3b4b08f18a
Signed-off-by: jikai <jikai11@huawei.com> (cherry picked from commit 0a5748543c47e895a44afbc57de2d1ad6f9063d9)
149 lines
5.0 KiB
Diff
149 lines
5.0 KiB
Diff
From ade392429a7682b918777ba7eb210f3789c98b4a Mon Sep 17 00:00:00 2001
|
|
From: jikai <jikai11@huawei.com>
|
|
Date: Mon, 29 Apr 2024 16:43:51 +0800
|
|
Subject: [PATCH 22/22] fix bug for potential config/seccomp/ocihook write
|
|
error
|
|
|
|
Signed-off-by: jikai <jikai11@huawei.com>
|
|
---
|
|
src/lcrcontainer_extend.c | 18 ++++++++++++------
|
|
src/utils.c | 30 ++++++++++++++++++++++++++++++
|
|
src/utils.h | 1 +
|
|
3 files changed, 43 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c
|
|
index d70f5a6..261cf1d 100644
|
|
--- a/src/lcrcontainer_extend.c
|
|
+++ b/src/lcrcontainer_extend.c
|
|
@@ -352,6 +352,7 @@ static int lcr_spec_write_seccomp_line(int fd, const char *seccomp)
|
|
char *line = NULL;
|
|
int ret = -1;
|
|
int nret;
|
|
+ ssize_t nwritten = -1;
|
|
|
|
if (strlen(seccomp) > SIZE_MAX - strlen("lxc.seccomp.profile") - 3 - 1) {
|
|
ERROR("the length of lxc.seccomp is too long!");
|
|
@@ -375,7 +376,8 @@ static int lcr_spec_write_seccomp_line(int fd, const char *seccomp)
|
|
nret = (int)(len - 1);
|
|
}
|
|
line[nret] = '\n';
|
|
- if (write(fd, line, len) == -1) {
|
|
+ nwritten = lcr_util_write_nointr_in_total(fd, line, len);
|
|
+ if (nwritten < 0 || (size_t)nwritten != len) {
|
|
SYSERROR("Write file failed");
|
|
goto cleanup;
|
|
}
|
|
@@ -391,7 +393,7 @@ static char *lcr_save_seccomp_file(const char *bundle, const char *seccomp_conf)
|
|
char *real_seccomp = NULL;
|
|
int fd = -1;
|
|
int nret;
|
|
- ssize_t written_cnt;
|
|
+ ssize_t nwritten = -1;
|
|
|
|
nret = snprintf(seccomp, sizeof(seccomp), "%s/seccomp", bundle);
|
|
if (nret < 0 || (size_t)nret >= sizeof(seccomp)) {
|
|
@@ -410,9 +412,9 @@ static char *lcr_save_seccomp_file(const char *bundle, const char *seccomp_conf)
|
|
goto cleanup;
|
|
}
|
|
|
|
- written_cnt = write(fd, seccomp_conf, strlen(seccomp_conf));
|
|
+ nwritten = lcr_util_write_nointr(fd, seccomp_conf, strlen(seccomp_conf));
|
|
close(fd);
|
|
- if (written_cnt == -1) {
|
|
+ if (nwritten < 0 || (size_t)nwritten != strlen(seccomp_conf)) {
|
|
SYSERROR("write seccomp_conf failed");
|
|
goto cleanup;
|
|
}
|
|
@@ -710,6 +712,7 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf)
|
|
lcr_config_item_t *item = it->elem;
|
|
int nret;
|
|
size_t encode_len;
|
|
+ ssize_t nwritten = -1;
|
|
if (item != NULL) {
|
|
if (strlen(item->value) > ((SIZE_MAX - strlen(item->name)) - 4)) {
|
|
goto cleanup;
|
|
@@ -737,7 +740,8 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf)
|
|
encode_len = strlen(line_encode);
|
|
|
|
line_encode[encode_len] = '\n';
|
|
- if (write(fd, line_encode, encode_len + 1) == -1) {
|
|
+ nwritten = lcr_util_write_nointr_in_total(fd, line_encode, encode_len + 1);
|
|
+ if (nwritten < 0 || (size_t)nwritten != encode_len + 1) {
|
|
SYSERROR("Write file failed");
|
|
goto cleanup;
|
|
}
|
|
@@ -862,6 +866,7 @@ static int lcr_write_file(const char *path, const char *data, size_t len)
|
|
char *real_path = NULL;
|
|
int fd = -1;
|
|
int ret = -1;
|
|
+ ssize_t nwritten = -1;
|
|
|
|
if (path == NULL || strlen(path) == 0 || data == NULL || len == 0) {
|
|
return -1;
|
|
@@ -879,7 +884,8 @@ static int lcr_write_file(const char *path, const char *data, size_t len)
|
|
goto out_free;
|
|
}
|
|
|
|
- if (write(fd, data, len) == -1) {
|
|
+ nwritten = lcr_util_write_nointr_in_total(fd, data, len);
|
|
+ if (nwritten < 0 || (size_t)nwritten != len) {
|
|
SYSERROR("write data to %s failed", real_path);
|
|
goto out_free;
|
|
}
|
|
diff --git a/src/utils.c b/src/utils.c
|
|
index b999509..1279f8a 100644
|
|
--- a/src/utils.c
|
|
+++ b/src/utils.c
|
|
@@ -1040,6 +1040,36 @@ int lcr_util_build_dir(const char *name)
|
|
return 0;
|
|
}
|
|
|
|
+ssize_t lcr_util_write_nointr_in_total(int fd, const char *buf, size_t count)
|
|
+{
|
|
+ size_t nwritten;
|
|
+
|
|
+ if (buf == NULL) {
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (count > SSIZE_MAX) {
|
|
+ ERROR("Too large data to write");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ for (nwritten = 0; nwritten < count;) {
|
|
+ ssize_t nret;
|
|
+ nret = write(fd, buf + nwritten, count - nwritten);
|
|
+ if (nret < 0) {
|
|
+ if (errno == EINTR || errno == EAGAIN) {
|
|
+ continue;
|
|
+ } else {
|
|
+ return nret;
|
|
+ }
|
|
+ } else {
|
|
+ nwritten += nret;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return (ssize_t)nwritten;
|
|
+}
|
|
+
|
|
/* util write nointr */
|
|
ssize_t lcr_util_write_nointr(int fd, const void *buf, size_t count)
|
|
{
|
|
diff --git a/src/utils.h b/src/utils.h
|
|
index 2fe4f1e..d248c39 100644
|
|
--- a/src/utils.h
|
|
+++ b/src/utils.h
|
|
@@ -206,6 +206,7 @@ char *lcr_util_string_append(const char *post, const char *pre);
|
|
char *lcr_util_string_split_prefix(size_t prefix_len, const char *file);
|
|
|
|
int lcr_util_build_dir(const char *name);
|
|
+ssize_t lcr_util_write_nointr_in_total(int fd, const char *buf, size_t count);
|
|
ssize_t lcr_util_write_nointr(int fd, const void *buf, size_t count);
|
|
ssize_t lcr_util_read_nointr(int fd, void *buf, size_t count);
|
|
|
|
--
|
|
2.34.1
|
|
|