[Touch-packages] [Bug 2081762] [NEW] lxc-excecute NULL pointer dereference causes segfault when sharing rootfs with host

Phil Kehoe Mon, 23 Sep 2024 11:05:29 -0700

Public bug reported:

lsb_release -rd:
Description:    Ubuntu 24.04.1 LTS
Release:        24.04


lxc-start --version: 5.0.3

Issue: lxc-execute segfaults when using a shared host rootfs due to a
NULL pointer deference.

In lxc/src/lxc/conf.c - lines 339 - 344

The call to lxc_storage_prepare detects no rootfs path and returns
without calling storage_init

In lxc/src/lxc/conf.c - lines 293 - 310

leaving rootfs->storage null.

Then dereferencing rootfs->storage->type causes a segfault.


Steps to reproduce:
1. use lxc.conf:
   lxc.uts.name=lxc-test-1
   lxc.net.0.type = empty
   lxc.console.path = none
   lxc.tty.max = 1
   lxc.pty.max = 128
   lxc.mount.auto = proc:rw sys cgroup
   lxc.autodev = 1

2. Run:
   $ sudo lxc-execute -n lxc-test-1 -f lxc.conf  -l TRACE -- ls /dev 
   Segmentation fault
   
I've attached a patch as a possible fix.  Running the same example above with 
the patch applied runs without crashing.

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

** Patch added: "Potential fix for the described issue."
   
https://bugs.launchpad.net/bugs/2081762/+attachment/5821233/+files/ubuntu-24.04-lxc-shared-rootfs-null-dereference.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2081762

Title:
  lxc-excecute NULL pointer dereference causes segfault when sharing
  rootfs with host

Status in lxc package in Ubuntu:
  New

Bug description:
  lsb_release -rd:
  Description:  Ubuntu 24.04.1 LTS
  Release:      24.04

  lxc-start --version: 5.0.3

  Issue: lxc-execute segfaults when using a shared host rootfs due to a
  NULL pointer deference.

  In lxc/src/lxc/conf.c - lines 339 - 344

  The call to lxc_storage_prepare detects no rootfs path and returns
  without calling storage_init

  In lxc/src/lxc/conf.c - lines 293 - 310

  leaving rootfs->storage null.

  Then dereferencing rootfs->storage->type causes a segfault.

  
  Steps to reproduce:
  1. use lxc.conf:
     lxc.uts.name=lxc-test-1
     lxc.net.0.type = empty
     lxc.console.path = none
     lxc.tty.max = 1
     lxc.pty.max = 128
     lxc.mount.auto = proc:rw sys cgroup
     lxc.autodev = 1

  2. Run:
     $ sudo lxc-execute -n lxc-test-1 -f lxc.conf  -l TRACE -- ls /dev 
     Segmentation fault
     
  I've attached a patch as a possible fix.  Running the same example above with 
the patch applied runs without crashing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2081762/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2081762] [NEW] lxc-excecute NULL pointer dereference causes segfault when sharing rootfs with host

Reply via email to