packages/lcr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!250 [sync] PR-246: Fix potential log error, empty pointer reference and overflow.

Browse Source 
* Fix potential log error, empty pointer reference and overflow.
This commit is contained in:
openeuler-sync-bot 2023-09-12 06:09:34 +00:00 committed by haozi007
parent 3435cd0e48
commit b213050449
6 changed files with 1263 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1001
0007-Fix-empty-pointer-and-overflow.patch Normal file
View File

File diff suppressed because it is too large Load Diff

25
0008-CI-checkout-branch-of-lxc.patch Normal file
View File

@ -0,0 +1,25 @@
From 3ddbf5130eb24e7a2e9f70c3e6c494afa0015e92 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Tue, 29 Aug 2023 02:38:14 +0000
Subject: [PATCH 08/11] CI: checkout branch of lxc
Signed-off-by: jikai <jikai11@huawei.com>
---
CI/pr-gateway.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/CI/pr-gateway.sh b/CI/pr-gateway.sh
index 1a15461..6595c77 100755
--- a/CI/pr-gateway.sh
+++ b/CI/pr-gateway.sh
@@ -29,6 +29,7 @@ cd ~
rm -rf lxc
git clone https://gitee.com/src-openeuler/lxc.git
pushd lxc
+git checkout origin/openEuler-22.03-LTS-SP1
rm -rf lxc-4.0.3
./apply-patches || exit 1
pushd lxc-4.0.3
--
2.33.0

37
0009-support-check-symbols-and-compile-code-in-cmake.patch Normal file
View File

@ -0,0 +1,37 @@
From 2f0562d56032a563672ae105b7b3ca1b71878526 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Sat, 26 Aug 2023 10:54:02 +0800
Subject: [PATCH 09/11] support check symbols and compile code in cmake
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
cmake/checker.cmake | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/cmake/checker.cmake b/cmake/checker.cmake
index 13c1cdb..27a83d1 100644
--- a/cmake/checker.cmake
+++ b/cmake/checker.cmake
@@ -20,6 +20,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
+include(CheckFunctionExists)
+include(CheckCSourceCompiles)
+
# check depends library and headers
find_package(PkgConfig REQUIRED)
@@ -91,3 +94,9 @@ if (ENABLE_GCOV)
_CHECK(CMD_GENHTML "CMD_GENHTML-NOTFOUND" "genhtml")
endif()
+check_function_exists(strerror_r HAVE_STRERROR_R)
+
+check_c_source_compiles(
+ "#define _GNU_SOURCE\n#include <string.h>\nint main() { char err_str[128]; char *ptr = strerror_r(-2, err_str, 128); return ptr != (void *)0L; }"
+ STRERROR_R_CHAR_P
+)
--
2.33.0

155
0010-remove-unnecessary-strerror.patch Normal file
View File

@ -0,0 +1,155 @@
From 41aa94a5859755ed4ca181043dd442401fd068ea Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 5 Sep 2023 19:35:37 +0800
Subject: [PATCH 10/11] remove unnecessary strerror
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/lcrcontainer_execute.c | 7 +++----
src/lcrcontainer_extend.c | 16 ++++++++--------
src/utils.c | 2 +-
third_party/log.c | 6 +++---
4 files changed, 15 insertions(+), 16 deletions(-)
diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c
index b924254..6c1f9fc 100644
--- a/src/lcrcontainer_execute.c
+++ b/src/lcrcontainer_execute.c
@@ -71,8 +71,7 @@
do \
{ \
SYSERROR("Error updating cgroup %s to %s", (item), (value)); \
- lcr_set_error_message(LCR_ERR_RUNTIME, "Error updating cgroup %s to %s: %s", (item), (value), \
- strerror(errno)); \
+ lcr_set_error_message(LCR_ERR_RUNTIME, "Error updating cgroup %s to %s.", (item), (value)); \
} while (0)
static inline void add_array_elem(char **array, size_t total, size_t *pos, const char *elem)
@@ -908,7 +907,7 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
execvp("lxc-attach", params);
- COMMAND_ERROR("Failed to exec lxc-attach: %s", strerror(errno));
+ CMD_SYSERROR("Failed to exec lxc-attach");
free(params);
exit(EXIT_FAILURE);
}
@@ -1067,6 +1066,6 @@ void execute_lxc_start(const char *name, const char *path, const struct lcr_star
execvp("lxc-start", params);
- COMMAND_ERROR("Failed to exec lxc-start: %s.", strerror(errno));
+ CMD_SYSERROR("Failed to exec lxc-start.");
exit(EXIT_FAILURE);
}
diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c
index 645f159..321be8c 100644
--- a/src/lcrcontainer_extend.c
+++ b/src/lcrcontainer_extend.c
@@ -153,7 +153,7 @@ static int make_annotations(oci_runtime_spec *container, const struct lxc_contai
goto out;
}
if (lcr_util_ensure_path(&realpath, anno->values[fpos])) {
- ERROR("Invalid log path: %s, error: %s.", anno->values[fpos], strerror(errno));
+ SYSERROR("Invalid log path: %s.", anno->values[fpos]);
goto out;
}
ret = 0;
@@ -376,7 +376,7 @@ static int lcr_spec_write_seccomp_line(int fd, const char *seccomp)
}
line[nret] = '\n';
if (write(fd, line, len) == -1) {
- SYSERROR("Write failed");
+ SYSERROR("Write file failed");
goto cleanup;
}
ret = 0;
@@ -626,8 +626,8 @@ static int lcr_open_config_file(const char *bundle)
fd = lcr_util_open(real_config, O_CREAT | O_TRUNC | O_CLOEXEC | O_WRONLY, CONFIG_FILE_MODE);
if (fd == -1) {
- ERROR("Create file %s failed, %s", real_config, strerror(errno));
- lcr_set_error_message(LCR_ERR_RUNTIME, "Create file %s failed, %s", real_config, strerror(errno));
+ SYSERROR("Create file %s failed", real_config);
+ lcr_set_error_message(LCR_ERR_RUNTIME, "Create file %s failed", real_config);
goto out;
}
out:
@@ -738,7 +738,7 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf)
line_encode[encode_len] = '\n';
if (write(fd, line_encode, encode_len + 1) == -1) {
- SYSERROR("Write failed");
+ SYSERROR("Write file failed");
goto cleanup;
}
free(line);
@@ -788,7 +788,7 @@ static char *lcr_get_bundle(const char *lcrpath, const char *name)
ERROR("Bundle %s does not exist", bundle);
break;
default:
- ERROR("Access %s failed: %s\n", bundle, strerror(errno));
+ SYSERROR("Access %s failed", bundle);
}
goto cleanup;
}
@@ -880,7 +880,7 @@ static int lcr_write_file(const char *path, const char *data, size_t len)
}
if (write(fd, data, len) == -1) {
- ERROR("write data to %s failed: %s", real_path, strerror(errno));
+ SYSERROR("write data to %s failed", real_path);
goto out_free;
}
@@ -908,7 +908,7 @@ static bool lcr_write_ocihooks(const char *path, const oci_runtime_spec_hooks *h
}
if (lcr_write_file(path, json_hooks, strlen(json_hooks)) == -1) {
- ERROR("write json hooks failed: %s", strerror(errno));
+ SYSERROR("write json hooks failed");
goto out_free;
}
diff --git a/src/utils.c b/src/utils.c
index d1271dd..df73985 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -1344,7 +1344,7 @@ int lcr_util_get_cgroup_version()
struct statfs fs = {0};
if (statfs(CGROUP_MOUNTPOINT, &fs) != 0) {
- ERROR("failed to statfs %s: %s", CGROUP_MOUNTPOINT, strerror(errno));
+ SYSERROR("failed to statfs %s.", CGROUP_MOUNTPOINT);
return -1;
}
diff --git a/third_party/log.c b/third_party/log.c
index c3c1981..9c8a873 100644
--- a/third_party/log.c
+++ b/third_party/log.c
@@ -312,18 +312,18 @@ static int open_fifo(const char *fifo_path)
nret = mknod(fifo_path, S_IFIFO | S_IRUSR | S_IWUSR, (dev_t)0);
if (nret && errno != EEXIST) {
- COMMAND_ERROR("Mknod failed: %s", strerror(errno));
+ CMD_SYSERROR("Mknod failed");
return nret;
}
fifo_fd = lcr_util_open(fifo_path, O_RDWR | O_NONBLOCK, 0);
if (fifo_fd == -1) {
- COMMAND_ERROR("Open fifo %s failed: %s", fifo_path, strerror(errno));
+ CMD_SYSERROR("Open fifo %s failed", fifo_path);
return -1;
}
if (fcntl(fifo_fd, F_SETPIPE_SZ, LOG_FIFO_SIZE) == -1) {
- COMMAND_ERROR("Set fifo buffer size failed: %s", strerror(errno));
+ CMD_SYSERROR("Set fifo buffer size failed");
close(fifo_fd);
return -1;
}
--
2.33.0

33
0011-258-improve-code-of-function-in-log.patch Normal file
View File

@ -0,0 +1,33 @@
From 67db677060c70aa23e6927e99cc2078e219b9d2d Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 6 Sep 2023 11:01:47 +0000
Subject: [PATCH 11/11] !258 improve code of function in log Merge pull request
!258 from haozi007/stablefix
---
third_party/log.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/third_party/log.h b/third_party/log.h
index 2db0d98..43c1d5d 100644
--- a/third_party/log.h
+++ b/third_party/log.h
@@ -417,13 +417,13 @@ lxc_log_priority_define(&g_lxc_log_category_lxc, FATAL);
#define CMD_SYSERROR(format, ...) \
do { \
lxc_log_strerror_r; \
- fprintf(stderr, "%s - " format, ptr, ##__VA_ARGS__); \
+ fprintf(stderr, "%s - " format "\n", ptr, ##__VA_ARGS__); \
} while (0)
#define CMD_SYSINFO(format, ...) \
do { \
lxc_log_strerror_r; \
- printf("%s - " format, ptr, ##__VA_ARGS__); \
+ printf("%s - " format "\n", ptr, ##__VA_ARGS__); \
} while (0)
#define COMMAND_ERROR(fmt, args...) \
--
2.33.0

13
lcr.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.9 %global _version 2.0.9
%global _release 5 %global _release 6
%global _inner_name isula_libutils %global _inner_name isula_libutils
Name: lcr Name: lcr
@ -18,6 +18,11 @@ Patch0003: 0003-adapt-to-repo-of-openeuler-url-changed.patch
Patch0004: 0004-add-cgroup-resources-json-schema-for-isula-update.patch Patch0004: 0004-add-cgroup-resources-json-schema-for-isula-update.patch
Patch0005: 0005-add-field-for-isulad-daemon-configs.patch Patch0005: 0005-add-field-for-isulad-daemon-configs.patch
Patch0006: 0006-add-files_limit-to-oci-spec.patch Patch0006: 0006-add-files_limit-to-oci-spec.patch
Patch0007: 0007-Fix-empty-pointer-and-overflow.patch
Patch0008: 0008-CI-checkout-branch-of-lxc.patch
Patch0009: 0009-support-check-symbols-and-compile-code-in-cmake.patch
Patch0010: 0010-remove-unnecessary-strerror.patch
Patch0011: 0011-258-improve-code-of-function-in-log.patch
%define lxcver_lower 4.0.3-2022102400 %define lxcver_lower 4.0.3-2022102400
%define lxcver_upper 4.0.3-2022102500 %define lxcver_upper 4.0.3-2022102500
@ -101,6 +106,12 @@ rm -rf %{buildroot}
%{_includedir}/%{_inner_name}/*.h %{_includedir}/%{_inner_name}/*.h
%changelog %changelog
* Tue Sep 12 2023 jikai<jikai11@huawei.com> - 2.0.9-6
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Fix potential log error, empty pointer reference and overflow
* Mon Aug 7 2023 suwei <suwei@kylinsec.com.cn> - 2.0.9-5 * Mon Aug 7 2023 suwei <suwei@kylinsec.com.cn> - 2.0.9-5
- Type:enhancement - Type:enhancement
- CVE:NA - CVE:NA