proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-09 05:32:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix getpwuid() thread safe issue

Browse Source 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
This commit is contained in:
Donghwa Jeong 2018-06-14 15:32:03 +09:00
parent db8b325a3c
commit cb7aa5e8ca
No known key found for this signature in database
GPG Key ID: 0BE2750EE612F372
4 changed files with 109 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/lxc/attach.c
View File

@ -1501,14 +1501,32 @@ int lxc_attach_run_command(void* payload)
int lxc_attach_run_shell(void* payload) int lxc_attach_run_shell(void* payload)
{ {
uid_t uid; uid_t uid;
struct passwd *passwd; struct passwd pwent;
struct passwd *pwentp = NULL;
char *user_shell; char *user_shell;
char *buf;
size_t bufsize;
int ret;
/* Ignore payload parameter. */ /* Ignore payload parameter. */
(void)payload; (void)payload;
uid = getuid(); uid = getuid();
passwd = getpwuid(uid);
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1)
bufsize = 1024;
buf = malloc(bufsize);
if (buf) {
ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
if (!pwentp) {
if (ret == 0)
WARN("Could not find matched password record.");
WARN("Failed to get password record - %u", uid);
}
}
/* This probably happens because of incompatible nss implementations in /* This probably happens because of incompatible nss implementations in
* host and container (remember, this code is still using the host's * host and container (remember, this code is still using the host's
@ -1516,10 +1534,10 @@ int lxc_attach_run_shell(void* payload)
* the information by spawning a [getent passwd uid] process and parsing * the information by spawning a [getent passwd uid] process and parsing
* the result. * the result.
*/ */
if (!passwd) if (!pwentp)
user_shell = lxc_attach_getpwshell(uid); user_shell = lxc_attach_getpwshell(uid);
else else
user_shell = passwd->pw_shell; user_shell = pwent.pw_shell;
if (user_shell) if (user_shell)
execlp(user_shell, user_shell, (char *)NULL); execlp(user_shell, user_shell, (char *)NULL);
@ -1528,7 +1546,8 @@ int lxc_attach_run_shell(void* payload)
*/ */
execlp("/bin/sh", "/bin/sh", (char *)NULL); execlp("/bin/sh", "/bin/sh", (char *)NULL);
SYSERROR("Failed to execute shell"); SYSERROR("Failed to execute shell");
if (!passwd) if (!pwentp)
free(user_shell); free(user_shell);
free(buf);
return -1; return -1;
} }

31
src/lxc/cmd/lxc_user_nic.c
View File

@ -103,15 +103,35 @@ static int open_and_lock(char *path)
static char *get_username(void) static char *get_username(void)
{ {
struct passwd *pwd; struct passwd pwent;
struct passwd *pwentp = NULL;
char *buf;
char *username;
size_t bufsize;
int ret;
pwd = getpwuid(getuid()); bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (!pwd) { if (bufsize == -1)
usernic_error("Failed to get username: %s\n", strerror(errno)); bufsize = 1024;
buf = malloc(bufsize);
if (!buf)
return NULL;
ret = getpwuid_r(getuid(), &pwent, buf, bufsize, &pwentp);
if (!pwentp) {
if (ret == 0)
usernic_error("%s", "Could not find matched password record\n");
usernic_error("Failed to get username: %s(%u)\n", strerror(errno), getuid());
free(buf);
return NULL; return NULL;
} }
return pwd->pw_name; username = strdup(pwent.pw_name);
free(buf);
return username;
} }
static void free_groupnames(char **groupnames) static void free_groupnames(char **groupnames)
@ -1170,6 +1190,7 @@ int main(int argc, char *argv[])
} }
n = get_alloted(me, args.type, args.link, &alloted); n = get_alloted(me, args.type, args.link, &alloted);
free(me);
if (request == LXC_USERNIC_DELETE) { if (request == LXC_USERNIC_DELETE) {
int ret; int ret;

38
src/lxc/cmd/lxc_usernsexec.c
View File

@ -253,14 +253,42 @@ static int read_default_map(char *fnam, int which, char *username)
static int find_default_map(void) static int find_default_map(void)
{ {
struct passwd *p = getpwuid(getuid()); struct passwd pwent;
if (!p) struct passwd *pwentp = NULL;
char *buf;
size_t bufsize;
int ret;
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1)
bufsize = 1024;
buf = malloc(bufsize);
if (!buf)
return -1; return -1;
if (read_default_map(subuidfile, ID_TYPE_UID, p->pw_name) < 0)
ret = getpwuid_r(getuid(), &pwent, buf, bufsize, &pwentp);
if (!pwentp) {
if (ret == 0)
printf("WARN: could not find matched password record\n");
printf("Failed to get password record - %u\n", getuid());
free(buf);
return -1; return -1;
if (read_default_map(subgidfile, ID_TYPE_GID, p->pw_name) < 0) }
if (read_default_map(subuidfile, ID_TYPE_UID, pwent.pw_name) < 0) {
free(buf);
return -1; return -1;
return 0; }
if (read_default_map(subgidfile, ID_TYPE_GID, pwent.pw_name) < 0) {
free(buf);
return -1;
}
free(buf);
return 0;
} }
int main(int argc, char *argv[]) int main(int argc, char *argv[])

30
src/lxc/conf.c
View File

@ -4508,13 +4508,35 @@ on_error:
/* not thread-safe, do not use from api without first forking */ /* not thread-safe, do not use from api without first forking */
static char *getuname(void) static char *getuname(void)
{ {
struct passwd *result; struct passwd pwent;
struct passwd *pwentp = NULL;
char *buf;
char *username;
size_t bufsize;
int ret;
result = getpwuid(geteuid()); bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (!result) if (bufsize == -1)
bufsize = 1024;
buf = malloc(bufsize);
if (!buf)
return NULL; return NULL;
return strdup(result->pw_name); ret = getpwuid_r(geteuid(), &pwent, buf, bufsize, &pwentp);
if (!pwentp) {
if (ret == 0)
WARN("Could not find matched password record.");
ERROR("Failed to get password record - %u", geteuid());
free(buf);
return NULL;
}
username = strdup(pwent.pw_name);
free(buf);
return username;
} }
/* not thread-safe, do not use from api without first forking */ /* not thread-safe, do not use from api without first forking */