lxc/0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch

From 2b4d27ef9b5d9f38654277f021fabdda2d5f8e36 Mon Sep 17 00:00:00 2001
From: isuladci <isulad@ci.com>
Date: Thu, 12 Jan 2023 19:20:43 -0800
Subject: [PATCH] fix cve CVE-2022-47952: log leaks root information

Signed-off-by: isuladci <isulad@ci.com>
---
 src/lxc/cmd/lxc_user_nic.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
index 4160565..5b848da 100644
--- a/src/lxc/cmd/lxc_user_nic.c
+++ b/src/lxc/cmd/lxc_user_nic.c
@@ -1087,20 +1087,16 @@ int main(int argc, char *argv[])
 	} else if (request == LXC_USERNIC_DELETE) {
 		char opath[LXC_PROC_PID_FD_LEN];
 
-		/* Open the path with O_PATH which will not trigger an actual
-		 * open(). Don't report an errno to the caller to not leak
-		 * information whether the path exists or not.
-		 * When stracing setuid is stripped so this is not a concern
-		 * either.
-		 */
+		// Keep in mind CVE-2022-47952: It's crucial not to leak any
+		// information whether open() succeeded or failed.
 		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
 		if (netns_fd < 0) {
-			usernic_error("Failed to open \"%s\"\n", args.pid);
+			usernic_error("Failed while opening netns file for \"%s\"\n", args.pid);
 			_exit(EXIT_FAILURE);
 		}
 
 		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
-			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
+			usernic_error("Failed while opening netns file for \"%s\"\n", args.pid);
 			close(netns_fd);
 			_exit(EXIT_FAILURE);
 		}
@@ -1114,7 +1110,7 @@ int main(int argc, char *argv[])
 		/* Now get an fd that we can use in setns() calls. */
 		ret = open(opath, O_RDONLY | O_CLOEXEC);
 		if (ret < 0) {
-			CMD_SYSERROR("Failed to open \"%s\"\n", args.pid);
+			CMD_SYSERROR("Failed while opening netns file for \"%s\"\n", args.pid);
 			close(netns_fd);
 			_exit(EXIT_FAILURE);
 		}
-- 
2.25.1