[mirror_lxc.git] / src / tests / cve-2019-5736.c

/* liblxcapi
 *
 * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
 * Copyright © 2019 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2, as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include "config.h"

#include <errno.h>
#include <fcntl.h>
#include <lxc/lxccontainer.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>

#include "lxctest.h"
#include "utils.h"

#define MYNAME "shortlived"

static int destroy_container(void)
{
	int status, ret;
	pid_t pid = fork();

	if (pid < 0) {
		perror("fork");
		return -1;
	}
	if (pid == 0) {
		execlp("lxc-destroy", "lxc-destroy", "-f", "-n", MYNAME, NULL);
		exit(EXIT_FAILURE);
	}
again:
	ret = waitpid(pid, &status, 0);
	if (ret == -1) {
		if (errno == EINTR)
			goto again;
		perror("waitpid");
		return -1;
	}
	if (ret != pid)
		goto again;
	if (!WIFEXITED(status))  { // did not exit normally
		fprintf(stderr, "%d: lxc-create exited abnormally\n", __LINE__);
		return -1;
	}
	return WEXITSTATUS(status);
}

static int create_container(void)
{
	int status, ret;
	pid_t pid = fork();

	if (pid < 0) {
		perror("fork");
		return -1;
	}
	if (pid == 0) {
		execlp("lxc-create", "lxc-create", "-t", "busybox", "-n", MYNAME, NULL);
		exit(EXIT_FAILURE);
	}
again:
	ret = waitpid(pid, &status, 0);
	if (ret == -1) {
		if (errno == EINTR)
			goto again;
		perror("waitpid");
		return -1;
	}
	if (ret != pid)
		goto again;
	if (!WIFEXITED(status))  { // did not exit normally
		fprintf(stderr, "%d: lxc-create exited abnormally\n", __LINE__);
		return -1;
	}
	return WEXITSTATUS(status);
}

int main(int argc, char *argv[])
{
	int i;
	const char *s;
	bool b;
	struct lxc_container *c;
	int ret = EXIT_FAILURE;

	/* test a real container */
	c = lxc_container_new(MYNAME, NULL);
	if (!c) {
		fprintf(stderr, "%d: error creating lxc_container %s\n", __LINE__, MYNAME);
		goto out;
	}

	if (c->is_defined(c)) {
		fprintf(stderr, "%d: %s thought it was defined\n", __LINE__, MYNAME);
		goto out;
	}

	if (create_container() < 0) {
		fprintf(stderr, "%d: failed to create a container\n", __LINE__);
		goto out;
	}

	b = c->is_defined(c);
	if (!b) {
		fprintf(stderr, "%d: %s thought it was not defined\n", __LINE__, MYNAME);
		goto out;
	}

	s = c->state(c);
	if (!s || strcmp(s, "STOPPED")) {
		fprintf(stderr, "%d: %s is in state %s, not in STOPPED.\n", __LINE__, c->name, s ? s : "undefined");
		goto out;
	}

	b = c->load_config(c, NULL);
	if (!b) {
		fprintf(stderr, "%d: %s failed to read its config\n", __LINE__, c->name);
		goto out;
	}

	if (!c->set_config_item(c, "lxc.init.cmd", "echo hello")) {
		fprintf(stderr, "%d: failed setting lxc.init.cmd\n", __LINE__);
		goto out;
	}

	c->want_daemonize(c, true);

	if (setenv("LXC_MEMFD_REXEC", "1", 1)) {
		fprintf(stderr, "%d: failed to set LXC_MEMFD_REXEC evironment variable\n", __LINE__);
		goto out;
	}

	/* Test whether we can start a really short-lived daemonized container. */
	for (i = 0; i < 10; i++) {
		if (!c->startl(c, 0, NULL)) {
			fprintf(stderr, "%d: %s failed to start on %dth iteration\n", __LINE__, c->name, i);
			goto out;
		}

		if (!c->wait(c, "STOPPED", 30)) {
			fprintf(stderr, "%d: %s failed to wait on %dth iteration\n", __LINE__, c->name, i);
			goto out;
		}
	}

	/* Test whether we can start a really short-lived daemonized container with lxc-init. */
	for (i = 0; i < 10; i++) {
		if (!c->startl(c, 1, NULL)) {
			fprintf(stderr, "%d: %s failed to start on %dth iteration\n", __LINE__, c->name, i);
			goto out;
		}

		if (!c->wait(c, "STOPPED", 30)) {
			fprintf(stderr, "%d: %s failed to wait on %dth iteration\n", __LINE__, c->name, i);
			goto out;
		}
	}

	c->stop(c);

	fprintf(stderr, "all lxc_container tests passed for %s\n", c->name);
	ret = EXIT_SUCCESS;

out:
	if (c) {
		c->stop(c);
		destroy_container();
	}
	lxc_container_put(c);
	exit(ret);
}
Commit	Line	Data
99258734 CB	1	/* liblxcapi
	2	*
	3	* Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
	4	* Copyright © 2019 Canonical Ltd.
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2, as
	8	* published by the Free Software Foundation.
	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License along
	16	* with this program; if not, write to the Free Software Foundation, Inc.,
	17	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	18	*/
	19
e49c56d6 CB	20	#include "config.h"
e49c56d6 CB	21
99258734 CB	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <lxc/lxccontainer.h>
	25	#include <signal.h>
	26	#include <stdio.h>
	27	#include <stdlib.h>
	28	#include <string.h>
	29	#include <sys/types.h>
	30	#include <sys/wait.h>
	31	#include <unistd.h>
	32
	33	#include "lxctest.h"
	34	#include "utils.h"
	35
	36	#define MYNAME "shortlived"
	37
	38	static int destroy_container(void)
	39	{
	40	int status, ret;
	41	pid_t pid = fork();
	42
	43	if (pid < 0) {
	44	perror("fork");
	45	return -1;
	46	}
	47	if (pid == 0) {
	48	execlp("lxc-destroy", "lxc-destroy", "-f", "-n", MYNAME, NULL);
	49	exit(EXIT_FAILURE);
	50	}
	51	again:
	52	ret = waitpid(pid, &status, 0);
	53	if (ret == -1) {
	54	if (errno == EINTR)
	55	goto again;
	56	perror("waitpid");
	57	return -1;
	58	}
	59	if (ret != pid)
	60	goto again;
	61	if (!WIFEXITED(status)) { // did not exit normally
	62	fprintf(stderr, "%d: lxc-create exited abnormally\n", __LINE__);
	63	return -1;
	64	}
	65	return WEXITSTATUS(status);
	66	}
	67
	68	static int create_container(void)
	69	{
	70	int status, ret;
	71	pid_t pid = fork();
	72
	73	if (pid < 0) {
	74	perror("fork");
	75	return -1;
	76	}
	77	if (pid == 0) {
	78	execlp("lxc-create", "lxc-create", "-t", "busybox", "-n", MYNAME, NULL);
	79	exit(EXIT_FAILURE);
	80	}
	81	again:
	82	ret = waitpid(pid, &status, 0);
	83	if (ret == -1) {
	84	if (errno == EINTR)
	85	goto again;
86	perror("waitpid");
87	return -1;
88	}
89	if (ret != pid)
90	goto again;
91	if (!WIFEXITED(status)) { // did not exit normally
92	fprintf(stderr, "%d: lxc-create exited abnormally\n", __LINE__);
93	return -1;
94	}
95	return WEXITSTATUS(status);
96	}
97
98	int main(int argc, char *argv[])
99	{
100	int i;
101	const char *s;
102	bool b;
103	struct lxc_container *c;
104	int ret = EXIT_FAILURE;
105
106	/* test a real container */
107	c = lxc_container_new(MYNAME, NULL);
108	if (!c) {
109	fprintf(stderr, "%d: error creating lxc_container %s\n", __LINE__, MYNAME);
110	goto out;
111	}
112
113	if (c->is_defined(c)) {
114	fprintf(stderr, "%d: %s thought it was defined\n", __LINE__, MYNAME);
115	goto out;
116	}
117
118	if (create_container() < 0) {
119	fprintf(stderr, "%d: failed to create a container\n", __LINE__);
120	goto out;
121	}
122
123	b = c->is_defined(c);
124	if (!b) {
125	fprintf(stderr, "%d: %s thought it was not defined\n", __LINE__, MYNAME);
126	goto out;
127	}
128
129	s = c->state(c);
130	if (!s \|\| strcmp(s, "STOPPED")) {
131	fprintf(stderr, "%d: %s is in state %s, not in STOPPED.\n", __LINE__, c->name, s ? s : "undefined");
132	goto out;
133	}
134
135	b = c->load_config(c, NULL);
136	if (!b) {
137	fprintf(stderr, "%d: %s failed to read its config\n", __LINE__, c->name);
138	goto out;
139	}
140
141	if (!c->set_config_item(c, "lxc.init.cmd", "echo hello")) {
142	fprintf(stderr, "%d: failed setting lxc.init.cmd\n", __LINE__);
143	goto out;
144	}
145
146	c->want_daemonize(c, true);
147
148	if (setenv("LXC_MEMFD_REXEC", "1", 1)) {
149	fprintf(stderr, "%d: failed to set LXC_MEMFD_REXEC evironment variable\n", __LINE__);
150	goto out;
151	}
152
153	/* Test whether we can start a really short-lived daemonized container. */
154	for (i = 0; i < 10; i++) {
155	if (!c->startl(c, 0, NULL)) {
156	fprintf(stderr, "%d: %s failed to start on %dth iteration\n", __LINE__, c->name, i);
157	goto out;
158	}
159
160	if (!c->wait(c, "STOPPED", 30)) {
161	fprintf(stderr, "%d: %s failed to wait on %dth iteration\n", __LINE__, c->name, i);
162	goto out;
163	}
164	}
165
166	/* Test whether we can start a really short-lived daemonized container with lxc-init. */
167	for (i = 0; i < 10; i++) {
168	if (!c->startl(c, 1, NULL)) {
169	fprintf(stderr, "%d: %s failed to start on %dth iteration\n", __LINE__, c->name, i);
170	goto out;
171	}
172
173	if (!c->wait(c, "STOPPED", 30)) {
174	fprintf(stderr, "%d: %s failed to wait on %dth iteration\n", __LINE__, c->name, i);
175	goto out;
176	}
177	}
178
179	c->stop(c);
180
181	fprintf(stderr, "all lxc_container tests passed for %s\n", c->name);
182	ret = EXIT_SUCCESS;
183
184	out:
185	if (c) {
186	c->stop(c);
187	destroy_container();
188	}
189	lxc_container_put(c);
190	exit(ret);
191	}