seccomp: refactor line handling of parse_config

Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba41c ("seccomp: parse_config_v2()")

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index dcf37447f4f565a18852d086599cc4b32e84d88e..44862983c17520852f20d2f1145e0bd8366dcd2a 100644 (file)
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -44,13 +44,11 @@
 
 lxc_log_define(lxc_seccomp, lxc);
 
-static int parse_config_v1(FILE *f, struct lxc_conf *conf)
+static int parse_config_v1(FILE *f, char *line, size_t *line_bufsz, struct lxc_conf *conf)
 {
        int ret = 0;
-       size_t line_bufsz = 0;
-       char *line = NULL;
 
-       while (getline(&line, &line_bufsz, f) != -1) {
+       while (getline(&line, line_bufsz, f) != -1) {
                int nr;
 
                ret = sscanf(line, "%d", &nr);
@@ -554,14 +552,12 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx,
  * write
  * close
  */
-static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
+static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_conf *conf)
 {
        int ret;
        char *p;
        enum lxc_hostarch_t cur_rule_arch, native_arch;
-       size_t line_bufsz = 0;
        bool blacklist = false;
-       char *rule_line = NULL;
        uint32_t default_policy_action = -1, default_rule_action = -1;
        struct seccomp_v2_rule rule;
        struct scmp_ctx_info {
@@ -736,7 +732,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
 #endif
        }
 
-       while (getline(&rule_line, &line_bufsz, f) != -1) {
+       while (getline(&line, line_bufsz, f) != -1) {
                if (line[0] == '#')
                        continue;
 
@@ -1004,7 +1000,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
                }
        }
 
-       free(rule_line);
+       free(line);
        return 0;
 
 bad_arch:
@@ -1021,7 +1017,7 @@ bad:
        if (ctx.contexts[2])
                seccomp_release(ctx.contexts[2]);
 
-       free(rule_line);
+       free(line);
 
        return -1;
 }
@@ -1042,7 +1038,8 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf)
  */
 static int parse_config(FILE *f, struct lxc_conf *conf)
 {
-       char line[MAXPATHLEN];
+       char *line = NULL;
+       size_t line_bufsz = 0;
        int ret, version;
 
        ret = fscanf(f, "%d\n", &version);
@@ -1051,25 +1048,29 @@ static int parse_config(FILE *f, struct lxc_conf *conf)
                return -1;
        }
 
-       if (!fgets(line, MAXPATHLEN, f)) {
+       if (getline(&line, &line_bufsz, f) == -1) {
                ERROR("Invalid config file");
-               return -1;
+               goto bad_line;
        }
 
        if (version == 1 && !strstr(line, "whitelist")) {
                ERROR("Only whitelist policy is supported");
-               return -1;
+               goto bad_line;
        }
 
        if (strstr(line, "debug")) {
                ERROR("Debug not yet implemented");
-               return -1;
+               goto bad_line;
        }
 
        if (version == 1)
-               return parse_config_v1(f, conf);
+               return parse_config_v1(f, line, &line_bufsz, conf);
 
-       return parse_config_v2(f, line, conf);
+       return parse_config_v2(f, line, &line_bufsz, conf);
+
+bad_line:
+       free(line);
+       return -1;
 }
 
 /*