packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0018-Fixed-dangerous-memory-operations.patch
chengzrz 8e72e1b4c4 Fixed a bug that occurs when running a container in host mode 
Signed-off-by: chengzrz <czrzrichard@gmail.com>
2021-12-09 16:10:35 +08:00

145 lines
5.0 KiB
Diff
Raw Blame History

From 6f337131977c21966cf7a6898cfc81414c07cf05 Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com>
Date: Mon, 6 Dec 2021 15:34:31 +0800
Subject: [PATCH] Fixed dangerous memory operations
Signed-off-by: chengzrz <czrzrichard@gmail.com>
---
.../cri_pod_sandbox_manager_service_impl.cc | 3 +-
.../executor/container_cb/execution_create.c | 5 +++
src/utils/cutils/utils_network.c | 43 +++++++++++++------
test/mocks/namespace_mock.h | 3 +-
4 files changed, 40 insertions(+), 14 deletions(-)
diff --git a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
index 0a577849..57297287 100644
--- a/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
+++ b/src/daemon/entry/cri/cri_pod_sandbox_manager_service_impl.cc
@@ -477,7 +477,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
{
std::map<std::string, std::string> stdAnnos;
std::map<std::string, std::string> networkOptions;
- const char* sandbox_key = get_sandbox_key(inspect_data);
+ char* sandbox_key = get_sandbox_key(inspect_data);
// Setup sandbox files
if (config.has_dns_config() && inspect_data->resolv_conf_path != nullptr) {
@@ -510,6 +510,7 @@ void PodSandboxManagerServiceImpl::SetupSandboxNetwork(const runtime::v1alpha2::
}
cleanup:
+ free(sandbox_key);
return;
}
diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c
index 95a7d9ab..e647ca06 100644
--- a/src/daemon/executor/container_cb/execution_create.c
+++ b/src/daemon/executor/container_cb/execution_create.c
@@ -1421,6 +1421,11 @@ static char *new_pod_sandbox_key(void)
static int generate_network_settings(const host_config *host_config, container_config_v2_common_config *v2_spec)
{
+ if (host_config == NULL || v2_spec == NULL) {
+ ERROR("Invalid input");
+ return -1;
+ }
+
container_config_v2_common_config_network_settings *settings = NULL;
if (!namespace_is_file(host_config->network_mode)) {
diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c
index a5d77c93..1ca901ea 100644
--- a/src/utils/cutils/utils_network.c
+++ b/src/utils/cutils/utils_network.c
@@ -65,26 +65,34 @@ out:
return ret;
}
-static void mount_netns(void *netns_path)
+static void* mount_netns(void *netns_path)
{
- int failure = EXIT_FAILURE;
- int success = EXIT_SUCCESS;
+ int *ecode = (int *)malloc(sizeof(int));
char fullpath[PATH_MAX] = { 0x00 };
int ret = 0;
if (unshare(CLONE_NEWNET) != 0) {
- pthread_exit((void *)&failure);
+ ERROR("Failed to unshare");
+ goto err_out;
}
ret = snprintf(fullpath, sizeof(fullpath), "/proc/%d/task/%ld/ns/net", getpid(), (long int)syscall(__NR_gettid));
if (ret < 0 || (size_t)ret >= sizeof(fullpath)) {
- pthread_exit((void *)&failure);
+ ERROR("Failed to get full path");
+ goto err_out;
}
if (util_mount(fullpath, (char *)netns_path, "none", "bind") != 0) {
- pthread_exit((void *)&failure);
+ ERROR("Failed to mount %s", fullpath);
+ goto err_out;
}
- pthread_exit((void *)&success);
+
+ *ecode = EXIT_SUCCESS;
+ pthread_exit((void *)ecode);
+
+err_out:
+ *ecode = EXIT_FAILURE;
+ pthread_exit((void *)ecode);
}
// this function mounts netns path to /proc/%d/task/%d/ns/net
@@ -103,14 +111,25 @@ int util_mount_namespace(const char *netns_path)
ret = pthread_join(newns_thread, &status);
if (ret != 0) {
ERROR("Failed to join thread");
+ ret = -1;
+ goto out;
+ }
+
+ if (status == NULL) {
+ ERROR("Failed set exit status");
return -1;
+ }
+
+ if (*(int *)status != 0) {
+ ERROR("Failed to initialize network namespace, status code is %d", *(int *)status);
+ ret = -1;
} else {
- if (*(int *)status != 0) {
- ERROR("Failed to initialize network namespace");
- return -1;
- }
+ ret = 0;
}
- return 0;
+
+out:
+ free(status);
+ return ret;
}
int util_umount_namespace(const char *netns_path)
diff --git a/test/mocks/namespace_mock.h b/test/mocks/namespace_mock.h
index 80e75b0b..5bfc2c70 100644
--- a/test/mocks/namespace_mock.h
+++ b/test/mocks/namespace_mock.h
@@ -26,7 +26,8 @@ public:
MOCK_METHOD1(ConnectedContainer, char *(const char *mode));
MOCK_METHOD3(GetShareNamespacePath, int(const char *type, const char *src_path, char **dest_path));
MOCK_METHOD1(GetContainerProcessLabel, char *(const char *path));
- MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *, const container_config_v2_common_config_network_settings *, const char *, char **));
+ MOCK_METHOD4(GetNetworkNamespacePath, int(const host_config *,
+ const container_config_v2_common_config_network_settings *, const char *, char **));
};
void MockNamespace_SetMock(MockNamespace *mock);
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink