[lxc/lxc] 816d25: apparmor: turn bytes into null-terminated strings ...

0 views
Skip to first unread message

Evgeny Vereshchagin

unread,
Apr 21, 2021, 4:05:41 AMApr 21
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/stable-4.0
Home: https://github.com/lxc/lxc
Commit: 816d252c180ab2fc96a55e38cb3a224290ec1c5c
https://github.com/lxc/lxc/commit/816d252c180ab2fc96a55e38cb3a224290ec1c5c
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M src/lxc/lsm/apparmor.c

Log Message:
-----------
apparmor: turn bytes into null-terminated strings before calling strcspn

```
==70349==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000009fb at pc 0x000000433b70 bp 0x7ffcde087810 sp 0x7ffcde086fd0
READ of size 12 at 0x6020000009fb thread T0
#0 0x433b6f in strcspn (/usr/bin/lxc-execute+0x433b6f)
#1 0x7f720413a5cb in apparmor_process_label_get /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:449:8
#2 0x7f720413bc2a in apparmor_prepare /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:1104:13
#3 0x7f720409b6e9 in lxc_init /home/runner/work/lxc/lxc/src/lxc/start.c:848:8
#4 0x7f72040a395a in __lxc_start /home/runner/work/lxc/lxc/src/lxc/start.c:2009:8
#5 0x7f7203fc7186 in lxc_execute /home/runner/work/lxc/lxc/src/lxc/execute.c:99:9
#6 0x7f7204000e44 in do_lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1112:9
#7 0x7f7203ff0c07 in lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1149:8
#8 0x4c6912 in main /home/runner/work/lxc/lxc/src/lxc/tools/lxc_execute.c:224:9
#9 0x7f72034ac0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#10 0x41d93d in _start (/usr/bin/lxc-execute+0x41d93d)
+ echo ---

0x6020000009fb is located 0 bytes to the right of 11-byte region [0x6020000009f0,0x6020000009fb)
allocated by thread T0 here:
#0 0x496399 in realloc (/usr/bin/lxc-execute+0x496399)
#1 0x7f7203fcf85c in fd_to_buf /home/runner/work/lxc/lxc/src/lxc/file_utils.c:463:10
#2 0x7f720413a52b in apparmor_process_label_get /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:442:8
#3 0x7f720413bc2a in apparmor_prepare /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:1104:13
#4 0x7f720409b6e9 in lxc_init /home/runner/work/lxc/lxc/src/lxc/start.c:848:8
#5 0x7f72040a395a in __lxc_start /home/runner/work/lxc/lxc/src/lxc/start.c:2009:8
#6 0x7f7203fc7186 in lxc_execute /home/runner/work/lxc/lxc/src/lxc/execute.c:99:9
#7 0x7f7204000e44 in do_lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1112:9
#8 0x7f7203ff0c07 in lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1149:8
#9 0x4c6912 in main /home/runner/work/lxc/lxc/src/lxc/tools/lxc_execute.c:224:9
```

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: b347825b839a96c12b0aea16fa78e24a18b01515
https://github.com/lxc/lxc/commit/b347825b839a96c12b0aea16fa78e24a18b01515
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
A .github/workflows/lxc-exercise
A .github/workflows/sanitizers.yml

Log Message:
-----------
ci: an attempt to run the tests under ASan/UBsan

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 33132141d3ea9fccabd11088129062bf4514c53c
https://github.com/lxc/lxc/commit/33132141d3ea9fccabd11088129062bf4514c53c
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/lxc-exercise

Log Message:
-----------
ci: link lib[au]san with init.lxc.static statically

init.lxc.static is run in arbitrary containers where the libasan library lxc has been built with
isn't always installed. To make it work let's override GCC's default and link both libasan
and libubsan statically. It should help to fix issues like
```
++ lxc-execute -n c1 -- sudo -u ubuntu /nnptest
lxc-init: error while loading shared libraries: libasan.so.5: cannot open shared object file: No such file or directory
```

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 060c1b13ffb9cfa68fa3520ff7a9aa8b1a29da9f
https://github.com/lxc/lxc/commit/060c1b13ffb9cfa68fa3520ff7a9aa8b1a29da9f
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
R .github/workflows/lxc-exercise
A .github/workflows/sanitizers.sh
M .github/workflows/sanitizers.yml

Log Message:
-----------
ci: switch to lxc-exercise from the lxc-ci repository

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 3e3f699b1ee87da677d24570ec665544284694a4
https://github.com/lxc/lxc/commit/3e3f699b1ee87da677d24570ec665544284694a4
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: get around https://github.com/lxc/lxc/issues/3798

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 660b74d5dc2f1b881f141a32a59102715fdeaed4
https://github.com/lxc/lxc/commit/660b74d5dc2f1b881f141a32a59102715fdeaed4
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: get around https://github.com/lxc/lxc/issues/3788

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: d2139d6be58f26a919ab0b2cf419b6fcf694df87
https://github.com/lxc/lxc/commit/d2139d6be58f26a919ab0b2cf419b6fcf694df87
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: prevent lxc-exercise from running indefinitely

and show all the commands it runs to make it easier to
debug potential issues.

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 6856fc54edf392c3f532729d3748e68e152c7cab
https://github.com/lxc/lxc/commit/6856fc54edf392c3f532729d3748e68e152c7cab
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: get around https://github.com/lxc/lxc/issues/3796

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: c20326dc6f1c85beaf0843bf80aada3fbdb65de2
https://github.com/lxc/lxc/commit/c20326dc6f1c85beaf0843bf80aada3fbdb65de2
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: turn on strict_string_checks

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: e19c80075cffb711f9dcebf72cad3fed7bc9f4ea
https://github.com/lxc/lxc/commit/e19c80075cffb711f9dcebf72cad3fed7bc9f4ea
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: build with -Wall -Werror

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: c3d3cebd74b0ff31d324313f38f905ea41d2bf3b
https://github.com/lxc/lxc/commit/c3d3cebd74b0ff31d324313f38f905ea41d2bf3b
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
Revert "ci: get around https://github.com/lxc/lxc/issues/3796"

This reverts commit 44818e893e68e6e76652323ff4f12c9214d2ffa7.

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: d5c1b3ab2c958b8236c97e12ec5208689638c65b
https://github.com/lxc/lxc/commit/d5c1b3ab2c958b8236c97e12ec5208689638c65b
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M src/tests/console_log.c

Log Message:
-----------
tests: free the buffer filled by lxc_cmd_rsp_recv

Fixes https://github.com/lxc/lxc/issues/3796

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 4a0a06175eb7327789f554325d7893e9ba6524d2
https://github.com/lxc/lxc/commit/4a0a06175eb7327789f554325d7893e9ba6524d2
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: make use of --enable-sanitizers instead of CFLAGS

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: e83874ca221284947a12e9da572d17fd2e0fc49b
https://github.com/lxc/lxc/commit/e83874ca221284947a12e9da572d17fd2e0fc49b
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M config/attributes.m4

Log Message:
-----------
autoconf: add AC_LANG_SOURCE to CC_CHECK_LDFLAGS

Inspired by https://lore.kernel.org/alsa-devel/18135209-abc9-ca1c...@perex.cz/t/

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: bbed65ec888b1cb9114bb8d05679ff0faa6d7ece
https://github.com/lxc/lxc/commit/bbed65ec888b1cb9114bb8d05679ff0faa6d7ece
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M src/lxc/Makefile.am

Log Message:
-----------
build-system: stop building init.lxc.static with sanitizers

`-static` isn't compatible with `-fsanitize=`:
```
gcc: error: cannot specify -static with -fsanitize=address
```

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 6b2e9a0fc69086f7877c02996bfe9ee95df17aca
https://github.com/lxc/lxc/commit/6b2e9a0fc69086f7877c02996bfe9ee95df17aca
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M .github/workflows/sanitizers.sh

Log Message:
-----------
ci: get rid of the -static-libasan stopgap

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Commit: 5855f270b5fbceb42a7d183f6f8f77c19331f4f8
https://github.com/lxc/lxc/commit/5855f270b5fbceb42a7d183f6f8f77c19331f4f8
Author: Evgeny Vereshchagin <evv...@ya.ru>
Date: 2021-04-21 (Wed, 21 Apr 2021)

Changed paths:
M configure.ac

Log Message:
-----------
autoconf: stop passing -fsanitize=address via AM_LDFLAGS

The snippet is redundant because the build system automatically
passes the sanitizers flags set in AM_CFLAGS to the linker

Signed-off-by: Evgeny Vereshchagin <evv...@ya.ru>


Compare: https://github.com/lxc/lxc/compare/71c436462c86...5855f270b5fb
Reply all
Reply to author
Forward
0 new messages