Repository: hadoop Updated Branches: refs/heads/trunk 3bd9ea63d -> 41049ba5d
YARN-7758. Add an additional check to the validity of container and application ids passed to container-executor. Contributed by Yufei Gu. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/41049ba5 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/41049ba5 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/41049ba5 Branch: refs/heads/trunk Commit: 41049ba5d129f0fd0953ed8fdeb12635f7546bb2 Parents: 3bd9ea6 Author: Miklos Szegedi <szege...@apache.org> Authored: Tue Jan 16 15:40:43 2018 -0800 Committer: Miklos Szegedi <szege...@apache.org> Committed: Tue Jan 16 15:40:43 2018 -0800 ---------------------------------------------------------------------- .../main/native/container-executor/impl/container-executor.c | 3 ++- .../src/main/native/container-executor/impl/main.c | 5 +++++ .../src/main/native/container-executor/impl/util.h | 3 ++- 3 files changed, 9 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/41049ba5/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index 64052fd..98e2d6e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -1071,7 +1071,8 @@ int create_log_dirs(const char *app_id, char * const * log_dirs) { for(log_root=log_dirs; *log_root != NULL; ++log_root) { char *app_log_dir = get_app_log_directory(*log_root, app_id); int result = check_nm_local_dir(nm_uid, *log_root); - if (result != 0) { + if (result != 0 && app_log_dir != NULL) { + free(app_log_dir); app_log_dir = NULL; } if (app_log_dir == NULL) { http://git-wip-us.apache.org/repos/asf/hadoop/blob/41049ba5/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c index 259719a..b69546a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c @@ -24,6 +24,7 @@ #include "modules/gpu/gpu-module.h" #include "modules/fpga/fpga-module.h" #include "modules/cgroups/cgroups-operations.h" +#include "utils/string-utils.h" #include <errno.h> #include <grp.h> @@ -368,6 +369,10 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation) } cmd_input.app_id = argv[optind++]; cmd_input.container_id = argv[optind++]; + if (!validate_container_id(cmd_input.container_id)) { + fprintf(ERRORFILE, "Invalid container id %s\n", cmd_input.container_id); + return INVALID_CONTAINER_ID; + } cmd_input.cred_file = argv[optind++]; cmd_input.local_dirs = argv[optind++];// good local dirs as a comma separated list cmd_input.log_dirs = argv[optind++];// good log dirs as a comma separated list http://git-wip-us.apache.org/repos/asf/hadoop/blob/41049ba5/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h index ed9fba8..6aac1fe 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h @@ -67,7 +67,8 @@ enum errorcodes { ERROR_SANITIZING_DOCKER_COMMAND = 39, DOCKER_IMAGE_INVALID = 40, // DOCKER_CONTAINER_NAME_INVALID = 41, (NOT USED) - ERROR_COMPILING_REGEX = 42 + ERROR_COMPILING_REGEX = 42, + INVALID_CONTAINER_ID = 43 }; /* Macros for min/max. */ --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org