1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

48789 Commits

Author SHA1 Message Date
Yu Watanabe
b9b442a0cc analyze: resolve executable path if it is relative
Fixes #18252.
2021-01-19 06:39:25 +09:00
Yu Watanabe
ece852c845 path-util: also check absolute path is a directory or not in find_executable() 2021-01-19 06:39:07 +09:00
Zbigniew Jędrzejewski-Szmek
4ea8b443de resolved: fix use-after-free with queries hitting the cache
When dns_transaction_complete() manages to resolve a query, it invalidates the
query candidate object. It shall not be accessed afterwards.

We have the following chain of calls:
dns_query_candidate_go → dns_transaction_go → dns_transaction_prepare → dns_cache_lookup (success: 1)
                                                                      → dns_transaction_complete
After returning back to dns_query_candidate_go(), we'd attempt to continue
iteration over the list of transactions attached to the query candidate,
accessing already freed (and overwritten) memory:

(gdb) bt
0  0x00007f637297cf47 in hashmap_iterate_entry (i=0x7ffe7e15cc90, h=0x706f746b73656465) at ../src/basic/hashmap.c:703
1  _hashmap_iterate (h=0x706f746b73656465, i=i@entry=0x7ffe7e15cc90, value=value@entry=0x7ffe7e15cc88,
    key=key@entry=0x0) at ../src/basic/hashmap.c:712
2  0x00007f637297d01b in set_iterate (s=<optimized out>, i=i@entry=0x7ffe7e15cc90, value=value@entry=0x7ffe7e15cc88)
    at ../src/basic/hashmap.c:733
hence we crash

3  0x0000557bc99eb80f in dns_query_candidate_go (c=c@entry=0x557bcaf86890) at ../src/resolve/resolved-dns-query.c:139
...but c is not valid here in the second iteration of the loop

4  0x0000557bc99eb720 in dns_query_candidate_notify (c=0x557bcaf86890) at ../src/resolve/resolved-dns-query.c:271
c was valid here at entry...

5  0x0000557bc99efe28 in dns_transaction_complete (t=0x557bcac072f0, state=<optimized out>)
    at ../src/resolve/resolved-dns-transaction.c:350
t is a valid transaction (11481 in the backtrace below)

6  0x0000557bc99f1efb in dns_transaction_process_reply (t=0x557bcac072f0, p=<optimized out>)
    at ../src/resolve/resolved-dns-transaction.c:1171
7  0x0000557bc99f2d41 in on_dns_packet (s=<optimized out>, fd=<optimized out>, revents=<optimized out>,
    userdata=0x557bcac072f0) at ../src/resolve/resolved-dns-transaction.c:1223
8  0x00007f6372a25217 in source_dispatch (s=s@entry=0x557bcb162c50) at ../src/libsystemd/sd-event/sd-event.c:3181
9  0x00007f6372a254fd in sd_event_dispatch (e=0x557bcb15b050) at ../src/libsystemd/sd-event/sd-event.c:3620
10 0x00007f6372a267c8 in sd_event_run (e=e@entry=0x557bcb15b050, timeout=timeout@entry=18446744073709551615)
    at ../src/libsystemd/sd-event/sd-event.c:3678
11 0x00007f6372a269ef in sd_event_loop (e=0x557bcb15b050) at ../src/libsystemd/sd-event/sd-event.c:3700
12 0x0000557bc99ddc14 in run (argc=<optimized out>, argv=<optimized out>) at ../src/resolve/resolved.c:92
13 0x0000557bc99d260a in main (argc=<optimized out>, argv=<optimized out>) at ../src/resolve/resolved.c:99

xxx.name.net systemd-resolved[31705]: Got message type=method_call sender=:1.3644 destination=org.freedesktop.resolve1 path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member=ResolveHostname cookie=2 reply_cookie=0 signature=isit error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: idn2_lookup_u8: xxx → xxx
xxx.name.net systemd-resolved[31705]: Looking up RR for xxx IN A.
xxx.name.net systemd-resolved[31705]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=1102 reply_cookie=0 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner cookie=1103 reply_cookie=0 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.3324 path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=1103 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Cache miss for xxx.name.net IN A
xxx.name.net systemd-resolved[31705]: Transaction 11481 for <xxx.name.net IN A> scope dns on enp42s0/*.
xxx.name.net systemd-resolved[31705]: Using feature level UDP for transaction 11481.
xxx.name.net systemd-resolved[31705]: Using DNS server 192.168.1.1 for transaction 11481.
xxx.name.net systemd-resolved[31705]: Sending query packet with id 11481 of size 35.
xxx.name.net systemd-resolved[31705]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.3324 path=n/a interface=n/a member=n/a cookie=4294967295 reply_cookie=1102 signature= error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Match type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0=':1.3644' successfully installed.
xxx.name.net systemd-resolved[31705]: Processing incoming packet on transaction 11481 (rcode=NXDOMAIN).
xxx.name.net systemd-resolved[31705]: Not caching negative entry without a SOA record: xxx.name.net IN A
xxx.name.net systemd-resolved[31705]: Transaction 11481 for <xxx.name.net IN A> on scope dns on enp42s0/* now complete with <rcode-failure> from network (unsigned).
xxx.name.net systemd-resolved[31705]: Positive cache hit for xxx.lan IN A
xxx.name.net systemd-resolved[31705]: Transaction 64364 for <xxx.lan IN A> on scope dns on enp42s0/* now complete with <success> from cache (unsigned).
xxx.name.net systemd-resolved[31705]: Sent message type=method_return sender=n/a destination=:1.3644 path=n/a interface=n/a member=n/a cookie=1104 reply_cookie=2 signature=a(iiay)st error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch cookie=1105 reply_cookie=0 signature=s error-name=n/a error-message=n/a
xxx.name.net systemd-resolved[31705]: Freeing transaction 64364.
xxx.name.net systemd[1]: systemd-resolved.service: Main process exited, code=dumped, status=11/SEGV
xxx.name.net systemd[1]: systemd-resolved.service: Failed with result 'core-dump'.

Fixes #16168, https://bugzilla.redhat.com/show_bug.cgi?id=1895937.
2021-01-18 21:45:03 +01:00
Lennart Poettering
33295214fa update TODO 2021-01-18 21:05:32 +01:00
moson-mo
2a613b34cc hwdb: Add Logitech MX 518 Legendary mouse
Add Logitech MX 518 Legendary model to hwdb.
2021-01-18 16:49:30 +01:00
Zbigniew Jędrzejewski-Szmek
9dffdb4e3c
Merge pull request #18289 from yuwata/core-load-fragment-cleanups
pid1: several cleanups for conf parsers
2021-01-18 16:48:44 +01:00
Yu Watanabe
aac6673f02 network: address-pool: also check conflicts with foreign addresses
Fixes CI issue found in
https://github.com/systemd/systemd-centos-ci/pull/334.
2021-01-17 23:23:08 +00:00
Jonathan McDowell
0da7f9e589
hwdb: Add NEWYES 10" LCD writing tablet (#18274) 2021-01-18 08:39:07 +10:00
Yu Watanabe
2400743e1f core: add logs when credential value is duplicated 2021-01-18 01:32:49 +09:00
Yu Watanabe
8c6493e59e core: make config_parse_documentation() explicitly return 0 on success 2021-01-18 01:27:14 +09:00
Yu Watanabe
16eb0c4ad0 core: add missing log_oom() 2021-01-18 01:25:05 +09:00
Yu Watanabe
ca9169f47f core: do not fail when an invalid cpu affinity is specified 2021-01-18 01:22:48 +09:00
Yu Watanabe
22ede2c1dc
Merge pull request #18286 from ssahani/net-1
tree-wide: more use of hashmap_ensure_put() and TAKE_PTR()
2021-01-18 01:18:17 +09:00
Lennart Poettering
7ed7d3e6fd systemctl: use right type 'size_t' for counting memory
Follow-up for e363b0e4fc

(Mostly a theoretical fix. On 64bit systems unsigned is 32bit, and we
had more than 2^32 units thing would fall apart here.)
2021-01-18 01:17:27 +09:00
Susant Sahani
5a3e1cb918 network: tc use TAKE_PTR 2021-01-17 23:26:14 +09:00
Susant Sahani
a4aba097ad udevadm-monitor: use TAKE_PTR 2021-01-17 14:25:21 +01:00
Susant Sahani
39f930c215 udevadm-monitor: Use hashmap_ensure_put 2021-01-17 14:25:18 +01:00
Susant Sahani
a3b42af5b6 udev-rules: Use hashmap_ensure_put 2021-01-17 14:25:15 +01:00
Susant Sahani
15c69d0700 resolved-dnssd: Use TAKE_PTR 2021-01-17 14:25:10 +01:00
Susant Sahani
276abbeebc resolved-dnssd: Use hashmap_ensure_put 2021-01-17 14:25:07 +01:00
Susant Sahani
daced7483b resolved-dns-packet: Use TAKE_PTR 2021-01-17 14:25:05 +01:00
Susant Sahani
3004fcd0b8 resolved-dns-packet: Use hashmap_ensure_put 2021-01-17 14:24:59 +01:00
Susant Sahani
71fb97c7c4 resolved-bus: Use hashmap_ensure_put 2021-01-17 14:24:50 +01:00
Susant Sahani
4bc2516856 journal-remote: use hashmap_ensure_put 2021-01-17 14:24:44 +01:00
Susant Sahani
f85f5f0dc8 core: load fragment - use hashmap_ensure_put 2021-01-17 14:24:41 +01:00
Susant Sahani
53dba3ef07 core: job - use hashmap_ensure_put 2021-01-17 14:24:36 +01:00
Yu Watanabe
25351bc557 basic: drop unused module
Follow-up for 35b42e5600.
2021-01-17 11:48:05 +00:00
Yu Watanabe
6e75df0866
Merge pull request #18284 from ssahani/net-7
Tree wide tighten variable scope used in loop
2021-01-17 20:08:59 +09:00
Susant Sahani
ebffea2a25
network: Use ordered_hashmap_ensure_put (#18233) 2021-01-17 20:07:02 +09:00
Yu Watanabe
f9ead1a2f4
Merge pull request #18230 from ssahani/macvlan-bcqueuelen
network: macvlan - add support to configure rx queue for broadcast / multicast
2021-01-17 20:05:22 +09:00
Lennart Poettering
3dc536e0c5
Merge pull request #17576 from gportay/veritysetup-add-support-for-dm-verity-flags
veritysetup: add support for veritytab
2021-01-17 11:18:25 +01:00
Susant Sahani
cf55fe4a4c core: dbus - use hashmap_ensure_put 2021-01-17 09:49:14 +01:00
Susant Sahani
dca0a4e131 network: macvlan - add support to configure rx queue for broadcast/multicast 2021-01-17 08:39:28 +01:00
Susant Sahani
f6a0cfa5a5 journal: journal-file - tighten variable scope used in loop 2021-01-17 08:24:12 +01:00
Susant Sahani
d007c58317 machine: machined-dbus - tighten variable scope used in loop 2021-01-17 08:24:12 +01:00
Yu Watanabe
38f3e0a58d tree-wide: fix typo 2021-01-17 16:20:27 +09:00
Yu Watanabe
16ed53658a
Merge pull request #18243 from ssahani/ensure-put-use
tree-wide: introduce hashmap_ensure_put() and use it
2021-01-17 15:39:41 +09:00
Yu Watanabe
95dd454edc
Merge pull request #18261 from ssahani/net2
network: modernize routing policy rule and add 0 validation where needed
2021-01-17 15:39:01 +09:00
Susant Sahani
cda7fc8db3
network: tighten variable scope used in loop (#18277) 2021-01-17 15:38:33 +09:00
Adam Nielsen
e64652f70c man: clarify what network scopes are 2021-01-17 12:47:08 +09:00
Susant Sahani
a307a7dd38 network: nexthop - use hashmap_ensure_put 2021-01-16 23:10:32 +01:00
Susant Sahani
dcd46cc42d network: use hashmap_ensure_put 2021-01-16 23:10:18 +01:00
Susant Sahani
8eeffefbf0 network: routing-policy-rule - TAKE_PTR 2021-01-16 23:04:07 +01:00
Susant Sahani
fd9d7de176 network: route - add a zero verification for tcp window 2021-01-16 23:04:07 +01:00
Susant Sahani
0132453c40
network: tc - use TAKE_PTR (#18266)
* network: tc cake - use TAKE_PTR

* network: tc htb - use TAKE_PTR

* network: tc pie - use TAKE_PTR

* network: tc netem - use TAKE_PTR

* network: tc hhf - use TAKE_PTR

* network: tc gred - use TAKE_PTR

* network: tc fq codel - use TAKE_PTR

* network: tc fifo - use TAKE_PTR

* network: tc drr - use TAKE_PTR

* network: tc qdisc - use TAKE_PTR
2021-01-17 06:08:36 +09:00
Zbigniew Jędrzejewski-Szmek
2b5a1402f6
Merge pull request #18263 from keszybz/syscalls-auto
Generate missing syscalls headers programatically
2021-01-16 17:21:34 +01:00
Luca Boccassi
55eeb47631
Merge pull request #18264 from ssahani/net3
network: Use TAKE_PTR
2021-01-16 12:16:43 +00:00
Luca Boccassi
66e27e698e
Merge pull request #18268 from ssahani/net5
network: tighten variable scope used in loop
2021-01-16 12:13:14 +00:00
Susant Sahani
995606ad5b network: manager tighten variable scope used in loop 2021-01-16 12:07:33 +00:00
Susant Sahani
8cb3465100 network: route - use ordered_set_ensure_put 2021-01-16 12:05:44 +00:00