proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 12:37:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2627 from 2xsec/bugfix

Browse Source 
conf: realpath() uses null as second parameter to prevent buffer overflow
This commit is contained in:
Christian Brauner 2018-09-22 11:36:16 +02:00 committed by GitHub
commit 62f2b7448d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/lxc/conf.c
View File

@ -553,24 +553,31 @@ int run_script(const char *name, const char *section, const char *script, ...)
int pin_rootfs(const char *rootfs) int pin_rootfs(const char *rootfs)
{ {
int fd, ret; int fd, ret;
char absrootfs[MAXPATHLEN], absrootfspin[MAXPATHLEN]; char absrootfspin[MAXPATHLEN];
char *absrootfs;
struct stat s; struct stat s;
struct statfs sfs; struct statfs sfs;
if (rootfs == NULL || strlen(rootfs) == 0) if (rootfs == NULL || strlen(rootfs) == 0)
return -2; return -2;
if (!realpath(rootfs, absrootfs)) absrootfs = realpath(rootfs, NULL);
if (!absrootfs)
return -2; return -2;
ret = stat(absrootfs, &s); ret = stat(absrootfs, &s);
if (ret < 0) if (ret < 0) {
free(absrootfs);
return -1; return -1;
}
if (!S_ISDIR(s.st_mode)) if (!S_ISDIR(s.st_mode)) {
free(absrootfs);
return -2; return -2;
}
ret = snprintf(absrootfspin, MAXPATHLEN, "%s/.lxc-keep", absrootfs); ret = snprintf(absrootfspin, MAXPATHLEN, "%s/.lxc-keep", absrootfs);
free(absrootfs);
if (ret >= MAXPATHLEN) if (ret >= MAXPATHLEN)
return -1; return -1;
@ -1367,18 +1374,22 @@ int lxc_chroot(const struct lxc_rootfs *rootfs)
{ {
int i, ret; int i, ret;
char *p, *p2; char *p, *p2;
char buf[LXC_LINELEN], nroot[PATH_MAX]; char buf[LXC_LINELEN];
char *nroot;
FILE *f; FILE *f;
char *root = rootfs->mount; char *root = rootfs->mount;
if (!realpath(root, nroot)) { nroot = realpath(root, NULL);
if (!nroot) {
SYSERROR("Failed to resolve \"%s\"", root); SYSERROR("Failed to resolve \"%s\"", root);
return -1; return -1;
} }
ret = chdir("/"); ret = chdir("/");
if (ret < 0) if (ret < 0) {
free(nroot);
return -1; return -1;
}
/* We could use here MS_MOVE, but in userns this mount is locked and /* We could use here MS_MOVE, but in userns this mount is locked and
* can't be moved. * can't be moved.
@ -1386,8 +1397,10 @@ int lxc_chroot(const struct lxc_rootfs *rootfs)
ret = mount(nroot, "/", NULL, MS_REC | MS_BIND, NULL); ret = mount(nroot, "/", NULL, MS_REC | MS_BIND, NULL);
if (ret < 0) { if (ret < 0) {
SYSERROR("Failed to mount \"%s\" onto \"/\" as MS_REC | MS_BIND", nroot); SYSERROR("Failed to mount \"%s\" onto \"/\" as MS_REC | MS_BIND", nroot);
free(nroot);
return -1; return -1;
} }
free(nroot);
ret = mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL); ret = mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL);
if (ret < 0) { if (ret < 0) {