diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-05-12 16:42:50 +0300 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-05-12 16:42:50 +0300 |
commit | 752d6256e5204b958b0ef7905675a940b5e9172f (patch) | |
tree | 330d16e6362a49cbed8875a777fe641a43376cd3 /app-containers/runc | |
parent | 0c100b7dd2b30e75b799d806df4ef899fd98e1ea (diff) |
gentoo resync : 12.05.2022
Diffstat (limited to 'app-containers/runc')
-rw-r--r-- | app-containers/runc/Manifest | 1 | ||||
-rw-r--r-- | app-containers/runc/files/CVE-2021-43784.patch | 86 |
2 files changed, 0 insertions, 87 deletions
diff --git a/app-containers/runc/Manifest b/app-containers/runc/Manifest index 2126ba206b32..b0101c67c48c 100644 --- a/app-containers/runc/Manifest +++ b/app-containers/runc/Manifest @@ -1,4 +1,3 @@ -AUX CVE-2021-43784.patch 3305 BLAKE2B c6e16dd2793d99c2513c3bc047c9ccbd9870c15908078895e9e436b437dac55854105ccb0edf48588294125958fc9285637f839b6804cce9a7269fb5f85f4360 SHA512 584bc4e5e88275fa2c300965882697ca6afb6e0987bc1a888d96febbc47e56b17f346c595fe6e3933a29c143c000d574a64475de8779e4f7ef2d724d7be43589 DIST runc-1.0.3.tar.gz 2375241 BLAKE2B 0fb9368ab5442462001c15a67a71821133ad90d16cac5aac760e52b2477db69c0a5dd59df42601119b19ede508889796c994a24624f88ec6a1a29dad19e0bf33 SHA512 64a1894c2b4ed5a68b185e88548fc9fbbd01d8a9495feed59fb196aa06763d64cfb71ca6cbc09d1defa26a0d94ad58626296585741f23df2e290147ba6c4c26e DIST runc-1.1.0.tar.gz 2332427 BLAKE2B 3a194221d0bab813249e23c5f725255e453ce6843c2cb7e1a40a3c6fdd90a1a805c18ebadf56ee5d535f253025716aae6ab3f437140a3cc69e854e750e205e0c SHA512 542ea87c488fd120f2b77e53e2c197f09cd504fbe55dbe47008aaa5b0565aa300fc49f8cadc24ead796e45a4e95a30dfb08bfeefa58dc370145a218fd2869e41 DIST runc-1.1.1.tar.gz 2332722 BLAKE2B d0abe624ddd17885bd25a5923e35ed760a7acaeb2ae7eefa18cdd28a2ecfc79a958d550eafac421b58865376620d7475338752df823e0f1b4a69be201fe4ea90 SHA512 baf622e7edae9b68d2fa255f02359d770489c7578be3c6379a5d939b4f1dfa697ec9eb4ef7dce252e64ee5225f76c06e45182a9b92b68a952e21e3f5f91450d0 diff --git a/app-containers/runc/files/CVE-2021-43784.patch b/app-containers/runc/files/CVE-2021-43784.patch deleted file mode 100644 index ab3886ee9ba7..000000000000 --- a/app-containers/runc/files/CVE-2021-43784.patch +++ /dev/null @@ -1,86 +0,0 @@ -From b8dbe46687c2a96efa9252b69d3fc1ce33bdc416 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai <cyphar@cyphar.com> -Date: Thu, 18 Nov 2021 16:12:59 +1100 -Subject: [PATCH] runc init: avoid netlink message length overflows - -When writing netlink messages, it is possible to have a byte array -larger than UINT16_MAX which would result in the length field -overflowing and allowing user-controlled data to be parsed as control -characters (such as creating custom mount points, changing which set of -namespaces to allow, and so on). - -Co-authored-by: Kir Kolyshkin <kolyshkin@gmail.com> -Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> -Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> ---- - libcontainer/container_linux.go | 20 +++++++++++++++++++- - libcontainer/message_linux.go | 9 +++++++++ - 2 files changed, 28 insertions(+), 1 deletion(-) - -diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go -index 6ce1854f68..1484703b0c 100644 ---- a/libcontainer/container_linux.go -+++ b/libcontainer/container_linux.go -@@ -2028,16 +2028,34 @@ func encodeIDMapping(idMap []configs.IDMap) ([]byte, error) { - return data.Bytes(), nil - } - -+// netlinkError is an error wrapper type for use by custom netlink message -+// types. Panics with errors are wrapped in netlinkError so that the recover -+// in bootstrapData can distinguish intentional panics. -+type netlinkError struct{ error } -+ - // bootstrapData encodes the necessary data in netlink binary format - // as a io.Reader. - // Consumer can write the data to a bootstrap program - // such as one that uses nsenter package to bootstrap the container's - // init process correctly, i.e. with correct namespaces, uid/gid - // mapping etc. --func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string) (io.Reader, error) { -+func (c *linuxContainer) bootstrapData(cloneFlags uintptr, nsMaps map[configs.NamespaceType]string) (_ io.Reader, Err error) { - // create the netlink message - r := nl.NewNetlinkRequest(int(InitMsg), 0) - -+ // Our custom messages cannot bubble up an error using returns, instead -+ // they will panic with the specific error type, netlinkError. In that -+ // case, recover from the panic and return that as an error. -+ defer func() { -+ if r := recover(); r != nil { -+ if e, ok := r.(netlinkError); ok { -+ Err = e.error -+ } else { -+ panic(r) -+ } -+ } -+ }() -+ - // write cloneFlags - r.AddData(&Int32msg{ - Type: CloneFlagsAttr, -diff --git a/libcontainer/message_linux.go b/libcontainer/message_linux.go -index 1d4f5033aa..e4107ce39f 100644 ---- a/libcontainer/message_linux.go -+++ b/libcontainer/message_linux.go -@@ -3,6 +3,9 @@ - package libcontainer - - import ( -+ "fmt" -+ "math" -+ - "github.com/vishvananda/netlink/nl" - "golang.org/x/sys/unix" - ) -@@ -54,6 +57,12 @@ type Bytemsg struct { - - func (msg *Bytemsg) Serialize() []byte { - l := msg.Len() -+ if l > math.MaxUint16 { -+ // We cannot return nil nor an error here, so we panic with -+ // a specific type instead, which is handled via recover in -+ // bootstrapData. -+ panic(netlinkError{fmt.Errorf("netlink: cannot serialize bytemsg of length %d (larger than UINT16_MAX)", l)}) -+ } - buf := make([]byte, (l+unix.NLA_ALIGNTO-1) & ^(unix.NLA_ALIGNTO-1)) - native := nl.NativeEndian() - native.PutUint16(buf[0:2], uint16(l)) |