packages/lcr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lcr/0013-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch
jikai 754dcd5242 sync from upstream 
Signed-off-by: jikai <jikai11@huawei.com>
(cherry picked from commit 35815058031561339484cdbdff29d3c4beef7a99)
2024-06-11 19:20:32 +08:00

209 lines
6.4 KiB
Diff
Raw Blame History

From fef260da5d0acf8d730ad6a809382989c521b0ef Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Thu, 9 May 2024 12:28:44 +0000
Subject: [PATCH 13/14] fix bug for potential config/seccomp/ocihook write
error
Signed-off-by: jikai <jikai11@huawei.com>
---
src/runtime/lcrcontainer_extend.c | 62 +++++++++++++++----------------
1 file changed, 31 insertions(+), 31 deletions(-)
diff --git a/src/runtime/lcrcontainer_extend.c b/src/runtime/lcrcontainer_extend.c
index 0b420d2..93ec60f 100644
--- a/src/runtime/lcrcontainer_extend.c
+++ b/src/runtime/lcrcontainer_extend.c
@@ -347,12 +347,13 @@ out:
return ret;
}
-static int lcr_spec_write_seccomp_line(FILE *fp, const char *seccomp)
+static int lcr_spec_write_seccomp_line(int fd, const char *seccomp)
{
size_t len;
char *line = NULL;
int ret = -1;
int nret;
+ ssize_t nwritten = -1;
if (strlen(seccomp) > SIZE_MAX - strlen("lxc.seccomp.profile") - 3 - 1) {
ERROR("the length of lxc.seccomp is too long!");
@@ -378,7 +379,8 @@ static int lcr_spec_write_seccomp_line(FILE *fp, const char *seccomp)
}
line[nret] = '\n';
- if (fwrite(line, 1, len ,fp) != len) {
+ nwritten = isula_file_total_write_nointr(fd, line, len);
+ if (nwritten < 0 || (size_t)nwritten != len) {
SYSERROR("Write file failed");
goto cleanup;
}
@@ -395,7 +397,7 @@ static char *lcr_save_seccomp_file(const char *bundle, const char *seccomp_conf)
char *real_seccomp = NULL;
int fd = -1;
int nret;
- ssize_t written_cnt;
+ ssize_t nwritten = -1;
nret = snprintf(seccomp, sizeof(seccomp), "%s/seccomp", bundle);
if (nret < 0 || (size_t)nret >= sizeof(seccomp)) {
@@ -414,9 +416,9 @@ static char *lcr_save_seccomp_file(const char *bundle, const char *seccomp_conf)
goto cleanup;
}
- written_cnt = write(fd, seccomp_conf, strlen(seccomp_conf));
+ nwritten = isula_file_total_write_nointr(fd, seccomp_conf, strlen(seccomp_conf));
close(fd);
- if (written_cnt == -1) {
+ if (nwritten < 0 || (size_t)nwritten != strlen(seccomp_conf)) {
SYSERROR("write seccomp_conf failed");
goto cleanup;
}
@@ -609,14 +611,12 @@ out_free:
return NULL;
}
-
-static FILE *lcr_open_config_file(const char *bundle)
+static int lcr_open_config_file(const char *bundle)
{
char config[PATH_MAX] = { 0 };
char *real_config = NULL;
int fd = -1;
int nret;
- FILE *fp = NULL;
nret = snprintf(config, sizeof(config), "%s/config", bundle);
if (nret < 0 || (size_t)nret >= sizeof(config)) {
@@ -636,15 +636,9 @@ static FILE *lcr_open_config_file(const char *bundle)
goto out;
}
- fp = fdopen(fd, "w");
- if(fp == NULL){
- ERROR("FILE open failed");
- goto out;
- }
-
out:
free(real_config);
- return fp;
+ return fd;
}
// escape_string_encode unzip some escape characters
@@ -710,17 +704,19 @@ static char *escape_string_encode(const char *src)
return dst;
}
-static int lcr_spec_write_config(FILE *fp, const struct isula_linked_list *lcr_conf)
+static int lcr_spec_write_config(int fd, const struct isula_linked_list *lcr_conf)
{
size_t len;
- int ret = -1;
+ char *line = NULL;
struct isula_linked_list *it = NULL;
char *line_encode = NULL;
- char *line = NULL;
+ int ret = -1;
isula_linked_list_for_each(it, lcr_conf) {
lcr_config_item_t *item = it->elem;
int nret;
+ size_t encode_len;
+ ssize_t nwritten = -1;
if (item != NULL) {
if (strlen(item->value) > ((SIZE_MAX - strlen(item->name)) - 4)) {
goto cleanup;
@@ -733,6 +729,7 @@ static int lcr_spec_write_config(FILE *fp, const struct isula_linked_list *lcr_c
}
nret = snprintf(line, len, "%s = %s", item->name, item->value);
+
if (nret < 0 || (size_t)nret >= len) {
ERROR("Sprintf failed");
goto cleanup;
@@ -744,10 +741,11 @@ static int lcr_spec_write_config(FILE *fp, const struct isula_linked_list *lcr_c
goto cleanup;
}
- len = strlen(line_encode);
- line_encode[len] = '\n';
+ encode_len = strlen(line_encode);
- if (fwrite(line_encode, 1, len + 1, fp) != len + 1) {
+ line_encode[encode_len] = '\n';
+ nwritten = isula_file_total_write_nointr(fd, line_encode, encode_len + 1);
+ if (nwritten < 0 || (size_t)nwritten != encode_len + 1) {
SYSERROR("Write file failed");
goto cleanup;
}
@@ -816,7 +814,7 @@ bool lcr_save_spec(const char *name, const char *lcrpath, const struct isula_lin
const char *path = lcrpath ? lcrpath : LCRPATH;
char *bundle = NULL;
char *seccomp = NULL;
- FILE *fp = NULL;
+ int fd = -1;
int nret = 0;
if (name == NULL) {
@@ -841,17 +839,17 @@ bool lcr_save_spec(const char *name, const char *lcrpath, const struct isula_lin
}
}
- fp = lcr_open_config_file(bundle);
- if (fp == NULL) {
+ fd = lcr_open_config_file(bundle);
+ if (fd == -1) {
goto out_free;
}
- if (lcr_spec_write_config(fp, lcr_conf)) {
+ if (lcr_spec_write_config(fd, lcr_conf)) {
goto out_free;
}
if (seccomp_conf != NULL) {
- nret = lcr_spec_write_seccomp_line(fp, seccomp);
+ nret = lcr_spec_write_seccomp_line(fd, seccomp);
if (nret) {
goto out_free;
}
@@ -860,11 +858,11 @@ bool lcr_save_spec(const char *name, const char *lcrpath, const struct isula_lin
bret = true;
out_free:
- if (fp != NULL) {
- fclose(fp);
- }
- free(seccomp);
free(bundle);
+ free(seccomp);
+ if (fd != -1) {
+ close(fd);
+ }
return bret;
}
@@ -874,6 +872,7 @@ static int lcr_write_file(const char *path, const char *data, size_t len)
char *real_path = NULL;
int fd = -1;
int ret = -1;
+ ssize_t nwritten = -1;
if (path == NULL || strlen(path) == 0 || data == NULL || len == 0) {
return -1;
@@ -891,7 +890,8 @@ static int lcr_write_file(const char *path, const char *data, size_t len)
goto out_free;
}
- if (write(fd, data, len) == -1) {
+ nwritten = isula_file_total_write_nointr(fd, data, len);
+ if (nwritten < 0 || (size_t)nwritten != len) {
SYSERROR("write data to %s failed", real_path);
goto out_free;
}
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink