Merge pull request #2017 from brauner/generic/patch_testing

src/lxc/af_unix.c

@@ -62,7 +62,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
 		return -1;
 	}
 	/* addr.sun_path[0] has already been set to 0 by memset() */
-	strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
+	strncpy(&addr.sun_path[1], &path[1], len);
 
 	ret = bind(fd, (struct sockaddr *)&addr,
 		   offsetof(struct sockaddr_un, sun_path) + len + 1);

src/lxc/attach.c

@@ -859,13 +859,17 @@ int lxc_attach(const char *name, const char *lxcpath,
 	init_ctx->personality = personality;
 
 	init_ctx->container = lxc_container_new(name, lxcpath);
-	if (!init_ctx->container)
+	if (!init_ctx->container) {
+		lxc_proc_put_context_info(init_ctx);
 		return -1;
+	}
 
 	if (!init_ctx->container->lxc_conf) {
 		init_ctx->container->lxc_conf = lxc_conf_init();
-		if (!init_ctx->container->lxc_conf)
+		if (!init_ctx->container->lxc_conf) {
+			lxc_proc_put_context_info(init_ctx);
 			return -ENOMEM;
+		}
 	}
 
 	if (!fetch_seccomp(init_ctx->container, options))
@@ -1166,6 +1170,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	if (ret <= 0) {
 		ERROR("Expected to receive sequence number 0: %s.", strerror(errno));
 		shutdown(ipc_sockets[1], SHUT_RDWR);
+		lxc_proc_put_context_info(init_ctx);
 		rexit(-1);
 	}
 
@@ -1176,6 +1181,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	if (ret < 0) {
 		ERROR("Failed to enter namespaces.");
 		shutdown(ipc_sockets[1], SHUT_RDWR);
+		lxc_proc_put_context_info(init_ctx);
 		rexit(-1);
 	}
 	/* close namespace file descriptors */
@@ -1186,9 +1192,11 @@ int lxc_attach(const char *name, const char *lxcpath,
 		new_cwd = options->initial_cwd;
 	else
 		new_cwd = cwd;
-	ret = chdir(new_cwd);
-	if (ret < 0)
-		WARN("Could not change directory to \"%s\".", new_cwd);
+	if (new_cwd) {
+		ret = chdir(new_cwd);
+		if (ret < 0)
+			WARN("Could not change directory to \"%s\"", new_cwd);
+	}
 	free(cwd);
 
 	/* Now create the real child process. */
@@ -1212,6 +1220,7 @@ int lxc_attach(const char *name, const char *lxcpath,
 	if (pid <= 0) {
 		SYSERROR("Failed to create subprocess.");
 		shutdown(ipc_sockets[1], SHUT_RDWR);
+		lxc_proc_put_context_info(init_ctx);
 		rexit(-1);
 	}
 
@@ -1226,10 +1235,12 @@ int lxc_attach(const char *name, const char *lxcpath,
 		 */
 		ERROR("Intended to send pid %d: %s.", pid, strerror(errno));
 		shutdown(ipc_sockets[1], SHUT_RDWR);
+		lxc_proc_put_context_info(init_ctx);
 		rexit(-1);
 	}
 
 	/* The rest is in the hands of the initial and the attached process. */
+	lxc_proc_put_context_info(init_ctx);
 	rexit(0);
 }
 
@@ -1504,7 +1515,6 @@ int lxc_attach_run_shell(void* payload)
 		user_shell = lxc_attach_getpwshell(uid);
 	else
 		user_shell = passwd->pw_shell;
-
 	if (user_shell)
 		execlp(user_shell, user_shell, (char *)NULL);
 
@@ -1512,6 +1522,8 @@ int lxc_attach_run_shell(void* payload)
 	 * on /bin/sh as a default shell.
 	 */
 	execlp("/bin/sh", "/bin/sh", (char *)NULL);
-	SYSERROR("Failed to exec shell.");
+	SYSERROR("Failed to execute shell");
+	if (!passwd)
+		free(user_shell);
 	return -1;
 }

src/lxc/cgroups/cgfsng.c

@@ -766,8 +766,7 @@ static char **get_controllers(char **klist, char **nlist, char *line, int type)
 			return NULL;
 		p++;
 	}
-	if (!p)
-		return NULL;
+
 	/* note - if we change how mountinfo works, then our caller
 	 * will need to verify /sys/fs/cgroup/ in this field */
 	if (strncmp(p, "/sys/fs/cgroup/", 15)) {

src/lxc/conf.h

@@ -386,7 +386,7 @@ struct lxc_conf {
 	char *inherit_ns[LXC_NS_MAX];
 
 	/* init working directory */
-       char* init_cwd;
+	char *init_cwd;
 
 	/* A list of clients registered to be informed about a container state. */
 	struct lxc_list state_clients;

src/lxc/confile.c

@@ -773,8 +773,13 @@ static int set_config_net_ipv6_address(const char *key, const char *value,
 	if (slash) {
 		*slash = '\0';
 		netmask = slash + 1;
-		if (lxc_safe_uint(netmask, &inet6dev->prefix) < 0)
+		ret = lxc_safe_uint(netmask, &inet6dev->prefix);
+		if (ret < 0) {
+			free(list);
+			free(inet6dev);
+			free(valdup);
 			return -1;
+		}
 	}
 
 	ret = inet_pton(AF_INET6, valdup, &inet6dev->addr);

src/lxc/console.c

@@ -588,15 +588,22 @@ void lxc_console_delete(struct lxc_console *console)
 	free(console->tios);
 	console->tios = NULL;
 
-	close(console->peer);
-	close(console->master);
-	close(console->slave);
-	if (console->log_fd >= 0)
-		close(console->log_fd);
+	if (console->peer >= 0)
+		close(console->peer);
 	console->peer = -1;
+
+	if (console->master >= 0)
+		close(console->master);
 	console->master = -1;
+
+	if (console->slave >= 0)
+		close(console->slave);
 	console->slave = -1;
+
+	if (console->log_fd >= 0)
+		close(console->log_fd);
 	console->log_fd = -1;
+
 	if (console->buffer_log_file_fd >= 0)
 		close(console->buffer_log_file_fd);
 	console->buffer_log_file_fd = -1;

src/lxc/criu.c

@@ -1120,14 +1120,16 @@ static int save_tty_major_minor(char *directory, struct lxc_container *c, char *
 /* do one of either predump or a regular dump */
 static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *opts)
 {
+	int ret;
 	pid_t pid;
-	char *criu_version = NULL;
 	int criuout[2];
+	char *criu_version = NULL;
 
 	if (!criu_ok(c, &criu_version))
 		return false;
 
-	if (pipe(criuout) < 0) {
+	ret = pipe(criuout);
+	if (ret < 0) {
 		SYSERROR("pipe() failed");
 		return false;
 	}
@@ -1147,6 +1149,8 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
 
 		close(criuout[0]);
 
+		lxc_zero_handler(&h);
+
 		h.name = c->name;
 		if (!cgroup_init(&h)) {
 			ERROR("failed to cgroup_init()");
@@ -1160,12 +1164,16 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
 		os.console_name = c->lxc_conf->console.path;
 		os.criu_version = criu_version;
 
-		if (save_tty_major_minor(opts->directory, c, os.tty_id, sizeof(os.tty_id)) < 0)
-			exit(1);
+		ret = save_tty_major_minor(opts->directory, c, os.tty_id, sizeof(os.tty_id));
+		if (ret < 0) {
+			free(criu_version);
+			exit(EXIT_FAILURE);
+		}
 
 		/* exec_criu() returning is an error */
 		exec_criu(&os);
-		exit(1);
+		free(criu_version);
+		exit(EXIT_FAILURE);
 	} else {
 		int status;
 		ssize_t n;
@@ -1212,6 +1220,7 @@ fail:
 	close(criuout[0]);
 	close(criuout[1]);
 	rmdir(opts->directory);
+	free(criu_version);
 	return false;
 }
 

src/lxc/lxc_user_nic.c

@@ -625,8 +625,8 @@ static bool cull_entries(int fd, char *name, char *net_type, char *net_link,
 	}
 	free(entry_lines);
 
-	lxc_strmunmap(buf, sb.st_size);
 	ret = ftruncate(fd, buf_start - buf);
+	lxc_strmunmap(buf, sb.st_size);
 	if (ret < 0)
 		usernic_error("Failed to set new file size: %s\n",
 			      strerror(errno));

src/lxc/lxccontainer.c

@@ -656,9 +656,6 @@ static bool am_single_threaded(void)
 	}
 
 	while ((direntp = readdir(dir))) {
-		if (!direntp)
-			break;
-
 		if (!strcmp(direntp->d_name, "."))
 			continue;
 
@@ -2177,11 +2174,14 @@ static char ** do_lxcapi_get_interfaces(struct lxc_container *c)
 	close(pipefd[1]);
 
 	while (read(pipefd[0], &interface, IFNAMSIZ) == IFNAMSIZ) {
+		interface[IFNAMSIZ - 1] = '\0';
+
 		if (array_contains(&interfaces, interface, count))
 				continue;
 
 		if(!add_to_array(&interfaces, interface, count))
-			ERROR("PARENT: add_to_array failed");
+			ERROR("Failed to add \"%s\" to array", interface);
+
 		count++;
 	}
 
@@ -4192,8 +4192,6 @@ static bool remove_all_snapshots(const char *path)
 		return false;
 	}
 	while ((direntp = readdir(dir))) {
-		if (!direntp)
-			break;
 		if (!strcmp(direntp->d_name, "."))
 			continue;
 		if (!strcmp(direntp->d_name, ".."))

src/lxc/start.c

@@ -203,9 +203,6 @@ restart:
 		struct lxc_list *cur;
 		bool matched = false;
 
-		if (!direntp)
-			break;
-
 		if (!strcmp(direntp->d_name, "."))
 			continue;
 
@@ -507,6 +504,31 @@ out_sigfd:
 	return -1;
 }
 
+void lxc_zero_handler(struct lxc_handler *handler)
+{
+	int i;
+
+	memset(handler, 0, sizeof(struct lxc_handler));
+
+	handler->clone_flags = -1;
+
+	handler->pinfd = -1;
+
+	handler->sigfd = -1;
+
+	for (i = 0; i < LXC_NS_MAX; i++)
+		handler->nsfd[i] = -1;
+
+	handler->data_sock[0] = -1;
+	handler->data_sock[1] = -1;
+
+	handler->state_socket_pair[0] = -1;
+	handler->state_socket_pair[1] = -1;
+
+	handler->sync_sock[0] = -1;
+	handler->sync_sock[1] = -1;
+}
+
 void lxc_free_handler(struct lxc_handler *handler)
 {
 	if (handler->conf && handler->conf->maincmd_fd)

src/lxc/start.h

@@ -120,6 +120,7 @@ extern struct lxc_handler *lxc_init_handler(const char *name,
 					    struct lxc_conf *conf,
 					    const char *lxcpath,
 					    bool daemonize);
+extern void lxc_zero_handler(struct lxc_handler *handler);
 extern void lxc_free_handler(struct lxc_handler *handler);
 extern int lxc_init(const char *name, struct lxc_handler *handler);
 extern void lxc_fini(const char *name, struct lxc_handler *handler);

src/lxc/storage/overlay.c

@@ -207,8 +207,8 @@ int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, const char
 
 		odelta = strchr(nsrc, ':');
 		if (!odelta) {
-			free(osrc);
 			ERROR("Failed to find \":\" in \"%s\"", nsrc);
+			free(osrc);
 			return -22;
 		}
 
@@ -722,15 +722,9 @@ char *ovl_get_rootfs(const char *rootfs_path, size_t *rootfslen)
 		*s3 = '\0';
 
 	rootfsdir = strdup(s2);
-	if (!rootfsdir) {
-		free(s1);
-		return NULL;
-	}
-
+	free(s1);
 	if (!rootfsdir)
-		rootfsdir = s1;
-	else
-		free(s1);
+		return NULL;
 
 	*rootfslen = strlen(rootfsdir);
 

src/lxc/storage/storage_utils.c

@@ -280,6 +280,7 @@ int do_mkfs_exec_wrapper(void *args)
 	TRACE("executing \"%s %s\"", mkfs, data[1]);
 	execlp(mkfs, mkfs, data[1], (char *)NULL);
 	SYSERROR("failed to run \"%s %s \"", mkfs, data[1]);
+	free(mkfs);
 	return -1;
 }
 

src/lxc/tools/lxc_attach.c

@@ -348,6 +348,7 @@ static int get_pty_on_host(struct lxc_container *c, struct wrapargs *wrap, int *
 	if (c->attach(c, get_pty_on_host_callback, wrap, wrap->options, pid) < 0)
 		goto err1;
 	close(conf->console.slave); /* Close slave side. */
+	conf->console.slave = -1;
 
 	ret = lxc_mainloop_open(&descr);
 	if (ret) {

src/lxc/tools/lxc_top.c

@@ -206,21 +206,26 @@ static void sig_handler(int sig)
 
 static void size_humanize(unsigned long long val, char *buf, size_t bufsz)
 {
+	int ret;
+
 	if (val > 1 << 30) {
-		snprintf(buf, bufsz, "%u.%2.2u GiB",
+		ret = snprintf(buf, bufsz, "%u.%2.2u GiB",
 			    (unsigned int)(val >> 30),
 			    (unsigned int)(val & ((1 << 30) - 1)) / 10737419);
 	} else if (val > 1 << 20) {
 		unsigned int x = val + 5243;  /* for rounding */
-		snprintf(buf, bufsz, "%u.%2.2u MiB",
+		ret = snprintf(buf, bufsz, "%u.%2.2u MiB",
 			    x >> 20, ((x & ((1 << 20) - 1)) * 100) >> 20);
 	} else if (val > 1 << 10) {
 		unsigned int x = val + 5;  /* for rounding */
-		snprintf(buf, bufsz, "%u.%2.2u KiB",
+		ret = snprintf(buf, bufsz, "%u.%2.2u KiB",
 			    x >> 10, ((x & ((1 << 10) - 1)) * 100) >> 10);
 	} else {
-		snprintf(buf, bufsz, "%3u.00   ", (unsigned int)val);
+		ret = snprintf(buf, bufsz, "%3u.00   ", (unsigned int)val);
 	}
+
+	if (ret < 0 || (size_t)ret >= bufsz)
+		fprintf(stderr, "Failed to create string\n");
 }
 
 static uint64_t stat_get_int(struct lxc_container *c, const char *item)

src/lxc/utils.c

@@ -717,10 +717,12 @@ char *lxc_deslashify(const char *path)
 
 char *lxc_append_paths(const char *first, const char *second)
 {
-	size_t len = strlen(first) + strlen(second) + 1;
-	const char *pattern = "%s%s";
+	int ret;
+	size_t len;
 	char *result = NULL;
+	const char *pattern = "%s%s";
 
+	len = strlen(first) + strlen(second) + 1;
 	if (second[0] != '/') {
 		len += 1;
 		pattern = "%s/%s";
@@ -730,7 +732,12 @@ char *lxc_append_paths(const char *first, const char *second)
 	if (!result)
 		return NULL;
 
-	snprintf(result, len, pattern, first, second);
+	ret = snprintf(result, len, pattern, first, second);
+	if (ret < 0 || (size_t)ret >= len) {
+		free(result);
+		return NULL;
+	}
+
 	return result;
 }