From 6f337131977c21966cf7a6898cfc81414c07cf05 Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com>
Date: Mon, 6 Dec 2021 15:34:31 +0800
Subject: [PATCH] Fixed dangerous memory operations

Signed-off-by: chengzrz <czrzrichard@gmail.com>
---
 .../cri_pod_sandbox_manager_service_impl.cc   |  3 +-
 .../executor/container_cb/execution_create.c  |  5 +++
 src/utils/cutils/utils_network.c              | 43 +++++++++++++------
 test/mocks/namespace_mock.h                   |  3 +-
 4 files changed, 40 insertions(+), 14 deletions(-)

diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index 0a577849..57297287 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -477,7 +477,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
 {
     std::map<std::string, std::string> stdAnnos;
     std::map<std::string, std::string> networkOptions;
-    const char* sandbox_key = get_sandbox_key(inspect_data);
+    char* sandbox_key = get_sandbox_key(inspect_data);
 
     // Setup sandbox files
     if (config.has_dns_config() && inspect_data->resolv_conf_path != nullptr) {
@@ -510,6 +510,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
     }
 
 cleanup:
+    free(sandbox_key);
     return;
 }
 
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 95a7d9ab..e647ca06 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -1421,6 +1421,11 @@ static char *new_pod_sandbox_key(void)
 
 static int generate_network_settings(const host_config *host_config, container_config_v2_common_config *v2_spec)
 {
+    if (host_config == NULL || v2_spec == NULL) {
+        ERROR("Invalid input");
+        return -1;
+    }
+
     container_config_v2_common_config_network_settings *settings = NULL;
 
     if (!namespace_is_file(host_config->network_mode)) {
diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
index a5d77c93..1ca901ea 100644
--- a/src/utils/cutils/utils_network.c
+++ b/src/utils/cutils/utils_network.c
@@ -65,26 +65,34 @@ out:
     return ret;
 }
 
-static void mount_netns(void *netns_path)
+static void* mount_netns(void *netns_path)
 {
-    int failure = EXIT_FAILURE;
-    int success = EXIT_SUCCESS;
+    int *ecode = (int *)malloc(sizeof(int));
     char fullpath[PATH_MAX] = { 0x00 };
     int ret = 0;
 
     if (unshare(CLONE_NEWNET) != 0) {
-        pthread_exit((void *)&failure);
+        ERROR("Failed to unshare");
+        goto err_out;
     }
 
     ret = snprintf(fullpath, sizeof(fullpath), "/proc/%d/task/%ld/ns/net", getpid(), (long int)syscall(__NR_gettid));
     if (ret < 0 || (size_t)ret >= sizeof(fullpath)) {
-        pthread_exit((void *)&failure);
+        ERROR("Failed to get full path");
+        goto err_out;
     }
 
     if (util_mount(fullpath, (char *)netns_path, "none", "bind") != 0) {
-        pthread_exit((void *)&failure);
+        ERROR("Failed to mount %s", fullpath);
+        goto err_out;
     }
-    pthread_exit((void *)&success);
+
+    *ecode = EXIT_SUCCESS;
+    pthread_exit((void *)ecode);
+
+err_out:
+    *ecode = EXIT_FAILURE;
+    pthread_exit((void *)ecode);
 }
 
 // this function mounts netns path to /proc/%d/task/%d/ns/net
@@ -103,14 +111,25 @@ int util_mount_namespace(const char *netns_path)
     ret = pthread_join(newns_thread, &status);
     if (ret != 0) {
         ERROR("Failed to join thread");
+        ret = -1;
+        goto out;
+    }
+
+    if (status == NULL) {
+        ERROR("Failed set exit status");
         return -1;
+    }
+
+    if (*(int *)status != 0) {
+        ERROR("Failed to initialize network namespace, status code is %d", *(int *)status);
+        ret = -1;
     } else {
-        if (*(int *)status != 0) {
-            ERROR("Failed to initialize network namespace");
-            return -1;
-        }
+        ret = 0;
     }
-    return 0;
+
+out:
+    free(status);
+    return ret;
 }
 
 int util_umount_namespace(const char *netns_path)
diff --git a/test/mocks/namespace_mock.h b/test/mocks/namespace_mock.h
index 80e75b0b..5bfc2c70 100644
--- a/test/mocks/namespace_mock.h
+++ b/test/mocks/namespace_mock.h
@@ -26,7 +26,8 @@ public:
     MOCK_METHOD1(ConnectedContainer, char *(const char *mode));
     MOCK_METHOD3(GetShareNamespacePath, int(const char *type, const char *src_path, char **dest_path));
     MOCK_METHOD1(GetContainerProcessLabel, char *(const char *path));
-    MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *, const container_config_v2_common_config_network_settings *, const char *, char **));
+    MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *,
+                                              const container_config_v2_common_config_network_settings *, const char *, char **));
 };
 
 void MockNamespace_SetMock(MockNamespace *mock);
-- 
2.25.1