1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 16:21:26 +03:00
Commit Graph

8 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
a88f9dbae2 systemctl: unset const char* arguments in static destructors
When fuzzing, the following happens:
- we parse 'data' and produce an argv array,
- one of the items in argv is assigned to arg_host,
- the argv array is subsequently freed by strv_freep(), and arg_host has a dangling symlink.

In normal use, argv is static, so arg_host can never become a dangling pointer.
In fuzz-systemctl-parse-argv, if we repeatedly parse the same array, we
have some dangling pointers while we're in the middle of parsing. If we parse
the same array a second time, at the end all the dangling pointers will have been
replaced again. But for a short time, if parsing one of the arguments uses another
argument, we would use a dangling pointer.

Such a case occurs when we have --host=… --boot-loader-entry=help. The latter calls
acquire_bus() which uses arg_host.

I'm not particularly happy with making the code more complicated just for
fuzzing, but I think it's better to resolve this, even if the issue cannot
occur in normal invocations, than to deal with fuzzer reports.

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31714.
2021-05-31 19:29:07 +02:00
Zbigniew Jędrzejewski-Szmek
5735ab0979 fuzz-systemctl-parse-argv: add "telinit" to the argv[0] list 2021-02-22 14:22:07 +00:00
Zbigniew Jędrzejewski-Szmek
5800f0fc68 basic/alloc-util: also reset the cleaned-up variable in freep()
freep() has it's own definition, so I missed it in fd421c4adc.

Again, there is a small growth, but the compiler should be able to optimize it away:
-Dbuildtype=debug:

-rwxrwxr-x 1 zbyszek zbyszek 4106816 Feb 19 12:52 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7492952 Feb 19 12:52 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472624 Feb 19 12:53 build/systemd

-rwxrwxr-x 1 zbyszek zbyszek 4107056 Feb 19 13:03 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7493480 Feb 19 13:03 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472760 Feb 19 13:03 build/systemd

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31055.
2021-02-19 15:25:16 +01:00
Lennart Poettering
dc288ffeab
Merge pull request #18596 from keszybz/systemctl-quiet-legend
systemctl: hide legends with --quiet, allow overriding
2021-02-17 23:40:04 +01:00
Zbigniew Jędrzejewski-Szmek
6906da2692 systemctl: hide legends with --quiet, allow overriding
--no-legend is replaced by --legend=no.

--quiet now implies --legend=no, but --legend=yes may be used to override that.
--quiet controls hints and warnings and such, and --legend controls just the
legends. I think it makes sense to allow both to controlled independently, in
particular --quiet --legend makes sense when using systemctl in a script to
provide some user-visible output.

Fixes #18560.
2021-02-17 21:09:14 +01:00
Zbigniew Jędrzejewski-Szmek
425ac7a253 fuzz-systemctl-parse-argv: call static destuctors
With all the preparatory work in previous PRs, we can now call static destructors
repeatedly without issue. We need to do it here so that global variables allocated
during parsing are properly freed.
2021-02-16 17:15:11 +01:00
Zbigniew Jędrzejewski-Szmek
860f154fa3 fuzz-systemctl-parse-argv: add argv[0] values to corpus 2021-02-15 10:01:38 +01:00
Zbigniew Jędrzejewski-Szmek
5fd8782328 fuzz-systemctl-parse-argv: a new fuzzer
Does what the name suggests. Obviously inspired by sudoers, but note that
our tools are not supposed to be installed suid, so there is no privilege
boundary to cross here.
2021-02-09 14:11:42 +01:00