diff options
Diffstat (limited to 'main/lxc/CVE-2015-1331.patch')
-rw-r--r-- | main/lxc/CVE-2015-1331.patch | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/main/lxc/CVE-2015-1331.patch b/main/lxc/CVE-2015-1331.patch new file mode 100644 index 0000000000..d8ed818cdd --- /dev/null +++ b/main/lxc/CVE-2015-1331.patch @@ -0,0 +1,100 @@ +From 9db431b17f023ec776e10c59383783f94eb18821 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn <serge.hallyn@ubuntu.com> +Date: Fri, 3 Jul 2015 09:26:17 -0500 +Subject: [PATCH] lxclock: use /run/lxc/lock rather than /run/lock/lxc + +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> +[tyhicks: Remove fallback path construction in /tmp] +Signed-off-by: Tyler Hicks <tyhicks@canonical.com> + +Origin: backport +Bug-Ubuntu: https://launchpad.net/bugs/1470842 +--- + src/lxc/lxclock.c | 47 ++++++++++------------------------------------- + src/tests/locktests.c | 2 +- + 2 files changed, 11 insertions(+), 38 deletions(-) + +diff --git a/src/lxc/lxclock.c b/src/lxc/lxclock.c +index fe13898..e9e95f7 100644 +--- a/src/lxc/lxclock.c ++++ b/src/lxc/lxclock.c +@@ -103,13 +103,13 @@ static char *lxclock_name(const char *p, const char *n) + char *rundir; + + /* lockfile will be: +- * "/run" + "/lock/lxc/$lxcpath/$lxcname + '\0' if root ++ * "/run" + "/lxc/lock/$lxcpath/$lxcname + '\0' if root + * or +- * $XDG_RUNTIME_DIR + "/lock/lxc/$lxcpath/$lxcname + '\0' if non-root ++ * $XDG_RUNTIME_DIR + "/lxc/lock/$lxcpath/$lxcname + '\0' if non-root + */ + +- /* length of "/lock/lxc/" + $lxcpath + "/" + $lxcname + '\0' */ +- len = strlen("/lock/lxc/") + strlen(n) + strlen(p) + 2; ++ /* length of "/lxc/lock/" + $lxcpath + "/" + $lxcname + '\0' */ ++ len = strlen("/lxc/lock/") + strlen(n) + strlen(p) + 2; + rundir = get_rundir(); + if (!rundir) + return NULL; +@@ -120,7 +120,7 @@ static char *lxclock_name(const char *p, const char *n) + return NULL; + } + +- ret = snprintf(dest, len, "%s/lock/lxc/%s", rundir, p); ++ ret = snprintf(dest, len, "%s/lxc/lock/%s", rundir, p); + if (ret < 0 || ret >= len) { + free(dest); + free(rundir); +@@ -128,31 +128,13 @@ static char *lxclock_name(const char *p, const char *n) + } + ret = mkdir_p(dest, 0755); + if (ret < 0) { +- /* fall back to "/tmp/" $(id -u) "/lxc/" $lxcpath / $lxcname + '\0' */ +- int l2 = 33 + strlen(n) + strlen(p); +- if (l2 > len) { +- char *d; +- d = realloc(dest, l2); +- if (!d) { +- free(dest); +- free(rundir); +- return NULL; +- } +- len = l2; +- dest = d; +- } +- ret = snprintf(dest, len, "/tmp/%d/lxc/%s", geteuid(), p); +- if (ret < 0 || ret >= len) { +- free(dest); +- free(rundir); +- return NULL; +- } +- ret = snprintf(dest, len, "/tmp/%d/lxc/%s/%s", geteuid(), p, n); +- } else +- ret = snprintf(dest, len, "%s/lock/lxc/%s/%s", rundir, p, n); ++ free(dest); ++ free(rundir); ++ return NULL; ++ } + ++ ret = snprintf(dest, len, "%s/lxc/lock/%s/%s", rundir, p, n); + free(rundir); +- + if (ret < 0 || ret >= len) { + free(dest); + return NULL; +diff --git a/src/tests/locktests.c b/src/tests/locktests.c +index dd3393a..233ca12 100644 +--- a/src/tests/locktests.c ++++ b/src/tests/locktests.c +@@ -122,7 +122,7 @@ int main(int argc, char *argv[]) + exit(1); + } + struct stat sb; +- char *pathname = RUNTIME_PATH "/lock/lxc/var/lib/lxc/"; ++ char *pathname = RUNTIME_PATH "/lxc/lock/var/lib/lxc/"; + ret = stat(pathname, &sb); + if (ret != 0) { + fprintf(stderr, "%d: filename %s not created\n", __LINE__, +-- +2.1.4 + |