The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3261
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
When parsing config options, the order in which the option has been
added to config_jump_table is important. If a more specific option,
such as lxc.selinux.context.keyring, is added after a less specific
(i.e. lxc.selinux.context), the less specific option is taken. This
is unexpected and lead to the mistake that lxc.selinux.context.keyring
has been added at the wrong place. This patch proposes a different
strategy of option parsing: always take the longest match.
In addition, this commit fixes a off by 2 in config option parsing
(due to missing parenthesis). The error occurs if for instance
lxc.net.0.type is parsed. In that case, the .0 is removed from the
string. However, due to the missing parenthesis, the null terminating
character is off by two which means the modified config option would
be lxc.net.typepe instead of lxc.net.type.
From 1e9bcf2dcb110c5b3e9156deefd01fb714bb3e5a Mon Sep 17 00:00:00 2001
From: Maximilian Blenk <maximilian.bl...@bmw.de>
Date: Wed, 5 Feb 2020 15:03:39 +0100
Subject: [PATCH] container.conf: Fix parsing of config options:
When parsing config options, the order in which the option has been
added to config_jump_table is important. If a more specific option,
such as lxc.selinux.context.keyring, is added after a less specific
(i.e. lxc.selinux.context), the less specific option is taken. This
is unexpected and lead to the mistake that lxc.selinux.context.keyring
has been added at the wrong place. This patch proposes a different
strategy of option parsing: always take the longest match.
In addition, this commit fixes a off by 2 in config option parsing
(due to missing parenthesis). The error occurs if for instance
lxc.net.0.type is parsed. In that case, the .0 is removed from the
string. However, due to the missing parenthesis, the null terminating
character is off by two which means the modified config option would
be lxc.net.typepe instead of lxc.net.type.
Signed-off-by: Maximilian Blenk <maximilian.bl...@bmw.de>
---
src/lxc/confile.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index ae28163bb1..39894cfa59 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -255,12 +255,23 @@ static const size_t config_jump_table_size =
sizeof(config_jump_table) / sizeof(
struct lxc_config_t *lxc_get_config(const char *key)
{
size_t i;
+ size_t key_len = strlen(key);
- for (i = 0; i < config_jump_table_size; i++)
- if (!strncmp(config_jump_table[i].name, key,
strlen(config_jump_table[i].name)))
- return &config_jump_table[i];
+ struct lxc_config_t *best_match = NULL;
+ size_t best_match_name_len = 0;
- return NULL;
+ for (i = 0; i < config_jump_table_size; i++) {
+ size_t opt_len = strlen(config_jump_table[i].name);
+ if (opt_len <= best_match_name_len)
+ continue;
+
+ if (!strncmp(config_jump_table[i].name, key, opt_len)) {
+ best_match = &config_jump_table[i];
+ best_match_name_len = opt_len;
+ }
+ }
+
+ return best_match;
}
static int set_config_net(const char *key, const char *value,
@@ -4929,7 +4940,7 @@ static struct lxc_config_t *get_network_config_ops(const
char *key,
}
memmove(copy + 8, idx_end + 1, strlen(idx_end + 1));
- copy[strlen(key) - numstrlen + 1] = '\0';
+ copy[strlen(key) - (numstrlen + 1)] = '\0';
config = lxc_get_config(copy);
if (!config) {
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
