mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-22 01:51:51 +00:00
Code Issues Releases Wiki Activity

net: Fix TOCTOU race condition in unix_conf_op

Browse Source 
The unix_conf_op function reads the size of the sysctl entry array
twice. gcc thinks that it can lead to a time-of-check to time-of-use
(TOCTOU) race condition if the array size changes between the two reads.

Fixes #2398

Signed-off-by: Andrei Vagin <avagin@gmail.com>
This commit is contained in:
Andrei Vagin 2024-05-25 05:11:21 +00:00 committed by Andrei Vagin
parent 457bc6a8ff
commit cc88b1e1ff
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
criu/net.c
View File

@ -359,22 +359,23 @@ static int ipv6_conf_op(char *tgt, SysctlEntry **conf, int n, int op, SysctlEntr
return net_conf_op(tgt, conf, n, op, "ipv6", req, path, ARRAY_SIZE(devconfs6), devconfs6, def_conf);
}
static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op)
static int unix_conf_op(SysctlEntry ***rconf, size_t *pn, int op)
{
int i, ret = -1, flags = 0;
char path[ARRAY_SIZE(unix_conf_entries)][MAX_CONF_UNIX_PATH] = {};
struct sysctl_req req[ARRAY_SIZE(unix_conf_entries)] = {};
SysctlEntry **conf = *rconf;
size_t n = *pn;
if (*n != ARRAY_SIZE(unix_conf_entries)) {
pr_err("unix: Unexpected entries in config (%zu %zu)\n", *n, ARRAY_SIZE(unix_conf_entries));
if (n != ARRAY_SIZE(unix_conf_entries)) {
pr_err("unix: Unexpected entries in config (%zu %zu)\n", n, ARRAY_SIZE(unix_conf_entries));
return -EINVAL;
}
if (opts.weak_sysctls || op == CTL_READ)
flags = CTL_FLAGS_OPTIONAL;
for (i = 0; i < *n; i++) {
for (i = 0; i < n; i++) {
snprintf(path[i], MAX_CONF_UNIX_PATH, CONF_UNIX_FMT, unix_conf_entries[i]);
req[i].name = path[i];
req[i].flags = flags;
@ -390,7 +391,7 @@ static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op)
}
}
ret = sysctl_op(req, *n, op, CLONE_NEWNET);
ret = sysctl_op(req, n, op, CLONE_NEWNET);
if (ret < 0) {
pr_err("unix: Failed to %s %s/<confs>\n", (op == CTL_READ) ? "read" : "write", CONF_UNIX_BASE);
return -1;
@ -399,7 +400,7 @@ static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op)
if (op == CTL_READ) {
bool has_entries = false;
for (i = 0; i < *n; i++) {
for (i = 0; i < n; i++) {
if (req[i].flags & CTL_FLAGS_HAS) {
conf[i]->has_iarg = true;
if (!has_entries)
@ -412,7 +413,7 @@ static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op)
* Unix conf is optional.
*/
if (!has_entries) {
*n = 0;
*pn = 0;
*rconf = NULL;
}
}

2
scripts/build/Dockerfile.x86_64.hdr
View File

@ -1,4 +1,4 @@
FROM ubuntu:focal
FROM ubuntu:24.04
COPY scripts/ci/apt-install /bin/apt-install