1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00

Merge pull request #18911 from keszybz/coverity-inspired-fixes

Coverity inspired fixes
This commit is contained in:
Luca Boccassi 2021-03-07 15:12:08 +00:00 committed by GitHub
commit e08c40417e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 34 additions and 23 deletions

View File

@ -10,6 +10,7 @@
#include "namespace-util.h"
#include "process-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "user-util.h"
int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *userns_fd, int *root_fd) {
@ -82,15 +83,14 @@ int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *
}
int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd) {
if (userns_fd >= 0) {
/* Can't setns to your own userns, since then you could
* escalate from non-root to root in your own namespace, so
* check if namespaces equal before attempting to enter. */
_cleanup_free_ char *userns_fd_path = NULL;
int r;
if (asprintf(&userns_fd_path, "/proc/self/fd/%d", userns_fd) < 0)
return -ENOMEM;
int r;
if (userns_fd >= 0) {
/* Can't setns to your own userns, since then you could escalate from non-root to root in
* your own namespace, so check if namespaces are equal before attempting to enter. */
char userns_fd_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
xsprintf(userns_fd_path, "/proc/self/fd/%d", userns_fd);
r = files_same(userns_fd_path, "/proc/self/ns/user", 0);
if (r < 0)
return r;

View File

@ -65,15 +65,15 @@ int open_extension_release(const char *root, const char *extension, char **ret_p
extension_full_path = strjoina("/usr/lib/extension-release.d/extension-release.", extension);
r = chase_symlinks(extension_full_path, root, CHASE_PREFIX_ROOT,
ret_path ? &q : NULL,
ret_fd ? &fd : NULL);
ret_path ? &q : NULL,
ret_fd ? &fd : NULL);
} else {
const char *p;
FOREACH_STRING(p, "/etc/os-release", "/usr/lib/os-release") {
r = chase_symlinks(p, root, CHASE_PREFIX_ROOT,
ret_path ? &q : NULL,
ret_fd ? &fd : NULL);
ret_path ? &q : NULL,
ret_fd ? &fd : NULL);
if (r != -ENOENT)
break;
}
@ -116,10 +116,9 @@ int fopen_extension_release(const char *root, const char *extension, char **ret_
if (!f)
return -errno;
*ret_file = f;
if (ret_path)
*ret_path = TAKE_PTR(p);
*ret_file = f;
return 0;
}

View File

@ -1555,7 +1555,7 @@ static int socket_address_listen_in_cgroup(
if (s->exec_context.ipc_namespace_path &&
s->exec_runtime &&
s->exec_runtime->ipcns_storage_socket[0] >= 0) {
r = open_shareable_ns_path(s->exec_runtime->netns_storage_socket, s->exec_context.network_namespace_path, CLONE_NEWIPC);
r = open_shareable_ns_path(s->exec_runtime->ipcns_storage_socket, s->exec_context.ipc_namespace_path, CLONE_NEWIPC);
if (r < 0)
return log_unit_error_errno(UNIT(s), r, "Failed to open IPC namespace path %s: %m", s->exec_context.ipc_namespace_path);
}

View File

@ -501,7 +501,9 @@ static int request_handler_entries(
if (!response)
return respond_oom(connection);
MHD_add_response_header(response, "Content-Type", mime_types[m->mode]);
if (MHD_add_response_header(response, "Content-Type", mime_types[m->mode]) == MHD_NO)
return respond_oom(connection);
return MHD_queue_response(connection, MHD_HTTP_OK, response);
}
@ -629,7 +631,9 @@ static int request_handler_fields(
if (!response)
return respond_oom(connection);
MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]);
if (MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]) == MHD_NO)
return respond_oom(connection);
return MHD_queue_response(connection, MHD_HTTP_OK, response);
}
@ -652,8 +656,10 @@ static int request_handler_redirect(
return respond_oom(connection);
}
MHD_add_response_header(response, "Content-Type", "text/html");
MHD_add_response_header(response, "Location", target);
if (MHD_add_response_header(response, "Content-Type", "text/html") == MHD_NO ||
MHD_add_response_header(response, "Location", target) == MHD_NO)
return respond_oom(connection);
return MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
}
@ -682,7 +688,9 @@ static int request_handler_file(
return respond_oom(connection);
TAKE_FD(fd);
MHD_add_response_header(response, "Content-Type", mime_type);
if (MHD_add_response_header(response, "Content-Type", mime_type) == MHD_NO)
return respond_oom(connection);
return MHD_queue_response(connection, MHD_HTTP_OK, response);
}
@ -783,7 +791,9 @@ static int request_handler_machine(
return respond_oom(connection);
TAKE_PTR(json);
MHD_add_response_header(response, "Content-Type", "application/json");
if (MHD_add_response_header(response, "Content-Type", "application/json") == MHD_NO)
return respond_oom(connection);
return MHD_queue_response(connection, MHD_HTTP_OK, response);
}

View File

@ -39,7 +39,8 @@ static int mhd_respond_internal(struct MHD_Connection *connection,
return MHD_NO;
log_debug("Queueing response %u: %s", code, buffer);
MHD_add_response_header(response, "Content-Type", "text/plain");
if (MHD_add_response_header(response, "Content-Type", "text/plain") == MHD_NO)
return MHD_NO;
return MHD_queue_response(connection, code, response);
}

View File

@ -144,7 +144,8 @@ test_linked_units () {
check_ok test15-a Names test15-a.service
check_ok test15-a Names test15-b.service
check_ko test15-a Names test15-b@
check_ko test15-a Names test15-a@ # test15-a@.scope is the symlink target.
# Make sure it is completely ignored.
rm /test15-a@.scope
clear_services test15-a test15-b