confile: fix setting prlimits

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 31f072d393358a546fe3ced0a4a4e954fbbc8608..b93c65276b94b264087351820c1e89a2895d3b80 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -104,7 +104,7 @@ struct lxc_limit {
 static void free_lxc_limit(struct lxc_limit *ptr)
 {
        if (ptr) {
-               free(ptr->resource);
+               free_disarm(ptr->resource);
                free_disarm(ptr);
        }
 }

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index e6a1c017a587eebf77aee6052d76134cc3ba1275..73ffce7ebce50adbbc0b2af5785b30589177a1a3 100644 (file)
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1929,8 +1929,8 @@ static bool parse_limit_value(const char **value, rlim_t *res)
 static int set_config_prlimit(const char *key, const char *value,
                            struct lxc_conf *lxc_conf, void *data)
 {
-       __do_free struct lxc_list *limlist = NULL;
-       call_cleaner(free_lxc_limit) struct lxc_limit *limelem = NULL;
+       __do_free struct lxc_list *list = NULL;
+       call_cleaner(free_lxc_limit) struct lxc_limit *elem = NULL;
        struct lxc_list *iter;
        struct rlimit limit;
        rlim_t limit_value;
@@ -1981,29 +1981,31 @@ static int set_config_prlimit(const char *key, const char *value,
 
        /* find existing list element */
        lxc_list_for_each(iter, &lxc_conf->limits) {
-               limelem = iter->elem;
-               if (strequal(key, limelem->resource)) {
-                       limelem->limit = limit;
-                       return 0;
-               }
+               struct lxc_limit *cur = iter->elem;
+
+               if (!strequal(key, cur->resource))
+                       continue;
+
+               cur->limit = limit;
+               return 0;
        }
 
        /* allocate list element */
-       limlist = lxc_list_new();
-       if (!limlist)
+       list = lxc_list_new();
+       if (!list)
                return ret_errno(ENOMEM);
 
-       limelem = zalloc(sizeof(*limelem));
-       if (!limelem)
+       elem = zalloc(sizeof(*elem));
+       if (!elem)
                return ret_errno(ENOMEM);
 
-       limelem->resource = strdup(key);
-       if (!limelem->resource)
+       elem->resource = strdup(key);
+       if (!elem->resource)
                return ret_errno(ENOMEM);
 
-       limelem->limit = limit;
-       lxc_list_add_elem(limlist, move_ptr(limelem));;
-       lxc_list_add_tail(&lxc_conf->limits, move_ptr(limlist));
+       elem->limit = limit;
+       lxc_list_add_elem(list, move_ptr(elem));;
+       lxc_list_add_tail(&lxc_conf->limits, move_ptr(list));
 
        return 0;
 }