lxc/0036-Security-coding-modification.patch

From ff35c1cd6118668e13f7ca83d7d704bb9363155a Mon Sep 17 00:00:00 2001
From: wujing <wujing50@huawei.com>
Date: Wed, 15 Apr 2020 07:19:03 -0400
Subject: [PATCH 36/49] Security coding modification

Signed-off-by: wujing <wujing50@huawei.com>
---
 src/lxc/commands_utils.c |  2 +-
 src/lxc/confile.c        | 22 ++++++++++++++++++++++
 src/lxc/lxccontainer.c   |  8 ++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/lxc/commands_utils.c b/src/lxc/commands_utils.c
index 2f2670d..c5fc094 100644
--- a/src/lxc/commands_utils.c
+++ b/src/lxc/commands_utils.c
@@ -114,7 +114,7 @@ int lxc_make_abstract_socket_name(char *path, size_t pathlen,
 	}
 
 	ret = snprintf(offset, len, "%s/%s/%s", lxcpath, name, suffix);
-	if (ret < 0)
+	if (ret < 0 || (size_t)ret >= len)
 		return log_error_errno(-1, errno, "Failed to create abstract socket name");
 
 	/*
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index f00afe9..8790494 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -4288,7 +4288,12 @@ static int get_config_prlimit(const char *key, char *retv, int inlen,
 
 	lxc_list_for_each(it, &c->limits) {
 		/* 2 colon separated 64 bit integers or the word 'unlimited' */
+#ifdef HAVE_ISULAD
+#define MAX_LIMIT_BUF_LEN ((INTTYPE_TO_STRLEN(uint64_t) * 2) + 2)
+		char buf[MAX_LIMIT_BUF_LEN] = { 0 };
+#else
 		char buf[INTTYPE_TO_STRLEN(uint64_t) * 2 + 2];
+#endif
 		int partlen;
 		struct lxc_limit *lim = it->elem;
 
@@ -4296,17 +4301,34 @@ static int get_config_prlimit(const char *key, char *retv, int inlen,
 			memcpy(buf, "unlimited", STRLITERALLEN("unlimited") + 1);
 			partlen = STRLITERALLEN("unlimited");
 		} else {
+#ifdef HAVE_ISULAD
+			partlen = snprintf(buf, MAX_LIMIT_BUF_LEN, "%" PRIu64, (uint64_t)lim->limit.rlim_cur);
+			if (partlen < 0 || partlen >= MAX_LIMIT_BUF_LEN) {
+				return -1;
+			}
+#else
 			partlen = sprintf(buf, "%" PRIu64,
 					  (uint64_t)lim->limit.rlim_cur);
+#endif
 		}
 
 		if (lim->limit.rlim_cur != lim->limit.rlim_max) {
 			if (lim->limit.rlim_max == RLIM_INFINITY)
 				memcpy(buf + partlen, ":unlimited",
 				       STRLITERALLEN(":unlimited") + 1);
+#ifdef HAVE_ISULAD
+			else {
+				int nret = snprintf(buf + partlen, (MAX_LIMIT_BUF_LEN - partlen),
+								 ":%" PRIu64, (uint64_t)lim->limit.rlim_max);
+				if (nret < 0 || nret >= (MAX_LIMIT_BUF_LEN - partlen)) {
+					return -1;
+				}
+			}
+#else
 			else
 				sprintf(buf + partlen, ":%" PRIu64,
 					(uint64_t)lim->limit.rlim_max);
+#endif
 		}
 
 		if (get_all) {
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index f622a63..ab10ac6 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -3243,6 +3243,14 @@ static bool container_destroy(struct lxc_container *c,
 	if (ret < 0) {
 		ERROR("Failed to destroy directory \"%s\" for \"%s\"", path,
 		      c->name);
+#ifdef HAVE_ISULAD
+		char msg[BUFSIZ] = { 0 };
+		ret = snprintf(msg, BUFSIZ, "Failed to destroy directory \"%s\": %s", path, errno ? strerror(errno) : "error");
+		if (ret < 0 || ret >= BUFSIZ) {
+			ERROR("Sprintf failed");
+			goto out;
+		}
+#endif
 		goto out;
 	}
 	INFO("Destroyed directory \"%s\" for \"%s\"", path, c->name);
-- 
1.8.3.1