proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-26 13:16:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

conf, lxccontainer: fix length checks in snprintf

Browse Source 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
This commit is contained in:
Liza Tretyakova 2018-05-19 16:16:26 +03:00 committed by Christian Brauner
parent 7a41e8578e
commit 60534030e4
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
2 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/lxc/conf.c
View File

@ -650,19 +650,13 @@ unsigned long add_required_remount_flags(const char *s, const char *d,
static int add_shmount_to_list(struct lxc_conf *conf) {
char new_mount[MAXPATHLEN];
size_t len_mount;
/* Offset for the leading '/' since the path_cont
* is absolute inside the container */
int ret = -1, offset = 1;
/* +1 for the separating whitespace */
len_mount = strlen(conf->shmount.path_host) + 1
+ strlen(conf->shmount.path_cont) - offset
+ sizeof(" none bind,create=dir 0 0") - 1;
ret = snprintf(new_mount, len_mount + 1, "%s %s none bind,create=dir 0 0",
ret = snprintf(new_mount, sizeof(new_mount), "%s %s none bind,create=dir 0 0",
conf->shmount.path_host, conf->shmount.path_cont + offset);
if (ret < 0 || (size_t)ret >= len_mount + 1)
if (ret < 0 || (size_t)ret >= sizeof(new_mount))
return -1;
ret = add_elem_to_mount_list(new_mount, conf);

11
src/lxc/lxccontainer.c
View File

@ -4955,7 +4955,6 @@ static int do_lxcapi_mount(struct lxc_container *c, const char *source,
struct lxc_mount *mnt)
{
char *suff, *sret;
size_t len;
char template[MAXPATHLEN], path[MAXPATHLEN];
pid_t pid, init_pid;
struct stat sb;
@ -4970,10 +4969,9 @@ static int do_lxcapi_mount(struct lxc_container *c, const char *source,
ERROR("Host path to shared mountpoint must be specified in the config\n");
return -EINVAL;
}
len = strlen(c->lxc_conf->shmount.path_host) + sizeof("/.lxcmount_XXXXXX") - 1;
ret = snprintf(template, len + 1, "%s/.lxcmount_XXXXXX", c->lxc_conf->shmount.path_host);
if (ret < 0 || (size_t)ret >= len + 1) {
ret = snprintf(template, sizeof(template), "%s/.lxcmount_XXXXXX", c->lxc_conf->shmount.path_host);
if (ret < 0 || (size_t)ret >= sizeof(template)) {
SYSERROR("Error writing shmounts tempdir name");
goto out;
}
@ -5048,9 +5046,8 @@ static int do_lxcapi_mount(struct lxc_container *c, const char *source,
if (!suff)
_exit(EXIT_FAILURE);
len = strlen(c->lxc_conf->shmount.path_cont) + sizeof("/.lxcmount_XXXXXX") - 1;
ret = snprintf(path, len + 1, "%s%s", c->lxc_conf->shmount.path_cont, suff);
if (ret < 0 || (size_t)ret >= len + 1) {
ret = snprintf(path, sizeof(path), "%s%s", c->lxc_conf->shmount.path_cont, suff);
if (ret < 0 || (size_t)ret >= sizeof(path)) {
SYSERROR("Error writing container mountpoint name");
_exit(EXIT_FAILURE);
}