Package: lxc
Version: 1:3.1.0+really3.0.3-8
I believe that the patch in the PR below fixes the issue.
https://github.com/lxc/lxc/pull/2740
From c14ea11dccbfa80021a9b169b94bd86e8b359611 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <camerontnor...@gmail.com>
Date: Wed, 28 Nov 2018 19:42:29 -0800
Subject: [PATCH] lxc-usernsexec: fix default map functionality
* Place NULL bytes at the end of strings so that
lxc_safe_ulong() can parse them correctly
* Only free the newly created id_map on error,
to avoid passing garbage to lxc_map_ids()
Signed-off-by: Cameron Nemo <camerontnor...@gmail.com>
---
src/lxc/cmd/lxc_usernsexec.c | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 10557dd519..ab0dffcffc 100644
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -200,6 +200,7 @@ static int read_default_map(char *fnam, int which, char *user)
{
size_t len;
char *p1, *p2;
+ unsigned long ul1, ul2;
FILE *fin;
int ret = -1;
size_t sz = 0;
@@ -224,37 +225,42 @@ static int read_default_map(char *fnam, int which, char *user)
if (!p2)
continue;
- newmap = malloc(sizeof(*newmap));
- if (!newmap)
- goto on_error;
+ line[strlen(line) - 1] = '\0';
+ *p2 = '\0';
- ret = lxc_safe_ulong(p1 + 1, &newmap->hostid);
+ ret = lxc_safe_ulong(p1 + 1, &ul1);
if (ret < 0)
- goto on_error;
+ break;
- ret = lxc_safe_ulong(p2 + 1, &newmap->range);
+ ret = lxc_safe_ulong(p2 + 1, &ul2);
if (ret < 0)
- goto on_error;
+ break;
+
+ ret = -1;
+ newmap = malloc(sizeof(*newmap));
+ if (!newmap)
+ break;
newmap->nsid = 0;
newmap->idtype = which;
+ newmap->hostid = ul1;
+ newmap->range = ul2;
- ret = -1;
tmp = malloc(sizeof(*tmp));
- if (!tmp)
- goto on_error;
+ if (!tmp) {
+ free(newmap);
+ break;
+ }
tmp->elem = newmap;
lxc_list_add_tail(&active_map, tmp);
+
+ ret = 0;
break;
}
- ret = 0;
-
-on_error:
fclose(fin);
free(line);
- free(newmap);
return ret;
}
