124 lines
3.3 KiB
Diff
124 lines
3.3 KiB
Diff
From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001
|
|
From: haozi007 <liuhao27@huawei.com>
|
|
Date: Mon, 4 Sep 2023 15:19:36 +0800
|
|
Subject: [PATCH 30/33] mask proxy informations
|
|
|
|
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
|
---
|
|
.../container_cb/execution_information.c | 86 ++++++++++++++++---
|
|
1 file changed, 74 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
|
|
index 2f3d3627..86bb2894 100644
|
|
--- a/src/daemon/executor/container_cb/execution_information.c
|
|
+++ b/src/daemon/executor/container_cb/execution_information.c
|
|
@@ -176,24 +176,83 @@ out:
|
|
static int get_proxy_env(char **proxy, const char *type)
|
|
{
|
|
int ret = 0;
|
|
- char *tmp = NULL;
|
|
-
|
|
- *proxy = getenv(type);
|
|
- if (*proxy == NULL) {
|
|
- tmp = util_strings_to_upper(type);
|
|
+ int nret;
|
|
+ char *tmp_proxy = NULL;
|
|
+ char *col_pos = NULL;
|
|
+ char *at_pos = NULL;
|
|
+ size_t proxy_len;
|
|
+ const char *mask_str = "//xxxx:xxxx";
|
|
+
|
|
+ tmp_proxy = getenv(type);
|
|
+ if (tmp_proxy == NULL) {
|
|
+ char *tmp = util_strings_to_upper(type);
|
|
if (tmp == NULL) {
|
|
ERROR("Failed to upper string!");
|
|
- ret = -1;
|
|
- goto out;
|
|
- }
|
|
- *proxy = getenv(tmp);
|
|
- if (*proxy == NULL) {
|
|
- *proxy = "";
|
|
+ return -1;
|
|
}
|
|
+ tmp_proxy = getenv(tmp);
|
|
+ free(tmp);
|
|
+ }
|
|
+
|
|
+ if (tmp_proxy == NULL) {
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (strlen(tmp_proxy) >= PATH_MAX) {
|
|
+ ERROR("Too long proxy string.");
|
|
+ return -1;
|
|
+ }
|
|
+ tmp_proxy = util_strdup_s(tmp_proxy);
|
|
+
|
|
+ if (strcmp(NO_PROXY, type) == 0) {
|
|
+ *proxy = tmp_proxy;
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ // mask username and password of proxy
|
|
+ col_pos = strchr(tmp_proxy, ':');
|
|
+ if (col_pos == NULL) {
|
|
+ ERROR("Invalid proxy.");
|
|
+ ret = -1;
|
|
+ goto out;
|
|
+ }
|
|
+ at_pos = strrchr(tmp_proxy, '@');
|
|
+ if (at_pos == NULL) {
|
|
+ // no '@', represent no user information in proxy,
|
|
+ // just return original proxy
|
|
+ *proxy = tmp_proxy;
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ // first colon position must before than at position
|
|
+ if ((at_pos - col_pos) < 0) {
|
|
+ ret = -1;
|
|
+ goto out;
|
|
}
|
|
|
|
+ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com'
|
|
+ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0'
|
|
+ proxy_len = strlen(tmp_proxy);
|
|
+ proxy_len -= (at_pos - tmp_proxy);
|
|
+ proxy_len += (col_pos - tmp_proxy) + 1;
|
|
+ proxy_len += strlen(mask_str) + 1;
|
|
+ *proxy = util_common_calloc_s(proxy_len);
|
|
+ if (*proxy == NULL) {
|
|
+ ERROR("Out of memory");
|
|
+ ret = -1;
|
|
+ goto out;
|
|
+ }
|
|
+ *col_pos = '\0';
|
|
+ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
|
|
+ if (nret < 0 || nret >= proxy_len) {
|
|
+ ret = -1;
|
|
+ free(*proxy);
|
|
+ *proxy = NULL;
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
out:
|
|
- free(tmp);
|
|
+ util_free_sensitive_string(tmp_proxy);
|
|
return ret;
|
|
}
|
|
|
|
@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response *
|
|
#endif
|
|
|
|
pack_response:
|
|
+ free(http_proxy);
|
|
+ free(https_proxy);
|
|
+ free(no_proxy);
|
|
if (*response != NULL) {
|
|
(*response)->cc = cc;
|
|
}
|
|
--
|
|
2.40.1
|
|
|