1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00
Commit Graph

57990 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
cd0cade1ad
Merge pull request #23289 from yuwata/resolve-answer-add-rrsig
resolve: place RRSIG after the corresponding entries
2022-05-12 16:15:12 +02:00
Zbigniew Jędrzejewski-Szmek
c4f883b78e fuzzers: ignore size limits when compiled standalone
This way we can still call fuzzers on old samples, but oss-fuzz will not waste
its and our time finding overly large inputs.
2022-05-12 14:57:07 +02:00
Stefan Seering
026d48ba93 fix typo 2022-05-12 21:13:03 +09:00
Yu Watanabe
7593691aad fuzzers: add input size limits, always configure limits in two ways
Without the size limits, oss-fuzz creates huge samples that time out. Usually
this is because some of our code has bad algorithmic complexity. For data like
configuration samples we don't need to care about this: non-rogue configs are
rarely more than a few items, and a bit of a slowdown with a few hundred items
is acceptable. This wouldn't be OK for processing of untrusted data though.

We need to set the limit in two ways: through .options and in the code. The
first because it nicely allows libFuzzer to avoid wasting time, and the second
because fuzzers like hongfuzz and afl don't support .options.

While at it, let's fix an off-by-one (65535 is the largest offset for a
power-of-two size, but we're checking the size here).

Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
2022-05-12 13:31:11 +02:00
Zbigniew Jędrzejewski-Szmek
96974ea4a8 fuzz-dhcp-server: remove limit on input size
It was added originally back in 2bd37c5be2,
but there doesn't seem to by any particular reason for it.
2022-05-12 13:30:44 +02:00
Yu Watanabe
b692ad36b9 sd-device-enumerator: fix inverted return value of match_initialized()
Fixes a bug introduced by d8b50e5df7.

Fixes https://github.com/systemd/systemd/pull/22662#issuecomment-1124163773.
Fixes RHBZ#2083374 (https://bugzilla.redhat.com/show_bug.cgi?id=2083374).
2022-05-12 09:31:23 +02:00
Evgeny Vereshchagin
d0880faa5d tests: ignore dbus-broker-launcher
There are memory leaks there https://github.com/bus1/dbus-broker/issues/289
and it crashes from time to time
https://github.com/matusmarhefka/dfuzzer/issues/20#issuecomment-1114097840
so let's just skip it by analogy with dbus-daemon to avoid
reports that have nothing to do with systemd itself.

It's kind of a part of https://github.com/systemd/systemd/pull/22547
2022-05-12 14:44:01 +09:00
Yu Watanabe
34f6ae24c5
Merge pull request #23351 from keszybz/logind-message
logind: fix crash in logind on bad message string
2022-05-12 05:25:21 +09:00
Luca Boccassi
0cfb00d9da man: improve VtableExample
The methods published by the example have a reply in the signature, but
the code was not sending any, so the client gets stuck waiting for a
response that doesn't arrive. Echo back the input string.

Update the object path to follow what would be the canonical format.

Request a service name on the bus, so that the code can be dropped in a
service and it can be dbus-activatable. It also makes it easier to see
on busctl list.
2022-05-11 19:12:24 +01:00
Zbigniew Jędrzejewski-Szmek
011a03a3fa meson: turn on log-message-verification by default in developer builds
I'm not _quite_ convinced that this a good idea… I'm at least keeping
it separate to make it easy to revert ;)
2022-05-11 18:18:59 +02:00
Luca Boccassi
646cba5c42 test: ignore LXC filesystem when checking for writable locations
test-execute checks that only /var/lib/private/waldo is writable, but there are
some filesystems that are always writable and excluded. Add /sys/devices/system/cpu
which is created by lxcfs.

Fixes https://github.com/systemd/systemd/issues/23263
2022-05-11 17:11:41 +02:00
Luca Boccassi
67b1e9d03d
Merge pull request #23349 from eliasp/doc-typo
Fix typo in docs/BUILDING_IMAGES.md, format `PID 1` consistently in docs/
2022-05-11 15:59:40 +01:00
Zbigniew Jędrzejewski-Szmek
1ec7c15613 Do LOG_MESSAGE_VERIFICATION in coverity runs
This should be enough to get reports if we screw up anywhere, coverity does
analysis of printf format strings.
2022-05-11 16:47:40 +02:00
Zbigniew Jędrzejewski-Szmek
b9ce5cf9ca Optionally call printf on LOG_MESSAGE() arguments
With an intentional mistake:

../src/login/logind-dbus.c: In function ‘bus_manager_log_shutdown’:
../src/login/logind-dbus.c:1542:39: error: format ‘%s’ expects a matching ‘char *’ argument [-Werror=format=]
 1542 |                           LOG_MESSAGE("%s %s", message),
      |                                       ^~~~~~~
2022-05-11 16:47:40 +02:00
Zbigniew Jędrzejewski-Szmek
f66020ab7f core: use LOG_UNIT_MESSAGE() where appropriate 2022-05-11 16:47:40 +02:00
Zbigniew Jędrzejewski-Szmek
92663a5e5b tree-wide: use LOG_MESSAGE() where possible
Also break some long lines for more uniform formatting. No functional change.

I went over all log_struct, log_struct_errno, log_unit_struct,
log_unit_struct_errno calls, and they seem fine.
2022-05-11 16:47:40 +02:00
Zbigniew Jędrzejewski-Szmek
153d1579ef logind: rename "log_message" to "log_verb"
This field is used to log SHUTDOWN=. Calling it "something-message" is
confusing.
2022-05-11 16:47:40 +02:00
Zbigniew Jędrzejewski-Szmek
0cb09bcb82 logind: fix crash in logind on user-specified message string
This is trivially exploitable (in the sense of causing a crash from SEGV) e.g.
by 'shutdown now "Message %s %s %n"'. The message is settable through polkit,
but is limited to auth_admin:

<action id="org.freedesktop.login1.set-wall-message">
         <description gettext-domain="systemd">Set a wall message</description>
         <message gettext-domain="systemd">Authentication is required to set a wall message</message>
         <defaults>
                <allow_any>auth_admin_keep</allow_any>
                <allow_inactive>auth_admin_keep</allow_inactive>
                <allow_active>auth_admin_keep</allow_active>
        </defaults>
</action>

Bug introduced in 9ef15026c0
('logind/systemctl: introduce SetWallMessage and --message', 2015-09-15).
2022-05-11 16:43:31 +02:00
Luca Boccassi
1f066ce255 Update TODO 2022-05-11 14:51:37 +01:00
Elias Probst
8f1a581e0d
Use consistent formatting for PID 1 across docs/ 2022-05-11 15:31:07 +02:00
Elias Probst
6f3961381a
Typo (swich-rootswitch-root) 2022-05-11 15:30:21 +02:00
Lennart Poettering
32f3e21853 update TODO 2022-05-11 11:05:46 +02:00
Lennart Poettering
f183c4f75a efi: include UEFI monotonic boot counter in random seed
UEFI provides a "monotonic boot counter" which is supposed to increase on
each reboot. We can include this in our random seed hash logic, which
makes things more robust in case our changes to the ESP end up not
actually being as persistent as we assume. As long as the monotonic boot
counter increases we should be good, as each boot we'll anyway end up
with a new seed that way.

This in fact should also pave the way that we can eventually enable the
random seed logic even on SecureBoot enabled systems. Why that? With
this change the input for the random seed hash is now:

1. the old seed file contents
2. (optionally) some bits from the UEFI RNG
3. (optionally) a per system random "token" stored in an UEFI variable,
   initialized at OS install
4. the UEFI monotonic counter
5. a counter integer used by the random seed logic.

We can ignore #5 entirely for security considerations, it's always going
to be a constant series of values determined by the random seed logic.

The #1 file is under control of the attacker. (Since it resides in the
unprotected ESP)

The #2 data is possibly low quality. (it's hard enough to trust the
quality of the Linux RNG, let's not go as far as trusting the UEFI one)

The #3 data should not be under control of the attacker, and should only
exist if explicitly set. Unless you have privileged access to the system
you should not be able to read or set it. (well, within limits of flash
chip security and its connectivity to the firmware)

The #4 data is provided by the firmware, and should not be under control
of the attacker. If it works correctly then it might still be guessable
(i.e. a new system might have the counter close to zero).

Thus: 1+2+5 are guessable/under control of attacker, but 3+4 should not
be. Thus, if 3 is not known to attacker and not guessable, and 4
strictly monotonically increasing then it should be enough to guarantee
that every boot will get a different seed passed in, that should not be
known or guessable by the attacker.

That all said, this patch does not enable the random seed logic on
SecureBoot. That is left for a later patch.
2022-05-11 11:03:10 +02:00
Zbigniew Jędrzejewski-Szmek
71e2fa54fd
Merge pull request #23331 from kmoriwak/tmpfiles-quickref
man: add missing cleanup-age to tmpfiles.d quickref
2022-05-11 09:08:39 +02:00
Kazuo Moriwaka
4da5e566e7
man: mention to Age parameter in C Type 2022-05-11 15:08:34 +09:00
Yu Watanabe
6bb8928205 meson: sort files 2022-05-11 02:13:15 +09:00
Yu Watanabe
97cda6e10f
Merge pull request #23335 from keszybz/fuzz-json-more-coverage
More coverage in fuzz-json
2022-05-11 02:12:57 +09:00
Zbigniew Jędrzejewski-Szmek
82544241ba fuzz-bootspec: limit input size
https://oss-fuzz.com/testcase-detail/5680508182331392 has the
first timeout with 811kb of input. As in the other cases, the code
is known to be slow with lots of repeated entries and we're fine with
that.
2022-05-11 02:12:35 +09:00
Yu Watanabe
01c99b29e9
Merge pull request #23336 from keszybz/fuzz-calendarspec-more-coverage
More coverage in fuzz-calendarspec
2022-05-11 02:12:11 +09:00
Zbigniew Jędrzejewski-Szmek
99b1145aae shared/json: fix memleak in sort 2022-05-10 17:08:37 +02:00
Zbigniew Jędrzejewski-Szmek
3b6ce05537 shared/json: fix another memleak in normalization 2022-05-10 17:08:37 +02:00
Zbigniew Jędrzejewski-Szmek
dbd27c6d28 fuzz-json: also try self-merge operations
This might even work ;)
2022-05-10 17:08:37 +02:00
Zbigniew Jędrzejewski-Szmek
96d651a22b basic/alloc-util: remove unnecessary parens
Those symbols are not macros anymore, so we can drop parens.
2022-05-10 17:08:37 +02:00
Zbigniew Jędrzejewski-Szmek
ce913e0ec4 shared/json: add helper to ref first, unref second
This normally wouldn't happen, but if some of those places were called
with lhs and rhs being the same object, we could unref the last ref first,
and then try to take the ref again. It's easier to be safe, and with the
helper we save some lines too.
2022-05-10 17:08:34 +02:00
Zbigniew Jędrzejewski-Szmek
8e1e59b9ad shared/calendarspec: fix formatting of entries which collapse to a star
We canonicalize repeats that cover the whole range: "0:0:0/1" → "0:0:*".  But
we'd also do "0:0:0/1,0" → "0:0:*,0", which we then refuse to parse.  Thus,
first go throug the whole chain, and print a '*' and nothing else if any of the
components covers the whole range.
2022-05-10 14:35:57 +02:00
Zbigniew Jędrzejewski-Szmek
07b420a3b9
Merge pull request #23329 from superm1/mlimonci/lg850-gl
Set auto-suspend delay on LG850-GL
2022-05-10 13:52:36 +02:00
Yu Watanabe
756491af39 core/timer: fix potential use-after-free 2022-05-10 13:50:50 +02:00
Yu Watanabe
d3ab7b8078 core/timer: fix memleak
Fixes #23326.
2022-05-10 13:50:50 +02:00
Zbigniew Jędrzejewski-Szmek
3aff2ae9d5 shared/calendarspec: fix printing of second ranges which start with 0
0..3 is not the same as 0..infinity, we need to check both ends of the range.
This logic was added in 3215e35c40, and back then
the field was called .value. .stop was added later and apparently wasn't taken
into account here.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
4f23345592 test-calendarspec: tighten tests and add more logging 2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
8b105ec831 shared/calendarspec: wrap long comments and reduce scope of one var 2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
8e6e3ac7d1 fuzz-calendarspec: increase coverage by calculating occurences
Coverage data shows that we didn't test calendar_spec_next_usec() and
associated functions at all.

The input samples so far were only used until the first NUL. We take advantage
of that by using the part until the second NUL as the starting timestamp,
retaining backwards compatibility for how the first part is used.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
262037f0b1 fuzz-calendarspec: add input sample with a list of weekdays and all syntax characters
This should make the fuzzer searches start off a bit better.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
b456b09b25 shared/calendarspec: make function static void
calendar_spec_from_string() already calls calendar_spec_normalize(), so
there is no point in calling it from the fuzzer. Once that's removed, there's
just one internal caller and it can be made static.
2022-05-10 13:06:32 +02:00
Zbigniew Jędrzejewski-Szmek
7e4be6a584 shared/json: fix memory leak on failed normalization
We need to increase the counter immediately after taking the ref,
otherwise we may not unref it properly if we fail before incrementing.
2022-05-10 12:58:49 +02:00
Zbigniew Jędrzejewski-Szmek
bac06497fe shared/json: wrap long comments 2022-05-10 12:58:48 +02:00
Zbigniew Jędrzejewski-Szmek
a2c5735dd8 fuzz-json: also do sorting and normalizing and other easy calls 2022-05-10 12:58:48 +02:00
Zbigniew Jędrzejewski-Szmek
a4669764f7 shared/json: reduce scope of variables 2022-05-10 12:58:48 +02:00
Zbigniew Jędrzejewski-Szmek
9ad955ce40 fuzz-json: optionally allow logging and output
Similarly to other fuzzers… this makes development easier.
2022-05-10 12:58:48 +02:00
Zbigniew Jędrzejewski-Szmek
9674b089cf json: align table 2022-05-10 12:58:48 +02:00