1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

35245 Commits

Author SHA1 Message Date
Yu Watanabe
5b054bfc10 test: add a testcase for oss-fuzz#10746 2018-10-03 08:53:42 +09:00
Yu Watanabe
84452783b8 dhcp6: check option length before reading values
Fixes oss-fuzz#10746
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10746.
2018-10-03 08:49:55 +09:00
Yu Watanabe
9380d34c2a test: add test for sd_device 2018-10-02 23:04:55 +02:00
Joe Hershberger
d81186ef4f udev: Allow acpi_index and index to be "0"
0 can be a valid index returned by the BIOS, so allow that by using the
parsing function safe_atolu() to check for errors without excluding the
valid value "0".

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
2018-10-02 22:58:15 +02:00
David Strauss
bca676e3d3 Docs: Update CoC with email alias for David Strauss 2018-10-02 09:22:45 -07:00
Lennart Poettering
1384653e71 update TODO 2018-10-02 18:00:10 +02:00
Zbigniew Jędrzejewski-Szmek
0f0159e313
Merge pull request #10252 from poettering/recv-log-msg-bump
tiny sd-ravd/sd-ndisc logging fixes
2018-10-02 17:56:31 +02:00
Zbigniew Jędrzejewski-Szmek
e80ef269a1
Merge pull request #10255 from poettering/hide-new-id128
drop references to "journalctl --new-id128"
2018-10-02 17:54:36 +02:00
Lennart Poettering
29088d374e
Merge pull request #9898 from keszybz/id128
Add a new tool 'systemd-id128'
2018-10-02 17:43:37 +02:00
Lennart Poettering
eb74d3b97a
Merge pull request #10249 from keszybz/lgtm-fixes
Fixes for issues found by LGTM
2018-10-02 17:42:55 +02:00
Lennart Poettering
b9d016d684 tree-wide: drop all references to "journalctl --new-id128"
Let's advertise "systemd-id128 new" instead.
2018-10-02 16:43:54 +02:00
Lennart Poettering
19a073db9b journalctl: drop --new-id128 from help and man texts
Let's remove redundancy and not advertise "journalctl --new-id128"
anymore, now that we have "systemd-id128 new" in a proper tool.

This allows us to reduce the overly large journalctl command set a bit.

Note that this just removes the --help and man text, the call remains
available for compat reasons.
2018-10-02 16:42:30 +02:00
Lennart Poettering
876449bb47 update TODO 2018-10-02 16:28:06 +02:00
Lennart Poettering
8eb41f4c08 sd-radv: EAGAIN is not really unexpected, distinguishit from other errors when logging 2018-10-02 16:26:50 +02:00
Lennart Poettering
437524f178 sd-ndisc: generate debug log messages on unexpected errors
We really should make it possible to debug unexpected errors, hence log
something at LOG_DEBUG.
2018-10-02 16:25:54 +02:00
Lennart Poettering
fdc2afc102 sd-radv: remove log_radv_warning_errno()
According to our CODING_STYLE our library code should generally not log
beyond LOG_DEBUG. Let's hence get rid of log_radv_warning_errno() and
just use log_radv_errno() instead.
2018-10-02 16:22:54 +02:00
Ronny Chevalier
afc1feaeba bus-unit-util: fix parsing of IPAddress{Allow,Deny}
While the config parser correctly handles the case of multiple IPs,
bus_append_cgroup_property was only parsing one IP,
and it would fail with "Failed to parse IP address prefix" when given
a list of IPs.
2018-10-02 15:46:15 +02:00
Lennart Poettering
c3281539da
Merge pull request #10246 from keszybz/fuzz-buss
Bus fuzzer
2018-10-02 15:45:21 +02:00
Zbigniew Jędrzejewski-Szmek
91db8ed5b2 journal-upload: add asserts that snprintf does not return an error
LGMT complains:
> The size argument of this snprintf call is derived from its return value,
> which may exceed the size of the buffer and overflow.

Let's make sure that r is non-negative. (This shouldn't occur unless the format
string is borked, so let's just add an assert.)
Then, let's reorder the comparison to avoid the potential overflow.
2018-10-02 15:36:24 +02:00
Zbigniew Jędrzejewski-Szmek
7c3733d5de pid1: remove unnecessary error reassignment
LGTM was complaining:
> Comparison is always true because r >= 0.
2018-10-02 15:36:24 +02:00
Zbigniew Jędrzejewski-Szmek
459500a32c shared/install: avoid overwriting 'r' counter with a partial result
We want to store either the first error or the total number of changes in 'r'.
Instead, we were overwriting this with the return value from
install_info_traverse().

LGTM complained later in the loop that:
> Comparison is always true because r >= 0.
2018-10-02 15:36:24 +02:00
Zbigniew Jędrzejewski-Szmek
87d57be06f Prettify printing of uuids
I know this a bit over the top, but I'm following reviewers' requests.
2018-10-02 15:15:10 +02:00
Zbigniew Jędrzejewski-Szmek
adda90b03e man: add man page for systemd-id128 2018-10-02 15:15:10 +02:00
Zbigniew Jędrzejewski-Szmek
0d1d512f7f systemd-id128: a new tool to print machine/boot/invocation/app-specific ids
The raison d'etre for this program is printing machine-app-specific IDs. We
provide a library function for that, but not a convenient API. We can hardly
ask people to quickly hack their own C programs or call libsystemd through CFFI
in python or another scripting language if they just want to print an ID.

Verb 'new' was already available as 'journalctl --new-id128', but this makes
it more discoverable.

v2:
- rename binary to systemd-id128
- make --app-specific= into a switch that applies to boot-id and machine-id
2018-10-02 15:15:10 +02:00
Zbigniew Jędrzejewski-Szmek
65d410c7ca sd-id128: add sd_id128_get_boot_app_specific() 2018-10-02 15:15:10 +02:00
Zbigniew Jędrzejewski-Szmek
ff7dad484c journalctl: move generate_new_id128() to shared 2018-10-02 15:13:17 +02:00
Evgeny Vereshchagin
14f37112c8 icmp6-util: stop ignoring EAGAIN and EINTR in icmp6_receive
The code handling the errors was originally part of ndisc_recv, which,
being an event handler, would be simply turned off if it returned a negative
error code. It's no longer necessary. Plus, it helps avoid passing
an uninitialized value to radv_send.

Closes https://github.com/systemd/systemd/issues/10223.
2018-10-02 12:58:07 +02:00
Zbigniew Jędrzejewski-Szmek
0a587335d2 journal-verify: add comment and silence LGTM warning 2018-10-02 12:54:00 +02:00
Zbigniew Jędrzejewski-Szmek
cac4d95ec8 boot: change multiplication order
LGTM was complaining:
> Multiplication result may overflow 'unsigned int' before it is converted to 'unsigned long'.
2018-10-02 12:54:00 +02:00
Zbigniew Jędrzejewski-Szmek
3d6c184474 basic/hexdecoct: check for overflow
LGTM was complaining:
> Multiplication result may overflow 'int' before it is converted to 'long'.
Fix this by changing all types to ssize_t and add a check for overflow
while at it.
2018-10-02 12:54:00 +02:00
Zbigniew Jędrzejewski-Szmek
902000c198 bus-message: avoid wrap-around when using length read from message
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.

The fuzzer test case is just for one site, but they all look similar.

v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
2018-10-02 11:59:08 +02:00
Zbigniew Jędrzejewski-Szmek
d831fb6f2b bus-message: return -EBADMSG not -EINVAL on invalid !gvariant messages 2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
edde66ffc2 fuzz-bus-message: add two test cases that pass now
It seems that they got fixed by one of the patches. Let's add them
just in case.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
3d338a302f bus-message: also properly copy struct signature when skipping
The change is similar to that in the previous commit, but I don't have
a reproducer / test case case for this one, so I'm keeping it seperate.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
73777ddba5 bus-message: fix skipping of array fields in !gvariant messages
We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
0b4775b527 bus-message: output debug information about offset troubles 2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
10a7ec96d8 test-bus-gvariant: turn on debug output
I thought the test was wrong, but it turns out one of my patches was at
fault. But this helps to diagnose issues.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
8792bdf8a3 bus-message: drop asserts in functions which are wrappers for varargs version
The function does no processing on it's own, and just forwards arguments
to the other function. Let's just use the asserts there.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
f88214cf9d bus-message: fix calculation of offsets table for arrays
This is similar to the grandparent commit 'fix calculation of offsets table',
except that now the change is for array elements. Same story as before: we need
to make sure that the offsets increase enough taking alignment into account.

While at it, rename 'p' to 'previous' to match similar code in other places.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
4d82a8d505 bus-message: remove duplicate assignment 2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
12603b84d2 bus-message: fix calculation of offsets table
The offsets specify the ends of variable length data. We would trust the
incoming data, putting the offsets specified in our message
into the offsets tables after doing some superficial verification.
But when actually reading the data we apply alignment, so we would take
the previous offset, align it, making it bigger then current offset, and
then we'd try to read data of negative length.

In the attached example, the message specifies the following offsets:
[1, 4]
but the alignment of those items is
[1, 8]
so we'd calculate the second item as starting at 8 and ending at 4.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
e8fd7e4b5b bus: do not print (null) if the message has unknown type 2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
f22c308aff bus-message: use define 2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
9c65778d61 bus-message: rename function for clarity
There's already message_free_last_container(), so rename to match.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
81b6e63029 bus-message: do not crash on message with a string of zero length
We'd calculate the "real" length of the string as 'item_size - 1', which does
not work out well when item_size == 0.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
69bd42ca07 bus-message: let's always use -EBADMSG when the message is bad
-EINVAL means the arguments were somehow wrong, so translate the code we get
internally into -EBADMSG when returning.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
ec6bda56cb bus-message: avoid an infinite loop on empty structures
The alternative would be to treat gvariant and !gvariant messages differently.
But this is a problem because we check signatures is variuos places before we
have an actual message, for example in sd_bus_add_object_vtable(). It seems
better to treat things consistent (i.e. follow the lowest common denominator)
and disallow empty structures everywhere.
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
6d1e0f4fcb sd-bus: unify three code-paths which free struct bus_container
We didn't free one of the fields in two of the places.

$ valgrind --show-leak-kinds=all --leak-check=full \
  build/fuzz-bus-message \
  test/fuzz/fuzz-bus-message/leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20
...
==14457== HEAP SUMMARY:
==14457==     in use at exit: 3 bytes in 1 blocks
==14457==   total heap usage: 509 allocs, 508 frees, 51,016 bytes allocated
==14457==
==14457== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1
==14457==    at 0x4C2EBAB: malloc (vg_replace_malloc.c:299)
==14457==    by 0x53AFE79: strndup (in /usr/lib64/libc-2.27.so)
==14457==    by 0x4F52EB8: free_and_strndup (string-util.c:1039)
==14457==    by 0x4F8E1AB: sd_bus_message_peek_type (bus-message.c:4193)
==14457==    by 0x4F76CB5: bus_message_dump (bus-dump.c:144)
==14457==    by 0x108F12: LLVMFuzzerTestOneInput (fuzz-bus-message.c:24)
==14457==    by 0x1090F7: main (fuzz-main.c:34)
==14457==
==14457== LEAK SUMMARY:
==14457==    definitely lost: 3 bytes in 1 blocks
2018-10-02 11:53:20 +02:00
Zbigniew Jędrzejewski-Szmek
cf81c68e96 bus-message: use structured initialization to avoid use of unitialized memory
As far as I can see, we would either reuse some values from a previously exited
container or just random bytes from the heap.

Should fix #10127.
2018-10-02 11:53:18 +02:00
Zbigniew Jędrzejewski-Szmek
7f546026ab Introduce free_and_strndup and use it in bus-message.c
v2: fix error in free_and_strndup()

When the orignal and copied message were the same, but shorter than specified
length l, memory read past the end of the buffer would be performed. A test
case is included: a string that had an embedded NUL ("q\0") is used to replace
"q".

v3: Fix one more bug in free_and_strndup and add tests.

v4: Some style fixed based on review, one more use of free_and_replace, and
make the tests more comprehensive.
2018-10-02 11:42:45 +02:00