seccomp: refactor line handling of parse_config

Moving parse_config_v2 to use getline accidentally parsed the wrong buffer. Since both _v1 and _v2 now use getline it seems to be simpler to also use getline() for the first line before entering the version specific parsers and pass along the pointer and size so they can reuse them. Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Fixes: 9c3798e ("seccomp: parse_config_v2()")
lxc · May 25, 2018 · 3ce8c63 · 3ce8c63
1 parent c88d84c
commit 3ce8c63
Showing 1 changed file with 18 additions and 17 deletions.
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
@@ -44,13 +44,11 @@
 
 lxc_log_define(lxc_seccomp, lxc);
 
-static int parse_config_v1(FILE *f, struct lxc_conf *conf)
+static int parse_config_v1(FILE *f, char *line, size_t *line_bufsz, struct lxc_conf *conf)
 {
 	int ret = 0;
-	size_t line_bufsz = 0;
-	char *line = NULL;
 
-	while (getline(&line, &line_bufsz, f) != -1) {
+	while (getline(&line, line_bufsz, f) != -1) {
 		int nr;
 
 		ret = sscanf(line, "%d", &nr);
@@ -554,14 +552,12 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
  * write
  * close
  */
-static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
+static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_conf *conf)
 {
 	int ret;
 	char *p;
 	enum lxc_hostarch_t cur_rule_arch, native_arch;
-	size_t line_bufsz = 0;
 	bool blacklist = false;
-	char *rule_line = NULL;
 	uint32_t default_policy_action = -1, default_rule_action = -1;
 	struct seccomp_v2_rule rule;
 	struct scmp_ctx_info {
@@ -736,7 +732,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 #endif
 	}
 
-	while (getline(&rule_line, &line_bufsz, f) != -1) {
+	while (getline(&line, line_bufsz, f) != -1) {
 		if (line[0] == '#')
 			continue;
 
@@ -1004,7 +1000,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 		}
 	}
 
-	free(rule_line);
+	free(line);
 	return 0;
 
 bad_arch:
@@ -1021,7 +1017,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 	if (ctx.contexts[2])
 		seccomp_release(ctx.contexts[2]);
 
-	free(rule_line);
+	free(line);
 
 	return -1;
 }
@@ -1042,7 +1038,8 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
  */
 static int parse_config(FILE *f, struct lxc_conf *conf)
 {
-	char line[MAXPATHLEN];
+	char *line = NULL;
+	size_t line_bufsz = 0;
 	int ret, version;
 
 	ret = fscanf(f, "%d\n", &version);
@@ -1051,25 +1048,29 @@ static int parse_config(FILE *f, struct lxc_conf *conf)
 		return -1;
 	}
 
-	if (!fgets(line, MAXPATHLEN, f)) {
+	if (getline(&line, &line_bufsz, f) == -1) {
 		ERROR("Invalid config file");
-		return -1;
+		goto bad_line;
 	}
 
 	if (version == 1 && !strstr(line, "whitelist")) {
 		ERROR("Only whitelist policy is supported");
-		return -1;
+		goto bad_line;
 	}
 
 	if (strstr(line, "debug")) {
 		ERROR("Debug not yet implemented");
-		return -1;
+		goto bad_line;
 	}
 
 	if (version == 1)
-		return parse_config_v1(f, conf);
+		return parse_config_v1(f, line, &line_bufsz, conf);
 
-	return parse_config_v2(f, line, conf);
+	return parse_config_v2(f, line, &line_bufsz, conf);
+
+bad_line:
+	free(line);
+	return -1;
 }
 
 /*