github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 19:01:49 +00:00
Code Issues Projects Releases Wiki Activity

cri-api: document expectation of 16 MB limit

Browse Source 
to conform with decisions made to mitigate CVE-2022-31030 and CVE-2022-1708

Signed-off-by: Peter Hunt <pehunt@redhat.com>
This commit is contained in:
Peter Hunt 2022-06-07 14:43:31 -04:00
parent 418608e926
commit 7e4efab6ad
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
View File

@ -6127,8 +6127,16 @@ func (m *ExecSyncRequest) GetTimeout() int64 {
type ExecSyncResponse struct {
// Captured command stdout output.
// The runtime should cap the output of this response to 16MB.
// If the stdout of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
Stdout []byte `protobuf:"bytes,1,opt,name=stdout,proto3" json:"stdout,omitempty"`
// Captured command stderr output.
// The runtime should cap the output of this response to 16MB.
// If the stderr of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
Stderr []byte `protobuf:"bytes,2,opt,name=stderr,proto3" json:"stderr,omitempty"`
// Exit code the command finished with. Default: 0 (success).
ExitCode int32 `protobuf:"varint,3,opt,name=exit_code,json=exitCode,proto3" json:"exit_code,omitempty"`

8
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
View File

@ -1279,8 +1279,16 @@ message ExecSyncRequest {
message ExecSyncResponse {
// Captured command stdout output.
// The runtime should cap the output of this response to 16MB.
// If the stdout of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
bytes stdout = 1;
// Captured command stderr output.
// The runtime should cap the output of this response to 16MB.
// If the stderr of the command produces more than 16MB, the remaining output
// should be discarded, and the command should proceed with no error.
// See CVE-2022-1708 and CVE-2022-31030 for more information.
bytes stderr = 2;
// Exit code the command finished with. Default: 0 (success).
int32 exit_code = 3;