Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.0] libct/user: fix parsing long /etc/group lines #3079

Merged
merged 3 commits into from
Jul 9, 2021
Merged

[1.0] libct/user: fix parsing long /etc/group lines #3079

merged 3 commits into from
Jul 9, 2021

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Jul 8, 2021
edited
Loading

This is a backport of #3062 to 1.0 branch. Clean cherry-pick, no issues. Original description follows.

Lines in /etc/group longer than 64 characters breaks the current
implementation of group parser. This is caused by bufio.Scanner
buffer limit.

Fix by re-using the fix for a similar problem in golang os/user,
namely https://go-review.googlesource.com/c/go/+/283601
(fixing a similar bug in golang os/user, golang/go#43636).

Add some tests.

Fixes: #3036

Reported-by: @erict-square
Co-authored-by: @andreybokhanko
Signed-off-by: Kir Kolyshkin [email protected]

Proposed changelog entry

Bugfixes:
* Fixed "unable to find groups ... token too long" error with /etc/group containing lines longer than 64K characters (#3036)

kolyshkin and others added 3 commits July 8, 2021 13:18
@kolyshkin
libct/user: use []byte more, avoid allocations
0025bf6 
Every []byte to string conversion results in a new allocation.
Avoid some by using []byte more.

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit 120e3a7)
Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin
libct/user: ParseGroupFilter: use TrimSpace
5fd7b3b 
Same as in other places (other parsers here, as well as golang os/user
parser and glibc parser all tolerate extra space at BOL and EOL).

Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit 226dfab)
Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin @andreybokhanko
libct/user: fix parsing long /etc/group lines
0a5d8ba 
Lines in /etc/group longer than 64 characters breaks the current
implementation of group parser. This is caused by bufio.Scanner
buffer limit.

Fix by re-using the fix for a similar problem in golang os/user,
namely https://go-review.googlesource.com/c/go/+/283601.

Add some tests.

Co-authored-by: Andrey Bokhanko <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
(cherry picked from commit 24d5daf)
Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin kolyshkin added this to the 1.0.1 milestone Jul 8, 2021
@kolyshkin kolyshkin changed the base branch from master to release-1.0 July 8, 2021 20:21
@kolyshkin kolyshkin mentioned this pull request Jul 8, 2021
Closed
@mrunalp mrunalp merged commit 8e259d2 into opencontainers:release-1.0 Jul 9, 2021
@cyphar cyphar added the backport/1.0-pr A backport PR to release-1.0 label Jul 15, 2021
@rogerhu
Copy link

rogerhu commented Jul 16, 2021
edited
Loading

Thanks! Is there someone we can ask on the Docker side to get this backport fix incorporated?

@cyphar
Copy link
Member

cyphar commented Jul 17, 2021

The next runc bump in Docker should pull this in, since they update the binary and vendor dependencies at the same time. I'm surprised there isn't a test PR for 1.0.1 for Docker already, Akihiro usually sets those up when I make the release branch. If there isn't one on Monday, I'll cook it up.

@AkihiroSuda
Copy link
Member

Sorry for delay, opened moby/moby#42654

@AkihiroSuda AkihiroSuda mentioned this pull request Jul 19, 2021
Merged
breakings added a commit to breakings/packages that referenced this pull request Aug 8, 2021
@breakings
Update runc to 1.0.1
9338817 
This is the first stable release in the 1.0 branch, fixing a few medium
and high priority issues with runc 1.0.0, including a few that affect
Kubernetes' usage of libcontainer.

Bugfixes:

- Fixed occasional runc exec/run failure ("interrupted system call") on an
  Azure volume. ([#3074](opencontainers/runc#3074))
- Fixed "unable to find groups ... token too long" error with /etc/group
  containing lines longer than 64K characters. ([#3079](opencontainers/runc#3079))
- cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
  frozen. This is a regression in 1.0.0, not affecting runc itself but some
  of libcontainer users (e.g Kubernetes). ([#3085](opencontainers/runc#3085))
- cgroupv2: bpf: Ignore inaccessible existing programs in case of
  permission error when handling replacement of existing bpf cgroup
  programs. This fixes a regression in 1.0.0, where some SELinux
  policies would block runc from being able to run entirely. ([#3087](opencontainers/runc#3087))
- cgroup/systemd/v2: don't freeze cgroup on Set. ([#3092](opencontainers/runc#3092))
- cgroup/systemd/v1: avoid unnecessary freeze on Set. ([#3093](opencontainers/runc#3093))
This was referenced Nov 30, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@mrunalp mrunalp mrunalp approved these changes

Assignees
No one assigned
Labels
backport/1.0-pr A backport PR to release-1.0 impact/changelog
Projects
None yet
Milestone
1.0.1
Development

Successfully merging this pull request may close these issues.

starting container process caused: setup user: unable to find <user>: bufio.Scanner: token too long: unknown.
5 participants
@kolyshkin @rogerhu @cyphar @AkihiroSuda @mrunalp