packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!409 sync from upstream iSulad

Browse Source 
From: @duguhaotian 
Reviewed-by: @wangfengtu, @jingwoo 
Signed-off-by: @jingwoo
This commit is contained in:
openeuler-ci-bot 2022-08-17 02:52:26 +00:00 committed by Gitee
commit 45867c8984
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
22 changed files with 844 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
0001-do-not-use-tmpfile.patch
View File

@ -1,7 +1,7 @@
From 2e404b3aa5fcea87a905fbd7ff3465b6135b701e Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Wed, 20 Jul 2022 14:26:58 +0800
Subject: [PATCH 01/15] do not use tmpfile()
Subject: [PATCH 01/21] do not use tmpfile()
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---

2
0002-use-only-TLS-v1.2-or-later.patch
View File

@ -1,7 +1,7 @@
From 025d2c2dad2786eda40f2367cdd727a36b8249df Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 21 Jul 2022 15:37:07 +0800
Subject: [PATCH 02/15] use only TLS v1.2 or later
Subject: [PATCH 02/21] use only TLS v1.2 or later
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---

2
0003-don-t-mount-shareable-dirs-if-user-set-mount-for-dev.patch
View File

@ -1,7 +1,7 @@
From a475d8da1122af712dbc79dc5d92f1cb95d519f9 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 25 Jul 2022 20:31:15 +0800
Subject: [PATCH 03/15] don't mount shareable dirs if user set mount for dev
Subject: [PATCH 03/21] don't mount shareable dirs if user set mount for dev
shm
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>

2
0004-tolerate-arch-unspecified-seccomp-profiles.patch
View File

@ -1,7 +1,7 @@
From 73e02e66102b3e066d5d6424624461c3024cabe4 Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com>
Date: Fri, 29 Jul 2022 14:44:55 +0800
Subject: [PATCH 04/15] tolerate arch unspecified seccomp profiles
Subject: [PATCH 04/21] tolerate arch unspecified seccomp profiles
Signed-off-by: chengzrz <czrzrichard@gmail.com>
---

2
0005-add-a-CI-test-case-checking-seccomp-option.patch
View File

@ -1,7 +1,7 @@
From c9c2bb6bfbe2060bdc6af53ca0d752572b21594d Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com>
Date: Fri, 29 Jul 2022 14:45:20 +0800
Subject: [PATCH 05/15] add a CI test case, checking seccomp option
Subject: [PATCH 05/21] add a CI test case, checking seccomp option
Signed-off-by: chengzrz <czrzrichard@gmail.com>
---

2
0006-fix-cri-attach-when-stdout-and-stderr-are-false.patch
View File

@ -1,7 +1,7 @@
From 9498a8df59f69acbf75f9aa69fef465350288bb8 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Mon, 1 Aug 2022 11:20:31 +0800
Subject: [PATCH 06/15] fix cri attach when stdout and stderr are false
Subject: [PATCH 06/21] fix cri attach when stdout and stderr are false
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0007-fix-cpu-quota-out-of-range-when-update-to-1.patch
View File

@ -1,7 +1,7 @@
From 5174fd2608a25a8f7f4b61be79d125b19fb420f9 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Tue, 26 Jul 2022 02:08:43 -0700
Subject: [PATCH 07/15] fix cpu-quota out of range when update to -1
Subject: [PATCH 07/21] fix cpu-quota out of range when update to -1
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---

2
0008-stop-health-check-monitor-before-stopping-container.patch
View File

@ -1,7 +1,7 @@
From b8fd21e636b643fe9f257a77808d53b067f3d105 Mon Sep 17 00:00:00 2001
From: songbuhuang <544824346@qq.com>
Date: Wed, 3 Aug 2022 16:06:16 +0800
Subject: [PATCH 08/15] stop health check monitor before stopping container
Subject: [PATCH 08/21] stop health check monitor before stopping container
Signed-off-by: songbuhuang <544824346@qq.com>
---

2
0009-set-dup_option-null-after-free.patch
View File

@ -1,7 +1,7 @@
From 3d8258777c2265ea00c9fe13a11d37d0b3320e4c Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Fri, 5 Aug 2022 14:37:38 +0800
Subject: [PATCH 09/15] set dup_option null after free
Subject: [PATCH 09/21] set dup_option null after free
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---

2
0010-ensure-read-string-must-have-space-store-null-char.patch
View File

@ -1,7 +1,7 @@
From 6e0b890c16d851bd29009b8a778234ce9e82339e Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 8 Aug 2022 16:46:22 +0800
Subject: [PATCH 10/15] ensure read string must have space store null char
Subject: [PATCH 10/21] ensure read string must have space store null char
Signed-off-by: haozi007 <liuhao27@huawei.com>
---

2
0011-remove-unused-include-files.patch
View File

@ -1,7 +1,7 @@
From 448e4c5b0327916c05d8354e4e99565de7a8129d Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 9 Aug 2022 14:36:33 +0800
Subject: [PATCH 11/15] remove unused include files
Subject: [PATCH 11/21] remove unused include files
Signed-off-by: haozi007 <liuhao27@huawei.com>
---

2
0012-fix-lose-override-flag.patch
View File

@ -1,7 +1,7 @@
From ec627e1564baf4e77311c917bde9bddf23b63b9b Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 10 Aug 2022 17:40:36 +0800
Subject: [PATCH 12/15] fix lose override flag
Subject: [PATCH 12/21] fix lose override flag
Signed-off-by: haozi007 <liuhao27@huawei.com>
---

2
0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch
View File

@ -1,7 +1,7 @@
From e524923aeeeb96f999dd153ea51f778289fade52 Mon Sep 17 00:00:00 2001
From: zhongtao <taozh97@163.com>
Date: Fri, 12 Aug 2022 17:17:44 +0800
Subject: [PATCH 13/15] Add read and execute permissions for libhttpclient.so
Subject: [PATCH 13/21] Add read and execute permissions for libhttpclient.so
and libisulad_tools.so for other users, so that non-root users who join the
isula group can use the isula command normally

2
0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch
View File

@ -1,7 +1,7 @@
From dfcd1cbd6403af11d7afed96b0c8e3ca292722f9 Mon Sep 17 00:00:00 2001
From: "Neil.wrz" <wangrunze13@huawei.com>
Date: Fri, 12 Aug 2022 15:30:50 -0700
Subject: [PATCH 14/15] fix exec_request_to_rest forgot to handle suffix
Subject: [PATCH 14/21] fix exec_request_to_rest forgot to handle suffix
Signed-off-by: Neil.wrz <wangrunze13@huawei.com>
---

2
0015-add-fuzz-dict.patch
View File

@ -1,7 +1,7 @@
From 13c9523f3f69bafc62be8465dea235bdc7e6df4f Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Thu, 11 Aug 2022 20:30:48 +0800
Subject: [PATCH 15/15] add fuzz dict
Subject: [PATCH 15/21] add fuzz dict
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---

121
0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch Normal file
View File

@ -0,0 +1,121 @@
From 9d365a82ceea7e50bce8069a9b14a529b6467299 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 15 Aug 2022 19:34:42 +0800
Subject: [PATCH 16/21] [clang-analyzer] ensure agrument with nonnull attirbute
passed nonnull
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/daemon/executor/container_cb/execution_create.c | 3 ++-
.../storage/layer_store/graphdriver/devmapper/deviceset.c | 8 +++-----
.../layer_store/graphdriver/devmapper/wrapper_devmapper.c | 4 ++--
src/daemon/modules/spec/specs_mount.c | 6 ++++--
src/utils/cutils/utils_file.c | 3 +--
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 626cfbc6..da01a57f 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -833,7 +833,8 @@ static int prepare_host_channel(const host_config_host_channel *host_channel, co
}
#endif
- if (host_channel == NULL) {
+ if (host_channel == NULL || host_channel->path_on_host == NULL) {
+ DEBUG("Host channel is not setting.");
goto out;
}
if (util_dir_exists(host_channel->path_on_host)) {
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
index 10c7fafd..78d8737d 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c
@@ -3340,15 +3340,14 @@ static int umount_deactivate_dev_all(const struct device_set *devset)
mnt_root = util_path_join(devset->root, "mnt");
if (mnt_root == NULL) {
ERROR("devmapper:join path %s/mnt failed", devset->root);
- ret = -1;
- goto out;
+ return -1;
}
dp = opendir(mnt_root);
if (dp == NULL) {
ERROR("devmapper: open dir %s failed", mnt_root);
- ret = -1;
- goto out;
+ free(mnt_root);
+ return -1;
}
// Do my best to umount all of the device that has been mounted
@@ -3398,7 +3397,6 @@ static int umount_deactivate_dev_all(const struct device_set *devset)
devmapper_device_info_ref_dec(device_info);
}
-out:
closedir(dp);
free(mnt_root);
return ret;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
index 07d64318..8a1dfff5 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/wrapper_devmapper.c
@@ -393,13 +393,13 @@ void dev_udev_wait(uint32_t cookie)
if (gettimeofday(&start, NULL) != 0) {
ERROR("devmapper: get time failed");
- goto free_out;
+ return;
}
uwait = util_common_calloc_s(sizeof(udev_wait_pth_t));
if (uwait == NULL) {
ERROR("Out of memory");
- goto free_out;
+ return;
}
uwait->cookie = cookie;
uwait->state = DEV_INIT;
diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c
index 8966293f..12f66d8c 100644
--- a/src/daemon/modules/spec/specs_mount.c
+++ b/src/daemon/modules/spec/specs_mount.c
@@ -3358,7 +3358,7 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
/* mounts to mount filesystem */
ret = merge_fs_mounts_to_v2_spec(all_fs_mounts, all_fs_mounts_len, v2_spec);
- if (ret) {
+ if (ret != 0) {
ERROR("Failed to merge mounts in to v2 spec");
goto out;
}
@@ -3404,7 +3404,9 @@ int merge_conf_mounts(oci_runtime_spec *oci_spec, host_config *host_spec, contai
}
}
- qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare);
+ if (all_fs_mounts_len > 0) {
+ qsort(all_fs_mounts, all_fs_mounts_len, sizeof(all_fs_mounts[0]), destination_compare);
+ }
ret = merge_fs_mounts_to_oci_spec(oci_spec, all_fs_mounts, all_fs_mounts_len);
if (ret) {
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 00f586f1..67e7a707 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -1531,8 +1531,7 @@ int util_atomic_write_file(const char *fname, const char *content, size_t conten
tmp_file = get_random_tmp_file(fname);
if (tmp_file == NULL) {
ERROR("Failed to get tmp file for %s", fname);
- ret = -1;
- goto free_out;
+ return -1;
}
ret = do_atomic_write_file(tmp_file, content, content_len, mode, sync);
--
2.25.1

2
0016-change-default-umask-to-0022.patch → 0017-change-default-umask-to-0022.patch
View File

@ -1,7 +1,7 @@
From 53ba0431c50a618bee0e17315ec176e6c400ed86 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 15 Aug 2022 19:41:27 +0800
Subject: [PATCH] change default umask to 0022
Subject: [PATCH 17/21] change default umask to 0022
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---

208
0018-clang-analyzer-remove-dead-assignment.patch Normal file
View File

@ -0,0 +1,208 @@
From 348c79c8ee9379f5237d1fdbcdb3678c9a9e9527 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 16 Aug 2022 10:23:39 +0800
Subject: [PATCH 18/21] [clang-analyzer] remove dead assignment
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isulad-shim/process.c | 2 +-
src/cmd/options/opt_log.c | 4 ++++
src/daemon/executor/container_cb/execution_network.c | 1 -
src/daemon/modules/image/oci/oci_import.c | 2 --
src/daemon/modules/image/oci/registry/auths.c | 2 +-
src/daemon/modules/image/oci/registry/registry.c | 4 +---
.../graphdriver/overlay2/driver_overlay2.c | 2 +-
.../image/oci/storage/layer_store/layer_store.c | 12 ++++++++----
src/daemon/modules/log/log_gather.c | 1 -
src/daemon/modules/plugin/plugin.c | 1 -
src/utils/cutils/map/map.c | 2 +-
src/utils/cutils/path.c | 2 +-
12 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/src/cmd/isulad-shim/process.c b/src/cmd/isulad-shim/process.c
index 4d665b26..c8ce7a44 100644
--- a/src/cmd/isulad-shim/process.c
+++ b/src/cmd/isulad-shim/process.c
@@ -297,7 +297,7 @@ static void *do_io_copy(void *data)
}
fd_node_t *fn = ioc->fd_to;
- fd_node_t *next = fn;
+ fd_node_t *next = NULL;
for (; fn != NULL; fn = next) {
next = fn->next;
if (fn->is_log) {
diff --git a/src/cmd/options/opt_log.c b/src/cmd/options/opt_log.c
index 7ec7591f..b1abcfaf 100644
--- a/src/cmd/options/opt_log.c
+++ b/src/cmd/options/opt_log.c
@@ -162,6 +162,10 @@ bool parse_container_log_opt(const char *key, const char *val, json_map_string_s
}
nret = append_json_map_string_string(opts, support_parsers[i].real_key, parsed_val);
free(parsed_val);
+ if (nret != 0) {
+ ERROR("Out of memory.");
+ return false;
+ }
return true;
}
}
diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c
index 6ca79a8c..fa0ec612 100644
--- a/src/daemon/executor/container_cb/execution_network.c
+++ b/src/daemon/executor/container_cb/execution_network.c
@@ -625,7 +625,6 @@ static int merge_resolv(const host_config *host_spec, const char *rootfs, const
if (ret != 0) {
WARN("Failed to handle resolv config %s, skip", pline);
free(tmp_content);
- ret = 0;
} else {
free(content);
content = tmp_content;
diff --git a/src/daemon/modules/image/oci/oci_import.c b/src/daemon/modules/image/oci/oci_import.c
index ae2f547a..335ee8d4 100644
--- a/src/daemon/modules/image/oci/oci_import.c
+++ b/src/daemon/modules/image/oci/oci_import.c
@@ -335,8 +335,6 @@ static int register_image(import_desc *desc)
ret = -1;
goto out;
}
-
- ret = 0;
}
image_created = true;
diff --git a/src/daemon/modules/image/oci/registry/auths.c b/src/daemon/modules/image/oci/registry/auths.c
index 02b9753c..a95127f2 100644
--- a/src/daemon/modules/image/oci/registry/auths.c
+++ b/src/daemon/modules/image/oci/registry/auths.c
@@ -218,7 +218,7 @@ out:
free(err);
err = NULL;
- return 0;
+ return ret;
}
static int add_allocated_auth(registry_auths *auths, char *host, char *auth)
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index e6369f90..17464c34 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -696,6 +696,7 @@ static int create_image(pull_descriptor *desc, char *image_id, bool *reuse)
goto out;
}
+ *reuse = false;
ret = storage_img_create(image_id, top_layer_id, NULL, &opts);
if (ret != 0) {
pre_top_layer = storage_get_img_top_layer(image_id);
@@ -712,10 +713,7 @@ static int create_image(pull_descriptor *desc, char *image_id, bool *reuse)
goto out;
}
- ret = 0;
*reuse = true;
- } else {
- *reuse = false;
}
ret = storage_img_add_name(image_id, desc->dest_image_name);
diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
index 7a45f880..eac40eb4 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c
@@ -475,7 +475,7 @@ static int do_diff_symlink(const char *id, char *link_id, const char *driver_hom
}
nret = symlink(target_path, clean_path);
- if (ret < 0) {
+ if (nret < 0) {
SYSERROR("Failed to create symlink from \"%s\" to \"%s\"", clean_path, target_path);
ret = -1;
goto out;
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index 208bb3bc..cd18c6aa 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -885,12 +885,12 @@ static char *caculate_playload(struct archive *ar)
break;
}
if (r != ARCHIVE_OK) {
- nret = -1;
- break;
+ ERROR("Read archive failed");
+ goto out;
}
if (!isula_crc_update(ctab, &crc, block_buf, block_size)) {
- nret = -1;
- break;
+ ERROR("Do crc update failed");
+ goto out;
}
empty = false;
}
@@ -930,6 +930,10 @@ static int archive_entry_parse(struct archive_entry *entry, struct archive *ar,
sentry.position = position;
// caculate playload
sentry.payload = caculate_playload(ar);
+ if (sentry.payload == NULL) {
+ ERROR("Caculate playload failed.");
+ goto out;
+ }
data = storage_entry_generate_json(&sentry, &ctx, &jerr);
if (data == NULL) {
diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c
index 51c112a3..49facaa2 100644
--- a/src/daemon/modules/log/log_gather.c
+++ b/src/daemon/modules/log/log_gather.c
@@ -342,7 +342,6 @@ static int init_log(const struct log_gather_conf *lgconf)
break;
case LOG_GATHER_DRIVER_NOSET:
g_save_log_op = write_into_stdout;
- driver = LOG_GATHER_DRIVER_STDOUT;
COMMAND_ERROR("Unset log driver, use stderr to log.");
break;
default:
diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c
index 501271ae..725bca5b 100644
--- a/src/daemon/modules/plugin/plugin.c
+++ b/src/daemon/modules/plugin/plugin.c
@@ -1268,7 +1268,6 @@ int pm_init(void)
ret = pthread_rwlock_init(&gpm->pm_rwlock, NULL);
if (ret != 0) {
- ret = -1;
goto bad;
}
diff --git a/src/utils/cutils/map/map.c b/src/utils/cutils/map/map.c
index 2fe96a54..cca04fe5 100644
--- a/src/utils/cutils/map/map.c
+++ b/src/utils/cutils/map/map.c
@@ -340,7 +340,7 @@ map_t *map_new(map_type_t kvtype, map_cmp_func comparator, map_kvfree_func kvfre
} else {
freer = kvfree;
}
- cmpor = comparator;
+
if (is_key_ptr(kvtype) && (comparator == MAP_DEFAULT_CMP_FUNC)) {
cmpor = rbtree_ptr_cmp;
} else if (is_key_int(kvtype) && (comparator == MAP_DEFAULT_CMP_FUNC)) {
diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c
index 2446f479..79cd7af6 100644
--- a/src/utils/cutils/path.c
+++ b/src/utils/cutils/path.c
@@ -55,7 +55,7 @@ static int do_clean_path(const char *respath, const char *limit_respath, const c
char *dest = *dst;
const char *endpos = NULL;
- for (endpos = stpos; *stpos; stpos = endpos) {
+ for (; *stpos; stpos = endpos) {
while (ISSLASH(*stpos)) {
++stpos;
}
--
2.25.1

188
0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch Normal file
View File

@ -0,0 +1,188 @@
From befc89eb26ff693ecb4fc5209985da9183bfd796 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 16 Aug 2022 16:12:13 +0800
Subject: [PATCH 19/21] [clang-anaylzer] ensure derenference of non-null
pointer
1. ensure derenference non-null pointer;
2. fix double free;
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/information/ps.c | 5 ++---
.../entry/cri/cri_pod_sandbox_manager_service_impl.cc | 2 +-
src/daemon/executor/image_cb/image_cb.c | 10 ++++------
.../modules/container/container_events_handler.c | 3 +--
.../modules/container/health_check/health_check.c | 3 ++-
src/daemon/modules/image/oci/registry/http_request.c | 5 ++---
.../image/oci/storage/image_store/image_store.c | 2 +-
src/daemon/modules/spec/specs.c | 5 +++--
8 files changed, 16 insertions(+), 19 deletions(-)
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 805cbbd6..71c01acb 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -731,6 +731,7 @@ static int append_first_non_header_field(const char *index, struct filters *ff)
goto out;
}
tmp->name = first_non_field;
+ first_non_field = NULL;
tmp->is_field = false;
if (append_field(ff, tmp) != 0) {
ERROR("Failed to append field");
@@ -738,7 +739,6 @@ static int append_first_non_header_field(const char *index, struct filters *ff)
goto out;
}
tmp = NULL;
- first_non_field = NULL;
out:
free_filter_field(tmp);
@@ -870,15 +870,14 @@ static int append_header_item_field(const char *index, const char *prefix, const
goto out;
}
field->name = filter_string;
+ filter_string = NULL;
field->is_field = true;
if (append_field(ff, field) != 0) {
ERROR("Failed to append field");
ret = -1;
goto out;
}
-
field = NULL;
- filter_string = NULL;
out:
free(sub_patten);
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index f0c0c6bb..fc0616e8 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -851,7 +851,7 @@ auto PodSandboxManagerServiceImpl::RemoveAllContainersInSandbox(const std::strin
}
// Remove all containers in the sandbox.
- for (size_t i = 0; i < list_response->containers_len; i++) {
+ for (size_t i = 0; list_response != nullptr && i < list_response->containers_len; i++) {
Errors rmError;
CRIHelpers::RemoveContainer(m_cb, list_response->containers[i]->id, rmError);
if (rmError.NotEmpty() && !CRIHelpers::IsContainerNotFoundError(rmError.GetMessage())) {
diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c
index 75ae7b74..55e12d51 100644
--- a/src/daemon/executor/image_cb/image_cb.c
+++ b/src/daemon/executor/image_cb/image_cb.c
@@ -1009,8 +1009,7 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima
*response = util_common_calloc_s(sizeof(image_pull_image_response));
if (*response == NULL) {
ERROR("Out of memory");
- cc = ISULAD_ERR_MEMOUT;
- goto out;
+ return ISULAD_ERR_MEMOUT;
}
EVENT("Image Event: {Object: %s, Type: Pulling}", request->image_name);
@@ -1030,12 +1029,11 @@ static int image_pull_cb(const image_pull_image_request *request, image_pull_ima
EVENT("Image Event: {Object: %s, Type: Pulled}", request->image_name);
out:
- if (*response != NULL) {
- (*response)->image_ref = util_strdup_s(im_rsp->image_ref);
- (*response)->cc = cc;
+ (*response)->cc = cc;
+ if (im_rsp != NULL) {
(*response)->errmsg = util_strdup_s(im_rsp->errmsg);
+ (*response)->image_ref = util_strdup_s(im_rsp->image_ref);
}
-
free_im_pull_request(im_req);
free_im_pull_response(im_rsp);
diff --git a/src/daemon/modules/container/container_events_handler.c b/src/daemon/modules/container/container_events_handler.c
index 994c11cc..55dbfbe6 100644
--- a/src/daemon/modules/container/container_events_handler.c
+++ b/src/daemon/modules/container/container_events_handler.c
@@ -282,8 +282,7 @@ int container_events_handler_post_events(const struct isulad_events_format *even
cont = containers_store_get(event->id);
if (cont == NULL) {
ERROR("No such container:%s", event->id);
- ret = -1;
- goto out;
+ return -1;
}
it = util_common_calloc_s(sizeof(struct linked_list));
diff --git a/src/daemon/modules/container/health_check/health_check.c b/src/daemon/modules/container/health_check/health_check.c
index 273d3531..e9dcbdb9 100644
--- a/src/daemon/modules/container/health_check/health_check.c
+++ b/src/daemon/modules/container/health_check/health_check.c
@@ -813,7 +813,8 @@ static void *health_check_monitor(void *arg)
cont = containers_store_get(container_id);
if (cont == NULL) {
ERROR("Failed to get container info");
- goto out;
+ free(container_id);
+ return NULL;
}
set_monitor_exist_flag(cont->health_check, true);
if (util_get_now_time_stamp(&start_timestamp) == false) {
diff --git a/src/daemon/modules/image/oci/registry/http_request.c b/src/daemon/modules/image/oci/registry/http_request.c
index e812f947..f29c2017 100644
--- a/src/daemon/modules/image/oci/registry/http_request.c
+++ b/src/daemon/modules/image/oci/registry/http_request.c
@@ -704,9 +704,8 @@ int http_request_file(pull_descriptor *desc, const char *url, const char **custo
options = util_common_calloc_s(sizeof(struct http_get_options));
if (options == NULL) {
- ERROR("Failed to malloc http_get_options");
- ret = -1;
- goto out;
+ ERROR("Out of memory");
+ return -1;
}
memset(options, 0x00, sizeof(struct http_get_options));
diff --git a/src/daemon/modules/image/oci/storage/image_store/image_store.c b/src/daemon/modules/image/oci/storage/image_store/image_store.c
index 3ee69ee7..9dab66fd 100644
--- a/src/daemon/modules/image/oci/storage/image_store/image_store.c
+++ b/src/daemon/modules/image/oci/storage/image_store/image_store.c
@@ -2026,7 +2026,7 @@ static bool validate_digest(const char *digest)
char *encode = NULL;
// contains ':' and is not the last character
- if (index == NULL && index - value + 1 == strlen(value)) {
+ if (index == NULL || index - value + 1 == strlen(value)) {
INFO("Invalid checksum digest format");
ret = false;
goto out;
diff --git a/src/daemon/modules/spec/specs.c b/src/daemon/modules/spec/specs.c
index cf4aa111..44e38674 100644
--- a/src/daemon/modules/spec/specs.c
+++ b/src/daemon/modules/spec/specs.c
@@ -1794,12 +1794,12 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch
continue;
}
- if (split_security_opt(host_spec->security_opt[i], &items, &items_size)) {
+ if (split_security_opt(host_spec->security_opt[i], &items, &items_size) != 0) {
ret = -1;
goto out;
}
- if (items_size != 2) {
+ if (items == NULL || items_size != 2) {
ERROR("invalid --security-opt: %s", host_spec->security_opt[i]);
ret = -1;
goto out;
@@ -1823,6 +1823,7 @@ int parse_security_opt(const host_config *host_spec, bool *no_new_privileges, ch
}
util_free_array(items);
items = NULL;
+ items_size = 0;
}
out:
--
2.25.1

141
0020-do-clean-path-and-check-if-file-exist.patch Normal file
View File

@ -0,0 +1,141 @@
From 2cc83682862c28c05f68c0070b26f8dfa36bd2f7 Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com>
Date: Tue, 16 Aug 2022 10:07:09 +0800
Subject: [PATCH 20/21] do clean path and check if file exist
Signed-off-by: WangFengTu <wangfengtu@huawei.com>
---
src/daemon/executor/image_cb/image_cb.c | 19 +++++++++++++++++--
src/daemon/modules/image/oci/oci_export.c | 20 ++++++++++++++++++--
2 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c
index 55e12d51..5beda5f4 100644
--- a/src/daemon/executor/image_cb/image_cb.c
+++ b/src/daemon/executor/image_cb/image_cb.c
@@ -55,11 +55,13 @@
#include "utils_regex.h"
#include "utils_timestamp.h"
#include "utils_verify.h"
+#include "path.h"
static int do_import_image(const char *file, const char *tag, char **id)
{
int ret = 0;
im_import_request *request = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
if (file == NULL || tag == NULL || id == NULL) {
ERROR("Invalid input arguments");
@@ -67,6 +69,12 @@ static int do_import_image(const char *file, const char *tag, char **id)
goto out;
}
+ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", file);
+ ret = -1;
+ goto out;
+ }
+
request = util_common_calloc_s(sizeof(im_import_request));
if (request == NULL) {
ERROR("Out of memory");
@@ -75,7 +83,7 @@ static int do_import_image(const char *file, const char *tag, char **id)
}
request->tag = util_strdup_s(tag);
- request->file = util_strdup_s(file);
+ request->file = util_strdup_s(cleanpath);
ret = im_import_image(request, id);
if (ret != 0) {
@@ -147,6 +155,7 @@ static int do_load_image(const char *file, const char *tag, const char *type)
int ret = 0;
im_load_request *request = NULL;
im_load_response *response = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
if (file == NULL || type == NULL) {
ERROR("Invalid input arguments");
@@ -154,6 +163,12 @@ static int do_load_image(const char *file, const char *tag, const char *type)
goto out;
}
+ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", file);
+ ret = -1;
+ goto out;
+ }
+
request = util_common_calloc_s(sizeof(im_load_request));
if (request == NULL) {
ERROR("Out of memory");
@@ -163,7 +178,7 @@ static int do_load_image(const char *file, const char *tag, const char *type)
if (tag != NULL) {
request->tag = util_strdup_s(tag);
}
- request->file = util_strdup_s(file);
+ request->file = util_strdup_s(cleanpath);
request->type = util_strdup_s(type);
ret = im_load_image(request, &response);
diff --git a/src/daemon/modules/image/oci/oci_export.c b/src/daemon/modules/image/oci/oci_export.c
index 4b9d5183..e27ed6d8 100644
--- a/src/daemon/modules/image/oci/oci_export.c
+++ b/src/daemon/modules/image/oci/oci_export.c
@@ -15,11 +15,14 @@
#include "oci_export.h"
#include <stdbool.h>
#include <stdlib.h>
+#include <linux/limits.h>
#include "storage.h"
#include "isula_libutils/log.h"
#include "err_msg.h"
#include "util_archive.h"
+#include "path.h"
+#include "utils_file.h"
int oci_do_export(char *id, char *file)
{
@@ -27,12 +30,25 @@ int oci_do_export(char *id, char *file)
int ret2 = 0;
char *mount_point = NULL;
char *errmsg = NULL;
+ char cleanpath[PATH_MAX] = { 0 };
if (id == NULL || file == NULL) {
ERROR("Invalid NULL param");
return -1;
}
+ if (util_clean_path(file, cleanpath, sizeof(cleanpath)) == NULL) {
+ ERROR("clean path for %s failed", file);
+ ret = -1;
+ goto out;
+ }
+
+ if (util_fileself_exists(cleanpath)) {
+ ERROR("dst file %s exist", cleanpath);
+ ret = -1;
+ goto out;
+ }
+
mount_point = storage_rootfs_mount(id);
if (mount_point == NULL) {
ERROR("mount container %s failed", id);
@@ -40,9 +56,9 @@ int oci_do_export(char *id, char *file)
return -1;
}
- ret = archive_chroot_tar(mount_point, file, &errmsg);
+ ret = archive_chroot_tar(mount_point, cleanpath, &errmsg);
if (ret != 0) {
- ERROR("failed to export container %s to file %s: %s", id, file, errmsg);
+ ERROR("failed to export container %s to file %s: %s", id, cleanpath, errmsg);
isulad_set_error_message("Failed to export rootfs with error: %s", errmsg);
goto out;
}
--
2.25.1

157
0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch Normal file
View File

@ -0,0 +1,157 @@
From 1530d542f0beaf9aca8eee68096996240a755b1c Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Tue, 16 Aug 2022 19:50:29 +0800
Subject: [PATCH 21/21] [clang-analyzer] fix memory leak and use after free
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../connect/grpc/grpc_containers_client.cc | 5 +++++
.../entry/cri/websocket/service/ws_server.cc | 1 +
.../oci/storage/layer_store/layer_store.c | 21 +++++++++----------
src/utils/cpputils/url.cc | 2 +-
src/utils/cutils/utils_file.c | 2 +-
5 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/src/client/connect/grpc/grpc_containers_client.cc b/src/client/connect/grpc/grpc_containers_client.cc
index 85cafe9b..33c7c631 100644
--- a/src/client/connect/grpc/grpc_containers_client.cc
+++ b/src/client/connect/grpc/grpc_containers_client.cc
@@ -1926,6 +1926,7 @@ public:
ClientBaseConstants::COMMON_NAME_LEN);
if (ret != 0) {
ERROR("Failed to get common name in: %s", m_certFile.c_str());
+ delete ctx;
return -1;
}
ctx->context.AddMetadata("username", std::string(common_name_value, strlen(common_name_value)));
@@ -1945,11 +1946,15 @@ public:
ERROR("Invalid json: %s", err);
free(err);
CopyFromContainerFinish(ctx, &response->errmsg);
+ delete ctx->reader;
+ delete ctx;
return -1;
}
free(err);
} else {
CopyFromContainerFinish(ctx, &response->errmsg);
+ delete ctx->reader;
+ delete ctx;
return -1;
}
// Ignore the first reader which is used for transform metadata
diff --git a/src/daemon/entry/cri/websocket/service/ws_server.cc b/src/daemon/entry/cri/websocket/service/ws_server.cc
index 08f2cff0..63afc9dd 100644
--- a/src/daemon/entry/cri/websocket/service/ws_server.cc
+++ b/src/daemon/entry/cri/websocket/service/ws_server.cc
@@ -391,6 +391,7 @@ int WebsocketServer::RegisterStreamTask(struct lws *wsi) noexcept
}
if (GenerateSessionData(session, containerID) != 0) {
ERROR("failed to fill generate session data");
+ delete session;
return -1;
}
diff --git a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
index cd18c6aa..e563a8ef 100644
--- a/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
+++ b/src/daemon/modules/image/oci/storage/layer_store/layer_store.c
@@ -853,7 +853,7 @@ static void free_storage_entry_data(storage_entry *entry)
}
}
-static char *caculate_playload(struct archive *ar)
+static int caculate_playload(struct archive *ar, char **result)
{
int r = 0;
unsigned char *block_buf = NULL;
@@ -863,8 +863,7 @@ static char *caculate_playload(struct archive *ar)
#else
off_t block_offset = 0;
#endif
- char *ret = NULL;
- int nret = 0;
+ int ret = 0;
const isula_crc_table_t *ctab = NULL;
uint64_t crc = 0;
// max crc bits is 8
@@ -876,7 +875,7 @@ static char *caculate_playload(struct archive *ar)
ctab = new_isula_crc_table(ISO_POLY);
if (ctab == NULL) {
- return NULL;
+ return -1;
}
for (;;) {
@@ -886,10 +885,12 @@ static char *caculate_playload(struct archive *ar)
}
if (r != ARCHIVE_OK) {
ERROR("Read archive failed");
+ ret = -1;
goto out;
}
if (!isula_crc_update(ctab, &crc, block_buf, block_size)) {
ERROR("Do crc update failed");
+ ret = -1;
goto out;
}
empty = false;
@@ -903,10 +904,9 @@ static char *caculate_playload(struct archive *ar)
for (r = 0; r < 8; r++) {
tmp_data[r] = sum_data[r];
}
- nret = util_base64_encode(tmp_data, 8, &ret);
-
- if (nret != 0) {
- return NULL;
+ ret = util_base64_encode(tmp_data, 8, result);
+ if (ret != 0) {
+ ERROR("Do encode failed");
}
out:
@@ -929,9 +929,8 @@ static int archive_entry_parse(struct archive_entry *entry, struct archive *ar,
sentry.size = archive_entry_size(entry);
sentry.position = position;
// caculate playload
- sentry.payload = caculate_playload(ar);
- if (sentry.payload == NULL) {
- ERROR("Caculate playload failed.");
+ if (caculate_playload(ar, &sentry.payload) != 0) {
+ ERROR("Caculate playload failed");
goto out;
}
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
index ab1355a3..c78cf787 100644
--- a/src/utils/cpputils/url.cc
+++ b/src/utils/cpputils/url.cc
@@ -32,7 +32,7 @@ bool GetHexDigit(char c, char &d)
d = c - '0';
} else if (c >= 'a' && c <= 'f') {
d = c - 'a' + 10;
- } else if (c >= 'A' && c <= 'F') {
+ } else {
d = c - 'A' + 10;
}
return true;
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 67e7a707..f06f4d49 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -1549,10 +1549,10 @@ int util_atomic_write_file(const char *fname, const char *content, size_t conten
}
free_out:
- free(tmp_file);
if (ret != 0 && unlink(tmp_file) != 0 && errno != ENOENT) {
SYSERROR("Failed to remove temp file:%s", tmp_file);
}
+ free(tmp_file);
return ret;
}
--
2.25.1

15
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.15
%global _release 4
%global _release 5
%global is_systemd 1
%global enable_shimv2 1
%global is_embedded 1
@ -28,7 +28,12 @@ Patch6011: 0012-fix-lose-override-flag.patch
Patch6012: 0013-Add-read-and-execute-permissions-for-libhttpclient.s.patch
Patch6013: 0014-fix-exec_request_to_rest-forgot-to-handle-suffix.patch
Patch6014: 0015-add-fuzz-dict.patch
Patch6015: 0016-change-default-umask-to-0022.patch
Patch6015: 0016-clang-analyzer-ensure-agrument-with-nonnull-attirbut.patch
Patch6016: 0017-change-default-umask-to-0022.patch
Patch6017: 0018-clang-analyzer-remove-dead-assignment.patch
Patch6018: 0019-clang-anaylzer-ensure-derenference-of-non-null-point.patch
Patch6019: 0020-do-clean-path-and-check-if-file-exist.patch
Patch6020: 0021-clang-analyzer-fix-memory-leak-and-use-after-free.patch
%ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit)
@ -256,6 +261,12 @@ fi
%endif
%changelog
* Wed Aug 17 2022 haozi007 <liuhao27@huawei.com> - 2.0.15-5
- Type: enhancement
- ID: NA
- SUG: NA
- DESC: sycn patches from openeuler
* Mon Aug 15 2022 wangfengtu <wangfengtu@huawei.com> - 2.0.15-4
- Type: enhancement
- ID: NA