From f4bdebfd8ebe0db6e99f0406a129f83da2e5a578 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Thu, 14 Dec 2017 22:45:56 +0100 Subject: [PATCH 1/2] tools: add missing break to lxc-execute coverity: #1426131 Signed-off-by: Christian Brauner --- src/lxc/tools/lxc_execute.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/lxc/tools/lxc_execute.c b/src/lxc/tools/lxc_execute.c index c25223682..dc1f504e7 100644 --- a/src/lxc/tools/lxc_execute.c +++ b/src/lxc/tools/lxc_execute.c @@ -63,10 +63,19 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg) case 'g': if (lxc_safe_uint(arg, &args->gid) < 0) return -1; - case OPT_SHARE_NET: args->share_ns[LXC_NS_NET] = arg; break; - case OPT_SHARE_IPC: args->share_ns[LXC_NS_IPC] = arg; break; - case OPT_SHARE_UTS: args->share_ns[LXC_NS_UTS] = arg; break; - case OPT_SHARE_PID: args->share_ns[LXC_NS_PID] = arg; break; + break; + case OPT_SHARE_NET: + args->share_ns[LXC_NS_NET] = arg; + break; + case OPT_SHARE_IPC: + args->share_ns[LXC_NS_IPC] = arg; + break; + case OPT_SHARE_UTS: + args->share_ns[LXC_NS_UTS] = arg; + break; + case OPT_SHARE_PID: + args->share_ns[LXC_NS_PID] = arg; + break; } return 0; } From 1933b53f591653fefb8c8f962fdc0aeaaddfdbfb Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Thu, 14 Dec 2017 23:00:04 +0100 Subject: [PATCH 2/2] lxc_init: fix cgroup parsing coverity: #1426132 coverity: #1426133 Signed-off-by: Christian Brauner --- src/lxc/Makefile.am | 2 +- src/lxc/lxc_init.c | 68 +++++++++++++++++++++++++-------------------- 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index b688b0e9d..13a7ab4dd 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -304,7 +304,7 @@ endif if HAVE_STATIC_LIBCAP sbin_PROGRAMS += init.lxc.static -init_lxc_static_SOURCES = lxc_init.c error.c log.c initutils.c caps.c +init_lxc_static_SOURCES = lxc_init.c error.c log.c initutils.c caps.c parse.c if !HAVE_GETLINE if HAVE_FGETLN diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c index dcf9687de..c849b5475 100644 --- a/src/lxc/lxc_init.c +++ b/src/lxc/lxc_init.c @@ -40,6 +40,7 @@ #include "error.h" #include "initutils.h" #include "log.h" +#include "parse.h" #include "version.h" /* option keys for long only options */ @@ -98,55 +99,64 @@ static struct arguments my_args = { static void prevent_forking(void) { FILE *f; - char name[MAXPATHLEN], path[MAXPATHLEN]; - int ret; + int fd = -1; + size_t len = 0; + char *line = NULL; + char path[MAXPATHLEN]; f = fopen("/proc/self/cgroup", "r"); - if (!f) { - SYSERROR("Failed to open \"/proc/self/cgroup\""); + if (!f) return; - } - while (!feof(f)) { - int fd, i; + while (getline(&line, &len, f) != -1) { + int ret; + char *p, *p2; - if (1 != fscanf(f, "%*d:%" QUOTEVAL(MAXPATHLEN) "s", name)) { - ERROR("Failed to parse \"/proc/self/cgroup\""); - goto out; - } - path[0] = 0; + p = strchr(line, ':'); + if (!p) + continue; + p++; + p2 = strchr(p, ':'); + if (!p2) + continue; + *p2 = '\0'; - for (i = 0; i < sizeof(name); i++) { - if (name[i] == ':') { - name[i] = 0; - strncpy(path, name + i + 1, sizeof(path)); - break; - } - } - - if (strcmp(name, "pids")) + /* This is a cgroup v2 entry. Skip it. */ + if ((p2 - p) == 0) continue; - ret = snprintf(name, sizeof(name), "/sys/fs/cgroup/pids/%s/pids.max", path); + if (strcmp(p, "pids") != 0) + continue; + p2++; + + p2 += lxc_char_left_gc(p2, strlen(p2)); + p2[lxc_char_right_gc(p2, strlen(p2))] = '\0'; + + ret = snprintf(path, sizeof(path), + "/sys/fs/cgroup/pids/%s/pids.max", p2); if (ret < 0 || (size_t)ret >= sizeof(path)) { ERROR("Failed to create string"); - goto out; + goto on_error; } - fd = open(name, O_WRONLY); + fd = open(path, O_WRONLY); if (fd < 0) { - SYSERROR("Failed to open \"%s\"", name); - goto out; + SYSERROR("Failed to open \"%s\"", path); + goto on_error; } if (write(fd, "1", 1) != 1) - SYSERROR("Failed to write to \"%s\"", name); + SYSERROR("Failed to write to \"%s\"", path); close(fd); + fd = -1; break; } -out: +on_error: + if (fd >= 0) + close(fd); + free(line); fclose(f); } @@ -419,8 +429,6 @@ out: exit(ret); } - - static void print_usage(const struct option longopts[]) {