From 706520a9d29080b515b483aba701e50bad94c59c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Wed, 30 Sep 2020 14:33:23 +0200 Subject: [PATCH] crun-0.15-3 Signed-off-by: Giuseppe Scrivano --- 0001-exec-check-read-bytes-from-sync.patch | 35 ++++++++++++++++++++++ crun.spec | 7 ++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 0001-exec-check-read-bytes-from-sync.patch diff --git a/0001-exec-check-read-bytes-from-sync.patch b/0001-exec-check-read-bytes-from-sync.patch new file mode 100644 index 0000000..fc41655 --- /dev/null +++ b/0001-exec-check-read-bytes-from-sync.patch @@ -0,0 +1,35 @@ +From 20c56beb3307b0ac07af0edbbbe49ec65819f559 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 29 Sep 2020 16:52:02 +0200 +Subject: [PATCH] exec: check read bytes from sync + +when reading from the exec sync pipe, make sure it reads exactly one +byte otherwise return an error. + +Closes: https://github.com/containers/crun/issues/511 + +Signed-off-by: Giuseppe Scrivano +--- + src/libcrun/container.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libcrun/container.c b/src/libcrun/container.c +index 927986a..0308992 100644 +--- a/src/libcrun/container.c ++++ b/src/libcrun/container.c +@@ -2595,10 +2595,10 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec + } + } + +- TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); ++ ret = TEMP_FAILURE_RETRY (read (pipefd0, &b, sizeof (b))); + TEMP_FAILURE_RETRY (close (pipefd0)); + pipefd0 = -1; +- if (b != '0') ++ if (ret != 1 || b != '0') + ret = -1; + else + { +-- +2.26.2 + diff --git a/crun.spec b/crun.spec index a95d54d..65a45ca 100644 --- a/crun.spec +++ b/crun.spec @@ -1,7 +1,7 @@ Summary: OCI runtime written in C Name: crun Version: 0.15 -Release: 2%{?dist} +Release: 3%{?dist} Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.gz License: GPLv3+ URL: https://github.com/containers/crun @@ -22,6 +22,8 @@ BuildRequires: libtool BuildRequires: go-md2man Provides: oci-runtime = 2 +Patch0: 0001-exec-check-read-bytes-from-sync.patch + %description crun is a runtime for running OCI containers @@ -44,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT/usr/lib* %{_mandir}/man1/* %changelog +* Wed Sep 30 2020 Giuseppe Scrivano - 0.15-3 +- backport "exec: check read bytes from sync" + * Wed Sep 23 2020 Giuseppe Scrivano - 0.15-2 - rebuild