From f6c1ec5c8603124511c7a726a487757609a1d7a5 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 5 Sep 2023 02:15:57 +0000 Subject: [PATCH 06/33] !2168 fix code bug * fix code bug --- src/daemon/common/events_format.c | 6 +- src/daemon/common/selinux_label.c | 22 +- src/daemon/common/selinux_label.h | 8 +- src/daemon/config/isulad_config.c | 276 ++++++++++-------- src/daemon/config/isulad_config.h | 62 ++-- src/daemon/executor/container_cb/execution.c | 4 +- .../executor/container_cb/execution_create.c | 2 +- .../executor/container_cb/execution_network.c | 9 + .../executor/container_cb/execution_stream.h | 6 +- src/daemon/executor/container_cb/list.c | 4 +- src/daemon/executor/image_cb/image_cb.c | 18 +- 11 files changed, 233 insertions(+), 184 deletions(-) diff --git a/src/daemon/common/events_format.c b/src/daemon/common/events_format.c index e5ceab92..514b060e 100644 --- a/src/daemon/common/events_format.c +++ b/src/daemon/common/events_format.c @@ -83,7 +83,11 @@ struct isulad_events_format *dup_event(const struct isulad_events_format *event) return NULL; } - event_copy(event, out); + if (event_copy(event, out) != 0) { + ERROR("Failed to copy event"); + isulad_events_format_free(out); + return NULL; + } return out; } diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c index 585a5e35..e6527bd0 100644 --- a/src/daemon/common/selinux_label.c +++ b/src/daemon/common/selinux_label.c @@ -247,7 +247,7 @@ static int get_current_label(char **content) return read_con(path, content); } -bool selinux_get_enable() +bool selinux_get_enable(void) { bool enabled_set = false; bool enabled = false; @@ -295,7 +295,7 @@ bool selinux_get_enable() } // just disable selinux support for iSulad -void selinux_set_disabled() +void selinux_set_disabled(void) { (void)set_state_enable(false); } @@ -376,9 +376,10 @@ int selinux_state_init(void) return 0; } -void selinux_state_free() +void selinux_state_free(void) { do_selinux_state_free(g_selinux_state); + g_selinux_state = NULL; } /* MCS already exists */ @@ -986,6 +987,11 @@ int relabel(const char *path, const char *file_label, bool shared) return 0; } + if (path == NULL) { + ERROR("Empty arguments"); + return -1; + } + tmp_file_label = util_strdup_s(file_label); if (is_exclude_relabel_path(path)) { ERROR("SELinux relabeling of %s is not allowed", path); @@ -1059,6 +1065,11 @@ int dup_security_opt(const char *src, char ***dst, size_t *len) return 0; } + if (dst == NULL || len == NULL) { + ERROR("Empty arguments"); + return -1; + } + context_t con = context_new(src); if (con == NULL) { ERROR("context new failed"); @@ -1107,6 +1118,11 @@ out: int get_disable_security_opt(char ***labels, size_t *labels_len) { + if (labels == NULL || labels_len == NULL) { + ERROR("Empty arguments"); + return -1; + } + if (util_array_append(labels, "disable") != 0) { ERROR("Failed to append label"); return -1; diff --git a/src/daemon/common/selinux_label.h b/src/daemon/common/selinux_label.h index 625e94c3..4a3c03d4 100644 --- a/src/daemon/common/selinux_label.h +++ b/src/daemon/common/selinux_label.h @@ -24,14 +24,14 @@ extern "C" { #endif int selinux_state_init(void); -void selinux_set_disabled(); -bool selinux_get_enable(); -int init_label(const char **label_opts, size_t label_opts_len, char **process_label, char **mount_label); +void selinux_set_disabled(void); +bool selinux_get_enable(void); +int init_label(const char **label_opts, size_t label_opts_len, char **dst_process_label, char **dst_mount_label); int relabel(const char *path, const char *file_label, bool shared); int get_disable_security_opt(char ***labels, size_t *labels_len); int dup_security_opt(const char *src, char ***dst, size_t *len); char *selinux_format_mountlabel(const char *src, const char *mount_label); -void selinux_state_free(); +void selinux_state_free(void); #ifdef __cplusplus } #endif diff --git a/src/daemon/config/isulad_config.c b/src/daemon/config/isulad_config.c index 269ab310..f600f0cf 100644 --- a/src/daemon/config/isulad_config.c +++ b/src/daemon/config/isulad_config.c @@ -125,7 +125,7 @@ out: } /* isulad server conf wrlock */ -int isulad_server_conf_wrlock() +int isulad_server_conf_wrlock(void) { int ret = 0; @@ -138,7 +138,7 @@ int isulad_server_conf_wrlock() } /* isulad server conf rdlock */ -int isulad_server_conf_rdlock() +int isulad_server_conf_rdlock(void) { int ret = 0; @@ -151,7 +151,7 @@ int isulad_server_conf_rdlock() } /* isulad server conf unlock */ -int isulad_server_conf_unlock() +int isulad_server_conf_unlock(void) { int ret = 0; @@ -163,13 +163,13 @@ int isulad_server_conf_unlock() return ret; } -struct service_arguments *conf_get_server_conf() +struct service_arguments *conf_get_server_conf(void) { return g_isulad_conf.server_conf; } /* conf get isulad pidfile */ -char *conf_get_isulad_pidfile() +char *conf_get_isulad_pidfile(void) { char *filename = NULL; struct service_arguments *conf = NULL; @@ -191,7 +191,7 @@ out: } /* conf get engine rootpath */ -char *conf_get_engine_rootpath() +char *conf_get_engine_rootpath(void) { char *epath = NULL; char *rootpath = NULL; @@ -238,7 +238,7 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) } conf = conf_get_server_conf(); - if (conf == NULL) { + if (conf == NULL || conf->json_confs == NULL) { (void)isulad_server_conf_unlock(); return -1; } @@ -254,7 +254,7 @@ int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime) } /* conf get graph checked flag file path */ -char *conf_get_graph_check_flag_file() +char *conf_get_graph_check_flag_file(void) { char *epath = NULL; char *rootpath = NULL; @@ -307,7 +307,7 @@ char *conf_get_routine_rootdir(const char *runtime) } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->graph == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) { ERROR("Server conf is NULL or rootpath is NULL"); goto out; } @@ -357,7 +357,7 @@ char *conf_get_routine_statedir(const char *runtime) } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->state == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->state == NULL) { goto out; } @@ -460,7 +460,7 @@ out: #endif /* conf get isulad rootdir */ -char *conf_get_isulad_rootdir() +char *conf_get_isulad_rootdir(void) { char *path = NULL; struct service_arguments *conf = NULL; @@ -470,7 +470,7 @@ char *conf_get_isulad_rootdir() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->graph == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->graph == NULL) { goto out; } @@ -482,7 +482,7 @@ out: } /* conf get registry */ -char **conf_get_registry_list() +char **conf_get_registry_list(void) { int nret = 0; size_t i; @@ -495,7 +495,7 @@ char **conf_get_registry_list() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->registry_mirrors_len == 0) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->registry_mirrors_len == 0) { goto out; } @@ -518,7 +518,7 @@ out: } /* conf get insecure registry */ -char **conf_get_insecure_registry_list() +char **conf_get_insecure_registry_list(void) { int nret = 0; size_t i; @@ -531,7 +531,7 @@ char **conf_get_insecure_registry_list() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->insecure_registries_len == 0) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->insecure_registries_len == 0) { goto out; } @@ -554,7 +554,7 @@ out: } /* conf get isulad statedir */ -char *conf_get_isulad_statedir() +char *conf_get_isulad_statedir(void) { char *path = NULL; struct service_arguments *conf = NULL; @@ -564,7 +564,7 @@ char *conf_get_isulad_statedir() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->state == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->state == NULL) { goto out; } @@ -576,7 +576,7 @@ out: } /* isulad monitor fifo name */ -char *conf_get_isulad_monitor_fifo_path() +char *conf_get_isulad_monitor_fifo_path(void) { int ret; char fifo_file_path[PATH_MAX] = { 0 }; @@ -631,7 +631,7 @@ static char *get_parent_mount_dir(char *graph) } /* conf get isulad mount rootfs */ -char *conf_get_isulad_mount_rootfs() +char *conf_get_isulad_mount_rootfs(void) { char *path = NULL; struct service_arguments *conf = NULL; @@ -653,7 +653,7 @@ out: } /* conf get isulad umask for containers */ -char *conf_get_isulad_native_umask() +char *conf_get_isulad_native_umask(void) { char *umask = NULL; struct service_arguments *conf = NULL; @@ -663,7 +663,7 @@ char *conf_get_isulad_native_umask() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->native_umask == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->native_umask == NULL) { goto out; } @@ -675,7 +675,7 @@ out: } /* conf get isulad cgroup parent for containers */ -char *conf_get_isulad_cgroup_parent() +char *conf_get_isulad_cgroup_parent(void) { char *cgroup_parent = NULL; struct service_arguments *conf = NULL; @@ -685,7 +685,7 @@ char *conf_get_isulad_cgroup_parent() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->cgroup_parent == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->cgroup_parent == NULL) { goto out; } @@ -697,7 +697,7 @@ out: } /* conf get isulad loglevel */ -char *conf_get_isulad_loglevel() +char *conf_get_isulad_loglevel(void) { char *loglevel = NULL; struct service_arguments *conf = NULL; @@ -707,7 +707,7 @@ char *conf_get_isulad_loglevel() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->log_level == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->log_level == NULL) { goto out; } @@ -725,7 +725,7 @@ char *get_log_file_helper(const struct service_arguments *conf, const char *suff size_t len = 0; int nret = 0; - if (suffix == NULL) { + if (conf == NULL || suffix == NULL) { return NULL; } @@ -757,7 +757,7 @@ out: } /* conf get isulad log gather fifo path */ -char *conf_get_isulad_log_gather_fifo_path() +char *conf_get_isulad_log_gather_fifo_path(void) { #define LOG_GATHER_FIFO_NAME "/isulad_log_gather_fifo" char *logfile = NULL; @@ -796,7 +796,7 @@ out: } /* conf get isulad log file */ -char *conf_get_isulad_log_file() +char *conf_get_isulad_log_file(void) { char *logfile = NULL; struct service_arguments *conf = NULL; @@ -818,7 +818,7 @@ out: } /* conf get engine log file */ -char *conf_get_engine_log_file() +char *conf_get_engine_log_file(void) { char *logfile = NULL; char *full_path = NULL; @@ -885,7 +885,7 @@ int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_ } /* conf get isulad logdriver */ -char *conf_get_isulad_logdriver() +char *conf_get_isulad_logdriver(void) { char *logdriver = NULL; struct service_arguments *conf = NULL; @@ -895,7 +895,7 @@ char *conf_get_isulad_logdriver() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->log_driver == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->log_driver == NULL) { goto out; } @@ -915,12 +915,17 @@ int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts) size_t i; int ret = 0; + if (opts == NULL) { + ERROR("Empty arguments"); + return -1; + } + if (isulad_server_conf_rdlock() != 0) { return -1; } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->container_log == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->container_log == NULL) { goto out; } work = conf->json_confs->container_log; @@ -962,7 +967,7 @@ out: } /* conf get image layer check flag */ -bool conf_get_image_layer_check_flag() +bool conf_get_image_layer_check_flag(void) { bool check_flag = false; struct service_arguments *conf = NULL; @@ -972,7 +977,7 @@ bool conf_get_image_layer_check_flag() } conf = conf_get_server_conf(); - if (conf == NULL) { + if (conf == NULL || conf->json_confs == NULL) { goto out; } @@ -984,7 +989,7 @@ out: } /* conf get flag of use decrypted key to pull image */ -bool conf_get_use_decrypted_key_flag() +bool conf_get_use_decrypted_key_flag(void) { bool check_flag = true; struct service_arguments *conf = NULL; @@ -994,7 +999,7 @@ bool conf_get_use_decrypted_key_flag() } conf = conf_get_server_conf(); - if (conf == NULL || conf->json_confs->use_decrypted_key == NULL) { + if (conf == NULL || conf->json_confs == NULL || conf->json_confs->use_decrypted_key == NULL) { goto out; } @@ -1005,7 +1010,7 @@ out: return check_flag; } -bool conf_get_skip_insecure_verify_flag() +bool conf_get_skip_insecure_verify_flag(void) { bool check_flag = false; struct service_arguments *conf = NULL; @@ -1015,7 +1020,7 @@ bool conf_get_skip_insecure_verify_flag() } conf = conf_get_server_conf(); - if (conf == NULL) { + if (conf == NULL || conf->json_confs == NULL) { goto out; } @@ -1026,69 +1031,86 @@ out: return check_flag; } -#define OCI_STR_ARRAY_DUP(src, dest, srclen, destlen, ret) \ - do { \ - if ((src) != NULL) { \ - (dest) = util_str_array_dup((const char **)(src), (srclen)); \ - if ((dest) == NULL) { \ - (ret) = -1; \ - goto out; \ - } \ - (destlen) = (srclen); \ - } \ - } while (0) - -#define HOOKS_ELEM_DUP_DEF(item) \ - defs_hook *hooks_##item##_elem_dup(const defs_hook *src) \ - { \ - int ret = 0; \ - defs_hook *dest = NULL; \ - if (src == NULL) \ - return NULL; \ - dest = util_common_calloc_s(sizeof(defs_hook)); \ - if (dest == NULL) \ - return NULL; \ - dest->path = util_strdup_s(src->path); \ - OCI_STR_ARRAY_DUP(src->args, dest->args, src->args_len, dest->args_len, ret); \ - OCI_STR_ARRAY_DUP(src->env, dest->env, src->env_len, dest->env_len, ret); \ - dest->timeout = src->timeout; \ - out: \ - if (ret != 0 && dest != NULL) { \ - free_defs_hook(dest); \ - dest = NULL; \ - } \ - return dest; \ - } - -/* HOOKS ELEM DUP DEF */ -HOOKS_ELEM_DUP_DEF(prestart) -/* HOOKS ELEM DUP DEF */ -HOOKS_ELEM_DUP_DEF(poststart) -/* HOOKS ELEM DUP DEF */ -HOOKS_ELEM_DUP_DEF(poststop) - -#define HOOKS_ITEM_DUP_DEF(item) \ - int hooks_##item##_dup(oci_runtime_spec_hooks *dest, const oci_runtime_spec_hooks *src) \ - { \ - int i = 0; \ - dest->item = util_smart_calloc_s(sizeof(defs_hook *), (src->item##_len + 1)); \ - if (dest->item == NULL) \ - return -1; \ - dest->item##_len = src->item##_len; \ - for (; (size_t)i < src->item##_len; ++i) { \ - dest->item[i] = hooks_##item##_elem_dup(src->item[i]); \ - if (dest->item[i] == NULL) \ - return -1; \ - } \ - return 0; \ - } - -/* HOOKS ITEM DUP DEF */ -HOOKS_ITEM_DUP_DEF(prestart) -/* HOOKS ITEM DUP DEF */ -HOOKS_ITEM_DUP_DEF(poststart) -/* HOOKS ITEM DUP DEF */ -HOOKS_ITEM_DUP_DEF(poststop) +static defs_hook *hooks_elem_dup(const defs_hook *src) +{ + defs_hook *dest = NULL; + + if (src == NULL) { + return NULL; + } + + dest = (defs_hook *)util_common_calloc_s(sizeof(defs_hook)); + if (dest == NULL) { + ERROR("Out of memory"); + return NULL; + } + + dest->path = util_strdup_s(src->path); + dest->timeout = src->timeout; + + if (src->args_len != 0) { + dest->args = util_str_array_dup((const char **)(src->args), src->args_len); + if (dest->args == NULL) { + ERROR("Failed to duplicate string array"); + goto err_out; + } + dest->args_len = src->args_len; + } + + if (src->env_len != 0) { + dest->env = util_str_array_dup((const char **)(src->env), src->env_len); + if (dest->env == NULL) { + ERROR("Failed to duplicate string array"); + goto err_out; + } + dest->env_len = src->env_len; + } + + return dest; + +err_out: + free_defs_hook(dest); + return NULL; +} + +static int hooks_array_dup(const defs_hook **src, const size_t src_len, defs_hook ***dst, size_t *dst_len) +{ + size_t i; + size_t tmp_len = 0; + defs_hook **tmp_dst = NULL; + + if (src_len > SIZE_MAX - 1) { + ERROR("Invalid hooks array length"); + return -1; + } + + tmp_dst = (defs_hook **)util_smart_calloc_s(sizeof(defs_hook *), src_len + 1); + if (tmp_dst == NULL) { + ERROR("Out of memory"); + return -1; + } + + for(i = 0; i < src_len; i++) { + tmp_dst[i] = hooks_elem_dup(src[i]); + if (tmp_dst[i] == NULL) { + ERROR("Failed to duplicate hooks element"); + goto err_out; + } + tmp_len++; + } + + *dst = tmp_dst; + *dst_len = tmp_len; + return 0; + +err_out: + for(i = 0; i < tmp_len; i++) { + free_defs_hook(tmp_dst[i]); + } + free(tmp_dst); + + return -1; +} /* hooks_dup */ oci_runtime_spec_hooks *hooks_dup(const oci_runtime_spec_hooks *src) @@ -1104,17 +1126,17 @@ oci_runtime_spec_hooks *hooks_dup(const oci_runtime_spec_hooks *src) return NULL; } - ret = hooks_prestart_dup(dest, src); + ret = hooks_array_dup((const defs_hook **)src->prestart, src->prestart_len, &dest->prestart, &dest->prestart_len); if (ret != 0) { goto out; } - ret = hooks_poststart_dup(dest, src); + ret = hooks_array_dup((const defs_hook **)src->poststart, src->poststart_len, &dest->poststart, &dest->poststart_len); if (ret != 0) { goto out; } - ret = hooks_poststop_dup(dest, src); + ret = hooks_array_dup((const defs_hook **)src->poststop, src->poststop_len, &dest->poststop, &dest->poststop_len); out: if (ret != 0) { @@ -1130,6 +1152,11 @@ int conf_get_isulad_hooks(oci_runtime_spec_hooks **phooks) int ret = 0; struct service_arguments *conf = NULL; + if (phooks == NULL) { + ERROR("Empty arguments"); + return -1; + } + if (isulad_server_conf_rdlock() != 0) { return -1; } @@ -1184,7 +1211,7 @@ out: } /* conf get start timeout */ -unsigned int conf_get_start_timeout() +unsigned int conf_get_start_timeout(void) { struct service_arguments *conf = NULL; unsigned int ret = 0; @@ -1204,7 +1231,7 @@ out: return ret; } -char *conf_get_default_runtime() +char *conf_get_default_runtime(void) { struct service_arguments *conf = NULL; char *result = NULL; @@ -1226,7 +1253,7 @@ out: return result; } -char *conf_get_enable_plugins() +char *conf_get_enable_plugins(void) { struct service_arguments *conf = NULL; char *plugins = NULL; @@ -1249,7 +1276,7 @@ out: } #ifdef ENABLE_USERNS_REMAP -char *conf_get_isulad_userns_remap() +char *conf_get_isulad_userns_remap(void) { struct service_arguments *conf = NULL; char *userns_remap = NULL; @@ -1335,7 +1362,7 @@ int conf_get_cni_bin_dir(char ***dst) } /* conf get websocket server listening port */ -int32_t conf_get_websocket_server_listening_port() +int32_t conf_get_websocket_server_listening_port(void) { int32_t port = 0; struct service_arguments *conf = NULL; @@ -1345,7 +1372,7 @@ int32_t conf_get_websocket_server_listening_port() } conf = conf_get_server_conf(); - if (conf == NULL) { + if (conf == NULL || conf->json_confs == NULL) { goto out; } @@ -1401,6 +1428,10 @@ int set_unix_socket_group(const char *socket, const char *group) return -1; } + if (!util_has_prefix(socket, UNIX_SOCKET_PREFIX)) { + ERROR("Invalid unix socket: %s", socket); + return -1; + } path = socket + strlen(UNIX_SOCKET_PREFIX); if (strlen(path) > PATH_MAX || realpath(path, rpath) == NULL) { @@ -1430,15 +1461,6 @@ out: return ret; } -#define OVERRIDE_STRING_VALUE(dst, src) \ - do { \ - if ((src) != NULL && strlen((src)) != 0) { \ - free((dst)); \ - (dst) = (src); \ - (src) = NULL; \ - } \ - } while (0) - static int string_array_append(char **suffix, size_t suffix_len, size_t *curr_len, char ***result) { if (suffix_len > 0) { @@ -1463,6 +1485,11 @@ int parse_log_opts(struct service_arguments *args, const char *key, const char * { int ret = -1; + if (args == NULL) { + ERROR("Empty arguments"); + return -1; + } + if (key == NULL || value == NULL) { return 0; } @@ -1682,6 +1709,11 @@ int merge_json_confs_into_global(struct service_arguments *args) parser_error err = NULL; int ret = 0; + if (args == NULL) { + ERROR("Empty arguments"); + return -1; + } + tmp_json_confs = isulad_daemon_configs_parse_file(ISULAD_DAEMON_JSON_CONF_FILE, NULL, &err); if (tmp_json_confs == NULL) { COMMAND_ERROR("Load isulad json config failed: %s", err != NULL ? err : ""); @@ -1828,7 +1860,7 @@ static bool valid_isulad_daemon_constants(isulad_daemon_constants *config) return true; } -int init_isulad_daemon_constants() +int init_isulad_daemon_constants(void) { parser_error err = NULL; int ret = 0; @@ -1855,7 +1887,7 @@ out: return ret; } -isulad_daemon_constants *get_isulad_daemon_constants() +isulad_daemon_constants *get_isulad_daemon_constants(void) { return g_isulad_daemon_constants; } diff --git a/src/daemon/config/isulad_config.h b/src/daemon/config/isulad_config.h index 92edd6e0..4fe1acdc 100644 --- a/src/daemon/config/isulad_config.h +++ b/src/daemon/config/isulad_config.h @@ -42,43 +42,43 @@ char *conf_get_sandbox_rootpath(void); char *conf_get_sandbox_statepath(void); #endif -char *conf_get_isulad_pidfile(); -char *conf_get_engine_rootpath(); +char *conf_get_isulad_pidfile(void); +char *conf_get_engine_rootpath(void); char *conf_get_routine_rootdir(const char *runtime); char *conf_get_routine_statedir(const char *runtime); -char *conf_get_isulad_rootdir(); -char *conf_get_isulad_statedir(); -char *conf_get_isulad_mount_rootfs(); -char *conf_get_isulad_loglevel(); -char *conf_get_isulad_logdriver(); +char *conf_get_isulad_rootdir(void); +char *conf_get_isulad_statedir(void); +char *conf_get_isulad_mount_rootfs(void); +char *conf_get_isulad_loglevel(void); +char *conf_get_isulad_logdriver(void); int conf_get_daemon_log_config(char **loglevel, char **logdriver, char **engine_log_path); -char *conf_get_isulad_log_gather_fifo_path(); +char *conf_get_isulad_log_gather_fifo_path(void); int conf_get_cgroup_cpu_rt(int64_t *cpu_rt_period, int64_t *cpu_rt_runtime); int conf_get_container_log_opts(isulad_daemon_configs_container_log **opts); -char *conf_get_isulad_log_file(); -char *conf_get_engine_log_file(); -char *conf_get_enable_plugins(); +char *conf_get_isulad_log_file(void); +char *conf_get_engine_log_file(void); +char *conf_get_enable_plugins(void); #ifdef ENABLE_USERNS_REMAP -char *conf_get_isulad_userns_remap(); +char *conf_get_isulad_userns_remap(void); #endif -char *conf_get_cni_conf_dir(); +char *conf_get_cni_conf_dir(void); int conf_get_cni_bin_dir(char ***dst); -int32_t conf_get_websocket_server_listening_port(); +int32_t conf_get_websocket_server_listening_port(void); int save_args_to_conf(struct service_arguments *args); int set_unix_socket_group(const char *socket, const char *group); -int isulad_server_conf_wrlock(); +int isulad_server_conf_wrlock(void); -int isulad_server_conf_rdlock(); +int isulad_server_conf_rdlock(void); -int isulad_server_conf_unlock(); +int isulad_server_conf_unlock(void); -struct service_arguments *conf_get_server_conf(); +struct service_arguments *conf_get_server_conf(void); int get_system_cpu_usage(uint64_t *val); @@ -86,31 +86,31 @@ int conf_get_isulad_hooks(oci_runtime_spec_hooks **phooks); int conf_get_isulad_default_ulimit(host_config_ulimits_element ***ulimit); -unsigned int conf_get_start_timeout(); +unsigned int conf_get_start_timeout(void); -char **conf_get_insecure_registry_list(); +char **conf_get_insecure_registry_list(void); -char **conf_get_registry_list(); -char *conf_get_isulad_native_umask(); +char **conf_get_registry_list(void); +char *conf_get_isulad_native_umask(void); -char *conf_get_isulad_cgroup_parent(); +char *conf_get_isulad_cgroup_parent(void); -char *conf_get_default_runtime(); +char *conf_get_default_runtime(void); -char *conf_get_graph_check_flag_file(); +char *conf_get_graph_check_flag_file(void); -bool conf_get_image_layer_check_flag(); +bool conf_get_image_layer_check_flag(void); int merge_json_confs_into_global(struct service_arguments *args); -bool conf_get_use_decrypted_key_flag(); -bool conf_get_skip_insecure_verify_flag(); +bool conf_get_use_decrypted_key_flag(void); +bool conf_get_skip_insecure_verify_flag(void); int parse_log_opts(struct service_arguments *args, const char *key, const char *value); -char *conf_get_isulad_monitor_fifo_path(); +char *conf_get_isulad_monitor_fifo_path(void); -int init_isulad_daemon_constants(); -isulad_daemon_constants *get_isulad_daemon_constants(); +int init_isulad_daemon_constants(void); +isulad_daemon_constants *get_isulad_daemon_constants(void); #ifdef __cplusplus } diff --git a/src/daemon/executor/container_cb/execution.c b/src/daemon/executor/container_cb/execution.c index ca4061b4..dbfec59e 100644 --- a/src/daemon/executor/container_cb/execution.c +++ b/src/daemon/executor/container_cb/execution.c @@ -912,8 +912,8 @@ static int container_kill_cb(const container_kill_request *request, container_ki } if (!util_valid_signal((int)signal)) { - isulad_set_error_message("Not supported signal %d", signal); - ERROR("Not supported signal %d", signal); + isulad_set_error_message("Not supported signal %u", signal); + ERROR("Not supported signal %u", signal); cc = ISULAD_ERR_EXEC; goto pack_response; } diff --git a/src/daemon/executor/container_cb/execution_create.c b/src/daemon/executor/container_cb/execution_create.c index c65aa281..9c097121 100644 --- a/src/daemon/executor/container_cb/execution_create.c +++ b/src/daemon/executor/container_cb/execution_create.c @@ -706,7 +706,7 @@ out: free(runtime_root); free(runtime_stat); if (ret != 0) { - /* fail, do not use the input v2 spec, host spec and network settings, the memeory will be free by caller*/ + /* fail, do not use the input v2 spec, host spec and network settings, the memeory will be free by caller */ if (cont != NULL) { cont->common_config = NULL; cont->hostconfig = NULL; diff --git a/src/daemon/executor/container_cb/execution_network.c b/src/daemon/executor/container_cb/execution_network.c index 1ff360f2..ce924332 100644 --- a/src/daemon/executor/container_cb/execution_network.c +++ b/src/daemon/executor/container_cb/execution_network.c @@ -81,11 +81,20 @@ out: static int fopen_network(FILE **fp, char **file_path, const char *rootfs, const char *filename) { + int64_t size = 0; + if (util_realpath_in_scope(rootfs, filename, file_path) < 0) { SYSERROR("Failed to get real path '%s' under rootfs '%s'", filename, rootfs); isulad_set_error_message("Failed to get real path '%s' under rootfs '%s'", filename, rootfs); return -1; } + + size = util_file_size(*file_path); + if (size > REGULAR_FILE_SIZE) { + ERROR("Target file '%s', size exceed limit: %lld", *file_path, REGULAR_FILE_SIZE); + return -1; + } + *fp = util_fopen(*file_path, "a+"); if (*fp == NULL) { SYSERROR("Failed to open %s", *file_path); diff --git a/src/daemon/executor/container_cb/execution_stream.h b/src/daemon/executor/container_cb/execution_stream.h index 227cc2c3..c0dba7d0 100644 --- a/src/daemon/executor/container_cb/execution_stream.h +++ b/src/daemon/executor/container_cb/execution_stream.h @@ -1,6 +1,3 @@ -#ifndef DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H -#define DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H - /****************************************************************************** * Copyright (c) Huawei Technologies Co., Ltd. 2017-2019. All rights reserved. * iSulad licensed under the Mulan PSL v2. @@ -16,6 +13,9 @@ * Description: provide container list callback function definition *********************************************************************************/ +#ifndef DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H +#define DAEMON_EXECUTOR_CONTAINER_CB_EXECUTION_STREAM_H + #include "callback.h" #ifdef __cplusplus diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c index 539a1314..243eb4d2 100644 --- a/src/daemon/executor/container_cb/list.c +++ b/src/daemon/executor/container_cb/list.c @@ -164,14 +164,14 @@ static int append_ids(const map_t *matches, char ***filtered_ids) return 0; } -static int insert_matched_id(char **ids, map_t *matches, void *value, size_t ids_len) +static int insert_matched_id(char **ids, map_t *matches, bool *value, size_t ids_len) { size_t i; for (i = 0; i < ids_len; i++) { container_t *cont = containers_store_get_by_prefix(ids[i]); if (cont != NULL) { - bool inserted = map_insert(matches, cont->common_config->id, value); + bool inserted = map_insert(matches, (void *)cont->common_config->id, (void *)value); container_unref(cont); if (!inserted) { ERROR("Insert map failed: %s", ids[i]); diff --git a/src/daemon/executor/image_cb/image_cb.c b/src/daemon/executor/image_cb/image_cb.c index 124feb21..61fa29db 100644 --- a/src/daemon/executor/image_cb/image_cb.c +++ b/src/daemon/executor/image_cb/image_cb.c @@ -597,7 +597,7 @@ static int trans_one_image(image_list_images_response *response, size_t image_in goto out; } - if (!unix_nanos_to_timestamp(created_nanos, ×tamp) != 0) { + if (!unix_nanos_to_timestamp(created_nanos, ×tamp)) { ERROR("Failed to translate nanos to timestamp"); ret = -1; goto out; @@ -673,19 +673,6 @@ out: return ret; } -static im_list_request *image_list_context_new(const image_list_images_request *request) -{ - im_list_request *ctx = NULL; - - ctx = util_common_calloc_s(sizeof(im_list_request)); - if (ctx == NULL) { - ERROR("Out of memory"); - return NULL; - } - - return ctx; -} - #ifdef ENABLE_OCI_IMAGE struct image_list_context { struct filters_args *image_filters; @@ -731,11 +718,12 @@ static im_list_request *fold_filter(const image_list_images_request *request) { im_list_request *ctx = NULL; - ctx = image_list_context_new(request); + ctx = (im_list_request *)util_common_calloc_s(sizeof(im_list_request)); if (ctx == NULL) { ERROR("Out of memory"); goto error_out; } + #ifdef ENABLE_OCI_IMAGE size_t i; if (request->filters == NULL) { -- 2.40.1