packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0019-remove-password-in-url-module-and-clean-sensitive-in.patch
xuxuepeng f2271d04b4 !621 Add vsock support for exec 
* Add vsock support for exec
2023-09-13 02:47:13 +00:00

333 lines
10 KiB
Diff
Raw Blame History

From 4adc923cfaf25142aa4cbb909d65c0f3a999cc02 Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Tue, 29 Aug 2023 11:41:26 +0800
Subject: [PATCH 19/33] remove password in url module and clean sensitive info
in struct passwd
Signed-off-by: zhongtao <zhongtao17@huawei.com>
---
.../modules/image/image_rootfs_handler.c | 13 +-
src/utils/cpputils/url.cc | 144 +-----------------
src/utils/cpputils/url.h | 19 +--
3 files changed, 15 insertions(+), 161 deletions(-)
diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
index 1a3f4307..a8036ab9 100644
--- a/src/daemon/modules/image/image_rootfs_handler.c
+++ b/src/daemon/modules/image/image_rootfs_handler.c
@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
char buf[BUFSIZ] = { 0 };
struct passwd pw;
struct passwd *pwbufp = NULL;
+ int ret = -1;
if (f_passwd != NULL) {
#if defined (__ANDROID__) || defined(__MUSL__)
@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
if (errval != 0 && errval != ENOENT) {
ERROR("Failed to parse passwd file: Insufficient buffer space supplied");
isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied");
- return -1;
+ goto out;
}
if (!userfound && user != NULL) {
int uret = util_safe_llong(user, &n_user);
@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
if (uret != 0) {
ERROR("Unable to find user '%s'", user);
isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user);
- return -1;
+ goto out;
}
if (n_user < MINUID || n_user > MAXUID) {
uids_gids_range_err_log();
- return -1;
+ goto out;
}
puser->uid = (uid_t)n_user;
}
+ ret = 0;
- return 0;
+out:
+ memset(buf, 0, sizeof(buf));
+ memset(pwbufp, 0, sizeof(struct passwd));
+ return ret;
}
static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len)
diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
index 117eba7e..baaded07 100644
--- a/src/utils/cpputils/url.cc
+++ b/src/utils/cpputils/url.cc
@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode)
UserInfo *User(const std::string &username) noexcept
{
- return new UserInfo { username, "", false };
-}
-
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept
-{
- return new UserInfo { username, password, true };
+ return new UserInfo { username };
}
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path)
@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t
u = s.substr(i, s.size());
}
-URLDatum *Parse(const std::string &rawurl)
-{
- std::string u, frag;
- Split(rawurl, "#", true, u, frag);
- auto *url = Parse(u, false);
- if (url == nullptr) {
- return nullptr;
- }
- if (frag.empty()) {
- return url;
- }
- url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT));
- if (url->GetFragment().empty()) {
- return nullptr;
- }
- return url;
-}
-
int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest)
{
if (Getscheme(rawurl, scheme, rest) != 0) {
@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con
return nullptr;
}
-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest)
-{
- if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") {
- std::string authority;
- Split(rest.substr(2, rest.size()), "/", false, authority, rest);
- std::string host = url->GetHost();
- UserInfo *user = url->GetUser();
- if (ParseAuthority(authority, &user, host)) {
- return -1;
- }
- url->SetHost(host);
- url->SetUser(user);
- }
- if (url->SetPath(rest)) {
- return -1;
- }
- url->SetScheme(scheme);
- return 0;
-}
-
-URLDatum *Parse(const std::string &rawurl, bool viaRequest)
-{
- if (rawurl.empty() && viaRequest) {
- ERROR("empty url!");
- return nullptr;
- }
- auto *url = new (std::nothrow) URLDatum;
- if (url == nullptr) {
- ERROR("Out of memory");
- return nullptr;
- }
- if (rawurl == "*") {
- url->SetPathWithoutEscape("*");
- return url;
- }
- std::string scheme = url->GetScheme();
- std::string rest;
- if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) {
- return nullptr;
- }
- bool shouldRet = false;
- auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet);
- if (shouldRet) {
- return tmpret;
- }
- if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) {
- return nullptr;
- }
- return url;
-}
-
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host)
-{
- size_t i = authority.find("@");
- if (i == std::string::npos) {
- if (ParseHost(authority, host) != 0) {
- *user = nullptr;
- host = "";
- return -1;
- }
- } else {
- if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) {
- *user = nullptr;
- host = "";
- return -1;
- }
- }
- if (i == std::string::npos) {
- *user = nullptr;
- return 0;
- }
-
- std::string userinfo = authority.substr(0, i);
- if (!ValidUserinfo(userinfo)) {
- *user = nullptr;
- host = "";
- ERROR("net/url: invalid userinfo");
- return -1;
- }
- if (userinfo.find(":") == std::string::npos) {
- userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD);
- if (userinfo.empty()) {
- *user = nullptr;
- host = "";
- return -1;
- }
- *user = User(userinfo);
- } else {
- std::string servername, serverword;
- Split(userinfo, ":", true, servername, serverword);
- servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD);
- serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD);
- if (servername.empty() || serverword.empty()) {
- *user = nullptr;
- host = "";
- return -1;
- }
- *user = UserPassword(servername, serverword);
- }
- return 0;
-}
-
int ParseHost(std::string host, std::string &out)
{
if (host.at(0) == '[') {
@@ -756,9 +631,6 @@ std::string UserInfo::String() const
std::string s;
if (!m_username.empty()) {
s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD);
- if (m_passwordSet) {
- s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD);
- }
}
return s;
}
@@ -766,11 +638,6 @@ std::string UserInfo::Username() const
{
return m_username;
}
-std::string UserInfo::Password(bool &set) const
-{
- set = m_passwordSet;
- return m_password;
-}
URLDatum::~URLDatum()
{
@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const
return (m_scheme != "");
}
-std::unique_ptr<URLDatum> URLDatum::UrlParse(const std::string &ref)
-{
- auto *refurl = Parse(ref);
- if (refurl == nullptr) {
- return nullptr;
- }
- return ResolveReference(refurl);
-}
-
std::unique_ptr<URLDatum> URLDatum::ResolveReference(URLDatum *ref)
{
std::unique_ptr<URLDatum> url(new (std::nothrow) URLDatum(*ref));
diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h
index abbf20f4..3dd40079 100644
--- a/src/utils/cpputils/url.h
+++ b/src/utils/cpputils/url.h
@@ -49,17 +49,13 @@ private:
class UserInfo {
public:
- UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p),
- m_passwordSet(b) {}
+ UserInfo(const std::string &u) : m_username(u) {}
~UserInfo() = default;
std::string String() const;
std::string Username() const;
- std::string Password(bool &set) const;
private:
std::string m_username;
- std::string m_password;
- bool m_passwordSet;
};
class URLDatum {
@@ -69,7 +65,6 @@ public:
std::string EscapedPath();
std::string String();
bool IsAbs() const;
- std::unique_ptr<URLDatum> UrlParse(const std::string &ref);
std::unique_ptr<URLDatum> ResolveReference(URLDatum *ref);
auto Query()->std::map<std::string, std::vector<std::string>>;
std::string RequestURI();
@@ -88,7 +83,7 @@ public:
{
m_opaque = value;
}
- std::string GetOpaque() const
+ std::string GetOpaque() const
{
return m_opaque;
}
@@ -96,7 +91,7 @@ public:
{
m_user = value;
}
- UserInfo *GetUser() const
+ UserInfo *GetUser() const
{
return m_user;
}
@@ -128,7 +123,7 @@ public:
{
m_rawQuery = value;
}
- std::string GetRawQuery() const
+ std::string GetRawQuery() const
{
return m_rawQuery;
}
@@ -136,7 +131,7 @@ public:
{
m_fragment = value;
}
- std::string GetFragment() const
+ std::string GetFragment() const
{
return m_fragment;
}
@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s);
std::string Unescape(std::string s, const EncodeMode &mode);
std::string QueryEscape(const std::string &s);
std::string Escape(const std::string &s, const EncodeMode &mode);
-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept;
UserInfo *User(const std::string &username) noexcept;
int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path);
void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u);
-URLDatum *Parse(const std::string &rawurl);
-URLDatum *Parse(const std::string &rawurl, bool viaRequest);
-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host);
int ParseHost(std::string host, std::string &out);
bool ValidEncodedPath(const std::string &s);
bool ValidOptionalPort(const std::string &port);
--
2.40.1
Reference in New Issue View Git Blame Copy Permalink