From cc88b1e1ffbadc325f0919b49ba27db048164512 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Sat, 25 May 2024 05:11:21 +0000 Subject: [PATCH] net: Fix TOCTOU race condition in unix_conf_op The unix_conf_op function reads the size of the sysctl entry array twice. gcc thinks that it can lead to a time-of-check to time-of-use (TOCTOU) race condition if the array size changes between the two reads. Fixes #2398 Signed-off-by: Andrei Vagin --- criu/net.c | 15 ++++++++------- scripts/build/Dockerfile.x86_64.hdr | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/criu/net.c b/criu/net.c index b5c4a6ee3..eee331108 100644 --- a/criu/net.c +++ b/criu/net.c @@ -359,22 +359,23 @@ static int ipv6_conf_op(char *tgt, SysctlEntry **conf, int n, int op, SysctlEntr return net_conf_op(tgt, conf, n, op, "ipv6", req, path, ARRAY_SIZE(devconfs6), devconfs6, def_conf); } -static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op) +static int unix_conf_op(SysctlEntry ***rconf, size_t *pn, int op) { int i, ret = -1, flags = 0; char path[ARRAY_SIZE(unix_conf_entries)][MAX_CONF_UNIX_PATH] = {}; struct sysctl_req req[ARRAY_SIZE(unix_conf_entries)] = {}; SysctlEntry **conf = *rconf; + size_t n = *pn; - if (*n != ARRAY_SIZE(unix_conf_entries)) { - pr_err("unix: Unexpected entries in config (%zu %zu)\n", *n, ARRAY_SIZE(unix_conf_entries)); + if (n != ARRAY_SIZE(unix_conf_entries)) { + pr_err("unix: Unexpected entries in config (%zu %zu)\n", n, ARRAY_SIZE(unix_conf_entries)); return -EINVAL; } if (opts.weak_sysctls || op == CTL_READ) flags = CTL_FLAGS_OPTIONAL; - for (i = 0; i < *n; i++) { + for (i = 0; i < n; i++) { snprintf(path[i], MAX_CONF_UNIX_PATH, CONF_UNIX_FMT, unix_conf_entries[i]); req[i].name = path[i]; req[i].flags = flags; @@ -390,7 +391,7 @@ static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op) } } - ret = sysctl_op(req, *n, op, CLONE_NEWNET); + ret = sysctl_op(req, n, op, CLONE_NEWNET); if (ret < 0) { pr_err("unix: Failed to %s %s/\n", (op == CTL_READ) ? "read" : "write", CONF_UNIX_BASE); return -1; @@ -399,7 +400,7 @@ static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op) if (op == CTL_READ) { bool has_entries = false; - for (i = 0; i < *n; i++) { + for (i = 0; i < n; i++) { if (req[i].flags & CTL_FLAGS_HAS) { conf[i]->has_iarg = true; if (!has_entries) @@ -412,7 +413,7 @@ static int unix_conf_op(SysctlEntry ***rconf, size_t *n, int op) * Unix conf is optional. */ if (!has_entries) { - *n = 0; + *pn = 0; *rconf = NULL; } } diff --git a/scripts/build/Dockerfile.x86_64.hdr b/scripts/build/Dockerfile.x86_64.hdr index 32fc2978a..566b4c916 100644 --- a/scripts/build/Dockerfile.x86_64.hdr +++ b/scripts/build/Dockerfile.x86_64.hdr @@ -1,4 +1,4 @@ -FROM ubuntu:focal +FROM ubuntu:24.04 COPY scripts/ci/apt-install /bin/apt-install