Merge pull request #141 from NERSC/master

16.08.3
NERSC · Sep 21, 2016 · c7b22c4 · c7b22c4
2 parents 10eca85 + 9d053ec
commit c7b22c4
Show file tree

Hide file tree

Showing 7 changed files with 58 additions and 8 deletions.
diff --git a/NEWS b/NEWS
@@ -1,3 +1,16 @@
+16.08.3
+==========
+* Perform volume mount realpath() and lstat() verfication with user privileges,
+  to ensure user has access to content at container construction time
+* Add shifter_realpath() to calculate user volume mount paths relative to
+  alternate root (accounts for symlinks that might inadvertently (or
+  intentionally) try to pull user volume mounts out of the container.
+* Fix buffer overrun in volume map flag parsing code
+* Clean up clang & coverity-found issues
+* Improve error handling in shifter core logic
+* Improve shifter imagegw logging
+* Address pylint-found errors (a few minor bugs)
+
 16.08.2
 ===========
 * Fix slurm tests (was missing some build options) and clear up some warnings
@@ -6,7 +19,6 @@
 * Add additional checks to ensure bind mounts stay within approved paths and
   validate that mount points are directories better
 
-
 16.08.1
 ===========
 * Fixed bug in user volume mount flag parsing that could segfault

diff --git a/README.md b/README.md
@@ -6,6 +6,13 @@ the run time environment for the application 2) an image gateway service that pu
 format suitable for the HPC system (typically squashfs) 3) and example scripts/plugins to integrate Shifter with various batch
 scheduler systems.
 
+<a href="https://travis-ci.org/NERSC/shifter">
+  <img alt="TravisCI Build Status" src="https://travis-ci.org/NERSC/shifter.svg?branch=master" />
+</a>
+<a href="https://scan.coverity.com/projects/nersc-shifter">
+  <img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/9990/badge.svg"/>
+</a>
+
 
 # Mailing List
 
@@ -32,3 +39,4 @@ https://www.nersc.gov/research-and-development/user-defined-images/
 # Documentation
 
 https://github.com/NERSC/shifter/tree/master/doc
+
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ([2.62])
-AC_INIT([shifter], [16.08.2b], [shifter-hpc@googlegroups.com])
+AC_INIT([shifter], [16.08.3], [shifter-hpc@googlegroups.com])
 AC_CONFIG_SRCDIR([src/shifter_core.h])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_AUX_DIR([auxdir])

diff --git a/shifter.spec b/shifter.spec
@@ -17,7 +17,7 @@
 
 Summary:   NERSC Shifter -- Containers for HPC
 Name:      shifter
-Version:   16.08.2b
+Version:   16.08.3
 Release:   1.nersc%{?dist}
 License:   BSD (LBNL-modified)
 Group:     System Environment/Base

diff --git a/src/PathList.c b/src/PathList.c
@@ -66,7 +66,7 @@ PathList *pathList_init(const char *path) {
     if (path_len == 0) return NULL;
 
     buffer = strdup(path);
-    if (path == NULL) {
+    if (buffer == NULL) {
         return NULL;
     }
 
@@ -158,7 +158,7 @@ int pathList_append(PathList *base, const char *path) {
             newpath->path->parent = base->terminal;
         }
     } else {
-        newpath->path = newpath->path;
+        base->path = newpath->path;
     }
     base->terminal = newpath->terminal;
     newpath->path = NULL;
@@ -375,9 +375,19 @@ PathList *pathList_duplicatePartial(PathList *origpath, PathComponent *tohere) {
         return NULL;
     }
     ret->terminal = rptr;
-    trim = rptr->child;
-    rptr->child = NULL;
-    pathList_freeComponents(trim);
+    if (rptr != NULL) {
+        trim = rptr->child;
+        rptr->child = NULL;
+        pathList_freeComponents(trim);
+    } else {
+        /* this is an exceptionally unlikely branch, but if it does happen,
+         * this will keep the ret path consistent */
+        if (ret->path != NULL) {
+            pathList_freeComponents(ret->path);
+        }
+        ret->path = NULL;
+        ret->terminal = NULL;
+    }
     return ret;
 }
 
@@ -453,6 +463,10 @@ PathComponent *pathList_appendComponents(
     while (compPtr) {
         newComp = (PathComponent *) malloc(sizeof(PathComponent));
         if (newComp == NULL) {
+            if (retComp != NULL) {
+                pathList_freeComponents(retComp);
+                retComp = NULL;
+            }
             return NULL;
         }
         newComp->item = strdup(compPtr->item);

diff --git a/src/shifterimg.c b/src/shifterimg.c
@@ -906,6 +906,8 @@ ImageGwState *queryGateway(char *baseUrl, char *type, char *tag, struct options
                         free_ImageGwState(gwState);
                         config->mode = MODE_PULL;
                     }
+                    free_ImageGwImageRec(image, 1);
+                    image = NULL;
                 }
             } else if (config->mode == MODE_IMAGES) {
                 ImageGwImageRec **images = parseImagesResponse(imageGw);

diff --git a/src/test/test_PathList.cpp b/src/test/test_PathList.cpp
@@ -119,6 +119,20 @@ TEST(PathListTestGroup, appendPathTest) {
     strPath = NULL;
 
     pathList_free(basePath);
+
+    basePath = pathList_init("/");
+    CHECK(basePath != NULL);
+    CHECK(basePath->path == NULL);
+    CHECK(basePath->absolute == 1);
+
+    CHECK(pathList_append(basePath, "this/is/a/test") == 0);
+    strPath = pathList_string(basePath);
+    CHECK(strPath != NULL);
+    CHECK(strcmp(strPath, "/this/is/a/test") == 0);
+    free(strPath);
+    strPath = NULL;
+
+    pathList_free(basePath);
 }
 
 TEST(PathListTestGroup, resolveSymLink) {