From 31aefd67d0518b2201bc08a93918c66b33ced6e1 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 31 May 2022 22:05:05 +0800 Subject: [PATCH] fix different type convert and add check to arguments Signed-off-by: zhangxiaoyu --- 0006-fix-different-type-convert.patch | 264 +++++++++ 0007-add-pointer-parameters-NULL-check.patch | 226 ++++++++ 0008-add-check-to-arguments.patch | 533 +++++++++++++++++++ iSulad.spec | 12 +- 4 files changed, 1033 insertions(+), 2 deletions(-) create mode 100644 0006-fix-different-type-convert.patch create mode 100644 0007-add-pointer-parameters-NULL-check.patch create mode 100644 0008-add-check-to-arguments.patch diff --git a/0006-fix-different-type-convert.patch b/0006-fix-different-type-convert.patch new file mode 100644 index 0000000..9c9659e --- /dev/null +++ b/0006-fix-different-type-convert.patch @@ -0,0 +1,264 @@ +From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 31 May 2022 03:33:16 +0100 +Subject: [PATCH 6/8] fix different type convert + +Signed-off-by: haozi007 +--- + src/cmd/isula/isula_host_spec.c | 23 ++++++++++++++----- + src/cmd/isula/stream/exec.c | 6 +++-- + src/cmd/isulad/isulad_commands.c | 11 +++++++-- + src/cmd/options/opt_ulimit.c | 9 ++++++-- + .../modules/runtime/engines/lcr/lcr_engine.c | 2 +- + src/daemon/modules/spec/specs_mount.c | 8 +++++-- + src/utils/http/parser.c | 2 +- + 7 files changed, 45 insertions(+), 16 deletions(-) + +diff --git a/src/cmd/isula/isula_host_spec.c b/src/cmd/isula/isula_host_spec.c +index 85451dd4..297f9299 100644 +--- a/src/cmd/isula/isula_host_spec.c ++++ b/src/cmd/isula/isula_host_spec.c +@@ -516,6 +516,7 @@ static int parse_blkio_throttle_bps_device(const char *device, char **path, uint + { + int ret = 0; + char **split = NULL; ++ int64_t converted = 0; + + split = util_string_split_multi(device, ':'); + if (split == NULL || util_array_len((const char **)split) != 2) { +@@ -530,13 +531,16 @@ static int parse_blkio_throttle_bps_device(const char *device, char **path, uint + goto out; + } + +- if (util_parse_byte_size_string(split[1], (int64_t *)rate) != 0) { ++ ret = util_parse_byte_size_string(split[1], &converted); ++ if (ret != 0 || converted < 0) { + COMMAND_ERROR("invalid rate for device: %s. The correct format is :[]." + " Number must be a positive integer. Unit is optional and can be kb, mb, or gb", + device); + ret = -1; + goto out; + } ++ ++ *rate = converted; + *path = util_strdup_s(split[0]); + + out: +@@ -691,6 +695,7 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) + char *trans_page = NULL; + uint64_t limit = 0; + uint64_t page = 0; ++ int64_t tconverted = 0; + host_config_hugetlbs_element *limit_element = NULL; + + temp = util_strdup_s(input); +@@ -704,18 +709,21 @@ static host_config_hugetlbs_element *pase_hugetlb_limit(const char *input) + goto free_out; + } + +- ret = util_parse_byte_size_string(limit_value, (int64_t *)(&limit)); +- if (ret != 0) { ++ ret = util_parse_byte_size_string(limit_value, &tconverted); ++ if (ret != 0 || tconverted < 0) { + COMMAND_ERROR("Parse limit value: %s failed:%s", limit_value, strerror(-ret)); + goto free_out; + } ++ limit = (uint64_t)tconverted; + + if (pagesize != NULL) { +- ret = util_parse_byte_size_string(pagesize, (int64_t *)(&page)); +- if (ret != 0) { ++ tconverted = 0; ++ ret = util_parse_byte_size_string(pagesize, &tconverted); ++ if (ret != 0 || tconverted < 0) { + COMMAND_ERROR("Parse pagesize error.Invalid hugepage size: %s: %s", pagesize, strerror(-ret)); + goto free_out; + } ++ page = (uint64_t)tconverted; + + trans_page = util_human_size(page); + if (trans_page == NULL) { +@@ -842,15 +850,18 @@ static bool parse_size(const char *input, const char *token, host_config_host_ch + uint64_t size = 0; + uint64_t mem_total_size = 0; + uint64_t mem_available_size = 0; ++ int64_t converted = 0; + + if (strcmp(token, "") == 0) { + host_channel->size = 64 * SIZE_MB; + return true; + } +- if (util_parse_byte_size_string(token, (int64_t *)(&size))) { ++ if (util_parse_byte_size_string(token, &converted) != 0 || converted < 0) { + COMMAND_ERROR("Invalid size limit for host channel: %s", input); + return false; + } ++ size = (uint64_t)converted; ++ + if (size < HOST_CHANNLE_MIN_SIZE) { + COMMAND_ERROR("Invalid size, larger than 4KB is allowed"); + return false; +diff --git a/src/cmd/isula/stream/exec.c b/src/cmd/isula/stream/exec.c +index aa702b90..df911d0b 100644 +--- a/src/cmd/isula/stream/exec.c ++++ b/src/cmd/isula/stream/exec.c +@@ -49,6 +49,7 @@ static int fill_exec_request(const struct client_arguments *args, const struct c + { + int ret = 0; + size_t i = 0; ++ size_t tconverted = 0; + char *new_env = NULL; + + request->name = util_strdup_s(args->name); +@@ -67,12 +68,13 @@ static int fill_exec_request(const struct client_arguments *args, const struct c + request->user = util_strdup_s(args->custom_conf.user); + request->workdir = util_strdup_s(args->custom_conf.workdir); + +- if (util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv), +- (size_t *)(&request->argc)) != 0) { ++ ret = util_dup_array_of_strings((const char **)args->argv, args->argc, &(request->argv), &tconverted); ++ if (ret != 0 || tconverted >= INT_MAX) { + ERROR("Failed to dup args"); + ret = -1; + goto out; + } ++ request->argc = (int)tconverted; + + /* environment variables */ + for (i = 0; i < util_array_len((const char **)(args->extra_env)); i++) { +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index 2a0ccf92..f73a82e2 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -517,7 +517,6 @@ out: + static int do_merge_conf_default_ulimit_into_global(struct service_arguments *args) + { + size_t i, j, json_default_ulimit_len; +- isulad_daemon_configs_default_ulimits_element *ptr = NULL; + + if (args->json_confs->default_ulimits == NULL) { + return 0; +@@ -525,6 +524,9 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar + + json_default_ulimit_len = args->json_confs->default_ulimits->len; + for (i = 0; i < json_default_ulimit_len; i++) { ++ isulad_daemon_configs_default_ulimits_element *ptr = NULL; ++ host_config_ulimits_element telem = { 0 }; ++ + ptr = args->json_confs->default_ulimits->values[i]; + for (j = 0; j < args->default_ulimit_len; j++) { + if (strcmp(ptr->name, args->default_ulimit[j]->name) == 0) { +@@ -532,12 +534,17 @@ static int do_merge_conf_default_ulimit_into_global(struct service_arguments *ar + } + } + ++ // ulimit of name setted, just update values + if (j < args->default_ulimit_len) { + args->default_ulimit[j]->soft = ptr->soft; + args->default_ulimit[j]->hard = ptr->hard; + continue; + } +- if (ulimit_array_append(&args->default_ulimit, (host_config_ulimits_element *)ptr, args->default_ulimit_len) != ++ ++ telem.name = ptr->name; ++ telem.hard = ptr->hard; ++ telem.soft = ptr->soft; ++ if (ulimit_array_append(&args->default_ulimit, &telem, args->default_ulimit_len) != + 0) { + ERROR("merge json confs default ulimit config failed"); + return -1; +diff --git a/src/cmd/options/opt_ulimit.c b/src/cmd/options/opt_ulimit.c +index 1a9c6165..b9eddf8a 100644 +--- a/src/cmd/options/opt_ulimit.c ++++ b/src/cmd/options/opt_ulimit.c +@@ -58,22 +58,27 @@ static void get_ulimit_split_parts(const char *val, char ***parts, size_t *parts + static int parse_soft_hard_ulimit(const char *val, char **limitvals, size_t limitvals_len, int64_t *soft, int64_t *hard) + { + int ret = 0; ++ long long converted = 0; ++ + // parse soft +- ret = util_safe_llong(limitvals[0], (long long *)soft); ++ ret = util_safe_llong(limitvals[0], &converted); + if (ret < 0) { + COMMAND_ERROR("Invalid ulimit soft value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); + ret = -1; + goto out; + } ++ *soft = (int64_t)converted; + + // parse hard if exists + if (limitvals_len > 1) { +- ret = util_safe_llong(limitvals[1], (long long *)hard); ++ converted = 0; ++ ret = util_safe_llong(limitvals[1], &converted); + if (ret < 0) { + COMMAND_ERROR("Invalid ulimit hard value: \"%s\", parse int64 failed: %s", val, strerror(-ret)); + ret = -1; + goto out; + } ++ *hard = (int64_t)converted; + + if (*soft > *hard) { + COMMAND_ERROR("Ulimit soft limit must be less than or equal to hard limit: %lld > %lld", +diff --git a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c +index 0d29e362..2ca12545 100644 +--- a/src/daemon/modules/runtime/engines/lcr/lcr_engine.c ++++ b/src/daemon/modules/runtime/engines/lcr/lcr_engine.c +@@ -30,7 +30,7 @@ + typedef bool (*lcr_state_op_t)(const char *name, const char *lcrpath, struct lcr_container_state *lcs); + typedef void (*lcr_container_state_free_t)(struct lcr_container_state *lcs); + typedef bool (*lcr_update_op_t)(const char *name, const char *lcrpath, struct lcr_cgroup_resources *cr); +-typedef bool (*lcr_start_op_t)(struct lcr_start_request *request); ++typedef bool (*lcr_start_op_t)(const struct lcr_start_request *request); + typedef bool (*lcr_exec_op_t)(const struct lcr_exec_request *request, int *exit_code); + + static lcr_state_op_t g_lcr_state_op = NULL; +diff --git a/src/daemon/modules/spec/specs_mount.c b/src/daemon/modules/spec/specs_mount.c +index c89f077f..b35061d8 100644 +--- a/src/daemon/modules/spec/specs_mount.c ++++ b/src/daemon/modules/spec/specs_mount.c +@@ -2089,21 +2089,25 @@ static int parse_device_cgroup_rule(defs_device_cgroup *spec_dev_cgroup, const c + if (strcmp(file_mode[0], "*") == 0) { + spec_dev_cgroup->major = -1; + } else { +- if (util_safe_llong(file_mode[0], (long long *)&spec_dev_cgroup->major) != 0) { ++ long long converted = 0; ++ if (util_safe_llong(file_mode[0], &converted) != 0) { + ERROR("Invalid rule mode %s", file_mode[0]); + ret = -1; + goto free_out; + } ++ spec_dev_cgroup->major = converted; + } + + if (strcmp(file_mode[1], "*") == 0) { + spec_dev_cgroup->minor = -1; + } else { +- if (util_safe_llong(file_mode[1], (long long *)&spec_dev_cgroup->minor) != 0) { ++ long long converted = 0; ++ if (util_safe_llong(file_mode[1], &converted) != 0) { + ERROR("Invalid rule mode %s", file_mode[1]); + ret = -1; + goto free_out; + } ++ spec_dev_cgroup->minor = (int64_t)converted; + } + + free_out: +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index 5ea1677c..37475b33 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -47,7 +47,7 @@ + #include "utils.h" + #include "isula_libutils/log.h" + +-size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) ++static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) + { + size_t ssize, dsize; + +-- +2.25.1 + diff --git a/0007-add-pointer-parameters-NULL-check.patch b/0007-add-pointer-parameters-NULL-check.patch new file mode 100644 index 0000000..e01a26b --- /dev/null +++ b/0007-add-pointer-parameters-NULL-check.patch @@ -0,0 +1,226 @@ +From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 31 May 2022 19:35:35 +0800 +Subject: [PATCH 7/8] add pointer parameters NULL check + +Signed-off-by: zhangxiaoyu +Signed-off-by: haozi007 +--- + src/cmd/isula/extend/update.c | 24 +++++++++---------- + src/cmd/isula/extend/update.h | 1 - + src/cmd/isula/isula_commands.c | 2 +- + src/cmd/isula/isula_commands.h | 2 -- + src/daemon/config/isulad_config.c | 4 ++++ + src/daemon/modules/api/container_api.h | 2 -- + src/daemon/modules/api/plugin_api.h | 1 - + .../modules/container/container_state.c | 2 +- + .../modules/container/containers_store.c | 5 ++++ + .../graphdriver/devmapper/deviceset.c | 2 +- + .../graphdriver/overlay2/driver_overlay2.c | 2 +- + src/daemon/modules/plugin/plugin.c | 2 +- + src/daemon/modules/spec/specs_extend.c | 4 ++++ + 13 files changed, 30 insertions(+), 23 deletions(-) + +diff --git a/src/cmd/isula/extend/update.c b/src/cmd/isula/extend/update.c +index a9b0fccf..27cd07c0 100644 +--- a/src/cmd/isula/extend/update.c ++++ b/src/cmd/isula/extend/update.c +@@ -86,6 +86,18 @@ error_out: + return NULL; + } + ++static int update_checker(const struct client_arguments *args) ++{ ++ int ret = 0; ++ ++ if (args->argc == 0) { ++ COMMAND_ERROR("Update requires at least 1 container names"); ++ return EINVALIDARGS; ++ } ++ ++ return ret; ++} ++ + static int client_update(const struct client_arguments *args) + { + int ret = 0; +@@ -191,15 +203,3 @@ int cmd_update_main(int argc, const char **argv) + + return ret; + } +- +-int update_checker(const struct client_arguments *args) +-{ +- int ret = 0; +- +- if (args->argc == 0) { +- COMMAND_ERROR("Update requires at least 1 container names"); +- return EINVALIDARGS; +- } +- +- return ret; +-} +diff --git a/src/cmd/isula/extend/update.h b/src/cmd/isula/extend/update.h +index a527b46a..15a6ce59 100644 +--- a/src/cmd/isula/extend/update.h ++++ b/src/cmd/isula/extend/update.h +@@ -114,7 +114,6 @@ extern const char g_cmd_update_desc[]; + extern const char g_cmd_update_usage[]; + extern struct client_arguments g_cmd_update_args; + int cmd_update_main(int argc, const char **argv); +-int update_checker(const struct client_arguments *args); + + #ifdef __cplusplus + } +diff --git a/src/cmd/isula/isula_commands.c b/src/cmd/isula/isula_commands.c +index db37f705..89d9ca96 100644 +--- a/src/cmd/isula/isula_commands.c ++++ b/src/cmd/isula/isula_commands.c +@@ -94,7 +94,7 @@ static void print_version() + } + + /* compare commands */ +-int compare_commands(const void *s1, const void *s2) ++static int compare_commands(const void *s1, const void *s2) + { + return strcmp((*(const struct command *)s1).name, (*(const struct command *)s2).name); + } +diff --git a/src/cmd/isula/isula_commands.h b/src/cmd/isula/isula_commands.h +index 0518025f..1ee773ee 100644 +--- a/src/cmd/isula/isula_commands.h ++++ b/src/cmd/isula/isula_commands.h +@@ -44,8 +44,6 @@ struct command { + // NOTE: Command arrays must end in a command with all member is NULL + const struct command *command_by_name(const struct command *cmds, const char * const name); + +-int compare_commands(const void *s1, const void *s2); +- + // Default help command if implementation doesn't prvide one + int command_default_help(const char * const program_name, struct command *commands, int argc, const char **argv); + +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 287e5707..92d86a3b 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -1069,6 +1069,10 @@ int conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit) + size_t i, ulimit_len; + struct service_arguments *conf = NULL; + ++ if (ulimit == NULL) { ++ return -1; ++ } ++ + if (isulad_server_conf_rdlock() != 0) { + return -1; + } +diff --git a/src/daemon/modules/api/container_api.h b/src/daemon/modules/api/container_api.h +index 3b7f2889..1140d4d5 100644 +--- a/src/daemon/modules/api/container_api.h ++++ b/src/daemon/modules/api/container_api.h +@@ -244,8 +244,6 @@ char *container_state_get_started_at(container_state_t *s); + + bool container_is_valid_state_string(const char *state); + +-int container_dup_health_check_status(defs_health **dst, const defs_health *src); +- + void container_update_health_monitor(const char *container_id); + + extern int container_supervisor_add_exit_monitor(int fd, const pid_ppid_info_t *pid_info, const char *name, +diff --git a/src/daemon/modules/api/plugin_api.h b/src/daemon/modules/api/plugin_api.h +index 82011363..4346b9e9 100644 +--- a/src/daemon/modules/api/plugin_api.h ++++ b/src/daemon/modules/api/plugin_api.h +@@ -68,7 +68,6 @@ plugin_t *plugin_new(const char *name, const char *addr); + void plugin_get(plugin_t *plugin); /* ref++ */ + void plugin_put(plugin_t *plugin); /* ref-- */ + +-int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg); + int plugin_set_manifest(plugin_t *plugin, const plugin_manifest_t *manifest); + bool plugin_is_watching(plugin_t *plugin, uint64_t pe); + +diff --git a/src/daemon/modules/container/container_state.c b/src/daemon/modules/container/container_state.c +index 834901f3..efcbe852 100644 +--- a/src/daemon/modules/container/container_state.c ++++ b/src/daemon/modules/container/container_state.c +@@ -462,7 +462,7 @@ Container_Status container_state_get_status(container_state_t *s) + return status; + } + +-int container_dup_health_check_status(defs_health **dst, const defs_health *src) ++static int container_dup_health_check_status(defs_health **dst, const defs_health *src) + { + int ret = 0; + size_t i = 0; +diff --git a/src/daemon/modules/container/containers_store.c b/src/daemon/modules/container/containers_store.c +index 42972392..e0700296 100644 +--- a/src/daemon/modules/container/containers_store.c ++++ b/src/daemon/modules/container/containers_store.c +@@ -247,6 +247,11 @@ int containers_store_list(container_t ***out, size_t *size) + container_t **conts = NULL; + map_itor *itor = NULL; + ++ if (out == NULL || size == NULL) { ++ ERROR("Invalid arguments"); ++ return -1; ++ } ++ + if (pthread_rwlock_rdlock(&g_containers_store->rwlock) != 0) { + ERROR("lock memory store failed"); + return -1; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index 728b0a62..e20d4f1b 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -3019,7 +3019,7 @@ int unmount_device(const char *hash, const char *mount_path, struct device_set * + int ret = 0; + devmapper_device_info_t *device_info = NULL; + +- if (hash == NULL || mount_path == NULL) { ++ if (hash == NULL || mount_path == NULL || devset == NULL) { + ERROR("devmapper: invalid input params to unmount device"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +index 6d1832be..7a45f880 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/overlay2/driver_overlay2.c +@@ -2123,7 +2123,7 @@ int overlay2_get_layer_fs_info(const char *id, const struct graphdriver *driver, + char *layer_dir = NULL; + char *layer_diff = NULL; + +- if (id == NULL || fs_info == NULL) { ++ if (id == NULL || driver == NULL || fs_info == NULL) { + ERROR("Invalid input arguments"); + return -1; + } +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index 4a14ee46..4cea2b2a 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -785,7 +785,7 @@ bad: + return NULL; + } + +-int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg) ++static int plugin_set_activated(plugin_t *plugin, bool activated, const char *errmsg) + { + plugin_wrlock(plugin); + plugin->activated = activated; +diff --git a/src/daemon/modules/spec/specs_extend.c b/src/daemon/modules/spec/specs_extend.c +index 7f43ae57..6276a586 100644 +--- a/src/daemon/modules/spec/specs_extend.c ++++ b/src/daemon/modules/spec/specs_extend.c +@@ -496,6 +496,10 @@ int make_sure_oci_spec_linux_resources(oci_runtime_spec *oci_spec) + { + int ret = 0; + ++ if (oci_spec == NULL) { ++ return -1; ++ } ++ + ret = make_sure_oci_spec_linux(oci_spec); + if (ret < 0) { + return -1; +-- +2.25.1 + diff --git a/0008-add-check-to-arguments.patch b/0008-add-check-to-arguments.patch new file mode 100644 index 0000000..825a6d9 --- /dev/null +++ b/0008-add-check-to-arguments.patch @@ -0,0 +1,533 @@ +From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Tue, 31 May 2022 12:53:10 +0100 +Subject: [PATCH 8/8] add check to arguments + +Signed-off-by: haozi007 +--- + src/cmd/isula/base/create.c | 7 ++- + src/cmd/isula/stream/attach.c | 5 ++ + src/cmd/isulad/isulad_commands.c | 2 +- + src/daemon/common/err_msg.c | 5 +- + src/daemon/common/selinux_label.c | 7 ++- + src/daemon/common/sysinfo.c | 9 +++ + src/daemon/config/isulad_config.c | 9 +++ + src/daemon/modules/api/plugin_api.h | 1 - + src/daemon/modules/image/image.c | 6 ++ + .../modules/image/oci/oci_common_operators.c | 2 +- + .../graphdriver/devmapper/deviceset.c | 5 ++ + .../graphdriver/devmapper/metadata_store.c | 4 ++ + src/daemon/modules/plugin/plugin.c | 58 ++----------------- + src/utils/console/console.c | 10 ++++ + src/utils/cutils/filters.c | 2 +- + src/utils/cutils/map/rb_tree.c | 4 ++ + src/utils/cutils/path.c | 5 ++ + src/utils/cutils/utils.c | 48 +++++++-------- + src/utils/http/http.c | 7 ++- + src/utils/http/parser.c | 5 ++ + test/path/path_ut.cc | 5 ++ + 21 files changed, 120 insertions(+), 86 deletions(-) + +diff --git a/src/cmd/isula/base/create.c b/src/cmd/isula/base/create.c +index ce485f0d..2db2fd21 100644 +--- a/src/cmd/isula/base/create.c ++++ b/src/cmd/isula/base/create.c +@@ -393,7 +393,7 @@ static int read_label_from_file(const char *path, size_t file_size, isula_contai + if (file_size == 0) { + return 0; + } +- fp = fopen(path, "re"); ++ fp = util_fopen(path, "re"); + if (fp == NULL) { + ERROR("Failed to open '%s'", path); + return -1; +@@ -1477,12 +1477,13 @@ int callback_log_opt(command_option_t *option, const char *value) + + int callback_log_driver(command_option_t *option, const char *value) + { +- struct client_arguments *args = (struct client_arguments *)option->data; ++ struct client_arguments *args = NULL; + +- if (value == NULL) { ++ if (value == NULL || option == NULL) { + COMMAND_ERROR("log driver is NULL"); + return -1; + } ++ args = (struct client_arguments *)option->data; + + if (!check_opt_container_log_driver(value)) { + COMMAND_ERROR("Unsupported log driver: %s", value); +diff --git a/src/cmd/isula/stream/attach.c b/src/cmd/isula/stream/attach.c +index 3a434bca..9cc19161 100644 +--- a/src/cmd/isula/stream/attach.c ++++ b/src/cmd/isula/stream/attach.c +@@ -104,6 +104,11 @@ int inspect_container(const struct client_arguments *args, container_inspect **i + isula_connect_ops *ops = NULL; + parser_error perr = NULL; + ++ if (inspect_data == NULL) { ++ COMMAND_ERROR("Empty inspect data"); ++ return -1; ++ } ++ + inspect_response = util_common_calloc_s(sizeof(struct isula_inspect_response)); + if (inspect_response == NULL) { + COMMAND_ERROR("Out of memory"); +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index f73a82e2..89d91c1b 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -657,7 +657,7 @@ static int check_conf_default_ulimit(const struct service_arguments *args) + ret = -1; + goto out; + } +- if (strcmp(ptr->name, type) != 0) { ++ if (type == NULL || strcmp(ptr->name, type) != 0) { + COMMAND_ERROR("Ulimit Name \"%s\" must same as type \"%s\" in %s", ptr->name, type, + ISULAD_DAEMON_JSON_CONF_FILE); + ret = -1; +diff --git a/src/daemon/common/err_msg.c b/src/daemon/common/err_msg.c +index 739cb353..3e62fad6 100644 +--- a/src/daemon/common/err_msg.c ++++ b/src/daemon/common/err_msg.c +@@ -29,8 +29,11 @@ void isulad_set_error_message(const char *format, ...) + { + int ret = 0; + char errbuf[BUFSIZ + 1] = { 0 }; +- + va_list argp; ++ ++ if (format == NULL) { ++ return; ++ } + va_start(argp, format); + + ret = vsnprintf(errbuf, BUFSIZ, format, argp); +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index 5468111e..533393a6 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -602,7 +602,7 @@ static int container_label(char **process_label, char **file_label) + return -1; + } + +- file = fopen(lxc_path, "re"); ++ file = util_fopen(lxc_path, "re"); + if (file == NULL) { + ERROR("Failed to open '%s'", lxc_path); + return -1; +@@ -782,6 +782,11 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces + return 0; + } + ++ if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + if (container_label(&process_label, &mount_label) != 0) { + ret = -1; + goto out; +diff --git a/src/daemon/common/sysinfo.c b/src/daemon/common/sysinfo.c +index 6fb4ec38..89ca5225 100644 +--- a/src/daemon/common/sysinfo.c ++++ b/src/daemon/common/sysinfo.c +@@ -915,6 +915,11 @@ int find_cgroup_mountpoint_and_root(const char *subsystem, char **mountpoint, ch + size_t length = 0; + char *pline = NULL; + ++ if (subsystem == NULL) { ++ ERROR("Empty subsystem"); ++ return -1; ++ } ++ + fp = util_fopen("/proc/self/mountinfo", "r"); + if (fp == NULL) { + ERROR("Failed to open \"/proc/self/mountinfo\"\n"); +@@ -1566,6 +1571,10 @@ mountinfo_t *find_mount_info(mountinfo_t **minfos, const char *dir) + { + mountinfo_t **it = NULL; + ++ if (dir == NULL) { ++ return NULL; ++ } ++ + for (it = minfos; it && *it; it++) { + if ((*it)->mountpoint && !strcmp((*it)->mountpoint, dir)) { + return *it; +diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c +index 92d86a3b..38d2a0bf 100644 +--- a/src/daemon/config/isulad_config.c ++++ b/src/daemon/config/isulad_config.c +@@ -227,6 +227,10 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) + { + struct service_arguments *conf = NULL; + ++ if (cpu_rt_period == NULL || cpu_rt_runtime == NULL) { ++ return -1; ++ } ++ + if (isulad_server_conf_rdlock() != 0) { + return -1; + } +@@ -776,6 +780,11 @@ out: + + int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_log_path) + { ++ if (loglevel == NULL || logdriver == NULL || engine_log_path == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + *loglevel = conf_get_isulad_loglevel(); + if (*loglevel == NULL) { + ERROR("DoStart: Failed to get log level"); +diff --git a/src/daemon/modules/api/plugin_api.h b/src/daemon/modules/api/plugin_api.h +index 4346b9e9..303ba6bf 100644 +--- a/src/daemon/modules/api/plugin_api.h ++++ b/src/daemon/modules/api/plugin_api.h +@@ -101,7 +101,6 @@ int pm_del_plugin(const plugin_t *plugin); + */ + int pm_get_plugin(const char *name, plugin_t **rplugin); + void pm_put_plugin(plugin_t *plugin); +-int pm_get_plugins_nolock(uint64_t pe, plugin_t ***rplugins, size_t *count); + + int start_plugin_manager(void); + int plugin_event_container_pre_create(const char *cid, oci_runtime_spec *ocic); +diff --git a/src/daemon/modules/image/image.c b/src/daemon/modules/image/image.c +index 6832aec3..f487f831 100644 +--- a/src/daemon/modules/image/image.c ++++ b/src/daemon/modules/image/image.c +@@ -831,11 +831,17 @@ static int append_images_to_response(im_list_response *response, imagetool_image + out: + return ret; + } ++ + int im_list_images(const im_list_request *ctx, im_list_response **response) + { + size_t i; + imagetool_images_list *images_tmp = NULL; + ++ if (response == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + *response = util_common_calloc_s(sizeof(im_list_response)); + if (*response == NULL) { + ERROR("Out of memory"); +diff --git a/src/daemon/modules/image/oci/oci_common_operators.c b/src/daemon/modules/image/oci/oci_common_operators.c +index 09405651..fd23096a 100644 +--- a/src/daemon/modules/image/oci/oci_common_operators.c ++++ b/src/daemon/modules/image/oci/oci_common_operators.c +@@ -459,7 +459,7 @@ int oci_status_image(im_status_request *request, im_status_response *response) + char *image_ref = NULL; + char *resolved_name = NULL; + +- if (response == NULL) { ++ if (request == NULL || response == NULL) { + ERROR("Invalid arguments"); + return -1; + } +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +index e20d4f1b..d90dde50 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/deviceset.c +@@ -3183,6 +3183,11 @@ struct status *device_set_status(struct device_set *devset) + int sem_usz = 0; + int sem_mni = 0; + ++ if (devset == NULL) { ++ ERROR("empty arguments"); ++ return NULL; ++ } ++ + if (pthread_rwlock_wrlock(&(devset->devmapper_driver_rwlock)) != 0) { + ERROR("lock devmapper conf failed"); + return NULL; +diff --git a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c +index c8d10b7a..93fc9758 100644 +--- a/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c ++++ b/src/daemon/modules/image/oci/storage/layer_store/graphdriver/devmapper/metadata_store.c +@@ -201,6 +201,10 @@ char **metadata_store_list_hashes(metadata_store_t *meta_store) + char **hashes_array = NULL; + map_itor *itor = NULL; + ++ if (meta_store == NULL) { ++ return NULL; ++ } ++ + if (map_size(meta_store->map) == 0) { + DEBUG("Metadata store hash list is empty"); + ret = true; +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index 4cea2b2a..4e343a20 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -760,8 +760,14 @@ plugin_t *plugin_new(const char *name, const char *addr) + plugin_t *plugin = NULL; + int errcode = 0; + ++ if (name == NULL || addr == NULL) { ++ ERROR("Empty arguments"); ++ return NULL; ++ } ++ + plugin = util_common_calloc_s(sizeof(plugin_t)); + if (plugin == NULL) { ++ ERROR("Out of memory"); + goto bad; + } + +@@ -1234,58 +1240,6 @@ void pm_put_plugin(plugin_t *plugin) + plugin_put(plugin); + } + +-int pm_get_plugins_nolock(uint64_t pe, plugin_t ***rplugins, size_t *count) +-{ +- int ret = 0; +- int i = 0; +- size_t size = 0; +- plugin_t **plugins = NULL; +- map_itor *itor = NULL; +- +- size = map_size(g_plugin_manager->np); +- if (size == 0) { /* empty */ +- return 0; +- } +- if (size > SIZE_MAX / sizeof(plugin_t *)) { +- ret = -1; +- ERROR("Invalid plugins size"); +- goto out; +- } +- +- plugins = util_common_calloc_s(sizeof(plugin_t *) * size); +- if (plugins == NULL) { +- ret = -1; +- ERROR("Out of memory"); +- goto out; +- } +- +- itor = map_itor_new(g_plugin_manager->np); +- if (itor == NULL) { +- ret = -1; +- ERROR("Out of memory"); +- goto out; +- } +- +- for (i = 0; i < (int)size && map_itor_valid(itor); i++, map_itor_next(itor)) { +- plugins[i] = map_itor_value(itor); +- /* plugin_put() called in pm_put_plugins() */ +- plugin_get(plugins[i]); +- } +- +- *rplugins = plugins; +- *count = (size_t)i; +- +-out: +- map_itor_free(itor); +- itor = NULL; +- +- if (ret < 0) { +- UTIL_FREE_AND_SET_NULL(plugins); +- } +- +- return ret; +-} +- + static void pm_np_item_free(void *key, void *val) + { + plugin_t *plugin = val; +diff --git a/src/utils/console/console.c b/src/utils/console/console.c +index 17c8b242..8492eb4d 100644 +--- a/src/utils/console/console.c ++++ b/src/utils/console/console.c +@@ -253,6 +253,11 @@ int console_fifo_open(const char *fifo_path, int *fdout, int flags) + { + int fd = 0; + ++ if (fifo_path ==NULL || fdout == NULL) { ++ ERROR("Argument must not be NULL"); ++ return -1; ++ } ++ + fd = util_open(fifo_path, flags, (mode_t)0); + if (fd < 0) { + ERROR("Failed to open fifo %s to send message: %s.", fifo_path, strerror(errno)); +@@ -302,6 +307,11 @@ int setup_tios(int fd, struct termios *curr_tios) + struct termios tmptios; + int ret = 0; + ++ if (curr_tios == NULL) { ++ ERROR("Empty terminal io setting"); ++ return -1; ++ } ++ + if (!isatty(fd)) { + ERROR("Specified fd: '%d' is not a tty", fd); + return -1; +diff --git a/src/utils/cutils/filters.c b/src/utils/cutils/filters.c +index a8fa220f..1885e9cc 100644 +--- a/src/utils/cutils/filters.c ++++ b/src/utils/cutils/filters.c +@@ -66,7 +66,7 @@ char **filters_args_get(const struct filters_args *filters, const char *field) + map_t *field_values_map = NULL; + map_itor *itor = NULL; + +- if (filters == NULL || filters->fields == NULL) { ++ if (filters == NULL || filters->fields == NULL || field == NULL) { + return NULL; + } + +diff --git a/src/utils/cutils/map/rb_tree.c b/src/utils/cutils/map/rb_tree.c +index ddae0646..b63165d5 100644 +--- a/src/utils/cutils/map/rb_tree.c ++++ b/src/utils/cutils/map/rb_tree.c +@@ -133,6 +133,10 @@ void rbtree_clear(rb_tree_t *tree) + + void rbtree_free(rb_tree_t *tree) + { ++ if (tree == NULL) { ++ return; ++ } ++ + rbtree_clear(tree); + free(tree->nil); + tree->nil = NULL; +diff --git a/src/utils/cutils/path.c b/src/utils/cutils/path.c +index f195257d..2446f479 100644 +--- a/src/utils/cutils/path.c ++++ b/src/utils/cutils/path.c +@@ -590,6 +590,11 @@ int util_resolve_path(const char *rootpath, const char *path, char **resolvedpat + char tmppath[PATH_MAX] = { 0 }; + char cleanedpath[PATH_MAX] = { 0 }; + ++ if (abspath == NULL || resolvedpath == NULL || rootpath == NULL) { ++ ERROR("Empty arguments"); ++ return -1; ++ } ++ + *resolvedpath = NULL; + *abspath = NULL; + +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 278a72c5..30ff629f 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -1475,32 +1475,32 @@ void util_parse_user_group(const char *username, char **user, char **group, char + return; + } + +- if (username != NULL) { +- tmp = util_strdup_s(username); +- +- // for free tmp in caller +- *tmp_dup = tmp; +- +- pdot = strstr(tmp, ":"); +- if (pdot != NULL) { +- *pdot = '\0'; +- if (pdot != tmp) { +- // User found +- *user = tmp; +- } +- if (*(pdot + 1) != '\0') { +- // group found +- *group = pdot + 1; +- } +- } else { +- // No : found +- if (*tmp != '\0') { +- *user = tmp; +- } +- } ++ if (username == NULL) { ++ return; + } + +- return; ++ tmp = util_strdup_s(username); ++ ++ // for free tmp in caller ++ *tmp_dup = tmp; ++ ++ pdot = strstr(tmp, ":"); ++ if (pdot != NULL) { ++ *pdot = '\0'; ++ if (pdot != tmp) { ++ // User found ++ *user = tmp; ++ } ++ if (*(pdot + 1) != '\0') { ++ // group found ++ *group = pdot + 1; ++ } ++ } else { ++ // No : found ++ if (*tmp != '\0') { ++ *user = tmp; ++ } ++ } + } + + defs_map_string_object *dup_map_string_empty_object(defs_map_string_object *src) +diff --git a/src/utils/http/http.c b/src/utils/http/http.c +index 0b53cf1e..e4788efd 100644 +--- a/src/utils/http/http.c ++++ b/src/utils/http/http.c +@@ -241,7 +241,7 @@ static void http_custom_general_options(CURL *curl_handle, const struct http_get + + static int http_custom_options(CURL *curl_handle, const struct http_get_options *options) + { +- if (curl_handle == NULL || options == NULL) { ++ if (curl_handle == NULL) { + return -1; + } + +@@ -413,6 +413,11 @@ int http_request(const char *url, struct http_get_options *options, long *respon + size_t fsize = 0; + char *replaced_url = 0; + ++ if (url == NULL || options == NULL) { ++ ERROR("must set url and options to use http request"); ++ return -1; ++ } ++ + if (recursive_len + 1 >= MAX_REDIRCT_NUMS) { + ERROR("reach the max redirect num"); + return -1; +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index 37475b33..0e0e603b 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -319,6 +319,11 @@ char *get_header_value(const struct parsed_http_message *m, const char *header) + int i = 0; + char *ret = NULL; + ++ if (m == NULL || header == NULL) { ++ ERROR("Empty arguments"); ++ return NULL; ++ } ++ + for (i = 0; i < m->num_headers; i++) { + if (strcasecmp(m->headers[i][0], header) == 0) { + ret = (char *)m->headers[i][1]; +diff --git a/test/path/path_ut.cc b/test/path/path_ut.cc +index ce6dcc08..0068ecb4 100644 +--- a/test/path/path_ut.cc ++++ b/test/path/path_ut.cc +@@ -311,6 +311,11 @@ TEST(path_ut, test_resolve_path) + char *resolvedpath = nullptr; + char *abspath = nullptr; + ++ rootpath = "/home"; ++ path = "/home/dir/test"; ++ ASSERT_EQ(util_resolve_path(rootpath.c_str(), path.c_str(), nullptr, &abspath), -1); ++ ASSERT_EQ(util_resolve_path(rootpath.c_str(), path.c_str(), &resolvedpath, nullptr), -1); ++ + ASSERT_EQ(util_resolve_path(nullptr, nullptr, &resolvedpath, &abspath), -1); + free(resolvedpath); + resolvedpath = nullptr; +-- +2.25.1 + diff --git a/iSulad.spec b/iSulad.spec index b237676..540372c 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.14 -%global _release 5 +%global _release 6 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -18,6 +18,9 @@ Patch0002: 0002-fix-install-error-when-android.patch Patch0003: 0003-imp-fuzz-for-pw-gr-parser.patch Patch0004: 0004-improve-fuzz-test.patch Patch0005: 0005-Seccomp-optimization.patch +Patch0006: 0006-fix-different-type-convert.patch +Patch0007: 0007-add-pointer-parameters-NULL-check.patch +Patch0008: 0008-add-check-to-arguments.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -245,13 +248,18 @@ fi %endif %changelog +* Tue May 31 2022 zhangxiaoyu - 2.0.14-6 +- Type: enhancement +- ID: NA +- SUG: NA +- DESC: fix different type convert and add check to arguments + * Mon May 30 2022 chengzrz - 2.0.14-5 - Type: enhancement - ID: NA - SUG: NA - DESC: seccomp optimization - * Fri May 27 2022 haozi007 - 2.0.14-4 - Type: enhancement - ID: NA