1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-11 05:17:44 +03:00

core: fix crash in parsing of SocketBind{Allow,Deny}=

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33876.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-05-05 15:38:33 +02:00
parent 73e799387f
commit cc87b3f68f
2 changed files with 28 additions and 17 deletions

View File

@ -5670,11 +5670,11 @@ int config_parse_cgroup_socket_bind(
void *data, void *data,
void *userdata) { void *userdata) {
_cleanup_free_ CGroupSocketBindItem *item = NULL; _cleanup_free_ CGroupSocketBindItem *item = NULL;
const char *address_family = NULL, *user_port; const char *user_port;
uint16_t nr_ports = 0, port_min = 0; uint16_t nr_ports = 0, port_min = 0;
CGroupSocketBindItem **head = data; CGroupSocketBindItem **head = data;
_cleanup_free_ char *word = NULL; _cleanup_free_ char *word = NULL;
int af = AF_UNSPEC, r; int af, r;
if (isempty(rvalue)) { if (isempty(rvalue)) {
cgroup_context_remove_socket_bind(head); cgroup_context_remove_socket_bind(head);
@ -5684,29 +5684,40 @@ int config_parse_cgroup_socket_bind(
r = extract_first_word(&rvalue, &word, ":", 0); r = extract_first_word(&rvalue, &word, ":", 0);
if (r == -ENOMEM) if (r == -ENOMEM)
return log_oom(); return log_oom();
if (r <= 0) {
if (rvalue) log_syntax(unit, LOG_WARNING, filename, line, r,
address_family = word; "Unable to parse %s= assignment, ignoring: %s", lvalue, rvalue);
return 0;
if (address_family) { }
if (streq(address_family, "IPv4"))
af = AF_INET; if (rvalue) {
else if (streq(address_family, "IPv6")) if (streq(word, "IPv4"))
af = AF_INET6; af = AF_INET;
else else if (streq(word, "IPv6"))
return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), af = AF_INET6;
"Only IPv4 or IPv6 protocols are supported, ignoring"); else {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Only IPv4 and IPv6 protocols are supported, ignoring.");
return 0;
}
user_port = rvalue;
} else {
af = AF_UNSPEC;
user_port = word;
} }
user_port = rvalue ?: word;
if (!streq(user_port, "any")) { if (!streq(user_port, "any")) {
uint16_t port_max; uint16_t port_max;
r = parse_ip_port_range(user_port, &port_min, &port_max); r = parse_ip_port_range(user_port, &port_min, &port_max);
if (r == -ENOMEM) if (r == -ENOMEM)
return log_oom(); return log_oom();
if (r < 0) if (r < 0) {
return log_warning_errno(r, "Invalid port or port range, ignoring: %m"); log_syntax(unit, LOG_WARNING, filename, line, r,
"Invalid port or port range, ignoring: %m");
return 0;
}
nr_ports = 1 + port_max - port_min; nr_ports = 1 + port_max - port_min;
} }

Binary file not shown.