From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Mon, 14 Jul 2014 18:51:41 +0000 (+0000)
Subject: confile: sanity-check netdev->type before setting netdev->priv elements
X-Git-Tag: lxc-1.1.0.alpha2~135
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5316d603069e161a874eda003e5e912fc3747f7;p=thirdparty%2Flxc.git

confile: sanity-check netdev->type before setting netdev->priv elements

The netdev->priv is shared for the netdev types.  A bad config file
could mix configuration for different types, resulting in a bad
netdev->priv when starting or even destroying a container.  So sanity
check the netdev->type before setting a netdev->priv element.

This should fix https://github.com/lxc/lxc/issues/254

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 69d1bb667..42b29d151 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -595,6 +595,10 @@ static int config_network_veth_pair(const char *key, const char *value,
 	if (!netdev)
 		return -1;
 
+	if (netdev->type != LXC_NET_VETH) {
+		ERROR("Invalid veth pair for a non-veth netdev")
+		return -1;
+	}
 	return network_ifname(&netdev->priv.veth_attr.pair, value);
 }
 
@@ -607,6 +611,10 @@ static int config_network_macvlan_mode(const char *key, const char *value,
 	if (!netdev)
 		return -1;
 
+	if (netdev->type != LXC_NET_MACVLAN) {
+		ERROR("Invalid macvlan.mode for a non-macvlan netdev")
+		return -1;
+	}
 	return macvlan_mode(&netdev->priv.macvlan_attr.mode, value);
 }
 
@@ -647,6 +655,10 @@ static int config_network_vlan_id(const char *key, const char *value,
 	if (!netdev)
 		return -1;
 
+	if (netdev->type != LXC_NET_VLAN) {
+		ERROR("Invalid vlan.id for a non-macvlan netdev")
+		return -1;
+	}
 	if (get_u16(&netdev->priv.vlan_attr.vid, value, 0))
 		return -1;