YARN-7758. Add an additional check to the validity of container and application ids passed to container-executor. Contributed by Yufei Gu.

(cherry picked from commit 41049ba5d1)
This commit is contained in:
Miklos Szegedi 2018-01-16 15:40:43 -08:00
parent 2443692434
commit 7629353153
3 changed files with 9 additions and 2 deletions

View File

@ -1068,7 +1068,8 @@ int create_log_dirs(const char *app_id, char * const * log_dirs) {
for(log_root=log_dirs; *log_root != NULL; ++log_root) {
char *app_log_dir = get_app_log_directory(*log_root, app_id);
int result = check_nm_local_dir(nm_uid, *log_root);
if (result != 0) {
if (result != 0 && app_log_dir != NULL) {
free(app_log_dir);
app_log_dir = NULL;
}
if (app_log_dir == NULL) {

View File

@ -23,6 +23,7 @@
#include "get_executable.h"
#include "modules/gpu/gpu-module.h"
#include "modules/cgroups/cgroups-operations.h"
#include "utils/string-utils.h"
#include <errno.h>
#include <grp.h>
@ -362,6 +363,10 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
}
cmd_input.app_id = argv[optind++];
cmd_input.container_id = argv[optind++];
if (!validate_container_id(cmd_input.container_id)) {
fprintf(ERRORFILE, "Invalid container id %s\n", cmd_input.container_id);
return INVALID_CONTAINER_ID;
}
cmd_input.cred_file = argv[optind++];
cmd_input.local_dirs = argv[optind++];// good local dirs as a comma separated list
cmd_input.log_dirs = argv[optind++];// good log dirs as a comma separated list

View File

@ -67,7 +67,8 @@ enum errorcodes {
ERROR_SANITIZING_DOCKER_COMMAND = 39,
DOCKER_IMAGE_INVALID = 40,
// DOCKER_CONTAINER_NAME_INVALID = 41, (NOT USED)
ERROR_COMPILING_REGEX = 42
ERROR_COMPILING_REGEX = 42,
INVALID_CONTAINER_ID = 43
};
/* Macros for min/max. */