fixup i/o handler return values

Particularly important for lxc_cmd_handler() handles client input and should not be capable of canceling the main loop, some syscall return values leaked through overlapping with LXC_MAINLOOP_ERROR, causing unauthorized clients connecting to the command socket to shutdown the main loop. In turn, signal_handler() receiving unexpected `signalfd_siginfo` struct sizes seems like a reason to bail (since it's a kernel interface). Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

fixup i/o handler return values
f7a97743 · Wolfgang Bumiller · Christian Brauner · ba7ca43b · f7a97743 · f7a97743
Unverified Commit f7a97743 authored Mar 27, 2020 by Wolfgang Bumiller Committed by Christian Brauner Mar 27, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 11 deletions

commands.c src/lxc/commands.c +2 -7

seccomp.c src/lxc/seccomp.c +1 -3

start.c src/lxc/start.c +1 -1

No files found.
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -1450,7 +1450,7 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,
 		if (errno == EACCES) {
 			/* We don't care for the peer, just send and close. */
 			struct lxc_cmd_rsp rsp = {
-				.ret = ret,
+				.ret = -EPERM,
 			};

 			lxc_cmd_rsp_send(fd, &rsp);
@@ -1464,14 +1464,11 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,

 	if (ret != sizeof(req)) {
 		WARN("Failed to receive full command request. Ignoring request for \"%s\"", lxc_cmd_str(req.cmd));
-		ret = -1;
 		goto out_close;
 	}

 	if ((req.datalen > LXC_CMD_DATA_MAX) && (req.cmd != LXC_CMD_CONSOLE_LOG)) {
 		ERROR("Received command data length %d is too large for command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
-		errno = EFBIG;
-		ret = -EFBIG;
 		goto out_close;
 	}

@@ -1480,7 +1477,6 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,
 		ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
 		if (ret != req.datalen) {
 			WARN("Failed to receive full command request. Ignoring request for \"%s\"", lxc_cmd_str(req.cmd));
-			ret = LXC_MAINLOOP_ERROR;
 			goto out_close;
 		}

@@ -1490,12 +1486,11 @@ static int lxc_cmd_handler(int fd, uint32_t events, void *data,
 	ret = lxc_cmd_process(fd, &req, handler, descr);
 	if (ret) {
 		/* This is not an error, but only a request to close fd. */
-		ret = LXC_MAINLOOP_CONTINUE;
 		goto out_close;
 	}

 out:
-	return ret;
+	return LXC_MAINLOOP_CONTINUE;

 out_close:
 	lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);

--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1478,10 +1478,8 @@ retry:
 		SYSERROR("Failed to send seccomp notification");

 out:
-	return 0;
-#else
-	return -ENOSYS;
 #endif
+	return LXC_MAINLOOP_CONTINUE;
 }

 void seccomp_conf_init(struct lxc_conf *conf)

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -335,7 +335,7 @@ static int signal_handler(int fd, uint32_t events, void *data,
 		return log_error(LXC_MAINLOOP_ERROR, "Failed to read signal info from signal file descriptor %d", fd);

 	if (ret != sizeof(siginfo))
-		return log_error(-EINVAL, "Unexpected size for struct signalfd_siginfo");
+		return log_error(LXC_MAINLOOP_ERROR, "Unexpected size for struct signalfd_siginfo");

 	/* Check whether init is running. */
 	info.si_pid = 0;