Projects
home:Eustace:branches:Eulaceura:Factory
k3s-containerd
_service:obs_scm:0002-Fix-CVE-2022-23471.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:0002-Fix-CVE-2022-23471.patch of Package k3s-containerd
From 0550bb17949c1793e0da20270d3793d0e7583b1e Mon Sep 17 00:00:00 2001 From: bwzhang <zhangbowei@kylinos.cn> Date: Fri, 15 Mar 2024 09:33:45 +0800 Subject: [PATCH] Fix CVE-2022-23471 --- pkg/cri/streaming/remotecommand/httpstream.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/pkg/cri/streaming/remotecommand/httpstream.go b/pkg/cri/streaming/remotecommand/httpstream.go index 0417a1a..9177fa7 100644 --- a/pkg/cri/streaming/remotecommand/httpstream.go +++ b/pkg/cri/streaming/remotecommand/httpstream.go @@ -33,6 +33,7 @@ limitations under the License. package remotecommand import ( + gocontext "context" "encoding/json" "errors" "fmt" @@ -132,7 +133,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp if ctx.resizeStream != nil { ctx.resizeChan = make(chan remotecommand.TerminalSize) - go handleResizeEvents(ctx.resizeStream, ctx.resizeChan) + go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan) } return ctx, true @@ -425,7 +426,7 @@ WaitForStreams: // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it. func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false } -func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) { +func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) { defer runtime.HandleCrash() defer close(channel) @@ -435,7 +436,15 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS if err := decoder.Decode(&size); err != nil { break } - channel <- size + + select { + case channel <- size: + case <-ctx.Done(): + // To avoid leaking this routine, exit if the http request finishes. This path + // would generally be hit if starting the process fails and nothing is started to + // ingest these resize events. + return + } } } -- 2.20.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2