plugin.c
@@ -389,7 +389,7 @@ static int get_plugin_addr_and_name(char *plugin_addr, char *plugin_name, const
plugin_name[str_length - PLUGIN_SOCKET_FILE_SUFFIX_LEN] = 0;
nret = snprintf(plugin_addr, PATH_MAX, "%s/%s", plugin_dir, filename);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("get plugin addr failed %s", filename);
goto out;
}
@@ -577,7 +577,7 @@ static int reload_plugin(const char *name)
}
ret = snprintf(filename, PATH_MAX, "%s.sock", name);
- if (ret < 0 || ret >= PATH_MAX) {
+ if (ret < 0 || (size_t)ret >= PATH_MAX) {
ERROR("get plugin addr failed %s", filename);
return -1;
}
@@ -914,7 +914,7 @@ int pm_activate_plugin(plugin_t *plugin)
body_len = strlen(body) + 1;
nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("get plugin socket failed");
ret = -1;
goto out;
@@ -1136,7 +1136,7 @@ static int pm_init_plugin(const plugin_t *plugin)
body_len = strlen(body) + 1;
nret = snprintf(socket, PATH_MAX, "unix://%s", plugin->addr);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("get plugin socket failed %s", plugin->addr);
ret = -1;
goto out;
diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
index f2eec6d2..2b9cf39c 100644
--- a/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
+++ b/src/daemon/modules/runtime/engines/lcr/lcr_rt_ops.c
@@ -323,13 +323,13 @@ static int generate_user_string_by_uid_gid(const defs_process_user *puser, char
int nret = 0;
nret = snprintf(uid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->uid);
- if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
+ if (nret < 0 || (size_t)nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid UID:%u", (unsigned int)puser->uid);
return -1;
}
nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)puser->gid);
- if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
+ if (nret < 0 || (size_t)nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid attach uid value :%u", (unsigned int)puser->gid);
return -1;
}
@@ -369,7 +369,7 @@ static char **covert_gids_to_string(const gid_t *gids, const size_t gids_len)
char gid_str[ISULAD_NUMSTRLEN32] = { 0 };
nret = snprintf(gid_str, ISULAD_NUMSTRLEN32, "%u", (unsigned int)gids[i]);
- if (nret < 0 || nret >= ISULAD_NUMSTRLEN32) {
+ if (nret < 0 || (size_t)nret >= ISULAD_NUMSTRLEN32) {
ERROR("Invalid gid :%u", (unsigned int)gids[i]);
util_free_array_by_len(result, len);
return NULL;
diff --git a/src/daemon/modules/runtime/isula/isula_rt_ops.c b/src/daemon/modules/runtime/isula/isula_rt_ops.c
index 7374c3c6..a218519a 100644
--- a/src/daemon/modules/runtime/isula/isula_rt_ops.c
+++ b/src/daemon/modules/runtime/isula/isula_rt_ops.c
@@ -239,8 +239,9 @@ static int create_process_json_file(const char *workdir, const shim_client_proce
char fname[PATH_MAX] = { 0 };
int retcode = 0;
- if (snprintf(fname, sizeof(fname), "%s/process.json", workdir) < 0) {
- ERROR("failed make process.json full path");
+ int nret = snprintf(fname, sizeof(fname), "%s/process.json", workdir);
+ if (nret < 0 || (size_t)nret >= sizeof(fname)) {
+ ERROR("Failed make process.json full path");
return -1;
}
@@ -743,6 +744,7 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
const char *params[PARAM_NUM] = { 0 };
int i = 0;
int status = 0;
+ int nret = 0;
params[i++] = SHIM_BINARY;
params[i++] = id;
@@ -755,8 +757,9 @@ static int shim_create(bool fg, const char *id, const char *workdir, const char
}
runtime_exec_param_dump(params);
- if (snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir) < 0) {
- ERROR("Failed make shim-pid full path");
+ nret = snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir);
+ if (nret < 0 || (size_t)nret >= sizeof(fpid)) {
+ ERROR("failed make shim-pid full path");
return -1;
}
@@ -896,7 +899,8 @@ static int get_container_process_pid(const char *workdir)
struct timespec beg = { 0 };
struct timespec end = { 0 };
- if (snprintf(fname, sizeof(fname), "%s/pid", workdir) < 0) {
+ int nret = snprintf(fname, sizeof(fname), "%s/pid", workdir);
+ if (nret < 0 || (size_t)nret >= sizeof(fname)) {
ERROR("failed make pid full path");
return -1;
}
@@ -934,7 +938,8 @@ static void shim_kill_force(const char *workdir)
int pid = 0;
char fpid[PATH_MAX] = { 0 };
- if (snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir) < 0) {
+ int nret = snprintf(fpid, sizeof(fpid), "%s/shim-pid", workdir);
+ if (nret < 0 || (size_t)nret >= sizeof(fpid)) {
INFO("shim-pid not exist");
return;
}
@@ -961,6 +966,7 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
char workdir[PATH_MAX] = { 0 };
shim_client_process_state p = { 0 };
int shim_exit_code = 0;
+ int nret = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
@@ -973,7 +979,8 @@ int rt_isula_create(const char *id, const char *runtime, const rt_create_params_
return -1;
}
- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) {
+ nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
+ if (nret < 0 || (size_t)nret >= sizeof(workdir)) {
INFO("make full workdir failed");
ret = -1;
goto out;
@@ -1018,18 +1025,21 @@ int rt_isula_start(const char *id, const char *runtime, const rt_start_params_t
int splice_ret = 0;
proc_t *proc = NULL;
proc_t *p_proc = NULL;
+ int nret = 0;
if (id == NULL || runtime == NULL || params == NULL || pid_info == NULL) {
ERROR("nullptr arguments not allowed");
return -1;
}
- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) {
+
+ nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
+ if (nret < 0 || (size_t)nret >= sizeof(workdir)) {
ERROR("%s: missing shim workdir", id);
return -1;
}
splice_ret = snprintf(shim_pid_file_name, sizeof(shim_pid_file_name), "%s/shim-pid", workdir);
- if (splice_ret < 0 || splice_ret >= sizeof(shim_pid_file_name)) {
+ if (splice_ret < 0 || (size_t)splice_ret >= sizeof(shim_pid_file_name)) {
ERROR("%s: wrong shim workdir", id);
return -1;
}
@@ -1090,7 +1100,7 @@ int rt_isula_restart(const char *name, const char *runtime, const rt_restart_par
int rt_isula_clean_resource(const char *id, const char *runtime, const rt_clean_params_t *params)
{
char workdir[PATH_MAX] = { 0 };
- int nret;
+ int nret = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
@@ -1102,7 +1112,8 @@ int rt_isula_clean_resource(const char *id, const char *runtime, const rt_clean_
return -1;
}
- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->statepath, id) < 0) {
+ nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->statepath, id);
+ if (nret < 0 || (size_t)nret >= sizeof(workdir)) {
ERROR("failed get shim workdir");
return -1;
}
@@ -1135,6 +1146,7 @@ int rt_isula_clean_resource(const char *id, const char *runtime, const rt_clean_
int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *params)
{
char libdir[PATH_MAX] = { 0 };
+ int nret = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
@@ -1144,7 +1156,9 @@ int rt_isula_rm(const char *id, const char *runtime, const rt_rm_params_t *param
ERROR("missing root path");
return -1;
}
- if (snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id) < 0) {
+
+ nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id);
+ if (nret < 0 || (size_t)nret >= sizeof(libdir)) {
ERROR("failed get shim workdir");
return -1;
}
@@ -1205,7 +1219,7 @@ static int preparation_exec(const char *id, const char *runtime, const char *wor
}
ret = snprintf(resize_fifo_dir, sizeof(resize_fifo_dir), "%s/%s", workdir, RESIZE_FIFO_NAME);
- if (ret < 0) {
+ if (ret < 0 || (size_t)ret >= sizeof(resize_fifo_dir)) {
ERROR("failed join resize fifo full path");
return -1;
}
@@ -1258,7 +1272,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
ret = snprintf(bundle, sizeof(bundle), "%s/%s", params->rootpath, id);
- if (ret < 0) {
+ if (ret < 0 || (size_t)ret >= sizeof(bundle)) {
ERROR("failed join bundle path for exec");
return -1;
}
@@ -1275,7 +1289,7 @@ int rt_isula_exec(const char *id, const char *runtime, const rt_exec_params_t *p
}
ret = snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, exec_id);
- if (ret < 0) {
+ if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
ERROR("failed join exec full path");
goto out;
}
@@ -1349,7 +1363,7 @@ int rt_isula_status(const char *id, const char *runtime, const rt_status_params_
}
ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
- if (ret < 0) {
+ if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
ERROR("failed join full workdir %s/%s", params->rootpath, id);
goto out;
}
@@ -1531,13 +1545,15 @@ del_out:
int rt_isula_pause(const char *id, const char *runtime, const rt_pause_params_t *params)
{
char workdir[PATH_MAX] = { 0 };
+ int ret = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
return -1;
}
- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) {
+ ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
+ if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
ERROR("failed join workdir %s/%s", params->state, id);
return -1;
}
@@ -1548,13 +1564,15 @@ int rt_isula_pause(const char *id, const char *runtime, const rt_pause_params_t
int rt_isula_resume(const char *id, const char *runtime, const rt_resume_params_t *params)
{
char workdir[PATH_MAX] = { 0 };
+ int ret = 0;
if (id == NULL || runtime == NULL || params == NULL) {
ERROR("nullptr arguments not allowed");
return -1;
}
- if (snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id) < 0) {
+ ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
+ if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
ERROR("failed join workdir %s/%s", params->state, id);
return -1;
}
@@ -1581,7 +1599,7 @@ int rt_isula_resources_stats(const char *id, const char *runtime, const rt_stats
}
ret = snprintf(workdir, sizeof(workdir), "%s/%s", params->state, id);
- if (ret < 0) {
+ if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
ERROR("failed join full workdir %s/%s", params->rootpath, id);
goto out;
}
@@ -1625,17 +1643,20 @@ int rt_isula_exec_resize(const char *id, const char *runtime, const rt_exec_resi
return 0;
}
- if (snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, params->suffix) < 0) {
- ERROR("failed to join exec workdir path");
- return -1;
+ ret = snprintf(workdir, sizeof(workdir), "%s/%s/exec/%s", params->state, id, params->suffix);
+ if (ret < 0 || (size_t)ret >= sizeof(workdir)) {
+ ERROR("failed join full workdir %s/%s", params->rootpath, id);
+ goto out;
}
- if (snprintf(resize_fifo_path, sizeof(resize_fifo_path), "%s/%s", workdir, RESIZE_FIFO_NAME) < 0) {
+ ret = snprintf(resize_fifo_path, sizeof(resize_fifo_path), "%s/%s", workdir, RESIZE_FIFO_NAME);
+ if (ret < 0 || (size_t)ret >= sizeof(resize_fifo_path)) {
ERROR("failed to join exec fifo path");
return -1;
}
- if (snprintf(data, sizeof(data), "%u %u", params->width, params->height) < 0) {
+ ret = snprintf(data, sizeof(data), "%u %u", params->width, params->height);
+ if (ret < 0 || (size_t)ret >= sizeof(data)) {
ERROR("failed to write resize data");
return -1;
}
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 8cdf0138..a437399d 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -362,7 +362,7 @@ int rt_shim_clean_resource(const char *id, const char *runtime, const rt_clean_p
}
nret = snprintf(workdir, sizeof(workdir), "%s/%s", params->statepath, id);
- if (nret < 0 || nret >= sizeof(workdir)) {
+ if (nret < 0 || (size_t)nret >= sizeof(workdir)) {
ERROR("failed to get shim workdir");
ret = -1;
goto out;
@@ -406,7 +406,7 @@ int rt_shim_rm(const char *id, const char *runtime, const rt_rm_params_t *params
}
nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id);
- if (nret < 0 || nret >= sizeof(libdir)) {
+ if (nret < 0 || (size_t)nret >= sizeof(libdir)) {
ERROR("failed to get shim workdir");
ret = -1;
goto out;
diff --git a/src/daemon/modules/service/io_handler.c b/src/daemon/modules/service/io_handler.c
index 98c763a4..0cb9fda9 100644
--- a/src/daemon/modules/service/io_handler.c
+++ b/src/daemon/modules/service/io_handler.c
@@ -134,13 +134,13 @@ int create_daemon_fifos(const char *id, const char *runtime, bool attach_stdin,
nret = snprintf(subpath, PATH_MAX, "%s/%s/%u_%u_%u", id, operation, (unsigned int)tid, (unsigned int)now.tv_sec,
(unsigned int)(now.tv_nsec));
- if (nret >= PATH_MAX || nret < 0) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
goto cleanup;
}
nret = snprintf(fifodir, PATH_MAX, "%s/%s", statepath, subpath);
- if (nret >= PATH_MAX || nret < 0) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
goto cleanup;
}
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 0f4a1ed6..43968c63 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -310,6 +310,7 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
int fd = -1;
size_t i = 0;
ssize_t nret = 0;
+ int env_max = 4096;
ret = create_env_path_dir(env_path);
if (ret < 0) {
@@ -324,6 +325,11 @@ static int write_env_content(const char *env_path, const char **env, size_t env_
}
if (env != NULL) {
for (i = 0; i < env_len; i++) {
+ if (strlen(env[i]) > env_max) {
+ ERROR("Env is too long");
+ ret = -1;
+ goto out;
+ }
size_t len = strlen(env[i]) + strlen("\n") + 1;
char *env_content = NULL;
env_content = util_common_calloc_s(len);
@@ -1505,7 +1511,7 @@ int cleanup_mounts_by_id(const char *id, const char *engine_root_path)
int nret = 0;
nret = snprintf(target, PATH_MAX, "%s/%s", engine_root_path, id);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Sprintf failed");
return -1;
}
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index ad6d01d2..9fec586e 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -2303,7 +2303,7 @@ int save_oci_config(const char *id, const char *rootpath, const oci_runtime_spec
parser_error err = NULL;
nret = snprintf(file_path, PATH_MAX, "%s/%s/%s", rootpath, id, OCI_CONFIG_JSON);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
ret = -1;
goto out_free;
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index c312e08e..7ee4c5f9 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -197,7 +197,7 @@ static bool valid_dirent_info(const char *dir, const struct dirent *info_archivo
}
nret = snprintf(fullpath, PATH_MAX, "%s/%s", dir, info_archivo->d_name);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("get_devices: Failed to combine device path");
return false;
}
@@ -310,7 +310,7 @@ static int get_devices(const char *dir, char ***devices, size_t *device_len, int
return -1;
}
nret = snprintf(fullpath, PATH_MAX, "%s/%s", dir, info_archivo->d_name);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("get_devices: Failed to combine device path");
closedir(midir);
free(fullpath);
@@ -2603,7 +2603,7 @@ static char *get_prepare_share_shm_path(const char *truntime, const char *cid)
}
nret = snprintf(spath, slen, "%s/%s/mounts/shm", real_root_path, cid);
- if (nret < 0 || nret >= slen) {
+ if (nret < 0 || (size_t)nret >= slen) {
ERROR("Sprintf failed");
goto err_out;
}
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 5fa556f3..0b73e652 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -381,7 +381,7 @@ static int recursive_rmdir_helper(const char *dirpath, int recursive_depth, int
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
failure = 1;
continue;
@@ -490,7 +490,7 @@ char *util_path_join(const char *dir, const char *file)
}
nret = snprintf(path, PATH_MAX, "%s/%s", dir, file);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("dir or file too long failed");
return NULL;
}
@@ -611,7 +611,7 @@ char *util_human_size(uint64_t val)
}
ret = snprintf(out, len, "%llu%s", (unsigned long long)ui, uf[index]);
- if (ret < 0 || ret >= len) {
+ if (ret < 0 || (size_t)ret >= len) {
ERROR("Failed to print string");
free(out);
return NULL;
@@ -637,7 +637,7 @@ char *util_human_size_decimal(int64_t val)
} else {
nret = snprintf(out, sizeof(out), "%lldB", (long long int)val);
}
- if (nret < 0 || nret >= sizeof(out)) {
+ if (nret < 0 || (size_t)nret >= sizeof(out)) {
ERROR("Failed to print string");
return NULL;
}
@@ -1258,7 +1258,7 @@ static void recursive_cal_dir_size_helper(const char *dirpath, int recursive_dep
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
continue;
}
@@ -1346,7 +1346,7 @@ static void recursive_cal_dir_size__without_hardlink_helper(const char *dirpath,
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
continue;
}
@@ -1478,7 +1478,7 @@ static char *get_random_tmp_file(const char *fname)
}
nret = snprintf(rpath, PATH_MAX, ".tmp-%s-%s", base, random_tmp);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to generate tmp base file");
goto out;
}
diff --git a/src/utils/cutils/utils_timestamp.c b/src/utils/cutils/utils_timestamp.c
index 2f378078..7435e2fa 100644
--- a/src/utils/cutils/utils_timestamp.c
+++ b/src/utils/cutils/utils_timestamp.c
@@ -844,7 +844,7 @@ static bool time_human_duration(int64_t seconds, char *str, size_t len)
}
}
- if (nret < 0 || nret >= len) {
+ if (nret < 0 || (size_t)nret >= len) {
ERROR("Sprintf buffer failed");
return false;
}
diff --git a/src/utils/cutils/utils_verify.c b/src/utils/cutils/utils_verify.c
index c2836ae3..6fec2c9a 100644
--- a/src/utils/cutils/utils_verify.c
+++ b/src/utils/cutils/utils_verify.c
@@ -231,7 +231,7 @@ bool util_valid_cap(const char *cap)
}
nret = snprintf(tmpcap, sizeof(tmpcap), "CAP_%s", cap);
- if (nret < 0 || nret >= sizeof(tmpcap)) {
+ if (nret < 0 || (size_t)nret >= sizeof(tmpcap)) {
ERROR("Failed to print string");
return false;
}
diff --git a/src/utils/tar/isulad_tar.c b/src/utils/tar/isulad_tar.c
index 7264282f..48ac96da 100644
--- a/src/utils/tar/isulad_tar.c
+++ b/src/utils/tar/isulad_tar.c
@@ -57,7 +57,7 @@ static int get_rebase_name(const char *path, const char *real_path, char **resol
char *resolved_base = NULL;
nret = snprintf(resolved, PATH_MAX, "%s", real_path);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to print string");
return -1;
}
diff --git a/src/utils/tar/util_archive.c b/src/utils/tar/util_archive.c
index 08116589..a6946413 100644
--- a/src/utils/tar/util_archive.c
+++ b/src/utils/tar/util_archive.c
@@ -114,7 +114,7 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
}
nret = snprintf(isula_tmpdir, PATH_MAX, "%s/isulad_tmpdir", isulad_tmpdir_env);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to snprintf");
return -1;
}
@@ -125,7 +125,7 @@ static int make_safedir_is_noexec(const char *dstdir, char **safe_dir)
}
nret = snprintf(tmp_dir, PATH_MAX, "%s/tar-chroot-XXXXXX", cleanpath);
- if (nret < 0 || nret >= PATH_MAX) {
+ if (nret < 0 || (size_t)nret >= PATH_MAX) {
ERROR("Failed to snprintf string");
return -1;
}
@@ -305,7 +305,7 @@ static int remove_files_in_opq_dir(const char *dirpath, int recursive_depth, map
(void)memset(fname, 0, sizeof(fname));
pathname_len = snprintf(fname, PATH_MAX, "%s/%s", dirpath, pdirent->d_name);
- if (pathname_len < 0 || pathname_len >= PATH_MAX) {
+ if (pathname_len < 0 || (size_t)pathname_len >= PATH_MAX) {
ERROR("Pathname too long");
ret = -1;
continue;
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink