github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-11-04 03:29:55 +00:00
Code Issues Projects Releases Wiki Activity

agent: Don't leak fd when reseeding rng

Browse Source 
This PR wraps fd raw descriptor with File, so it'll be properly closed once exited.

Fixes: #1192

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This commit is contained in:
Maksym Pavlenko
2020-12-11 16:18:41 -08:00
parent e167bf30e3
commit 3db1c8059d
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/agent/src/random.rs
View File

@@ -8,6 +8,7 @@ use nix::errno::Errno;
use nix::fcntl::{self, OFlag};
use nix::sys::stat::Mode;
use std::fs;
use std::os::unix::io::{AsRawFd, FromRawFd};
pub const RNGDEV: &str = "/dev/random";
pub const RNDADDTOENTCNT: libc::c_int = 0x40045201;
@@ -23,18 +24,22 @@ pub fn reseed_rng(data: &[u8]) -> Result<()> {
let len = data.len() as libc::c_long;
fs::write(RNGDEV, data)?;
let fd = fcntl::open(RNGDEV, OFlag::O_RDWR, Mode::from_bits_truncate(0o022))?;
let f = {
let fd = fcntl::open(RNGDEV, OFlag::O_RDWR, Mode::from_bits_truncate(0o022))?;
// Wrap fd with `File` to properly close descriptor on exit
unsafe { fs::File::from_raw_fd(fd) }
};
let ret = unsafe {
libc::ioctl(
fd,
f.as_raw_fd(),
RNDADDTOENTCNT as IoctlRequestType,
&len as *const libc::c_long,
)
};
let _ = Errno::result(ret).map(drop)?;
let ret = unsafe { libc::ioctl(fd, RNDRESEEDRNG as IoctlRequestType, 0) };
let ret = unsafe { libc::ioctl(f.as_raw_fd(), RNDRESEEDRNG as IoctlRequestType, 0) };
let _ = Errno::result(ret).map(drop)?;
Ok(())