mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
Merge pull request #18911 from keszybz/coverity-inspired-fixes
Coverity inspired fixes
This commit is contained in:
commit
e08c40417e
@ -10,6 +10,7 @@
|
||||
#include "namespace-util.h"
|
||||
#include "process-util.h"
|
||||
#include "stat-util.h"
|
||||
#include "stdio-util.h"
|
||||
#include "user-util.h"
|
||||
|
||||
int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *userns_fd, int *root_fd) {
|
||||
@ -82,15 +83,14 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *
|
||||
}
|
||||
|
||||
int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd) {
|
||||
if (userns_fd >= 0) {
|
||||
/* Can't setns to your own userns, since then you could
|
||||
* escalate from non-root to root in your own namespace, so
|
||||
* check if namespaces equal before attempting to enter. */
|
||||
_cleanup_free_ char *userns_fd_path = NULL;
|
||||
int r;
|
||||
if (asprintf(&userns_fd_path, "/proc/self/fd/%d", userns_fd) < 0)
|
||||
return -ENOMEM;
|
||||
int r;
|
||||
|
||||
if (userns_fd >= 0) {
|
||||
/* Can't setns to your own userns, since then you could escalate from non-root to root in
|
||||
* your own namespace, so check if namespaces are equal before attempting to enter. */
|
||||
|
||||
char userns_fd_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
|
||||
xsprintf(userns_fd_path, "/proc/self/fd/%d", userns_fd);
|
||||
r = files_same(userns_fd_path, "/proc/self/ns/user", 0);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -65,15 +65,15 @@ int open_extension_release(const char *root, const char *extension, char **ret_p
|
||||
|
||||
extension_full_path = strjoina("/usr/lib/extension-release.d/extension-release.", extension);
|
||||
r = chase_symlinks(extension_full_path, root, CHASE_PREFIX_ROOT,
|
||||
ret_path ? &q : NULL,
|
||||
ret_fd ? &fd : NULL);
|
||||
ret_path ? &q : NULL,
|
||||
ret_fd ? &fd : NULL);
|
||||
} else {
|
||||
const char *p;
|
||||
|
||||
FOREACH_STRING(p, "/etc/os-release", "/usr/lib/os-release") {
|
||||
r = chase_symlinks(p, root, CHASE_PREFIX_ROOT,
|
||||
ret_path ? &q : NULL,
|
||||
ret_fd ? &fd : NULL);
|
||||
ret_path ? &q : NULL,
|
||||
ret_fd ? &fd : NULL);
|
||||
if (r != -ENOENT)
|
||||
break;
|
||||
}
|
||||
@ -116,10 +116,9 @@ int fopen_extension_release(const char *root, const char *extension, char **ret_
|
||||
if (!f)
|
||||
return -errno;
|
||||
|
||||
*ret_file = f;
|
||||
|
||||
if (ret_path)
|
||||
*ret_path = TAKE_PTR(p);
|
||||
*ret_file = f;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1555,7 +1555,7 @@ static int socket_address_listen_in_cgroup(
|
||||
if (s->exec_context.ipc_namespace_path &&
|
||||
s->exec_runtime &&
|
||||
s->exec_runtime->ipcns_storage_socket[0] >= 0) {
|
||||
r = open_shareable_ns_path(s->exec_runtime->netns_storage_socket, s->exec_context.network_namespace_path, CLONE_NEWIPC);
|
||||
r = open_shareable_ns_path(s->exec_runtime->ipcns_storage_socket, s->exec_context.ipc_namespace_path, CLONE_NEWIPC);
|
||||
if (r < 0)
|
||||
return log_unit_error_errno(UNIT(s), r, "Failed to open IPC namespace path %s: %m", s->exec_context.ipc_namespace_path);
|
||||
}
|
||||
|
@ -501,7 +501,9 @@ static int request_handler_entries(
|
||||
if (!response)
|
||||
return respond_oom(connection);
|
||||
|
||||
MHD_add_response_header(response, "Content-Type", mime_types[m->mode]);
|
||||
if (MHD_add_response_header(response, "Content-Type", mime_types[m->mode]) == MHD_NO)
|
||||
return respond_oom(connection);
|
||||
|
||||
return MHD_queue_response(connection, MHD_HTTP_OK, response);
|
||||
}
|
||||
|
||||
@ -629,7 +631,9 @@ static int request_handler_fields(
|
||||
if (!response)
|
||||
return respond_oom(connection);
|
||||
|
||||
MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]);
|
||||
if (MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]) == MHD_NO)
|
||||
return respond_oom(connection);
|
||||
|
||||
return MHD_queue_response(connection, MHD_HTTP_OK, response);
|
||||
}
|
||||
|
||||
@ -652,8 +656,10 @@ static int request_handler_redirect(
|
||||
return respond_oom(connection);
|
||||
}
|
||||
|
||||
MHD_add_response_header(response, "Content-Type", "text/html");
|
||||
MHD_add_response_header(response, "Location", target);
|
||||
if (MHD_add_response_header(response, "Content-Type", "text/html") == MHD_NO ||
|
||||
MHD_add_response_header(response, "Location", target) == MHD_NO)
|
||||
return respond_oom(connection);
|
||||
|
||||
return MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
|
||||
}
|
||||
|
||||
@ -682,7 +688,9 @@ static int request_handler_file(
|
||||
return respond_oom(connection);
|
||||
TAKE_FD(fd);
|
||||
|
||||
MHD_add_response_header(response, "Content-Type", mime_type);
|
||||
if (MHD_add_response_header(response, "Content-Type", mime_type) == MHD_NO)
|
||||
return respond_oom(connection);
|
||||
|
||||
return MHD_queue_response(connection, MHD_HTTP_OK, response);
|
||||
}
|
||||
|
||||
@ -783,7 +791,9 @@ static int request_handler_machine(
|
||||
return respond_oom(connection);
|
||||
TAKE_PTR(json);
|
||||
|
||||
MHD_add_response_header(response, "Content-Type", "application/json");
|
||||
if (MHD_add_response_header(response, "Content-Type", "application/json") == MHD_NO)
|
||||
return respond_oom(connection);
|
||||
|
||||
return MHD_queue_response(connection, MHD_HTTP_OK, response);
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,8 @@ static int mhd_respond_internal(struct MHD_Connection *connection,
|
||||
return MHD_NO;
|
||||
|
||||
log_debug("Queueing response %u: %s", code, buffer);
|
||||
MHD_add_response_header(response, "Content-Type", "text/plain");
|
||||
if (MHD_add_response_header(response, "Content-Type", "text/plain") == MHD_NO)
|
||||
return MHD_NO;
|
||||
return MHD_queue_response(connection, code, response);
|
||||
}
|
||||
|
||||
|
@ -144,7 +144,8 @@ test_linked_units () {
|
||||
|
||||
check_ok test15-a Names test15-a.service
|
||||
check_ok test15-a Names test15-b.service
|
||||
check_ko test15-a Names test15-b@
|
||||
check_ko test15-a Names test15-a@ # test15-a@.scope is the symlink target.
|
||||
# Make sure it is completely ignored.
|
||||
|
||||
rm /test15-a@.scope
|
||||
clear_services test15-a test15-b
|
||||
|
Loading…
Reference in New Issue
Block a user