github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-08 00:17:31 +00:00
Code Issues Projects Releases Wiki Activity

grpc: fix the issue of potential crashes

Browse Source 
It's better to check whether the sandbox's get_container
result instead of unwrap it directly, otherwise it would
crash the agent if the conainer id is invalid.

Fixes: #178

Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This commit is contained in:
fupan.lfp 2020-04-02 18:56:13 +08:00
parent 32431d701c
commit ba3c732f86
1 changed files with 59 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
src/agent/src/grpc.rs
View File

@ -188,7 +188,12 @@ impl agentService {
if req.timeout == 0 {
let s = Arc::clone(&self.sandbox);
let mut sandbox = s.lock().unwrap();
let ctr = sandbox.get_container(cid.as_str()).unwrap();
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
Some(cr) => cr,
None => {
return Err(ErrorKind::Nix(nix::Error::from_errno(Errno::EINVAL)).into());
}
};
ctr.destroy()?;
@ -223,7 +228,12 @@ impl agentService {
let handle = thread::spawn(move || {
let mut sandbox = s.lock().unwrap();
let ctr = sandbox.get_container(cid2.as_str()).unwrap();
let ctr: &mut LinuxContainer = match sandbox.get_container(cid2.as_str()) {
Some(cr) => cr,
None => {
return;
}
};
ctr.destroy().unwrap();
tx.send(1).unwrap();
@ -371,7 +381,13 @@ impl agentService {
}
let mut sandbox = s.lock().unwrap();
let ctr = sandbox.get_container(cid.as_str()).unwrap();
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
Some(cr) => cr,
None => {
return Err(ErrorKind::Nix(nix::Error::from_errno(Errno::EINVAL)).into());
}
};
// need to close all fds
let mut p = ctr.processes.get_mut(&pid).unwrap();
@ -657,7 +673,20 @@ impl protocols::agent_grpc::AgentService for agentService {
let s = Arc::clone(&self.sandbox);
let mut sandbox = s.lock().unwrap();
let ctr = sandbox.get_container(cid.as_str()).unwrap();
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
Some(cr) => cr,
None => {
let f = sink
.fail(RpcStatus::new(
RpcStatusCode::InvalidArgument,
Some(String::from("invalid container id")),
))
.map_err(|_e| error!(sl!(), "invalid container id!"));
ctx.spawn(f);
return;
}
};
let pids = ctr.processes().unwrap();
match format.as_str() {
@ -750,7 +779,19 @@ impl protocols::agent_grpc::AgentService for agentService {
let s = Arc::clone(&self.sandbox);
let mut sandbox = s.lock().unwrap();
let ctr = sandbox.get_container(cid.as_str()).unwrap();
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
Some(cr) => cr,
None => {
let f = sink
.fail(RpcStatus::new(
RpcStatusCode::Internal,
Some("invalid container id".to_string()),
))
.map_err(|_e| error!(sl!(), "invalid container id!"));
ctx.spawn(f);
return;
}
};
let resp = Empty::new();
@ -788,7 +829,19 @@ impl protocols::agent_grpc::AgentService for agentService {
let s = Arc::clone(&self.sandbox);
let mut sandbox = s.lock().unwrap();
let ctr = sandbox.get_container(cid.as_str()).unwrap();
let ctr: &mut LinuxContainer = match sandbox.get_container(cid.as_str()) {
Some(cr) => cr,
None => {
let f = sink
.fail(RpcStatus::new(
RpcStatusCode::Internal,
Some("invalid container id!".to_string()),
))
.map_err(|_e| error!(sl!(), "invalid container id!"));
ctx.spawn(f);
return;
}
};
let resp = match ctr.stats() {
Err(_e) => {