!67 kubelet fix websocket reference nil pointer

From: @zh_xiaoyu Reviewed-by: @duguhaotian Signed-off-by: @duguhaotian
2022-10-31 11:35:25 +00:00 · 2022-10-31 11:35:25 +00:00 · 2d427ba547
commit 2d427ba547
parent 2b25d9f218 37eb7e5e87
2 changed files with 51 additions and 1 deletions
--- a/0008-kubelet-fix-websocket-reference-nil-pointer.patch
+++ b/0008-kubelet-fix-websocket-reference-nil-pointer.patch
@ -0,0 +1,46 @@
+From 760129610e5b54d548247490899a8595cea2d5b8 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Mon, 31 Oct 2022 17:15:51 +0800
+Subject: [PATCH] kubelet fix websocket reference nul pointer
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ .../cri/streaming/remotecommand/proxy.go      | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/pkg/kubelet/cri/streaming/remotecommand/proxy.go b/pkg/kubelet/cri/streaming/remotecommand/proxy.go
+index 76222d90..f21629af 100644
+--- a/pkg/kubelet/cri/streaming/remotecommand/proxy.go
+++ b/pkg/kubelet/cri/streaming/remotecommand/proxy.go
+@@ -169,14 +169,23 @@ func connectBackend(addr, subprotocol string, r *http.Request) (*websocket.Conn,
+ 	websocket.DefaultDialer.ReadBufferSize = 128 * 1024
+ 	websocket.DefaultDialer.WriteBufferSize = 128 * 1024
+ 	ws, resp, err := websocket.DefaultDialer.Dial(addr, h)
+-	if err != nil {
+	if err == nil {
+		return ws, nil
+	}
+	msg := fmt.Errorf("dial failed: %v, response Body is nil", err)
+	if resp != nil && resp.Body != nil {
+		defer func() {
+			//websocket buffer size maybe not enough and cause panic
+			if e := recover(); e != nil {
+				msg = fmt.Errorf("dial failed: %v, response panic %v", err, e)
+			}
+			resp.Body.Close()
+		}()
+ 		var body bytes.Buffer
+ 		body.ReadFrom(resp.Body)
+-		defer resp.Body.Close()
+-		msg := fmt.Errorf("dial failed: %v, response is: %v", err, body.String())
+-		return nil, msg
+		msg = fmt.Errorf("dial failed: %v, response is: %v", err, body.String())
+ 	}
+-	return ws, nil
+	return nil, msg
+ }
+ 
+ type rwc struct {
+-- 
+2.25.1
+
--- a/kubernetes.spec
+++ b/kubernetes.spec
@ -3,7 +3,7 @@

 Name:         kubernetes
 Version:      1.20.2
-Release:      9
+Release:      10
 Summary:      Container cluster management
 License:      ASL 2.0
 URL:          https://k8s.io/kubernetes
@ -31,6 +31,7 @@ Patch6003: 0004-fix-CVE-2021-25737.patch
 Patch6004: 0005-fix-CVE-2021-25741.patch
 Patch6005: 0006-kubelet-support-attach-websocket-protocol.patch
 Patch6006: 0007-Add-an-option-for-aggregator.patch
+Patch6007: 0008-kubelet-fix-websocket-reference-nil-pointer.patch

 %description
 Container cluster management.
@ -262,6 +263,9 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \
 %systemd_postun kubelet kube-proxy

 %changelog
+* Mon Oct 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 1.20.2-10
+- DESC: kubelet fix websocket reference nul pointer
+
 * Tue Sep 27 2022 zhongtao <zhongtao17@huawei.com> - 1.20.2-9
 - DESC: fix CVE-2022-3172