diff --git a/CI/test_cases/basic_cases/registry.bash b/CI/test_cases/basic_cases/registry.bash index c48555f64407dd21a9a426b997b1cb9d005252a0..554c00397921a420a0f2d88fb43cfbf2d480b6e3 100755 --- a/CI/test_cases/basic_cases/registry.bash +++ b/CI/test_cases/basic_cases/registry.bash @@ -32,9 +32,35 @@ function isula_pull() fn_check_eq "$?" "0" "isula inspect busybox" } +function isula_login() +{ + isula login -u test -p test hub-mirror.c.163.com + fn_check_eq "$?" "0" "isula login -u test -p test hub-mirror.c.163.com" + + # double login for memory leak check + isula login -u test -p test hub-mirror.c.163.com + fn_check_eq "$?" "0" "isula login -u test -p test hub-mirror.c.163.com" + + # use username/password to pull busybox for memmory leak check + isula pull busybox + fn_check_eq "$?" "0" "isula pull busybox" +} + +function isula_logout() +{ + isula logout hub-mirror.c.163.com + fn_check_eq "$?" "0" "isula logout hub-mirror.c.163.com" + + # double logout for memory leak check + isula logout hub-mirror.c.163.com + fn_check_eq "$?" "0" "isula logout hub-mirror.c.163.com" +} + function do_test_t() { isula_pull + isula_login + isula_logout return $TC_RET_T } @@ -47,4 +73,4 @@ if [ $? -ne 0 ];then let "ret=$ret + 1" fi -show_result $ret "basic pull" +show_result $ret "basic registry" diff --git a/src/http/parser.c b/src/http/parser.c index 775d2b3d647cc1e5758eb9cd2bcf41fd0fc2a500..e0b5dc01b9c4cd80d86828527a2f695f5e6062e6 100644 --- a/src/http/parser.c +++ b/src/http/parser.c @@ -79,6 +79,10 @@ static int parser_cb_header_field(http_parser *parser, const char *buf, struct parsed_http_message *m = parser->data; if (m->last_header_element != FIELD) { + if (m->num_headers + 1 >= MAX_HEADERS) { + ERROR("too many headers exceeded maxium number %d", MAX_HEADERS); + return -1; + } m->num_headers++; } diff --git a/src/http/parser.h b/src/http/parser.h index decc13d0f77af9169bd9fa56d829fbd43dd2b70d..bc25eb9f746aeaae0baff4a93f19891a9772df78 100644 --- a/src/http/parser.h +++ b/src/http/parser.h @@ -47,7 +47,7 @@ #undef FALSE #define FALSE 0 -#define MAX_HEADERS 13 +#define MAX_HEADERS 30 #define MAX_ELEMENT_SIZE 2048 #define MAX_CHUNKS 16 diff --git a/src/image/oci/registry/auths.c b/src/image/oci/registry/auths.c index f7edde16d6f9148649eb89af717bb7bcd64e31d9..18f7b88d56b3e749a298ad805b17a177161e013f 100644 --- a/src/image/oci/registry/auths.c +++ b/src/image/oci/registry/auths.c @@ -100,6 +100,8 @@ static int decode_auth(char *encoded, char **username, char **password) (void)memset(auth_parts[1], 0, strlen(auth_parts[1])); out: + free_sensitive_string((char *)auth); + auth = NULL; free_sensitive_string((char *)decoded); decoded = NULL; util_free_array(auth_parts); @@ -345,6 +347,8 @@ static int write_auth_file(char *content) } out: + free(auths_dir); + auths_dir = NULL; return ret; } @@ -411,6 +415,8 @@ int auths_save(char *host, char *username, char *password) } out: + free(json); + json = NULL; free_registry_auths(auths); auths = NULL; free_defs_map_string_object_auths(element); @@ -502,6 +508,8 @@ int auths_delete(char *host) } out: + free(json); + json = NULL; free_registry_auths(auths); auths = NULL; free(err); diff --git a/src/image/oci/registry/registry.c b/src/image/oci/registry/registry.c index 73916c9c6bb63018182a55b8f624af732e74f82d..10dfc48bbc2e93380d980edf6db17b251235f77f 100644 --- a/src/image/oci/registry/registry.c +++ b/src/image/oci/registry/registry.c @@ -132,6 +132,8 @@ static int parse_manifest_schema1(pull_descriptor *desc) desc->layers_len = manifest->fs_layers_len; out: + free_image_manifest_v1_compatibility(v1config); + v1config = NULL; free_registry_manifest_schema1(manifest); manifest = NULL; free(err); @@ -185,10 +187,8 @@ static int parse_manifest_schema2(pull_descriptor *desc) desc->layers_len = manifest->layers_len; out: - if (manifest != NULL) { - free_registry_manifest_schema2(manifest); - manifest = NULL; - } + free_registry_manifest_schema2(manifest); + manifest = NULL; free(err); err = NULL; @@ -239,10 +239,8 @@ static int parse_manifest_ociv1(pull_descriptor *desc) desc->layers_len = manifest->layers_len; out: - if (manifest != NULL) { - free_oci_image_manifest(manifest); - manifest = NULL; - } + free_oci_image_manifest(manifest); + manifest = NULL; free(err); err = NULL; @@ -941,10 +939,8 @@ static int parse_docker_config(pull_descriptor *desc) out: - if (config != NULL) { - free_docker_image_config_v2(config); - config = NULL; - } + free_docker_image_config_v2(config); + config = NULL; free(err); err = NULL; @@ -993,10 +989,8 @@ static int parse_oci_config(pull_descriptor *desc) desc->config.create_time = created_to_timestamp(config->created); out: - if (config != NULL) { - free_oci_image_spec(config); - config = NULL; - } + free_oci_image_spec(config); + config = NULL; free(err); err = NULL; @@ -1452,6 +1446,9 @@ static int add_rootfs_and_history(pull_descriptor *desc, docker_image_config_v2 config->history[i] = history; config->history_len++; + free_docker_image_history(history); + history = NULL; + free_image_manifest_v1_compatibility(v1config); v1config = NULL; history_index--; @@ -1471,6 +1468,8 @@ static int add_rootfs_and_history(pull_descriptor *desc, docker_image_config_v2 out: free(err); err = NULL; + free_docker_image_history(history); + history = NULL; free_image_manifest_v1_compatibility(v1config); v1config = NULL; @@ -1624,6 +1623,23 @@ out: return ret; } +static void update_host(pull_descriptor *desc) +{ + if (desc == NULL) { + ERROR("Invalid NULL param"); + return; + } + + // registry-1.docker.io is the real docker.io's registry. index.docker.io is V1 registry, we do not support + // V1 registry, try use registry-1.docker.io. + if (!strcmp(desc->host, DOCKER_HOSTNAME) || !strcmp(desc->host, DOCKER_V1HOSTNAME)) { + free(desc->host); + desc->host = util_strdup_s(DOCKER_REGISTRY); + } + + return; +} + static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *options) { int ret = 0; @@ -1660,12 +1676,7 @@ static int prepare_pull_desc(pull_descriptor *desc, registry_pull_options *optio goto out; } - // registry-1.docker.io is the real docker.io's registry. index.docker.io is V1 registry, we do not support - // V1 registry, try use registry-1.docker.io. - if (!strcmp(desc->host, DOCKER_HOSTNAME) || !strcmp(desc->host, DOCKER_V1HOSTNAME)) { - free(desc->host); - desc->host = util_strdup_s(DOCKER_REGISTRY); - } + update_host(desc); if (mkdtemp(blobpath) == NULL) { ERROR("make temporary direcory failed: %s", strerror(errno)); @@ -1850,6 +1861,7 @@ int registry_login(registry_login_options *options) } desc->host = util_strdup_s(options->host); + update_host(desc); desc->use_decrypted_key = conf_get_use_decrypted_key_flag(); desc->skip_tls_verify = options->skip_tls_verify; desc->username = util_strdup_s(options->auth.username); diff --git a/src/image/oci/registry/registry_apiv2.c b/src/image/oci/registry/registry_apiv2.c index 0fc1db08ab191a411e86dc4466106c560943d9ac..e37b10251f29a362614ad0632748b75fb8fa5b76 100644 --- a/src/image/oci/registry/registry_apiv2.c +++ b/src/image/oci/registry/registry_apiv2.c @@ -255,7 +255,7 @@ static int parse_ping_header(pull_descriptor *desc, char *http_head) // {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]} message = get_parsed_message(http_head); if (message == NULL) { - ERROR("out of memory"); + ERROR("Get parsed message failed. http response size %zu, response:%s", strlen(http_head), http_head); ret = -1; goto out; } @@ -765,6 +765,8 @@ static int normalized_host_os_arch(char **host_os, char **host_arch, char **host *host_variant = util_strdup_s("v7"); } else if (!strcmp(tmp_variant, "8")) { *host_variant = util_strdup_s("v8"); + } else { + *host_variant = util_strdup_s(tmp_variant); } free(tmp_variant); tmp_variant = NULL;