mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-11 05:17:44 +03:00
core: fix crash in parsing of SocketBind{Allow,Deny}=
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33876.
This commit is contained in:
parent
73e799387f
commit
cc87b3f68f
@ -5670,11 +5670,11 @@ int config_parse_cgroup_socket_bind(
|
|||||||
void *data,
|
void *data,
|
||||||
void *userdata) {
|
void *userdata) {
|
||||||
_cleanup_free_ CGroupSocketBindItem *item = NULL;
|
_cleanup_free_ CGroupSocketBindItem *item = NULL;
|
||||||
const char *address_family = NULL, *user_port;
|
const char *user_port;
|
||||||
uint16_t nr_ports = 0, port_min = 0;
|
uint16_t nr_ports = 0, port_min = 0;
|
||||||
CGroupSocketBindItem **head = data;
|
CGroupSocketBindItem **head = data;
|
||||||
_cleanup_free_ char *word = NULL;
|
_cleanup_free_ char *word = NULL;
|
||||||
int af = AF_UNSPEC, r;
|
int af, r;
|
||||||
|
|
||||||
if (isempty(rvalue)) {
|
if (isempty(rvalue)) {
|
||||||
cgroup_context_remove_socket_bind(head);
|
cgroup_context_remove_socket_bind(head);
|
||||||
@ -5684,29 +5684,40 @@ int config_parse_cgroup_socket_bind(
|
|||||||
r = extract_first_word(&rvalue, &word, ":", 0);
|
r = extract_first_word(&rvalue, &word, ":", 0);
|
||||||
if (r == -ENOMEM)
|
if (r == -ENOMEM)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
if (r <= 0) {
|
||||||
if (rvalue)
|
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||||
address_family = word;
|
"Unable to parse %s= assignment, ignoring: %s", lvalue, rvalue);
|
||||||
|
return 0;
|
||||||
if (address_family) {
|
}
|
||||||
if (streq(address_family, "IPv4"))
|
|
||||||
af = AF_INET;
|
if (rvalue) {
|
||||||
else if (streq(address_family, "IPv6"))
|
if (streq(word, "IPv4"))
|
||||||
af = AF_INET6;
|
af = AF_INET;
|
||||||
else
|
else if (streq(word, "IPv6"))
|
||||||
return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
|
af = AF_INET6;
|
||||||
"Only IPv4 or IPv6 protocols are supported, ignoring");
|
else {
|
||||||
|
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||||
|
"Only IPv4 and IPv6 protocols are supported, ignoring.");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
user_port = rvalue;
|
||||||
|
} else {
|
||||||
|
af = AF_UNSPEC;
|
||||||
|
user_port = word;
|
||||||
}
|
}
|
||||||
|
|
||||||
user_port = rvalue ?: word;
|
|
||||||
if (!streq(user_port, "any")) {
|
if (!streq(user_port, "any")) {
|
||||||
uint16_t port_max;
|
uint16_t port_max;
|
||||||
|
|
||||||
r = parse_ip_port_range(user_port, &port_min, &port_max);
|
r = parse_ip_port_range(user_port, &port_min, &port_max);
|
||||||
if (r == -ENOMEM)
|
if (r == -ENOMEM)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
if (r < 0)
|
if (r < 0) {
|
||||||
return log_warning_errno(r, "Invalid port or port range, ignoring: %m");
|
log_syntax(unit, LOG_WARNING, filename, line, r,
|
||||||
|
"Invalid port or port range, ignoring: %m");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
nr_ports = 1 + port_max - port_min;
|
nr_ports = 1 + port_max - port_min;
|
||||||
}
|
}
|
||||||
|
BIN
test/fuzz/fuzz-unit-file/oss-fuzz-33876
Normal file
BIN
test/fuzz/fuzz-unit-file/oss-fuzz-33876
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user