[lxc-devel] [lxc/master] coverity fixes

brauner on Github Tue, 27 Oct 2020 20:08:23 -0700

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3568


This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>

From ec0befee9475aa7d6913ee0da24761d66b111797 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Wed, 28 Oct 2020 03:58:54 +0100
Subject: [PATCH 1/4] commands: don't deref after NULL check

Fixes: Coverity 1465657
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/commands.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index de09c3aff0..cca09a1261 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -487,9 +487,12 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct 
lxc_cmd_req *req,
        };
        int ret;
 
-       if (!handler->conf || handler->conf->devpts_fd < 0)
+       if (!handler->conf || handler->conf->devpts_fd < 0) {
                rsp.ret = -EBADF;
-       ret = lxc_abstract_unix_send_fds(fd, &handler->conf->devpts_fd, 1, 
&rsp, sizeof(rsp));
+               ret = lxc_abstract_unix_send_fds(fd, NULL, 0, &rsp, 
sizeof(rsp));
+       } else {
+               ret = lxc_abstract_unix_send_fds(fd, &handler->conf->devpts_fd, 
1, &rsp, sizeof(rsp));
+       }
        if (ret < 0)
                return log_error(LXC_CMD_REAP_CLIENT_FD, "Failed to send devpts 
fd");
 

From 3715d0c03fae815963cbcef66524a2deffda39e0 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Wed, 28 Oct 2020 04:01:19 +0100
Subject: [PATCH 2/4] utils: don't deref after NULL check

Fixes: Coverity 1465855
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index c02eef1526..561f7685cc 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1113,7 +1113,7 @@ int safe_mount_beneath(const char *beneath, const char 
*src, const char *dst, co
        __do_close int beneath_fd = -EBADF;
        const char *path = beneath ? beneath : "/";
 
-       beneath_fd = openat(-1, beneath, O_RDONLY | O_CLOEXEC | O_DIRECTORY | 
O_PATH);
+       beneath_fd = openat(-1, path, O_RDONLY | O_CLOEXEC | O_DIRECTORY | 
O_PATH);
        if (beneath_fd < 0)
                return log_error_errno(-errno, errno, "Failed to open %s", 
path);
 

From 8ddf34f7a037325565b8cf8ff995cbf573f9932e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Wed, 28 Oct 2020 04:03:31 +0100
Subject: [PATCH 3/4] conf: check snprint return value

Fixes: Coverity 1465854
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/conf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 259d3766ab..c258d0b4c5 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1207,7 +1207,9 @@ static int lxc_fill_autodev(const struct lxc_rootfs 
*rootfs)
                if (ret < 0) {
                        const char *mntpt = rootfs->path ? rootfs->mount : NULL;
                        if (errno == ENOSYS) {
-                               snprintf(path, sizeof(path), "%s/dev/%s", 
mntpt, device->name);
+                               ret = snprintf(path, sizeof(path), "%s/dev/%s", 
mntpt, device->name);
+                               if (ret < 0 || ret >= sizeof(path))
+                                       return log_error(-1, "Failed to create 
device path for %s", device->name);
                                ret = safe_mount(hostpath, path, 0, MS_BIND, 
NULL, rootfs->path ? rootfs->mount : NULL);
                        }
                }

From 0dde733e5a049e695885d733eb98795b0eddbd74 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Wed, 28 Oct 2020 04:04:42 +0100
Subject: [PATCH 4/4] utils: check snprintf return value

Fixes: Coverity 1465853
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
 src/lxc/utils.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 561f7685cc..baf80b7f5c 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1097,7 +1097,9 @@ int __safe_mount_beneath_at(int beneath_fd, const char 
*src, const char *dst, co
        target_fd = openat2(beneath_fd, dst, &how, sizeof(how));
        if (target_fd < 0)
                return -errno;
-       snprintf(tgt_buf, sizeof(tgt_buf), "/proc/self/fd/%d", target_fd);
+       ret = snprintf(tgt_buf, sizeof(tgt_buf), "/proc/self/fd/%d", target_fd);
+       if (ret < 0 || ret >= sizeof(tgt_buf))
+               return -EIO;
 
        if (!is_empty_string(src_buf))
                ret = mount(src_buf, tgt_buf, fstype, flags, data);

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] coverity fixes

Reply via email to