Merge pull request #3674 from brauner/2021-02-15/nesting

cgroups: tighten cgroup config items

Merge pull request #3674 from brauner/2021-02-15/nesting
136b349c · Stéphane Graber · GitHub · 7e925736 · f63ef155 · 136b349c
Unverified Commit 136b349c authored Feb 15, 2021 by Stéphane Graber Committed by GitHub Feb 15, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 9 deletions

confile.c src/lxc/confile.c +31 -8

confile_utils.c src/lxc/confile_utils.c +7 -1

log.h src/lxc/log.h +8 -0

string_utils.h src/lxc/string_utils.h +10 -0

No files found.
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1815,7 +1815,6 @@ static int set_config_cgroup2_controller(const char *key, const char *value,
 					      CGROUP2_SUPER_MAGIC);
 }

-
 static int set_config_cgroup_dir(const char *key, const char *value,
 				 struct lxc_conf *lxc_conf, void *data)
 {
@@ -1825,7 +1824,13 @@ static int set_config_cgroup_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_dir(key, lxc_conf, NULL);

-	return set_config_string_item(&lxc_conf->cgroup_meta.dir, value);
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
+	if (dotdot(value))
+		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+
+	return set_config_path_item(&lxc_conf->cgroup_meta.dir, value);
 }

 static int set_config_cgroup_monitor_dir(const char *key, const char *value,
@@ -1834,8 +1839,13 @@ static int set_config_cgroup_monitor_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_monitor_dir(key, lxc_conf, NULL);

-	return set_config_string_item(&lxc_conf->cgroup_meta.monitor_dir,
-				      value);
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
+	if (dotdot(value))
+		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+
+	return set_config_path_item(&lxc_conf->cgroup_meta.monitor_dir, value);
 }

 static int set_config_cgroup_monitor_pivot_dir(const char *key, const char *value,
@@ -1844,8 +1854,13 @@ static int set_config_cgroup_monitor_pivot_dir(const char *key, const char *valu
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_monitor_pivot_dir(key, lxc_conf, NULL);

-	return set_config_string_item(&lxc_conf->cgroup_meta.monitor_pivot_dir,
-				      value);
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
+	if (dotdot(value))
+		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+
+	return set_config_path_item(&lxc_conf->cgroup_meta.monitor_pivot_dir, value);
 }

 static int set_config_cgroup_container_dir(const char *key, const char *value,
@@ -1855,8 +1870,13 @@ static int set_config_cgroup_container_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_container_dir(key, lxc_conf, NULL);

-	return set_config_string_item(&lxc_conf->cgroup_meta.container_dir,
-				      value);
+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
+	if (dotdot(value))
+		return syserrno_set(-EINVAL, "%s paths may not walk upwards via \"../\"", key);
+
+	return set_config_path_item(&lxc_conf->cgroup_meta.container_dir, value);
 }

 static int set_config_cgroup_container_inner_dir(const char *key,
@@ -1867,6 +1887,9 @@ static int set_config_cgroup_container_inner_dir(const char *key,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_container_inner_dir(key, lxc_conf, NULL);

+	if (abspath(value))
+		return syserrno_set(-EINVAL, "%s paths may not be absolute", key);
+
 	if (strchr(value, '/') || strequal(value, ".") || strequal(value, ".."))
 		return log_error_errno(-EINVAL, EINVAL, "lxc.cgroup.dir.container.inner must be a single directory name");


--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -650,7 +650,13 @@ int set_config_string_item_max(char **conf_item, const char *value, size_t max)

 int set_config_path_item(char **conf_item, const char *value)
 {
-	return set_config_string_item_max(conf_item, value, PATH_MAX);
+	__do_free char *normalized = NULL;
+
+	normalized = lxc_deslashify(value);
+	if (!normalized)
+		return syserrno(-errno, "Failed to normalize path config item");
+
+	return set_config_string_item_max(conf_item, normalized, PATH_MAX);
 }

 int set_config_bool_item(bool *conf_item, const char *value, bool empty_conf_action)

--- a/src/lxc/log.h
+++ b/src/lxc/log.h
@@ -501,6 +501,14 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 		__internal_ret__;                             \
 	})

+#define syserrno_set(__ret__, format, ...)                    \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		errno = abs(__ret__);                         \
+		SYSERROR(format, ##__VA_ARGS__);              \
+		__internal_ret__;                             \
+	})
+
 #define log_error(__ret__, format, ...)                       \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \

--- a/src/lxc/string_utils.h
+++ b/src/lxc/string_utils.h
@@ -140,6 +140,16 @@ static inline bool strequal(const char *str, const char *eq)
 	return strcmp(str, eq) == 0;
 }

+static inline bool dotdot(const char *str)
+{
+	return !!strstr(str, "..");
+}
+
+static inline bool abspath(const char *str)
+{
+	return *str == '/';
+}
+
 #define strnprintf(buf, buf_size, ...)                                            \
 	({                                                                        \
 		int __ret_strnprintf;                                             \