proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 06:21:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

conf, lxccontainer: fix length checks in snprintf

Browse Source 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
This commit is contained in:
Liza Tretyakova 2018-05-19 16:16:26 +03:00 committed by Christian Brauner
parent 7a41e8578e
commit 60534030e4
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
2 changed files with 6 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/lxc/conf.c
View File

@ -650,19 +650,13 @@ unsigned long add_required_remount_flags(const char *s, const char *d,
static int add_shmount_to_list(struct lxc_conf *conf) { static int add_shmount_to_list(struct lxc_conf *conf) {
char new_mount[MAXPATHLEN]; char new_mount[MAXPATHLEN];
size_t len_mount;
/* Offset for the leading '/' since the path_cont /* Offset for the leading '/' since the path_cont
* is absolute inside the container */ * is absolute inside the container */
int ret = -1, offset = 1; int ret = -1, offset = 1;
/* +1 for the separating whitespace */ ret = snprintf(new_mount, sizeof(new_mount), "%s %s none bind,create=dir 0 0",
len_mount = strlen(conf->shmount.path_host) + 1
+ strlen(conf->shmount.path_cont) - offset
+ sizeof(" none bind,create=dir 0 0") - 1;
ret = snprintf(new_mount, len_mount + 1, "%s %s none bind,create=dir 0 0",
conf->shmount.path_host, conf->shmount.path_cont + offset); conf->shmount.path_host, conf->shmount.path_cont + offset);
if (ret < 0 || (size_t)ret >= len_mount + 1) if (ret < 0 || (size_t)ret >= sizeof(new_mount))
return -1; return -1;
ret = add_elem_to_mount_list(new_mount, conf); ret = add_elem_to_mount_list(new_mount, conf);

11
src/lxc/lxccontainer.c
View File

@ -4955,7 +4955,6 @@ static int do_lxcapi_mount(struct lxc_container *c, const char *source,
struct lxc_mount *mnt) struct lxc_mount *mnt)
{ {
char *suff, *sret; char *suff, *sret;
size_t len;
char template[MAXPATHLEN], path[MAXPATHLEN]; char template[MAXPATHLEN], path[MAXPATHLEN];
pid_t pid, init_pid; pid_t pid, init_pid;
struct stat sb; struct stat sb;
@ -4970,10 +4969,9 @@ static int do_lxcapi_mount(struct lxc_container *c, const char *source,
ERROR("Host path to shared mountpoint must be specified in the config\n"); ERROR("Host path to shared mountpoint must be specified in the config\n");
return -EINVAL; return -EINVAL;
} }
len = strlen(c->lxc_conf->shmount.path_host) + sizeof("/.lxcmount_XXXXXX") - 1;
ret = snprintf(template, len + 1, "%s/.lxcmount_XXXXXX", c->lxc_conf->shmount.path_host); ret = snprintf(template, sizeof(template), "%s/.lxcmount_XXXXXX", c->lxc_conf->shmount.path_host);
if (ret < 0 || (size_t)ret >= len + 1) { if (ret < 0 || (size_t)ret >= sizeof(template)) {
SYSERROR("Error writing shmounts tempdir name"); SYSERROR("Error writing shmounts tempdir name");
goto out; goto out;
} }
@ -5048,9 +5046,8 @@ static int do_lxcapi_mount(struct lxc_container *c, const char *source,
if (!suff) if (!suff)
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
len = strlen(c->lxc_conf->shmount.path_cont) + sizeof("/.lxcmount_XXXXXX") - 1; ret = snprintf(path, sizeof(path), "%s%s", c->lxc_conf->shmount.path_cont, suff);
ret = snprintf(path, len + 1, "%s%s", c->lxc_conf->shmount.path_cont, suff); if (ret < 0 || (size_t)ret >= sizeof(path)) {
if (ret < 0 || (size_t)ret >= len + 1) {
SYSERROR("Error writing container mountpoint name"); SYSERROR("Error writing container mountpoint name");
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
} }