diff --git a/0001-feat-Add-json-spec-for-rest-resize-api.patch b/0001-feat-Add-json-spec-for-rest-resize-api.patch index d59b1d5..6f537f8 100644 --- a/0001-feat-Add-json-spec-for-rest-resize-api.patch +++ b/0001-feat-Add-json-spec-for-rest-resize-api.patch @@ -1,7 +1,7 @@ From 72985299db95706fd1988de4f5fa88a8cfd55367 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Tue, 5 Jul 2022 18:23:42 -0700 -Subject: [PATCH 1/5] feat Add json spec for rest resize api +Subject: [PATCH 1/9] feat Add json spec for rest resize api Signed-off-by: Neil.wrz --- @@ -13,7 +13,7 @@ Signed-off-by: Neil.wrz diff --git a/src/json/schema/container/resize-request.json b/src/json/schema/container/resize-request.json new file mode 100644 -index 0000000..8a8455f +index 00000000..8a8455f5 --- /dev/null +++ b/src/json/schema/container/resize-request.json @@ -0,0 +1,18 @@ @@ -37,7 +37,7 @@ index 0000000..8a8455f +} diff --git a/src/json/schema/container/resize-response.json b/src/json/schema/container/resize-response.json new file mode 100644 -index 0000000..4bfafd6 +index 00000000..4bfafd63 --- /dev/null +++ b/src/json/schema/container/resize-response.json @@ -0,0 +1,15 @@ diff --git a/0002-add-HAVE_ISULAD-definition-for-lxc-header.patch b/0002-add-HAVE_ISULAD-definition-for-lxc-header.patch index e5fe84b..86247fa 100644 --- a/0002-add-HAVE_ISULAD-definition-for-lxc-header.patch +++ b/0002-add-HAVE_ISULAD-definition-for-lxc-header.patch @@ -1,7 +1,7 @@ From 4d12753a659ba3b9a3a9bd24e2f842e5bd0fa7a2 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Fri, 22 Jul 2022 10:01:52 +0800 -Subject: [PATCH 2/5] add HAVE_ISULAD definition for lxc header +Subject: [PATCH 2/9] add HAVE_ISULAD definition for lxc header Signed-off-by: zhangxiaoyu --- @@ -9,7 +9,7 @@ Signed-off-by: zhangxiaoyu 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt -index ad32724..d7e668b 100644 +index ad327244..d7e668bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -63,6 +63,7 @@ message("-- commit id: " ${GIT_COMMIT_HASH}) diff --git a/0003-fix-cpu-quota-out-of-range-when-update-to-1.patch b/0003-fix-cpu-quota-out-of-range-when-update-to-1.patch index baa1b68..bcad8b2 100644 --- a/0003-fix-cpu-quota-out-of-range-when-update-to-1.patch +++ b/0003-fix-cpu-quota-out-of-range-when-update-to-1.patch @@ -1,7 +1,7 @@ From cb0e052e96dfce0992132020eb5fba61c323cfc2 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Tue, 26 Jul 2022 02:17:47 -0700 -Subject: [PATCH 3/5] fix cpu-quota out of range when update to -1 +Subject: [PATCH 3/9] fix cpu-quota out of range when update to -1 Signed-off-by: Neil.wrz --- @@ -10,7 +10,7 @@ Signed-off-by: Neil.wrz 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lcrcontainer.h b/src/lcrcontainer.h -index 062d681..a051097 100644 +index 062d6810..a0510979 100644 --- a/src/lcrcontainer.h +++ b/src/lcrcontainer.h @@ -118,7 +118,7 @@ struct lcr_cgroup_resources { @@ -23,7 +23,7 @@ index 062d681..a051097 100644 char *cpuset_mems; uint64_t memory_limit; diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c -index 0aa9cff..042ad2f 100644 +index 0aa9cff7..042ad2fd 100644 --- a/src/lcrcontainer_execute.c +++ b/src/lcrcontainer_execute.c @@ -321,7 +321,7 @@ static int update_resources_cpu_quota(struct lxc_container *c, const struct lcr_ diff --git a/0004-remove-unused-daemon-config-args.patch b/0004-remove-unused-daemon-config-args.patch index 37db735..57438e2 100644 --- a/0004-remove-unused-daemon-config-args.patch +++ b/0004-remove-unused-daemon-config-args.patch @@ -1,7 +1,7 @@ From 0faebe9d8ff1ddcd3982b7bbd9f8d2078c3e5a29 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 6 Sep 2022 18:48:28 +0800 -Subject: [PATCH 4/5] remove unused daemon config args +Subject: [PATCH 4/9] remove unused daemon config args Signed-off-by: zhangxiaoyu --- @@ -9,7 +9,7 @@ Signed-off-by: zhangxiaoyu 1 file changed, 6 deletions(-) diff --git a/src/json/schema/isulad-daemon-configs.json b/src/json/schema/isulad-daemon-configs.json -index 1329ab0..1332a73 100644 +index 1329ab07..1332a73f 100644 --- a/src/json/schema/isulad-daemon-configs.json +++ b/src/json/schema/isulad-daemon-configs.json @@ -85,12 +85,6 @@ diff --git a/0005-refactor-handle-warnings.patch b/0005-refactor-handle-warnings.patch index b82226b..732a61f 100644 --- a/0005-refactor-handle-warnings.patch +++ b/0005-refactor-handle-warnings.patch @@ -1,7 +1,7 @@ From 42ed1c3fe60330c1ce98df1f6668bb8b4b2ded76 Mon Sep 17 00:00:00 2001 From: "Neil.wrz" Date: Thu, 8 Sep 2022 01:00:49 -0700 -Subject: [PATCH 5/5] refactor handle warnings +Subject: [PATCH 5/9] refactor handle warnings Signed-off-by: Neil.wrz --- @@ -16,7 +16,7 @@ Signed-off-by: Neil.wrz 8 files changed, 44 insertions(+), 26 deletions(-) diff --git a/src/conf.c b/src/conf.c -index f2569b3..4f644d9 100644 +index f2569b3b..4f644d98 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1391,7 +1391,8 @@ static int trans_resources_mem_swap_v1(const defs_resources *res, struct lcr_lis @@ -58,7 +58,7 @@ index f2569b3..4f644d9 100644 } } diff --git a/src/lcrcontainer.c b/src/lcrcontainer.c -index 5746b09..14cc6c4 100644 +index 5746b092..14cc6c43 100644 --- a/src/lcrcontainer.c +++ b/src/lcrcontainer.c @@ -498,11 +498,11 @@ bool lcr_kill(const char *name, const char *lcrpath, uint32_t signal) @@ -94,7 +94,7 @@ index 5746b09..14cc6c4 100644 cret = NULL; } diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c -index 042ad2f..118f26c 100644 +index 042ad2fd..118f26c2 100644 --- a/src/lcrcontainer_execute.c +++ b/src/lcrcontainer_execute.c @@ -199,7 +199,7 @@ static int update_resources_cpu_weight_v2(struct lxc_container *c, const struct @@ -181,7 +181,7 @@ index 042ad2f..118f26c 100644 if (weight < CGROUP2_BFQ_WEIGHT_MIN || weight > CGROUP2_BFQ_WEIGHT_MAX) { ERROR("invalid io weight cased by invalid blockio weight %llu", (unsigned long long) cr->blkio_weight); diff --git a/src/lcrcontainer_extend.c b/src/lcrcontainer_extend.c -index 717d13b..e03c212 100644 +index 717d13b4..e03c212a 100644 --- a/src/lcrcontainer_extend.c +++ b/src/lcrcontainer_extend.c @@ -818,6 +818,7 @@ static int lcr_spec_write_config(int fd, const struct lcr_list *lcr_conf) @@ -207,7 +207,7 @@ index 717d13b..e03c212 100644 goto cleanup; } diff --git a/src/utils.c b/src/utils.c -index 7ee9ba8..16719f6 100644 +index 7ee9ba81..16719f67 100644 --- a/src/utils.c +++ b/src/utils.c @@ -888,7 +888,7 @@ restart: @@ -233,7 +233,7 @@ index 7ee9ba8..16719f6 100644 int lcr_util_get_cgroup_version() diff --git a/src/utils.h b/src/utils.h -index 5aae95d..865b899 100644 +index 5aae95da..865b899a 100644 --- a/src/utils.h +++ b/src/utils.h @@ -219,7 +219,7 @@ int lcr_util_atomic_write_file(const char *filepath, const char *content); @@ -246,7 +246,7 @@ index 5aae95d..865b899 100644 #ifdef __cplusplus diff --git a/third_party/libocispec/read_file.c b/third_party/libocispec/read_file.c -index 42b83b2..29dbec3 100644 +index 42b83b20..29dbec33 100644 --- a/third_party/libocispec/read_file.c +++ b/third_party/libocispec/read_file.c @@ -29,7 +29,6 @@ @@ -258,7 +258,7 @@ index 42b83b2..29dbec3 100644 static int do_check_fread_args(const FILE *stream, const size_t *length) { diff --git a/third_party/log.c b/third_party/log.c -index 2fcb014..c3c1981 100644 +index 2fcb014d..c3c19815 100644 --- a/third_party/log.c +++ b/third_party/log.c @@ -25,7 +25,6 @@ diff --git a/0006-add-macro-to-adapt-musl-libc.patch b/0006-add-macro-to-adapt-musl-libc.patch index 27445f1..87b0db2 100644 --- a/0006-add-macro-to-adapt-musl-libc.patch +++ b/0006-add-macro-to-adapt-musl-libc.patch @@ -1,7 +1,7 @@ From 6422cb8a639f125cecfdf0829dd713d84ab3a9aa Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 15 Nov 2022 20:54:23 +0800 -Subject: [PATCH 6/7] add macro to adapt musl libc +Subject: [PATCH 6/9] add macro to adapt musl libc Signed-off-by: zhangxiaoyu --- @@ -10,7 +10,7 @@ Signed-off-by: zhangxiaoyu 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/cmake/set_build_flags.cmake b/cmake/set_build_flags.cmake -index 2b9249d..3b6842a 100644 +index 2b9249d9..3b6842a8 100644 --- a/cmake/set_build_flags.cmake +++ b/cmake/set_build_flags.cmake @@ -21,11 +21,11 @@ @@ -42,7 +42,7 @@ index 2b9249d..3b6842a 100644 + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror") +endif() diff --git a/third_party/libocispec/common_h.py b/third_party/libocispec/common_h.py -index 4ce7bda..02c689d 100644 +index 4ce7bda6..02c689dc 100644 --- a/third_party/libocispec/common_h.py +++ b/third_party/libocispec/common_h.py @@ -60,6 +60,15 @@ extern "C" { diff --git a/0007-add-add-gids-option-for-exec.patch b/0007-add-add-gids-option-for-exec.patch index 6a789ae..aaa0357 100644 --- a/0007-add-add-gids-option-for-exec.patch +++ b/0007-add-add-gids-option-for-exec.patch @@ -1,7 +1,7 @@ From 9f8fd81fab4fc0a8c48509c5f1eeb53be2c053af Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Sat, 3 Dec 2022 14:47:43 +0800 -Subject: [PATCH 7/7] add add-gids option for exec +Subject: [PATCH 7/9] add add-gids option for exec Signed-off-by: zhangxiaoyu --- @@ -10,7 +10,7 @@ Signed-off-by: zhangxiaoyu 2 files changed, 4 insertions(+) diff --git a/src/lcrcontainer.h b/src/lcrcontainer.h -index a051097..5cb3647 100644 +index a0510979..5cb36477 100644 --- a/src/lcrcontainer.h +++ b/src/lcrcontainer.h @@ -284,6 +284,7 @@ struct lcr_exec_request { @@ -22,7 +22,7 @@ index a051097..5cb3647 100644 const char **env; size_t env_len; diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c -index 118f26c..9f4e951 100644 +index 118f26c2..9f4e9515 100644 --- a/src/lcrcontainer_execute.c +++ b/src/lcrcontainer_execute.c @@ -870,6 +870,9 @@ static void execute_lxc_attach(const char *name, const char *path, const struct diff --git a/0008-handle-security-warning.patch b/0008-handle-security-warning.patch new file mode 100644 index 0000000..2c84d56 --- /dev/null +++ b/0008-handle-security-warning.patch @@ -0,0 +1,491 @@ +From 5e530a5b505e069d0d321c8d7c4a9c7db69ba5b2 Mon Sep 17 00:00:00 2001 +From: DriedYellowPeach +Date: Sat, 10 Dec 2022 13:17:57 +0000 +Subject: [PATCH 8/9] !209 handle security warning * handle security warning + +--- + src/conf.c | 41 +++++++++++++++++++------------------- + src/lcrcontainer.c | 38 +++++++++++++---------------------- + src/lcrcontainer_execute.c | 30 +++++++++++++++------------- + src/utils.c | 25 +++++++++++++++++++++-- + src/utils.h | 1 + + 5 files changed, 75 insertions(+), 60 deletions(-) + +diff --git a/src/conf.c b/src/conf.c +index 4f644d98..2b028878 100644 +--- a/src/conf.c ++++ b/src/conf.c +@@ -42,6 +42,7 @@ + #define SUB_UID_PATH "/etc/subuid" + #define SUB_GID_PATH "/etc/subgid" + #define ID_MAP_LEN 100 ++#define DEFAULT_BUF_LEN 300 + + /* files limit checker for cgroup v1 */ + static int files_limit_checker_v1(const char *value) +@@ -401,7 +402,7 @@ static char *capabilities_join(const char *sep, const char **parts, size_t len) + result_len += strlen(parts[iter]) - 4; + } + +- result = calloc(result_len + 1, 1); ++ result = lcr_util_smart_calloc_s(sizeof(char), result_len + 1); + if (result == NULL) { + return NULL; + } +@@ -1018,7 +1019,7 @@ static struct lcr_list *trans_mount_auto_to_lxc(const defs_mount *mount) + } + + buf_len = strlen(type) + strlen(options) + 2; +- buf = calloc(buf_len, 1); ++ buf = lcr_util_smart_calloc_s(sizeof(char), buf_len); + if (buf == NULL) { + DEBUG("Out of memory"); + goto out_free; +@@ -1066,7 +1067,7 @@ static struct lcr_list *trans_mount_entry_to_lxc(const defs_mount *mount) + } + + buf_len = strlen(replaced_dest) + strlen(mount->type) + strlen(replaced_source) + strlen(options) + 8; +- buf = calloc(buf_len, 1); ++ buf = lcr_util_smart_calloc_s(sizeof(char), buf_len); + if (buf == NULL) { + ERROR("Out of memory"); + goto out_free; +@@ -1202,7 +1203,7 @@ static int trans_one_oci_id_mapping(struct lcr_list *conf, const char *typ, cons + { + int nret; + struct lcr_list *node = NULL; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + char subid[ID_MAP_LEN] = { 0 }; + + nret = snprintf(buf_value, sizeof(buf_value), "%s %u %u %u", typ, id->container_id, id->host_id, id->size); +@@ -1289,7 +1290,7 @@ out_free: + static int trans_conf_int(struct lcr_list *conf, const char *lxc_key, int val) + { + struct lcr_list *node = NULL; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + int nret; + + nret = snprintf(buf_value, sizeof(buf_value), "%d", val); +@@ -1307,7 +1308,7 @@ static int trans_conf_int(struct lcr_list *conf, const char *lxc_key, int val) + static int trans_conf_uint32(struct lcr_list *conf, const char *lxc_key, uint32_t val) + { + struct lcr_list *node = NULL; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + int nret; + + nret = snprintf(buf_value, sizeof(buf_value), "%u", (unsigned int)val); +@@ -1325,7 +1326,7 @@ static int trans_conf_uint32(struct lcr_list *conf, const char *lxc_key, uint32_ + static int trans_conf_int64(struct lcr_list *conf, const char *lxc_key, int64_t val) + { + struct lcr_list *node = NULL; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + int nret; + + nret = snprintf(buf_value, sizeof(buf_value), "%lld", (long long)val); +@@ -1343,7 +1344,7 @@ static int trans_conf_int64(struct lcr_list *conf, const char *lxc_key, int64_t + static int trans_conf_uint64(struct lcr_list *conf, const char *lxc_key, uint64_t val) + { + struct lcr_list *node = NULL; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + int nret; + + nret = snprintf(buf_value, sizeof(buf_value), "%llu", (unsigned long long)val); +@@ -1565,7 +1566,7 @@ static int trans_resources_devices_v1(const defs_resources *res, struct lcr_list + { + int ret = -1; + size_t i = 0; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + + for (i = 0; i < res->devices_len; i++) { + defs_device_cgroup *lrd = res->devices[i]; +@@ -1717,7 +1718,7 @@ static int trans_blkio_wdevice_v1(const defs_resources_block_io *block_io, struc + struct lcr_list *node = NULL; + int ret = -1; + size_t i = 0; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + + for (i = 0; i < block_io->weight_device_len; i++) { + int nret; +@@ -1769,7 +1770,7 @@ static int trans_blkio_throttle_v1(defs_block_io_device_throttle **throttle, siz + for (i = 0; i < len; i++) { + if (throttle[i] && throttle[i]->rate != INVALID_INT) { + int nret; +- char buf_value[300] = { 0x00 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0x00 }; + nret = snprintf(buf_value, sizeof(buf_value), "%lld:%lld %llu", (long long)throttle[i]->major, + (long long)(throttle[i]->minor), (unsigned long long)(throttle[i]->rate)); + if (nret < 0 || (size_t)nret >= sizeof(buf_value)) { +@@ -1835,7 +1836,7 @@ static int trans_resources_hugetlb_v1(const defs_resources *res, struct lcr_list + { + int ret = -1; + size_t i = 0; +- char buf_key[300] = { 0 }; ++ char buf_key[DEFAULT_BUF_LEN] = { 0 }; + + for (i = 0; i < res->hugepage_limits_len; i++) { + defs_resources_hugepage_limits_element *lrhl = res->hugepage_limits[i]; +@@ -1861,7 +1862,7 @@ static int trans_resources_network_v1(const defs_resources *res, struct lcr_list + { + int ret = -1; + size_t i = 0; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + + if (!res->network) { + return 0; +@@ -1898,7 +1899,7 @@ out: + static int trans_resources_pids_v1(const defs_resources *res, struct lcr_list *conf) + { + int ret = -1; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + + if (res->pids == NULL) { + return 0; +@@ -2001,7 +2002,7 @@ static int trans_resources_devices_v2(const defs_resources *res, struct lcr_list + { + int ret = -1; + size_t i = 0; +- char buf_value[300] = { 0 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0 }; + + for (i = 0; i < res->devices_len; i++) { + defs_device_cgroup *lrd = res->devices[i]; +@@ -2096,7 +2097,7 @@ static int trans_resources_cpu_weight_v2(const defs_resources *res, struct lcr_l + /* trans resources cpu max of cgroup v2, it's called quota/period in cgroup v1 */ + static int trans_resources_cpu_max_v2(const defs_resources *res, struct lcr_list *conf) + { +- char buf_value[300] = {0}; ++ char buf_value[DEFAULT_BUF_LEN] = {0}; + uint64_t period = res->cpu->period; + int nret = 0; + +@@ -2195,7 +2196,7 @@ static int trans_io_weight_v2(const defs_resources_block_io *block_io, struct lc + for (i = 0; i < len; i++) { + if (weight_device[i] && weight_device[i]->weight != INVALID_INT) { + int nret = 0; +- char buf_value[300] = { 0x00 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0x00 }; + + weight = lcr_util_trans_blkio_weight_to_io_weight(weight_device[i]->weight); + if (weight < CGROUP2_WEIGHT_MIN || weight > CGROUP2_WEIGHT_MAX) { +@@ -2250,7 +2251,7 @@ static int trans_io_bfq_weight_v2(const defs_resources_block_io *block_io, struc + for (i = 0; i < len; i++) { + if (weight_device[i] && weight_device[i]->weight != INVALID_INT) { + int nret = 0; +- char buf_value[300] = { 0x00 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0x00 }; + + weight = lcr_util_trans_blkio_weight_to_io_weight(weight_device[i]->weight); + if (weight < CGROUP2_BFQ_WEIGHT_MIN || weight > CGROUP2_BFQ_WEIGHT_MAX) { +@@ -2288,7 +2289,7 @@ static int trans_io_throttle_v2(defs_block_io_device_throttle **throttle, size_t + for (i = 0; i < len; i++) { + if (throttle[i] && throttle[i]->rate != INVALID_INT) { + int nret = 0; +- char buf_value[300] = { 0x00 }; ++ char buf_value[DEFAULT_BUF_LEN] = { 0x00 }; + nret = snprintf(buf_value, sizeof(buf_value), "%lld:%lld %s=%llu", (long long)throttle[i]->major, + (long long)(throttle[i]->minor), rate_key, (unsigned long long)(throttle[i]->rate)); + if (nret < 0 || (size_t)nret >= sizeof(buf_value)) { +@@ -2348,7 +2349,7 @@ static int trans_resources_blkio_v2(const defs_resources_block_io *block_io, str + static int trans_resources_hugetlb_v2(const defs_resources *res, struct lcr_list *conf) + { + size_t i = 0; +- char buf_key[300] = { 0 }; ++ char buf_key[DEFAULT_BUF_LEN] = { 0 }; + + for (i = 0; i < res->hugepage_limits_len; i++) { + defs_resources_hugepage_limits_element *lrhl = res->hugepage_limits[i]; +diff --git a/src/lcrcontainer.c b/src/lcrcontainer.c +index 14cc6c43..ca587e4f 100644 +--- a/src/lcrcontainer.c ++++ b/src/lcrcontainer.c +@@ -181,34 +181,21 @@ int lcr_list_all_containers(const char *lcrpath, struct lcr_container_info **inf + + static int create_partial(const struct lxc_container *c) + { +- size_t len = 0; + int fd = 0; + int ret = 0; + struct flock lk; ++ char path[PATH_MAX] = { 0 }; + +- if (strlen(c->name) > ((SIZE_MAX - strlen(c->config_path)) - 10)) { +- return -1; +- } +- +- // $lxcpath + '/' + $name + '/partial' + \0 +- len = strlen(c->config_path) + strlen(c->name) + 10; +- +- char *path = lcr_util_common_calloc_s(len); +- if (path == NULL) { +- ERROR("Out of memory in create_partial"); +- return -1; +- } +- +- ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); +- if (ret < 0 || (size_t)ret >= len) { ++ ret = snprintf(path, PATH_MAX, "%s/%s/partial", c->config_path, c->name); ++ if (ret < 0 || (size_t)ret >= PATH_MAX) { + ERROR("Error writing partial pathname"); +- goto out_free; ++ return -1; + } + + fd = lcr_util_open(path, O_RDWR | O_CREAT | O_EXCL, DEFAULT_SECURE_FILE_MODE); + if (fd < 0) { + SYSERROR("Error creating partial file: %s", path); +- goto out_free; ++ return -1; + } + lk.l_type = F_WRLCK; + lk.l_whence = SEEK_SET; +@@ -217,15 +204,10 @@ static int create_partial(const struct lxc_container *c) + if (fcntl(fd, F_SETLKW, &lk) < 0) { + SYSERROR("Error locking partial file %s", path); + close(fd); +- goto out_free; ++ return -1; + } + +- free(path); + return fd; +- +-out_free: +- free(path); +- return -1; + } + + static void remove_partial(const struct lxc_container *c) +@@ -752,6 +734,10 @@ out_put: + + void lcr_container_state_free(struct lcr_container_state *lcs) + { ++ if (lcs == NULL) { ++ return; ++ } ++ + free(lcs->name); + lcs->name = NULL; + free(lcs->state); +@@ -1045,6 +1031,10 @@ out: + + void lcr_free_console_config(struct lcr_console_config *config) + { ++ if (config == NULL) { ++ return; ++ } ++ + free(config->log_path); + config->log_path = NULL; + free(config->log_file_size); +diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c +index 9f4e9515..ac49c501 100644 +--- a/src/lcrcontainer_execute.c ++++ b/src/lcrcontainer_execute.c +@@ -41,6 +41,8 @@ + #include "oci_runtime_spec.h" + #include "lcrcontainer_extend.h" + ++#define NUM_STR_LEN 128 ++ + // Cgroup v1 Item Definition + #define CGROUP_BLKIO_WEIGHT "blkio.weight" + #define CGROUP_CPU_SHARES "cpu.shares" +@@ -164,7 +166,7 @@ static int update_resources_cpuset_mems_v2(struct lxc_container *c, const struct + static int update_resources_cpu_shares(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->cpu_shares != 0) { + int num = snprintf(numstr, sizeof(numstr), "%llu", (unsigned long long)(cr->cpu_shares)); +@@ -186,7 +188,7 @@ out: + + static int update_resources_cpu_weight_v2(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->cpu_shares == 0) { + return 0; +@@ -215,7 +217,7 @@ static int update_resources_cpu_weight_v2(struct lxc_container *c, const struct + static int update_resources_cpu_period(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->cpu_period != 0) { + int num = snprintf(numstr, sizeof(numstr), "%llu", (unsigned long long)(cr->cpu_period)); +@@ -240,7 +242,7 @@ static int update_resources_cpu_max_v2(struct lxc_container *c, const struct lcr + int num = 0; + uint64_t period = cr->cpu_period; + int64_t quota = cr->cpu_quota; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (quota == 0 && period == 0) { + return 0; +@@ -318,7 +320,7 @@ out: + static int update_resources_cpu_quota(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->cpu_quota != 0) { + int num = snprintf(numstr, sizeof(numstr), "%lld", (long long int)cr->cpu_quota); +@@ -398,7 +400,7 @@ static int update_resources_cpu_v2(struct lxc_container *c, const struct lcr_cgr + static int update_resources_memory_limit(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->memory_limit != 0) { + int num = snprintf(numstr, sizeof(numstr), "%llu", (unsigned long long)(cr->memory_limit)); +@@ -436,7 +438,7 @@ static int trans_int64_to_numstr_with_max(int64_t value, char *numstr, size_t si + + static int update_resources_memory_limit_v2(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->memory_limit == 0) { + return 0; +@@ -457,7 +459,7 @@ static int update_resources_memory_limit_v2(struct lxc_container *c, const struc + static int update_resources_memory_swap(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->memory_swap != 0) { + int num = snprintf(numstr, sizeof(numstr), "%llu", (unsigned long long)(cr->memory_swap)); +@@ -479,7 +481,7 @@ out: + + static int update_resources_memory_swap_v2(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + int64_t swap = 0; + + if (cr->memory_swap == 0) { +@@ -505,7 +507,7 @@ static int update_resources_memory_swap_v2(struct lxc_container *c, const struct + static int update_resources_memory_reservation(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->memory_reservation != 0) { + int num = snprintf(numstr, sizeof(numstr), "%llu", (unsigned long long)(cr->memory_reservation)); +@@ -527,7 +529,7 @@ out: + + static int update_resources_memory_reservation_v2(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->memory_reservation == 0) { + return 0; +@@ -610,7 +612,7 @@ static int update_resources_mem_v2(struct lxc_container *c, struct lcr_cgroup_re + static int update_resources_blkio_weight_v1(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + int ret = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->blkio_weight != 0) { + int num = snprintf(numstr, sizeof(numstr), "%llu", (unsigned long long)(cr->blkio_weight)); +@@ -633,7 +635,7 @@ out: + static int update_resources_io_weight_v2(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + uint64_t weight = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->blkio_weight == 0) { + return 0; +@@ -666,7 +668,7 @@ static int update_resources_io_weight_v2(struct lxc_container *c, const struct l + static int update_resources_io_bfq_weight_v2(struct lxc_container *c, const struct lcr_cgroup_resources *cr) + { + uint64_t weight = 0; +- char numstr[128] = {0}; /* max buffer */ ++ char numstr[NUM_STR_LEN] = {0}; /* max buffer */ + + if (cr->blkio_weight == 0) { + return 0; +diff --git a/src/utils.c b/src/utils.c +index 16719f67..4b123bb7 100644 +--- a/src/utils.c ++++ b/src/utils.c +@@ -40,6 +40,14 @@ + #include "utils.h" + #include "log.h" + ++#if __WORDSIZE == 64 ++// current max user memory for 64-machine is 2^47 B ++#define MAX_MEMORY_SIZE ((size_t)1 << 47) ++#else ++// current max user memory for 32-machine is 2^31 B ++#define MAX_MEMORY_SIZE ((size_t)1 << 31) ++#endif ++ + #define ISSLASH(C) ((C) == '/') + #define IS_ABSOLUTE_FILE_NAME(F) (ISSLASH((F)[0])) + #define IS_RELATIVE_FILE_NAME(F) (!IS_ABSOLUTE_FILE_NAME(F)) +@@ -381,14 +389,27 @@ size_t lcr_array_len(void **orig_array) + return length; + } + ++void *lcr_util_smart_calloc_s(size_t unit_size, size_t count) ++{ ++ if (unit_size == 0) { ++ return NULL; ++ } ++ ++ if (count > (MAX_MEMORY_SIZE / unit_size)) { ++ return NULL; ++ } ++ ++ return calloc(count, unit_size); ++} ++ + /* util common malloc s */ + void *lcr_util_common_calloc_s(size_t size) + { +- if (size == 0) { ++ if (size == 0 || size > MAX_MEMORY_SIZE) { + return NULL; + } + +- return calloc(1, size); ++ return calloc((size_t)1, size); + } + + int lcr_mem_realloc(void **newptr, size_t newsize, void *oldptr, size_t oldsize) +diff --git a/src/utils.h b/src/utils.h +index 865b899a..6a3764b8 100644 +--- a/src/utils.h ++++ b/src/utils.h +@@ -198,6 +198,7 @@ int lcr_util_recursive_rmdir(const char *dirpath, int recursive_depth); + char *lcr_util_string_replace(const char *needle, const char *replacement, const char *haystack); + int lcr_util_open(const char *filename, int flags, mode_t mode); + ++void *lcr_util_smart_calloc_s(size_t unit_size, size_t count); + void *lcr_util_common_calloc_s(size_t size); + int lcr_util_safe_int(const char *numstr, int *converted); + int lcr_util_check_inherited(bool closeall, int fd_to_ignore); +-- +2.25.1 + diff --git a/0009-add-writable-field-to-layer-schema.patch b/0009-add-writable-field-to-layer-schema.patch new file mode 100644 index 0000000..2f016c7 --- /dev/null +++ b/0009-add-writable-field-to-layer-schema.patch @@ -0,0 +1,27 @@ +From 0457953d34128881cb524f40f44b3f0c3ccc4aca Mon Sep 17 00:00:00 2001 +From: DriedYellowPeach +Date: Sun, 11 Dec 2022 06:27:38 +0000 +Subject: [PATCH 9/9] !210 add writable field to layer schema * !207 add + writable field to layer + +--- + src/json/schema/storage/layer.json | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/json/schema/storage/layer.json b/src/json/schema/storage/layer.json +index f019bc8d..dda88913 100644 +--- a/src/json/schema/storage/layer.json ++++ b/src/json/schema/storage/layer.json +@@ -37,6 +37,9 @@ + }, + "incompelte": { + "type": "boolean" ++ }, ++ "writable": { ++ "type": "boolean" + } + } + } +-- +2.25.1 + diff --git a/lcr.spec b/lcr.spec index 7b43993..1238aa6 100644 --- a/lcr.spec +++ b/lcr.spec @@ -1,5 +1,5 @@ %global _version 2.0.8 -%global _release 9 +%global _release 10 %global _inner_name isula_libutils Name: lcr @@ -20,6 +20,8 @@ Patch0004: 0004-remove-unused-daemon-config-args.patch Patch0005: 0005-refactor-handle-warnings.patch Patch0006: 0006-add-macro-to-adapt-musl-libc.patch Patch0007: 0007-add-add-gids-option-for-exec.patch +Patch0008: 0008-handle-security-warning.patch +Patch0009: 0009-add-writable-field-to-layer-schema.patch %define lxcver_lower 4.0.3-2022102400 %define lxcver_upper 4.0.3-2022102500 @@ -109,6 +111,12 @@ rm -rf %{buildroot} %{_includedir}/%{_inner_name}/*.h %changelog +* Sat Dec 17 2022 wangrunze - 2.0.8-10 +- Type:enhancement +- CVE:NA +- SUG:NA +- DESC:handle security warning and modify schema + * Tue Dec 06 2022 zhangxiaoyu - 2.0.8-9 - Type:enhancement - CVE:NA