github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-20 18:31:15 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #110435 from haircommander/exec-sync-cve

Browse Source 
cri-api: document expectation of 16 MB limit
This commit is contained in:
Kubernetes Prow Robot 2023-03-14 09:38:16 -07:00 committed by GitHub
commit 23023776b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
View File

@ -6182,8 +6182,16 @@ func (m *ExecSyncRequest) GetTimeout() int64 {
type ExecSyncResponse struct {
// Captured command stdout output.
// The runtime should cap the output of this response to 16MB.
// If the stdout of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
Stdout []byte `protobuf:"bytes,1,opt,name=stdout,proto3" json:"stdout,omitempty"`
// Captured command stderr output.
// The runtime should cap the output of this response to 16MB.
// If the stderr of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
Stderr []byte `protobuf:"bytes,2,opt,name=stderr,proto3" json:"stderr,omitempty"`
// Exit code the command finished with. Default: 0 (success).
ExitCode int32 `protobuf:"varint,3,opt,name=exit_code,json=exitCode,proto3" json:"exit_code,omitempty"`

8
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
View File

@ -1287,8 +1287,16 @@ message ExecSyncRequest {
message ExecSyncResponse {
// Captured command stdout output.
// The runtime should cap the output of this response to 16MB.
// If the stdout of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
bytes stdout = 1;
// Captured command stderr output.
// The runtime should cap the output of this response to 16MB.
// If the stderr of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
bytes stderr = 2;
// Exit code the command finished with. Default: 0 (success).
int32 exit_code = 3;