-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(minor) podman kill: should do input validation #4746
Labels
Good First Issue
This issue would be a good issue for a first time contributor to undertake.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Comments
I like to get a fix on all of these. Anyone out there looking for a quick git project should grab this. |
edsantiago
added a commit
to edsantiago/libpod
that referenced
this issue
Dec 26, 2019
The helper function we use for signal name mapping does not check for negative numbers nor invalid (too-high) ones. This can yield unexpected error messages: # podman kill -s -1 foo ERRO[0000] unknown signal "18446744073709551615" This PR introduces a small wrapper for it that: 1) Strips off a leading dash, allowing '-1' or '-HUP' as valid inputs; and 2) Rejects numbers <1 or >64 (SIGRTMAX) Also adds a test suite checking signal handling as well as ensuring that invalid signals are rejected by the command line. Fixes: containers#4746 Signed-off-by: Ed Santiago <santiago@redhat.com>
edsantiago
added a commit
to edsantiago/libpod
that referenced
this issue
Dec 26, 2019
The helper function we use for signal name mapping does not check for negative numbers nor invalid (too-high) ones. This can yield unexpected error messages: # podman kill -s -1 foo ERRO[0000] unknown signal "18446744073709551615" This PR introduces a small wrapper for it that: 1) Strips off a leading dash, allowing '-1' or '-HUP' as valid inputs; and 2) Rejects numbers <1 or >64 (SIGRTMAX) Also adds a test suite checking signal handling as well as ensuring that invalid signals are rejected by the command line. Fixes: containers#4746 Signed-off-by: Ed Santiago <santiago@redhat.com>
edsantiago
added a commit
to edsantiago/libpod
that referenced
this issue
Dec 26, 2019
The helper function we use for signal name mapping does not check for negative numbers nor invalid (too-high) ones. This can yield unexpected error messages: # podman kill -s -1 foo ERRO[0000] unknown signal "18446744073709551615" This PR introduces a small wrapper for it that: 1) Strips off a leading dash, allowing '-1' or '-HUP' as valid inputs; and 2) Rejects numbers <1 or >64 (SIGRTMAX) Also adds a test suite checking signal handling as well as ensuring that invalid signals are rejected by the command line. Fixes: containers#4746 Signed-off-by: Ed Santiago <santiago@redhat.com>
edsantiago
added a commit
to edsantiago/libpod
that referenced
this issue
Dec 26, 2019
The helper function we use for signal name mapping does not check for negative numbers nor invalid (too-high) ones. This can yield unexpected error messages: # podman kill -s -1 foo ERRO[0000] unknown signal "18446744073709551615" This PR introduces a small wrapper for it that: 1) Strips off a leading dash, allowing '-1' or '-HUP' as valid inputs; and 2) Rejects numbers <1 or >64 (SIGRTMAX) Also adds a test suite checking signal handling as well as ensuring that invalid signals are rejected by the command line. Fixes: containers#4746 Signed-off-by: Ed Santiago <santiago@redhat.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Good First Issue
This issue would be a good issue for a first time contributor to undertake.
locked - please file new issue/PR
Assist humans wanting to comment on an old issue or PR with locked comments.
Looks like podman is accepting any int, casting to ulong, and passing it along:
Would it make sense to validate against
SIGRTMAX
before accepting it?And, for the sake of discussion, I feel it might be a nice courtesy to accept a signed int and run
abs()
on it. Those of us with fingers trained to typekill -N
would appreciate it.Oh, also,
kill -s 0
throws an error (invalid signal). This is what docker does, so we might need to keep it for compatibility, but it could also be nice to replicate standardkill -0
behavior (exit 0 if container exists).The text was updated successfully, but these errors were encountered: