github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-01 17:52:40 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Fix Incorrect conversion between integer types

Browse Source 
Fix the high severity codeql issue by checking the
value is in bounds before converting

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman 2025-05-01 12:48:43 +01:00
parent 4de79b9821
commit 5472662b33
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/runtime/virtcontainers/kata_agent.go
View File

@ -11,6 +11,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"math"
"os" "os"
"path" "path"
"path/filepath" "path/filepath"
@ -1776,9 +1777,18 @@ func (k *kataAgent) handleDeviceBlockVolume(c *Container, m Mount, device api.De
if len(vol.Options) == 0 { if len(vol.Options) == 0 {
vol.Options = m.Options vol.Options = m.Options
} }
if m.FSGroup != nil { if m.FSGroup != nil {
var safeFsgroup uint32
// Check conversions from int to uint32 is safe
if *m.FSGroup > 0 && *m.FSGroup <= math.MaxUint32 {
safeFsgroup = uint32(*m.FSGroup)
} else {
return nil, fmt.Errorf("m.FSGroup value was out of range: %d", m.FSGroup)
}
vol.FsGroup = &grpc.FSGroup{ vol.FsGroup = &grpc.FSGroup{
GroupId: uint32(*m.FSGroup), GroupId: safeFsgroup,
GroupChangePolicy: getFSGroupChangePolicy(m.FSGroupChangePolicy), GroupChangePolicy: getFSGroupChangePolicy(m.FSGroupChangePolicy),
} }
} }