!397 fix CVE-2022-47052

From: @driedyellowpeach 
Reviewed-by: @zh_xiaoyu, @duguhaotian 
Signed-off-by: @duguhaotian

0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch

@@ -0,0 +1,51 @@
+From 2b4d27ef9b5d9f38654277f021fabdda2d5f8e36 Mon Sep 17 00:00:00 2001
+From: isuladci <isulad@ci.com>
+Date: Thu, 12 Jan 2023 19:20:43 -0800
+Subject: [PATCH] fix cve CVE-2022-47952: log leaks root information
+
+Signed-off-by: isuladci <isulad@ci.com>
+---
+ src/lxc/cmd/lxc_user_nic.c | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
+index 4160565..5b848da 100644
+--- a/src/lxc/cmd/lxc_user_nic.c
++++ b/src/lxc/cmd/lxc_user_nic.c
+@@ -1087,20 +1087,16 @@ int main(int argc, char *argv[])
+ 	} else if (request == LXC_USERNIC_DELETE) {
+ 		char opath[LXC_PROC_PID_FD_LEN];
+ 
+-		/* Open the path with O_PATH which will not trigger an actual
+-		 * open(). Don't report an errno to the caller to not leak
+-		 * information whether the path exists or not.
+-		 * When stracing setuid is stripped so this is not a concern
+-		 * either.
+-		 */
++		// Keep in mind CVE-2022-47952: It's crucial not to leak any
++		// information whether open() succeeded or failed.
+ 		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
+ 		if (netns_fd < 0) {
+-			usernic_error("Failed to open \"%s\"\n", args.pid);
++			usernic_error("Failed while opening netns file for \"%s\"\n", args.pid);
+ 			_exit(EXIT_FAILURE);
+ 		}
+ 
+ 		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
+-			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
++			usernic_error("Failed while opening netns file for \"%s\"\n", args.pid);
+ 			close(netns_fd);
+ 			_exit(EXIT_FAILURE);
+ 		}
+@@ -1114,7 +1110,7 @@ int main(int argc, char *argv[])
+ 		/* Now get an fd that we can use in setns() calls. */
+ 		ret = open(opath, O_RDONLY | O_CLOEXEC);
+ 		if (ret < 0) {
+-			CMD_SYSERROR("Failed to open \"%s\"\n", args.pid);
++			CMD_SYSERROR("Failed while opening netns file for \"%s\"\n", args.pid);
+ 			close(netns_fd);
+ 			_exit(EXIT_FAILURE);
+ 		}
+-- 
+2.25.1
+

lxc.spec

@@ -1,4 +1,4 @@
-%global _release 2022102406
+%global _release 2022102407
 
 Name:           lxc
 Version:        4.0.3
@@ -29,6 +29,7 @@ Patch0018:	0018-add-macro-to-adapt-musl-libc.patch
 Patch0019:	0019-add-lxc-attach-add-gids-option.patch
 Patch0020:	0020-add-sscanf-adapation-code-for-musl.patch
 Patch0021:	0021-change-the-suffi-parameter-in-lxc-attach-help-output.patch
+Patch0022:	0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -209,6 +210,12 @@ make check
 %endif
 
 %changelog
+* Fri Jan 13 2023 wangrunze<wangrunze13@huawei.com> - 4.0.3-2022102407
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix cve CVE-2022-47952 log leaks root information
+
 * Fri Dec 16 2022 huangsong<huangsong14@huawei.com> - 4.0.3-2022102406
 - Type:bugfix
 - ID:NA

series.conf

@@ -17,3 +17,5 @@
 0018-add-macro-to-adapt-musl-libc.patch
 0019-add-lxc-attach-add-gids-option.patch
 0020-add-sscanf-adapation-code-for-musl.patch
+0021-change-the-suffi-parameter-in-lxc-attach-help-output.patch
+0022-fix-cve-CVE-2022-47952-log-leaks-root-information.patch