From 79a38af7d57e0ec7e527d1d28e8575c3fcfa4a45 Mon Sep 17 00:00:00 2001
From: tanyifeng <tanyifeng1@huawei.com>
Date: Mon, 3 Jun 2019 11:27:34 -0400
Subject: [PATCH 104/131] lxc: fix code error

Signed-off-by: tanyifeng <tanyifeng1@huawei.com>
Signed-off-by: LiFeng <lifeng68@huawei.com>
---
 src/lxc/af_unix.c        |  8 +++++++-
 src/lxc/cgroups/cgfsng.c | 10 +++++++++-
 src/lxc/lxccontainer.c   |  2 ++
 src/lxc/path.c           |  1 +
 src/lxc/terminal.c       | 16 ++++++++--------
 src/lxc/utils.c          |  8 ++++----
 6 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 4c45946d..1fc8ab0e 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -204,12 +204,18 @@ int lxc_abstract_unix_recv_fds_timeout(int fd, int *recvfds, int num_recvfds,
 	struct cmsghdr *cmsg = NULL;
 	char buf[1] = {0};
 	char *cmsgbuf = NULL;
-	size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
+	size_t cmsgbufsize = 0;
 	struct timeval out;
 
 	memset(&msg, 0, sizeof(msg));
 	memset(&iov, 0, sizeof(iov));
 
+	if (num_recvfds <= 0 || (SIZE_MAX / sizeof(int) < num_recvfds)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	cmsgbufsize = CMSG_SPACE((num_recvfds * sizeof(int)));
 	cmsgbuf = malloc(cmsgbufsize);
 	if (!cmsgbuf) {
 		errno = ENOMEM;
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 67c7a0ee..46f13f4d 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1688,7 +1688,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops,
 	if (merged) {
 		char **mc = NULL;
 		for (mc = merged; *mc; mc++) {
-			char *token;
+			char *token = NULL;
 			char *copy = must_copy_string(*mc);
 			lxc_iterate_parts(token, copy, ",") {
 				int mret;
@@ -2249,7 +2249,15 @@ static int cg_legacy_get_data(struct cgroup_ops *ops, const char *filename,
 	char *controller = NULL;
 
 	len = strlen(filename);
+	if (SIZE_MAX - 1 < len) {
+		errno = EINVAL;
+		return -1;
+	}
 	controller = calloc(1, len + 1);
+	if (controller == NULL) {
+		errno = ENOMEM;
+		return -1;
+	}
 	(void)strlcpy(controller, filename, len + 1);
 
 	p = strchr(controller, '.');
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index e32f524d..72417ed6 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1208,6 +1208,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 reboot:
 	if (conf->reboot == REBOOT_INIT) {
 		/* initialize handler */
+		lxc_free_handler(handler);
 		handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize);
 		if (!handler) {
 			ret = 1;
@@ -1248,6 +1249,7 @@ reboot:
 		conf->reboot = REBOOT_INIT;
 		goto reboot;
 	}
+	lxc_free_handler(handler);
 
 on_error:
 	if (c->pidfile) {
diff --git a/src/lxc/path.c b/src/lxc/path.c
index 92692dea..36d5e0be 100644
--- a/src/lxc/path.c
+++ b/src/lxc/path.c
@@ -31,6 +31,7 @@ bool specify_current_dir(const char *path)
 
 	bname = basename(basec);
 	if (bname == NULL) {
+		free(basec);
 		ERROR("Out of memory");
 		return false;
 	}
diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c
index 802bf392..a8a0dc97 100644
--- a/src/lxc/terminal.c
+++ b/src/lxc/terminal.c
@@ -231,7 +231,7 @@ static int lxc_terminal_truncate_log_file(struct lxc_terminal *terminal)
 }
 
 /*
- * isuald: support mult-logfiles
+ * isulad: support mult-logfiles
  * */
 static int lxc_terminal_rename_old_log_file(struct lxc_terminal *terminal)
 {
@@ -242,10 +242,10 @@ static int lxc_terminal_rename_old_log_file(struct lxc_terminal *terminal)
 
 	for (i = terminal->log_rotate - 1; i > 1; i--) {
 		ret = sprintf(tmp, "%s.%u", terminal->log_path, i);
-		if (ret < 0)
+		if (ret < 0) {
 			return -EFBIG;
-		if (rename_fname)
-			free(rename_fname);
+		}
+		free(rename_fname);
 		rename_fname = strdup(tmp);
 		ret = sprintf(tmp, "%s.%u", terminal->log_path, (i - 1));
 		if (ret < 0) {
@@ -253,13 +253,13 @@ static int lxc_terminal_rename_old_log_file(struct lxc_terminal *terminal)
 			return -EFBIG;
 		}
 		ret = lxc_unpriv(rename(tmp, rename_fname));
-		if (ret < 0 && errno != ENOENT)
+		if (ret < 0 && errno != ENOENT) {
+			free(rename_fname);
 			return ret;
+		}
 	}
 
-	if (rename_fname)
-		free(rename_fname);
-
+	free(rename_fname);
 	return 0;
 }
 
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index e6749471..9db762fb 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1769,11 +1769,11 @@ int fd_cloexec(int fd, bool cloexec)
 /* isulad: fd_nonblock */
 int fd_nonblock(int fd)
 {
-	long flags;
+	int flags;
 
 	flags = fcntl(fd, F_GETFL);
 
-	return fcntl(fd, F_SETFL, flags | O_NONBLOCK);
+	return fcntl(fd, F_SETFL, (int)((unsigned int)flags | O_NONBLOCK));
 }
 
 int recursive_destroy(char *dirname)
@@ -2140,9 +2140,9 @@ int lxc_open(const char *filename, int flags, mode_t mode)
 		return -1;
 	}
 	if (mode) {
-		return open(rpath, flags | O_CLOEXEC, mode);
+		return open(rpath, (int)((unsigned int)flags | O_CLOEXEC), mode);
 	} else {
-		return open(rpath, flags | O_CLOEXEC);
+		return open(rpath, (int)((unsigned int)flags | O_CLOEXEC));
 	}
 }
 
-- 
2.23.0