packages/k3s-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-23471

Browse Source
This commit is contained in:
bwzhang 2024-03-15 09:48:52 +08:00
parent 8fabe95385
commit a4d0878c5e
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
0002-Fix-CVE-2022-23471.patch Normal file
View File

@ -0,0 +1,59 @@
From 0550bb17949c1793e0da20270d3793d0e7583b1e Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Fri, 15 Mar 2024 09:33:45 +0800
Subject: [PATCH] Fix CVE-2022-23471
---
pkg/cri/streaming/remotecommand/httpstream.go | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/pkg/cri/streaming/remotecommand/httpstream.go b/pkg/cri/streaming/remotecommand/httpstream.go
index 0417a1a..9177fa7 100644
--- a/pkg/cri/streaming/remotecommand/httpstream.go
+++ b/pkg/cri/streaming/remotecommand/httpstream.go
@@ -33,6 +33,7 @@ limitations under the License.
package remotecommand
import (
+ gocontext "context"
"encoding/json"
"errors"
"fmt"
@@ -132,7 +133,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp
if ctx.resizeStream != nil {
ctx.resizeChan = make(chan remotecommand.TerminalSize)
- go handleResizeEvents(ctx.resizeStream, ctx.resizeChan)
+ go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan)
}
return ctx, true
@@ -425,7 +426,7 @@ WaitForStreams:
// supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it.
func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false }
-func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) {
+func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) {
defer runtime.HandleCrash()
defer close(channel)
@@ -435,7 +436,15 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS
if err := decoder.Decode(&size); err != nil {
break
}
- channel <- size
+
+ select {
+ case channel <- size:
+ case <-ctx.Done():
+ // To avoid leaking this routine, exit if the http request finishes. This path
+ // would generally be hit if starting the process fails and nothing is started to
+ // ingest these resize events.
+ return
+ }
}
}
--
2.20.1

9
k3s-containerd.spec
View File

@ -3,13 +3,14 @@
%global version_suffix k3s1 %global version_suffix k3s1
Version: 1.6.6 Version: 1.6.6
Name: k3s-containerd Name: k3s-containerd
Release: 5 Release: 6
Summary: An industry-standard container runtime Summary: An industry-standard container runtime
License: Apache-2.0 License: Apache-2.0
URL: https://github.com/k3s-io/containerd URL: https://github.com/k3s-io/containerd
Source0: https://github.com/k3s-io/containerd/archive/refs/tags/v%{version}-%{version_suffix}.tar.gz Source0: https://github.com/k3s-io/containerd/archive/refs/tags/v%{version}-%{version_suffix}.tar.gz
Patch0001: 0001-Fix-CVE-2023-25153.patch Patch0001: 0001-Fix-CVE-2023-25153.patch
Patch0002: 0002-Fix-CVE-2022-23471.patch
BuildRequires: golang glibc-static make btrfs-progs-devel BuildRequires: golang glibc-static make btrfs-progs-devel
@ -70,6 +71,12 @@ cp -rf %{_builddir}/containerd-%{version}-%{version_suffix}/. %{buildroot}%{_lib
%changelog %changelog
* Fri Mar 15 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-6
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: fix CVE-2022-23471
* Wed Mar 13 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-5 * Wed Mar 13 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.6.6-k3s1-5
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA