packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!361 sync from upstream

Browse Source 
From: @zh_xiaoyu 
Reviewed-by: @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-06-02 09:09:14 +00:00 committed by Gitee
commit 9c6f221c9e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
14 changed files with 619 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
0001-do-not-mkdir-of-isulad-if-no-controller-found.patch
View File

@ -1,7 +1,7 @@
From 9837be14200fecb32db0337652e60532f1adb7be Mon Sep 17 00:00:00 2001 From 9837be14200fecb32db0337652e60532f1adb7be Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com> From: WangFengTu <wangfengtu@huawei.com>
Date: Mon, 23 May 2022 17:06:19 +0800 Date: Mon, 23 May 2022 17:06:19 +0800
Subject: [PATCH 1/4] do not mkdir of isulad if no controller found Subject: [PATCH 01/13] do not mkdir of isulad if no controller found
If selinux disable the capibility DAC_OVERRIDE, If selinux disable the capibility DAC_OVERRIDE,
mkdir isulad may fail when run container. mkdir isulad may fail when run container.
@ -52,5 +52,5 @@ index e60377dd..6fb4ec38 100644
if (ret != 0 && (errno != EEXIST || !util_dir_exists(CGROUP_ISULAD_PATH))) { if (ret != 0 && (errno != EEXIST || !util_dir_exists(CGROUP_ISULAD_PATH))) {
return -1; return -1;
-- --
2.20.1 2.25.1

4
0002-fix-install-error-when-android.patch
View File

@ -1,7 +1,7 @@
From 426a282802b8b81c66e6857857a745583f816c0a Mon Sep 17 00:00:00 2001 From 426a282802b8b81c66e6857857a745583f816c0a Mon Sep 17 00:00:00 2001
From: WangFengTu <wangfengtu@huawei.com> From: WangFengTu <wangfengtu@huawei.com>
Date: Tue, 24 May 2022 16:51:02 +0800 Date: Tue, 24 May 2022 16:51:02 +0800
Subject: [PATCH 2/4] fix install error when android Subject: [PATCH 02/13] fix install error when android
Signed-off-by: WangFengTu <wangfengtu@huawei.com> Signed-off-by: WangFengTu <wangfengtu@huawei.com>
--- ---
@ -42,5 +42,5 @@ index 9efd16e9..5468111e 100644
lxc_path = selinux_lxc_contexts_path(); lxc_path = selinux_lxc_contexts_path();
#endif #endif
-- --
2.20.1 2.25.1

4
0003-imp-fuzz-for-pw-gr-parser.patch
View File

@ -1,7 +1,7 @@
From 9ccb30fa430c7b98ecab4406dabe8498c74db8c3 Mon Sep 17 00:00:00 2001 From 9ccb30fa430c7b98ecab4406dabe8498c74db8c3 Mon Sep 17 00:00:00 2001
From: chegJH <hejunjie10@huawei.com> From: chegJH <hejunjie10@huawei.com>
Date: Thu, 12 May 2022 16:40:41 +0800 Date: Thu, 12 May 2022 16:40:41 +0800
Subject: [PATCH 3/4] imp fuzz for pw gr parser Subject: [PATCH 03/13] imp fuzz for pw gr parser
Signed-off-by: chegJH <hejunjie10@huawei.com> Signed-off-by: chegJH <hejunjie10@huawei.com>
--- ---
@ -245,5 +245,5 @@ index 00000000..3a2195c6
+ +
+} +}
-- --
2.20.1 2.25.1

4
0004-improve-fuzz-test.patch
View File

@ -1,7 +1,7 @@
From 31a92265a6bd29dc8f98179947406f1bb56ac5a8 Mon Sep 17 00:00:00 2001 From 31a92265a6bd29dc8f98179947406f1bb56ac5a8 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com> From: haozi007 <liuhao27@huawei.com>
Date: Thu, 26 May 2022 13:53:09 +0100 Date: Thu, 26 May 2022 13:53:09 +0100
Subject: [PATCH 4/4] improve fuzz test Subject: [PATCH 04/13] improve fuzz test
Signed-off-by: haozi007 <liuhao27@huawei.com> Signed-off-by: haozi007 <liuhao27@huawei.com>
--- ---
@ -115,5 +115,5 @@ index 8e975e3b..c333c0dd 100644
+ return nullptr; + return nullptr;
} }
-- --
2.20.1 2.25.1

2
0005-Seccomp-optimization.patch
View File

@ -1,7 +1,7 @@
From 02167555e702316fe14cc963f9e978e9f66f59ba Mon Sep 17 00:00:00 2001 From 02167555e702316fe14cc963f9e978e9f66f59ba Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com> From: chengzrz <czrzrichard@gmail.com>
Date: Fri, 24 Dec 2021 10:47:31 +0800 Date: Fri, 24 Dec 2021 10:47:31 +0800
Subject: [PATCH] Seccomp optimization Subject: [PATCH 05/13] Seccomp optimization
Signed-off-by: chengzrz <czrzrichard@gmail.com> Signed-off-by: chengzrz <czrzrichard@gmail.com>
--- ---

2
0006-fix-different-type-convert.patch
View File

@ -1,7 +1,7 @@
From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001 From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com> From: haozi007 <liuhao27@huawei.com>
Date: Tue, 31 May 2022 03:33:16 +0100 Date: Tue, 31 May 2022 03:33:16 +0100
Subject: [PATCH 6/8] fix different type convert Subject: [PATCH 06/13] fix different type convert
Signed-off-by: haozi007 <liuhao27@huawei.com> Signed-off-by: haozi007 <liuhao27@huawei.com>
--- ---

2
0007-add-pointer-parameters-NULL-check.patch
View File

@ -1,7 +1,7 @@
From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001 From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com> From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 31 May 2022 19:35:35 +0800 Date: Tue, 31 May 2022 19:35:35 +0800
Subject: [PATCH 7/8] add pointer parameters NULL check Subject: [PATCH 07/13] add pointer parameters NULL check
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com> Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Signed-off-by: haozi007 <liuhao27@huawei.com> Signed-off-by: haozi007 <liuhao27@huawei.com>

2
0008-add-check-to-arguments.patch
View File

@ -1,7 +1,7 @@
From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001 From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com> From: haozi007 <liuhao27@huawei.com>
Date: Tue, 31 May 2022 12:53:10 +0100 Date: Tue, 31 May 2022 12:53:10 +0100
Subject: [PATCH 8/8] add check to arguments Subject: [PATCH 08/13] add check to arguments
Signed-off-by: haozi007 <liuhao27@huawei.com> Signed-off-by: haozi007 <liuhao27@huawei.com>
--- ---

26
0009-remove-static-of-strlncat.patch Normal file
View File

@ -0,0 +1,26 @@
From 9133e2159e9e69434b41e9649762f8eaed191f37 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Tue, 31 May 2022 22:39:44 +0800
Subject: [PATCH 09/13] remove static of strlncat
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/utils/http/parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c
index 0e0e603b..12df2435 100644
--- a/src/utils/http/parser.c
+++ b/src/utils/http/parser.c
@@ -47,7 +47,7 @@
#include "utils.h"
#include "isula_libutils/log.h"
-static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
+size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize)
{
size_t ssize, dsize;
--
2.25.1

26
0010-remove-check-parameter-label_opts-in-init_label.patch Normal file
View File

@ -0,0 +1,26 @@
From 60715b192de2cb1b4e8fe9ce48ddf081a6d2be53 Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 1 Jun 2022 09:50:03 +0800
Subject: [PATCH 10/13] remove check parameter label_opts in init_label
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/common/selinux_label.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c
index 533393a6..52422970 100644
--- a/src/daemon/common/selinux_label.c
+++ b/src/daemon/common/selinux_label.c
@@ -782,7 +782,7 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces
return 0;
}
- if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) {
+ if (dst_process_label == NULL || dst_mount_label == NULL) {
ERROR("Empty arguments");
return -1;
}
--
2.25.1

191
0011-update-seccomp-to-Linux-5.10-syscall-list.patch Normal file
View File

@ -0,0 +1,191 @@
From 55a4f57232c42a9c2d36a41de5d743ee9ebbe88e Mon Sep 17 00:00:00 2001
From: vegbir <yangjiaqi16@huawei.com>
Date: Wed, 1 Jun 2022 13:44:37 +0800
Subject: [PATCH 11/13] update seccomp to Linux 5.10 syscall list
Signed-off-by: yangjiaqi <yangjiaqi16@huawei.com>
---
src/contrib/config/seccomp_default.json | 39 +++++++++++++++++++++++--
1 file changed, 36 insertions(+), 3 deletions(-)
diff --git a/src/contrib/config/seccomp_default.json b/src/contrib/config/seccomp_default.json
index 7218b99c..7b2fcad3 100644
--- a/src/contrib/config/seccomp_default.json
+++ b/src/contrib/config/seccomp_default.json
@@ -31,10 +31,16 @@
"chmod",
"chown",
"chown32",
+ "clock_adjtime",
+ "clock_adjtime64",
"clock_getres",
+ "clock_getres_time64",
"clock_gettime",
+ "clock_gettime64",
"clock_nanosleep",
+ "clock_nanosleep_time64",
"close",
+ "close_range",
"connect",
"copy_file_range",
"creat",
@@ -46,6 +52,7 @@
"epoll_ctl",
"epoll_ctl_old",
"epoll_pwait",
+ "epoll_pwait2",
"epoll_wait",
"epoll_wait_old",
"eventfd",
@@ -55,6 +62,7 @@
"exit",
"exit_group",
"faccessat",
+ "faccessat2",
"fadvise64",
"fadvise64_64",
"fallocate",
@@ -83,6 +91,7 @@
"ftruncate",
"ftruncate64",
"futex",
+ "futex_time64",
"futimesat",
"getcpu",
"getcwd",
@@ -128,10 +137,15 @@
"ioctl",
"io_destroy",
"io_getevents",
+ "io_pgetevents",
+ "io_pgetevents_time64",
"ioprio_get",
"ioprio_set",
"io_setup",
"io_submit",
+ "io_uring_enter",
+ "io_uring_register",
+ "io_uring_setup",
"ipc",
"kill",
"lchown",
@@ -149,6 +163,7 @@
"lstat",
"lstat64",
"madvise",
+ "membarrier",
"memfd_create",
"mincore",
"mkdir",
@@ -165,7 +180,9 @@
"mq_notify",
"mq_open",
"mq_timedreceive",
+ "mq_timedreceive_time64",
"mq_timedsend",
+ "mq_timedsend_time64",
"mq_unlink",
"mremap",
"msgctl",
@@ -181,17 +198,22 @@
"_newselect",
"open",
"openat",
+ "openat2",
"pause",
+ "pidfd_open",
+ "pidfd_send_signal",
"pipe",
"pipe2",
"poll",
"ppoll",
+ "ppoll_time64",
"prctl",
"pread64",
"preadv",
"preadv2",
"prlimit64",
"pselect6",
+ "pselect6_time64",
"pwrite64",
"pwritev",
"pwritev2",
@@ -203,6 +225,7 @@
"recv",
"recvfrom",
"recvmmsg",
+ "recvmmsg_time64",
"recvmsg",
"remap_file_pages",
"removexattr",
@@ -211,6 +234,7 @@
"renameat2",
"restart_syscall",
"rmdir",
+ "rseq",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",
@@ -218,6 +242,7 @@
"rt_sigreturn",
"rt_sigsuspend",
"rt_sigtimedwait",
+ "rt_sigtimedwait_time64",
"rt_tgsigqueueinfo",
"sched_getaffinity",
"sched_getattr",
@@ -226,6 +251,7 @@
"sched_get_priority_min",
"sched_getscheduler",
"sched_rr_get_interval",
+ "sched_rr_get_interval_time64",
"sched_setaffinity",
"sched_setattr",
"sched_setparam",
@@ -237,6 +263,7 @@
"semget",
"semop",
"semtimedop",
+ "semtimedop_time64",
"send",
"sendfile",
"sendfile64",
@@ -279,6 +306,7 @@
"sigaltstack",
"signalfd",
"signalfd4",
+ "sigprocmask",
"sigreturn",
"socket",
"socketcall",
@@ -300,12 +328,16 @@
"time",
"timer_create",
"timer_delete",
- "timerfd_create",
- "timerfd_gettime",
- "timerfd_settime",
"timer_getoverrun",
"timer_gettime",
+ "timer_gettime64",
"timer_settime",
+ "timer_settime64",
+ "timerfd_create",
+ "timerfd_gettime",
+ "timerfd_gettime64",
+ "timerfd_settime",
+ "timerfd_settime64",
"times",
"tkill",
"truncate",
@@ -317,6 +349,7 @@
"unlinkat",
"utime",
"utimensat",
+ "utimensat_time64",
"utimes",
"vfork",
"vmsplice",
--
2.25.1

319
0012-fix-invalid-convert-and-format.patch Normal file
View File

@ -0,0 +1,319 @@
From 8dcad172ea0241f35cdd464029523253ada7e99f Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 1 Jun 2022 12:53:56 +0100
Subject: [PATCH 12/13] fix invalid convert and format
1. invalid convert;
2. error print format;
3. unuse marco;
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
src/cmd/isula/base/create.h | 3 +--
src/cmd/isula/information/inspect.c | 1 -
src/cmd/isula/information/ps.c | 1 -
src/cmd/isulad/isulad_commands.h | 3 +--
src/cmd/isulad/main.c | 2 +-
src/daemon/modules/runtime/shim/shim_rt_ops.c | 11 ++++++-----
src/daemon/modules/service/service_container.c | 6 +++---
src/daemon/modules/spec/specs_namespace.c | 8 +++++---
src/utils/cutils/utils.c | 2 +-
src/utils/cutils/utils_aes.c | 7 +------
src/utils/cutils/utils_aes.h | 1 -
src/utils/cutils/utils_file.c | 1 -
src/utils/cutils/utils_network.c | 11 +++++++++--
13 files changed, 28 insertions(+), 29 deletions(-)
diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h
index 36c0dc9e..467fefe8 100644
--- a/src/cmd/isula/base/create.h
+++ b/src/cmd/isula/base/create.h
@@ -414,8 +414,7 @@ extern "C" {
"health-start-period", \
0, \
&(cmdargs).custom_conf.health_start_period, \
- "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) " \
- "(default 0s)", \
+ "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)", \
command_convert_nanoseconds }, \
{ CMD_OPT_TYPE_BOOL, \
false, \
diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c
index 30b228a0..5058fb95 100644
--- a/src/cmd/isula/information/inspect.c
+++ b/src/cmd/isula/information/inspect.c
@@ -639,7 +639,6 @@ out:
return ret_string;
}
-#define MATCH_NUM 1
#define CHECK_FAILED (-1)
#ifdef __ANDROID__
#define JSON_ARGS "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json)?[ \t\r\n\v\f]+[^ \t\r\n\v\f]+[ \t\r\n\v\f]*.*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$"
diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c
index 45296fad..74c2f94a 100644
--- a/src/cmd/isula/information/ps.c
+++ b/src/cmd/isula/information/ps.c
@@ -765,7 +765,6 @@ static int get_header_field(const char *patten, struct filters *ff)
static int format_field_check(const char *source, const char *patten)
{
-#define MATCH_NUM 1
#define CHECK_FAILED (-1)
int status = 0;
diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h
index e989466f..ad8ba9e5 100644
--- a/src/cmd/isulad/isulad_commands.h
+++ b/src/cmd/isulad/isulad_commands.h
@@ -182,8 +182,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg);
"pod-sandbox-image", \
0, \
&(cmdargs)->json_confs->pod_sandbox_image, \
- "The image whose network/ipc namespaces containers in each pod will use. " \
- "(default \"pause-${machine}:3.0\")", \
+ "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \
NULL }, \
{ CMD_OPT_TYPE_STRING_DUP, \
false, \
diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c
index 9801c245..e644b16d 100644
--- a/src/cmd/isulad/main.c
+++ b/src/cmd/isulad/main.c
@@ -707,7 +707,7 @@ static int update_graph_for_userns_remap(struct service_arguments *args)
goto out;
}
- nret = snprintf(graph, sizeof(graph), "%s/%d.%d", args->json_confs->graph, host_uid, host_gid);
+ nret = snprintf(graph, sizeof(graph), "%s/%u.%u", args->json_confs->graph, host_uid, host_gid);
if (nret < 0 || (size_t)nret >= sizeof(graph)) {
ERROR("Path is too long");
ret = -1;
diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c
index 346e6f48..21d339e5 100644
--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c
+++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c
@@ -30,8 +30,6 @@
#include "err_msg.h"
#include "engine.h"
-#define SHIM_LOG_SIZE ((BUFSIZ-100)/2)
-#define PID_WAIT_TIME 120
#define EXIT_SIGNAL_OFFSET_X 128
static void copy_process(shim_client_process_state *p, defs_process *dp)
@@ -112,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
int err_fd[2] = {-1, -1};
int out_fd[2] = {-1, -1};
char exec_buff[BUFSIZ + 1] = {0};
- char stdout_buff[BUFSIZ + 1] = {0};
+ char stdout_buff[PATH_MAX] = {0};
char stderr_buff[BUFSIZ + 1] = {0};
@@ -177,7 +175,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w
(void)dprintf(exec_fd[1], "close inherited fds failed");
}
- setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1);
+ if (setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1) != 0) {
+ (void)dprintf(exec_fd[1], "%s: failed to set env for process %d", id, getpid());
+ exit(EXIT_FAILURE);
+ }
execvp(binary, (char * const *)params);
(void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno));
@@ -379,7 +380,7 @@ int rt_shim_rm(const char *id, const char *runtime, const rt_rm_params_t *params
}
nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id);
- if (nret < 0 && nret >= sizeof(libdir)) {
+ if (nret < 0 || nret >= sizeof(libdir)) {
ERROR("failed to get shim workdir");
ret = -1;
goto out;
diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c
index 64219423..c3c4fc1c 100644
--- a/src/daemon/modules/service/service_container.c
+++ b/src/daemon/modules/service/service_container.c
@@ -1233,7 +1233,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint
return 0;
}
-static int container_stop_signal(container_t *cont)
+static uint32_t container_stop_signal(container_t *cont)
{
int signal = 0;
@@ -1245,7 +1245,7 @@ static int container_stop_signal(container_t *cont)
signal = SIGTERM;
}
- return signal;
+ return (uint32_t)signal;
}
static int kill_with_signal(container_t *cont, uint32_t signal)
@@ -1253,7 +1253,7 @@ static int kill_with_signal(container_t *cont, uint32_t signal)
int ret = 0;
int nret = 0;
const char *id = cont->common_config->id;
- int stop_signal = container_stop_signal(cont);
+ uint32_t stop_signal = container_stop_signal(cont);
bool need_unpause = container_is_paused(cont->state);
rt_resume_params_t params = { 0 };
char annotations[EVENT_EXTRA_ANNOTATION_MAX] = { 0 };
diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c
index e9f98d00..3888f556 100644
--- a/src/daemon/modules/spec/specs_namespace.c
+++ b/src/daemon/modules/spec/specs_namespace.c
@@ -191,7 +191,7 @@ int get_network_namespace_path(const host_config *host_spec,
const container_config_v2_common_config_network_settings *network_settings,
const char *type, char **dest_path)
{
- int index;
+ size_t index = 0;
int ret = -1;
struct get_netns_path_handler handler_jump_table[] = {
{ SHARE_NAMESPACE_NONE, handle_get_path_from_none },
@@ -200,11 +200,13 @@ int get_network_namespace_path(const host_config *host_spec,
{ SHARE_NAMESPACE_FILE, handle_get_path_from_file },
};
size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]);
- const char *network_mode = host_spec->network_mode;
+ const char *network_mode = NULL;
- if (network_mode == NULL || dest_path == NULL) {
+ if (host_spec == NULL || network_mode == NULL || dest_path == NULL) {
+ ERROR("Invalid input");
return -1;
}
+ network_mode = host_spec->network_mode;
for (index = 0; index < jump_table_size; ++index) {
if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) {
diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c
index 30ff629f..a47c5644 100644
--- a/src/utils/cutils/utils.c
+++ b/src/utils/cutils/utils.c
@@ -1549,7 +1549,7 @@ out:
int convert_v2_runtime(const char *runtime, char *binary)
{
char **parts = NULL;
- int parts_len = 0;
+ size_t parts_len = 0;
char buf[PATH_MAX] = {0};
int ret = 0;
diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c
index 5dc822a2..dec1e8bc 100644
--- a/src/utils/cutils/utils_aes.c
+++ b/src/utils/cutils/utils_aes.c
@@ -28,8 +28,6 @@
#include "openssl/evp.h"
#include "utils_file.h"
-#define AES_256_CFB_IV_LEN 16
-
int util_aes_key(char *key_file, bool create, unsigned char *aeskey)
{
char *key_dir = NULL;
@@ -83,7 +81,6 @@ int util_aes_key(char *key_file, bool create, unsigned char *aeskey)
out:
free(key_dir);
- key_dir = NULL;
if (fd != 0) {
close(fd);
}
@@ -97,7 +94,7 @@ size_t util_aes_decode_buf_len(size_t len)
return len;
}
- return (len / AES_BLOCK_SIZE * AES_BLOCK_SIZE) + AES_BLOCK_SIZE;
+ return (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE + AES_BLOCK_SIZE;
}
size_t util_aes_encode_buf_len(size_t len)
@@ -179,7 +176,6 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
out:
EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
if (ret != 0) {
free(*out);
*out = NULL;
@@ -262,7 +258,6 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns
out:
EVP_CIPHER_CTX_free(ctx);
- ctx = NULL;
if (ret != 0) {
free(*out);
*out = NULL;
diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h
index 2bfe3ea6..d429c9e0 100644
--- a/src/utils/cutils/utils_aes.h
+++ b/src/utils/cutils/utils_aes.h
@@ -17,7 +17,6 @@
#define UTILS_CUTILS_UTILS_AES_H
#include <stdbool.h>
-#include <stddef.h>
#include <stdint.h>
#include <sys/types.h>
diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c
index 45e4842b..00f586f1 100644
--- a/src/utils/cutils/utils_file.c
+++ b/src/utils/cutils/utils_file.c
@@ -1619,7 +1619,6 @@ static int do_check_args(const char *path)
char *util_read_content_from_file(const char *path)
{
-#define FILE_MODE 0640
char *buf = NULL;
char rpath[PATH_MAX + 1] = { 0 };
int fd = -1;
diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
index 1ca901ea..5192d06f 100644
--- a/src/utils/cutils/utils_network.c
+++ b/src/utils/cutils/utils_network.c
@@ -27,6 +27,7 @@
#include <isula_libutils/log.h>
#include <fcntl.h>
+#include "utils.h"
#include "utils_fs.h"
#include "utils_file.h"
#include "constants.h"
@@ -67,10 +68,16 @@ out:
static void* mount_netns(void *netns_path)
{
- int *ecode = (int *)malloc(sizeof(int));
+ int *ecode = NULL;
char fullpath[PATH_MAX] = { 0x00 };
int ret = 0;
+ ecode = (int *)util_common_calloc_s(sizeof(int));
+ if (ecode == NULL) {
+ ERROR("Out of memory");
+ return NULL;
+ }
+
if (unshare(CLONE_NEWNET) != 0) {
ERROR("Failed to unshare");
goto err_out;
@@ -102,7 +109,7 @@ int util_mount_namespace(const char *netns_path)
int ret = 0;
void *status = NULL;
- ret = pthread_create(&newns_thread, NULL, (void *)&mount_netns, (void *)netns_path);
+ ret = pthread_create(&newns_thread, NULL, mount_netns, (void *)netns_path);
if (ret != 0) {
ERROR("Failed to create thread");
return -1;
--
2.25.1

33
0013-fix-get_network_namespace_path-check.patch Normal file
View File

@ -0,0 +1,33 @@
From a96ad33008671e61bddebb744a7ac0aa3798313b Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Thu, 2 Jun 2022 10:33:07 +0800
Subject: [PATCH 13/13] fix get_network_namespace_path check
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
src/daemon/modules/spec/specs_namespace.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c
index 3888f556..2bf4cc36 100644
--- a/src/daemon/modules/spec/specs_namespace.c
+++ b/src/daemon/modules/spec/specs_namespace.c
@@ -200,13 +200,12 @@ int get_network_namespace_path(const host_config *host_spec,
{ SHARE_NAMESPACE_FILE, handle_get_path_from_file },
};
size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]);
- const char *network_mode = NULL;
+ const char *network_mode = host_spec->network_mode;
- if (host_spec == NULL || network_mode == NULL || dest_path == NULL) {
+ if (network_mode == NULL || dest_path == NULL) {
ERROR("Invalid input");
return -1;
}
- network_mode = host_spec->network_mode;
for (index = 0; index < jump_table_size; ++index) {
if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) {
--
2.25.1

13
iSulad.spec
View File

@ -1,5 +1,5 @@
%global _version 2.0.14 %global _version 2.0.14
%global _release 6 %global _release 7
%global is_systemd 1 %global is_systemd 1
%global enable_shimv2 1 %global enable_shimv2 1
%global is_embedded 1 %global is_embedded 1
@ -21,6 +21,11 @@ Patch0005: 0005-Seccomp-optimization.patch
Patch0006: 0006-fix-different-type-convert.patch Patch0006: 0006-fix-different-type-convert.patch
Patch0007: 0007-add-pointer-parameters-NULL-check.patch Patch0007: 0007-add-pointer-parameters-NULL-check.patch
Patch0008: 0008-add-check-to-arguments.patch Patch0008: 0008-add-check-to-arguments.patch
Patch0009: 0009-remove-static-of-strlncat.patch
Patch0010: 0010-remove-check-parameter-label_opts-in-init_label.patch
Patch0011: 0011-update-seccomp-to-Linux-5.10-syscall-list.patch
Patch0012: 0012-fix-invalid-convert-and-format.patch
Patch0013: 0013-fix-get_network_namespace_path-check.patch
%ifarch x86_64 aarch64 %ifarch x86_64 aarch64
Provides: libhttpclient.so()(64bit) Provides: libhttpclient.so()(64bit)
@ -248,6 +253,12 @@ fi
%endif %endif
%changelog %changelog
* Tue May 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.14-7
- Type: enhancement
- ID: NA
- SUG: NA
- DESC: fix type convert, add null pointer check, remove unuse macro
* Tue May 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.14-6 * Tue May 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 2.0.14-6
- Type: enhancement - Type: enhancement
- ID: NA - ID: NA