1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
From ff67cabc3e3839ef4b539805ed54b5c826b6f446 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Mon, 4 Sep 2023 15:19:36 +0800
Subject: [PATCH 30/33] mask proxy informations
Signed-off-by: haozi007 <liuhao27@huawei.com>
---
.../container_cb/execution_information.c | 86 ++++++++++++++++---
1 file changed, 74 insertions(+), 12 deletions(-)
diff --git a/src/daemon/executor/container_cb/execution_information.c b/src/daemon/executor/container_cb/execution_information.c
index 2f3d3627..86bb2894 100644
--- a/src/daemon/executor/container_cb/execution_information.c
+++ b/src/daemon/executor/container_cb/execution_information.c
@@ -176,24 +176,83 @@ out:
static int get_proxy_env(char **proxy, const char *type)
{
int ret = 0;
- char *tmp = NULL;
-
- *proxy = getenv(type);
- if (*proxy == NULL) {
- tmp = util_strings_to_upper(type);
+ int nret;
+ char *tmp_proxy = NULL;
+ char *col_pos = NULL;
+ char *at_pos = NULL;
+ size_t proxy_len;
+ const char *mask_str = "//xxxx:xxxx";
+
+ tmp_proxy = getenv(type);
+ if (tmp_proxy == NULL) {
+ char *tmp = util_strings_to_upper(type);
if (tmp == NULL) {
ERROR("Failed to upper string!");
- ret = -1;
- goto out;
- }
- *proxy = getenv(tmp);
- if (*proxy == NULL) {
- *proxy = "";
+ return -1;
}
+ tmp_proxy = getenv(tmp);
+ free(tmp);
+ }
+
+ if (tmp_proxy == NULL) {
+ return 0;
+ }
+
+ if (strlen(tmp_proxy) >= PATH_MAX) {
+ ERROR("Too long proxy string.");
+ return -1;
+ }
+ tmp_proxy = util_strdup_s(tmp_proxy);
+
+ if (strcmp(NO_PROXY, type) == 0) {
+ *proxy = tmp_proxy;
+ return 0;
+ }
+
+ // mask username and password of proxy
+ col_pos = strchr(tmp_proxy, ':');
+ if (col_pos == NULL) {
+ ERROR("Invalid proxy.");
+ ret = -1;
+ goto out;
+ }
+ at_pos = strrchr(tmp_proxy, '@');
+ if (at_pos == NULL) {
+ // no '@', represent no user information in proxy,
+ // just return original proxy
+ *proxy = tmp_proxy;
+ return 0;
+ }
+
+ // first colon position must before than at position
+ if ((at_pos - col_pos) < 0) {
+ ret = -1;
+ goto out;
}
+ // proxy with userinfo format like: 'http://xxx:xxx@xxxx.com'
+ // so masked proxy length = len(proxy) - (pos(@) - pos(:) + 1) + len(mask-str) + '\0'
+ proxy_len = strlen(tmp_proxy);
+ proxy_len -= (at_pos - tmp_proxy);
+ proxy_len += (col_pos - tmp_proxy) + 1;
+ proxy_len += strlen(mask_str) + 1;
+ *proxy = util_common_calloc_s(proxy_len);
+ if (*proxy == NULL) {
+ ERROR("Out of memory");
+ ret = -1;
+ goto out;
+ }
+ *col_pos = '\0';
+ nret = snprintf(*proxy, proxy_len, "%s:%s%s", tmp_proxy, mask_str, at_pos);
+ if (nret < 0 || nret >= proxy_len) {
+ ret = -1;
+ free(*proxy);
+ *proxy = NULL;
+ goto out;
+ }
+
out:
- free(tmp);
+ util_free_sensitive_string(tmp_proxy);
return ret;
}
@@ -340,6 +399,9 @@ static int isulad_info_cb(const host_info_request *request, host_info_response *
#endif
pack_response:
+ free(http_proxy);
+ free(https_proxy);
+ free(no_proxy);
if (*response != NULL) {
(*response)->cc = cc;
}
--
2.40.1
|
