automatic import of iSuladopeneuler23.09

author: CoprDistGit <infra@openeuler.org> 2023-10-16 08:21:17 +0000
committer: CoprDistGit <infra@openeuler.org> 2023-10-16 08:21:17 +0000
commit: 5a30c52fd5f03e11a1e7a998731c59a31477eba9 (patch)
tree: 6e73a07585bfafeae4404d2247436ed13d337457 /0019-remove-password-in-url-module-and-clean-sensitive-in.patch
parent: be5fbac390ac42956df062b5585d96b3ae5db1df (diff)
1 files changed, 332 insertions, 0 deletions
diff --git a/0019-remove-password-in-url-module-and-clean-sensitive-in.patch b/0019-remove-password-in-url-module-and-clean-sensitive-in.patch
new file mode 100644
index 0000000..255cf28
--- /dev/null
+++ b/0019-remove-password-in-url-module-and-clean-sensitive-in.patch
@@ -0,0 +1,332 @@
+From 4adc923cfaf25142aa4cbb909d65c0f3a999cc02 Mon Sep 17 00:00:00 2001
+From: zhongtao <zhongtao17@huawei.com>
+Date: Tue, 29 Aug 2023 11:41:26 +0800
+Subject: [PATCH 19/33] remove password in url module and clean sensitive info
+ in struct passwd
+
+Signed-off-by: zhongtao <zhongtao17@huawei.com>
+---
+ .../modules/image/image_rootfs_handler.c      |  13 +-
+ src/utils/cpputils/url.cc                     | 144 +-----------------
+ src/utils/cpputils/url.h                      |  19 +--
+ 3 files changed, 15 insertions(+), 161 deletions(-)
+
+diff --git a/src/daemon/modules/image/image_rootfs_handler.c b/src/daemon/modules/image/image_rootfs_handler.c
+index 1a3f4307..a8036ab9 100644
+--- a/src/daemon/modules/image/image_rootfs_handler.c
++++ b/src/daemon/modules/image/image_rootfs_handler.c
+@@ -85,6 +85,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
+     char buf[BUFSIZ] = { 0 };
+     struct passwd pw;
+     struct passwd *pwbufp = NULL;
++    int ret = -1;
+ 
+     if (f_passwd != NULL) {
+ #if defined (__ANDROID__) || defined(__MUSL__)
+@@ -116,7 +117,7 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
+     if (errval != 0 && errval != ENOENT) {
+         ERROR("Failed to parse passwd file: Insufficient buffer space supplied");
+         isulad_set_error_message("Failed to parse passwd file: Insufficient buffer space supplied");
+-        return -1;
++        goto out;
+     }
+     if (!userfound && user != NULL) {
+         int uret = util_safe_llong(user, &n_user);
+@@ -124,16 +125,20 @@ static int proc_by_fpasswd(FILE *f_passwd, const char *user, defs_process_user *
+         if (uret != 0) {
+             ERROR("Unable to find user '%s'", user);
+             isulad_set_error_message("Unable to find user '%s': no matching entries in passwd file", user);
+-            return -1;
++            goto out;
+         }
+         if (n_user < MINUID || n_user > MAXUID) {
+             uids_gids_range_err_log();
+-            return -1;
++            goto out;
+         }
+         puser->uid = (uid_t)n_user;
+     }
++    ret = 0;
+ 
+-    return 0;
++out:
++    memset(buf, 0, sizeof(buf));
++    memset(pwbufp, 0, sizeof(struct passwd));
++    return ret;
+ }
+ 
+ static int append_additional_gids(gid_t gid, gid_t **additional_gids, size_t *len)
+diff --git a/src/utils/cpputils/url.cc b/src/utils/cpputils/url.cc
+index 117eba7e..baaded07 100644
+--- a/src/utils/cpputils/url.cc
++++ b/src/utils/cpputils/url.cc
+@@ -266,12 +266,7 @@ std::string Escape(const std::string &s, const EncodeMode &mode)
+ 
+ UserInfo *User(const std::string &username) noexcept
+ {
+-    return new UserInfo { username, "", false };
+-}
+-
+-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept
+-{
+-    return new UserInfo { username, password, true };
++    return new UserInfo { username };
+ }
+ 
+ int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path)
+@@ -324,24 +319,6 @@ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t
+     u = s.substr(i, s.size());
+ }
+ 
+-URLDatum *Parse(const std::string &rawurl)
+-{
+-    std::string u, frag;
+-    Split(rawurl, "#", true, u, frag);
+-    auto *url = Parse(u, false);
+-    if (url == nullptr) {
+-        return nullptr;
+-    }
+-    if (frag.empty()) {
+-        return url;
+-    }
+-    url->SetFragment(Unescape(frag, EncodeMode::ENCODE_FRAGMENT));
+-    if (url->GetFragment().empty()) {
+-        return nullptr;
+-    }
+-    return url;
+-}
+-
+ int SplitOffPossibleLeading(std::string &scheme, const std::string &rawurl, URLDatum *url, std::string &rest)
+ {
+     if (Getscheme(rawurl, scheme, rest) != 0) {
+@@ -385,108 +362,6 @@ URLDatum *HandleNonBackslashPrefix(URLDatum *url, const std::string &scheme, con
+     return nullptr;
+ }
+ 
+-int SetURLDatumInfo(URLDatum *url, const std::string &scheme, bool viaRequest, std::string &rest)
+-{
+-    if ((!scheme.empty() || (!viaRequest && rest.substr(0, 3) == "///")) && rest.substr(0, 2) == "//") {
+-        std::string authority;
+-        Split(rest.substr(2, rest.size()), "/", false, authority, rest);
+-        std::string host = url->GetHost();
+-        UserInfo *user = url->GetUser();
+-        if (ParseAuthority(authority, &user, host)) {
+-            return -1;
+-        }
+-        url->SetHost(host);
+-        url->SetUser(user);
+-    }
+-    if (url->SetPath(rest)) {
+-        return -1;
+-    }
+-    url->SetScheme(scheme);
+-    return 0;
+-}
+-
+-URLDatum *Parse(const std::string &rawurl, bool viaRequest)
+-{
+-    if (rawurl.empty() && viaRequest) {
+-        ERROR("empty url!");
+-        return nullptr;
+-    }
+-    auto *url = new (std::nothrow) URLDatum;
+-    if (url == nullptr) {
+-        ERROR("Out of memory");
+-        return nullptr;
+-    }
+-    if (rawurl == "*") {
+-        url->SetPathWithoutEscape("*");
+-        return url;
+-    }
+-    std::string scheme = url->GetScheme();
+-    std::string rest;
+-    if (SplitOffPossibleLeading(scheme, rawurl, url, rest) != 0) {
+-        return nullptr;
+-    }
+-    bool shouldRet = false;
+-    auto *tmpret = HandleNonBackslashPrefix(url, scheme, rest, viaRequest, shouldRet);
+-    if (shouldRet) {
+-        return tmpret;
+-    }
+-    if (SetURLDatumInfo(url, scheme, viaRequest, rest) != 0) {
+-        return nullptr;
+-    }
+-    return url;
+-}
+-
+-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host)
+-{
+-    size_t i = authority.find("@");
+-    if (i == std::string::npos) {
+-        if (ParseHost(authority, host) != 0) {
+-            *user = nullptr;
+-            host = "";
+-            return -1;
+-        }
+-    } else {
+-        if (ParseHost(authority.substr(i + 1, authority.size()), host) != 0) {
+-            *user = nullptr;
+-            host = "";
+-            return -1;
+-        }
+-    }
+-    if (i == std::string::npos) {
+-        *user = nullptr;
+-        return 0;
+-    }
+-
+-    std::string userinfo = authority.substr(0, i);
+-    if (!ValidUserinfo(userinfo)) {
+-        *user = nullptr;
+-        host = "";
+-        ERROR("net/url: invalid userinfo");
+-        return -1;
+-    }
+-    if (userinfo.find(":") == std::string::npos) {
+-        userinfo = Unescape(userinfo, EncodeMode::ENCODE_USER_PASSWORD);
+-        if (userinfo.empty()) {
+-            *user = nullptr;
+-            host = "";
+-            return -1;
+-        }
+-        *user = User(userinfo);
+-    } else {
+-        std::string servername, serverword;
+-        Split(userinfo, ":", true, servername, serverword);
+-        servername = Unescape(servername, EncodeMode::ENCODE_USER_PASSWORD);
+-        serverword = Unescape(serverword, EncodeMode::ENCODE_USER_PASSWORD);
+-        if (servername.empty() || serverword.empty()) {
+-            *user = nullptr;
+-            host = "";
+-            return -1;
+-        }
+-        *user = UserPassword(servername, serverword);
+-    }
+-    return 0;
+-}
+-
+ int ParseHost(std::string host, std::string &out)
+ {
+     if (host.at(0) == '[') {
+@@ -756,9 +631,6 @@ std::string UserInfo::String() const
+     std::string s;
+     if (!m_username.empty()) {
+         s = Escape(m_username, EncodeMode::ENCODE_USER_PASSWORD);
+-        if (m_passwordSet) {
+-            s += ":" + Escape(m_password, EncodeMode::ENCODE_USER_PASSWORD);
+-        }
+     }
+     return s;
+ }
+@@ -766,11 +638,6 @@ std::string UserInfo::Username() const
+ {
+     return m_username;
+ }
+-std::string UserInfo::Password(bool &set) const
+-{
+-    set = m_passwordSet;
+-    return m_password;
+-}
+ 
+ URLDatum::~URLDatum()
+ {
+@@ -860,15 +727,6 @@ bool URLDatum::IsAbs() const
+     return (m_scheme != "");
+ }
+ 
+-std::unique_ptr<URLDatum> URLDatum::UrlParse(const std::string &ref)
+-{
+-    auto *refurl = Parse(ref);
+-    if (refurl == nullptr) {
+-        return nullptr;
+-    }
+-    return ResolveReference(refurl);
+-}
+-
+ std::unique_ptr<URLDatum> URLDatum::ResolveReference(URLDatum *ref)
+ {
+     std::unique_ptr<URLDatum> url(new (std::nothrow) URLDatum(*ref));
+diff --git a/src/utils/cpputils/url.h b/src/utils/cpputils/url.h
+index abbf20f4..3dd40079 100644
+--- a/src/utils/cpputils/url.h
++++ b/src/utils/cpputils/url.h
+@@ -49,17 +49,13 @@ private:
+ 
+ class UserInfo {
+ public:
+-    UserInfo(const std::string &u, const std::string &p, bool b) : m_username(u), m_password(p),
+-        m_passwordSet(b) {}
++    UserInfo(const std::string &u) : m_username(u) {}
+     ~UserInfo() = default;
+     std::string String() const;
+     std::string Username() const;
+-    std::string Password(bool &set) const;
+ 
+ private:
+     std::string m_username;
+-    std::string m_password;
+-    bool m_passwordSet;
+ };
+ 
+ class URLDatum {
+@@ -69,7 +65,6 @@ public:
+     std::string EscapedPath();
+     std::string String();
+     bool IsAbs() const;
+-    std::unique_ptr<URLDatum> UrlParse(const std::string &ref);
+     std::unique_ptr<URLDatum> ResolveReference(URLDatum *ref);
+     auto Query()->std::map<std::string, std::vector<std::string>>;
+     std::string RequestURI();
+@@ -88,7 +83,7 @@ public:
+     {
+         m_opaque = value;
+     }
+-    std::string  GetOpaque() const
++    std::string GetOpaque() const
+     {
+         return m_opaque;
+     }
+@@ -96,7 +91,7 @@ public:
+     {
+         m_user = value;
+     }
+-    UserInfo   *GetUser() const
++    UserInfo *GetUser() const
+     {
+         return m_user;
+     }
+@@ -128,7 +123,7 @@ public:
+     {
+         m_rawQuery = value;
+     }
+-    std::string  GetRawQuery() const
++    std::string GetRawQuery() const
+     {
+         return m_rawQuery;
+     }
+@@ -136,7 +131,7 @@ public:
+     {
+         m_fragment = value;
+     }
+-    std::string  GetFragment() const
++    std::string GetFragment() const
+     {
+         return m_fragment;
+     }
+@@ -163,13 +158,9 @@ std::string QueryUnescape(const std::string &s);
+ std::string Unescape(std::string s, const EncodeMode &mode);
+ std::string QueryEscape(const std::string &s);
+ std::string Escape(const std::string &s, const EncodeMode &mode);
+-UserInfo *UserPassword(const std::string &username, const std::string &password) noexcept;
+ UserInfo *User(const std::string &username) noexcept;
+ int Getscheme(const std::string &rawurl, std::string &scheme, std::string &path);
+ void Split(const std::string &s, const std::string &c, bool cutc, std::string &t, std::string &u);
+-URLDatum *Parse(const std::string &rawurl);
+-URLDatum *Parse(const std::string &rawurl, bool viaRequest);
+-int ParseAuthority(const std::string &authority, UserInfo **user, std::string &host);
+ int ParseHost(std::string host, std::string &out);
+ bool ValidEncodedPath(const std::string &s);
+ bool ValidOptionalPort(const std::string &port);
+-- 
+2.40.1
+
author	CoprDistGit <infra@openeuler.org>	2023-10-16 08:21:17 +0000
committer	CoprDistGit <infra@openeuler.org>	2023-10-16 08:21:17 +0000
commit	5a30c52fd5f03e11a1e7a998731c59a31477eba9 (patch)
tree	6e73a07585bfafeae4404d2247436ed13d337457 /0019-remove-password-in-url-module-and-clean-sensitive-in.patch
parent	be5fbac390ac42956df062b5585d96b3ae5db1df (diff)