Skip to content

L
lxc
Unverified Commit 00df5330 by Christian Brauner
Options

commands: verify expected file descriptors were sent

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 8a95cd82
Showing with 11 additions and 4 deletions
src/lxc/commands.c
...@@ -132,6 +132,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) ...@@ -132,6 +132,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
call_cleaner(put_unix_fds) struct unix_fds *fds = &(struct unix_fds){}; call_cleaner(put_unix_fds) struct unix_fds *fds = &(struct unix_fds){};
struct lxc_cmd_rsp *rsp = &cmd->rsp; struct lxc_cmd_rsp *rsp = &cmd->rsp;
const char *reqstr = lxc_cmd_str(cmd->req.cmd); const char *reqstr = lxc_cmd_str(cmd->req.cmd);
int fret = 0;
int ret; int ret;
switch (cmd->req.cmd) { switch (cmd->req.cmd) {
...@@ -158,7 +159,13 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) ...@@ -158,7 +159,13 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
ret = lxc_abstract_unix_recv_fds(sock, fds, rsp, sizeof(*rsp)); ret = lxc_abstract_unix_recv_fds(sock, fds, rsp, sizeof(*rsp));
if (ret < 0) if (ret < 0)
return syserrno(ret, "Failed to receive response for command \"%s\"", reqstr); return syserrno(ret, "Failed to receive response for command \"%s\"", reqstr);
TRACE("Command \"%s\" received response with %u file descriptors", reqstr, fds->fd_count_ret);
if (fds->fd_count_max == 0) {
TRACE("Command \"%s\" received response with %u file descriptors", reqstr, fds->fd_count_ret);
} else if (fds->fd_count_ret == 0) {
WARN("Command \"%s\" received response without expected file descriptors", reqstr);
fret = -EBADF;
}
if (cmd->req.cmd == LXC_CMD_CONSOLE) { if (cmd->req.cmd == LXC_CMD_CONSOLE) {
struct lxc_cmd_console_rsp_data *rspdata; struct lxc_cmd_console_rsp_data *rspdata;
...@@ -189,7 +196,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) ...@@ -189,7 +196,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
__fallthrough; __fallthrough;
case LXC_CMD_GET_SECCOMP_NOTIFY_FD: case LXC_CMD_GET_SECCOMP_NOTIFY_FD:
rsp->data = INT_TO_PTR(move_fd(fds->fd[0])); rsp->data = INT_TO_PTR(move_fd(fds->fd[0]));
return log_debug(ret, "Finished processing \"%s\"", reqstr); return log_debug(fret ?: ret, "Finished processing \"%s\"", reqstr);
case LXC_CMD_GET_CGROUP_CTX: case LXC_CMD_GET_CGROUP_CTX:
if (rsp->datalen > sizeof(struct cgroup_ctx)) if (rsp->datalen > sizeof(struct cgroup_ctx))
return syserrno_set(-EINVAL, "Invalid response size from server for \"%s\"", reqstr); return syserrno_set(-EINVAL, "Invalid response size from server for \"%s\"", reqstr);
...@@ -202,7 +209,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) ...@@ -202,7 +209,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
} }
if (rsp->datalen == 0) if (rsp->datalen == 0)
return log_debug(ret, "Response data length for command \"%s\" is 0", reqstr); return log_debug(fret ?: ret, "Response data length for command \"%s\" is 0", reqstr);
if ((rsp->datalen > LXC_CMD_DATA_MAX) && if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
(cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) (cmd->req.cmd != LXC_CMD_CONSOLE_LOG))
...@@ -226,7 +233,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) ...@@ -226,7 +233,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
return syserrno(ret, "Failed to transfer file descriptors for \"%s\"", reqstr); return syserrno(ret, "Failed to transfer file descriptors for \"%s\"", reqstr);
} }
return ret; return fret ?: ret;
} }
/* /*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment