diff options
Diffstat (limited to '0030-mask-proxy-informations.patch')
| -rw-r--r-- | 0030-mask-proxy-informations.patch | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/0030-mask-proxy-informations.patch b/0030-mask-proxy-informations.patch new file mode 100644 index 0000000..992f33c --- /dev/null +++ b/0030-mask-proxy-informations.patch @@ -0,0 +1,123 @@ +From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001 +From: haozi007 <liuhao27@huawei.com> +Date: Mon, 4 Sep 2023 15:19:36 +0800 +Subject: [PATCH 30/33] mask proxy informations + +Signed-off-by: haozi007 <liuhao27@huawei.com> +--- + .../container_cb/execution_information.c | 86 ++++++++++++++++--- + 1 file changed, 74 insertions(+), 12 deletions(-) + +diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c +index 2f3d3627..86bb2894 100644 +--- a/src/daemon/executor/container_cb/execution_information.c ++++ b/src/daemon/executor/container_cb/execution_information.c +@@ -176,24 +176,83 @@ out: + static int get_proxy_env(char **proxy, const char *type) + { + int ret = 0; +- char *tmp = NULL; +- +- *proxy = getenv(type); +- if (*proxy == NULL) { +- tmp = util_strings_to_upper(type); ++ int nret; ++ char *tmp_proxy = NULL; ++ char *col_pos = NULL; ++ char *at_pos = NULL; ++ size_t proxy_len; ++ const char *mask_str = "//xxxx:xxxx"; ++ ++ tmp_proxy = getenv(type); ++ if (tmp_proxy == NULL) { ++ char *tmp = util_strings_to_upper(type); + if (tmp == NULL) { + ERROR("Failed to upper string!"); +- ret = -1; +- goto out; +- } +- *proxy = getenv(tmp); +- if (*proxy == NULL) { +- *proxy = ""; ++ return -1; + } ++ tmp_proxy = getenv(tmp); ++ free(tmp); ++ } ++ ++ if (tmp_proxy == NULL) { ++ return 0; ++ } ++ ++ if (strlen(tmp_proxy) >= PATH_MAX) { ++ ERROR("Too long proxy string."); ++ return -1; ++ } ++ tmp_proxy = util_strdup_s(tmp_proxy); ++ ++ if (strcmp(NO_PROXY, type) == 0) { ++ *proxy = tmp_proxy; ++ return 0; ++ } ++ ++ // mask username and password of proxy ++ col_pos = strchr(tmp_proxy, ':'); ++ if (col_pos == NULL) { ++ ERROR("Invalid proxy."); ++ ret = -1; ++ goto out; ++ } ++ at_pos = strrchr(tmp_proxy, '@'); ++ if (at_pos == NULL) { ++ // no '@', represent no user information in proxy, ++ // just return original proxy ++ *proxy = tmp_proxy; ++ return 0; ++ } ++ ++ // first colon position must before than at position ++ if ((at_pos - col_pos) < 0) { ++ ret = -1; ++ goto out; + } + ++ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com' ++ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0' ++ proxy_len = strlen(tmp_proxy); ++ proxy_len -= (at_pos - tmp_proxy); ++ proxy_len += (col_pos - tmp_proxy) + 1; ++ proxy_len += strlen(mask_str) + 1; ++ *proxy = util_common_calloc_s(proxy_len); ++ if (*proxy == NULL) { ++ ERROR("Out of memory"); ++ ret = -1; ++ goto out; ++ } ++ *col_pos = '\0'; ++ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos); ++ if (nret < 0 || nret >= proxy_len) { ++ ret = -1; ++ free(*proxy); ++ *proxy = NULL; ++ goto out; ++ } ++ + out: +- free(tmp); ++ util_free_sensitive_string(tmp_proxy); + return ret; + } + +@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response * + #endif + + pack_response: ++ free(http_proxy); ++ free(https_proxy); ++ free(no_proxy); + if (*response != NULL) { + (*response)->cc = cc; + } +-- +2.40.1 + |