| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 90e40bd3d5b6d164be4c1f3583a13dc2f34d6563)
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ffaa6132cb968fbf9532bdb9cbd0780073b9e7cd)
|
|
|
|
|
|
|
|
|
| |
This prevents broken pipe errors in executed child processes that
attempt to access stdin.
Suggested-by: Vytautas Virvičius <vy.virvicius@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 67118a6b334cd50c9f39a0c04506befd49bf592a)
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2e8106ac5683be723b7f4e4ee522678b60b5ab50)
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Store the realloc result in a separate pointer so that we can free
the original on allocation failure
- Use an explicit uint8_t for the argument vector length instead of
"char" which might be signed or unsigned, depending on the arch
- Bail out with an invalid argument error if the argument vector
exceeds 255 items
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e5243c16eb214d2f6a2008ca4f15c4eb3ec6682c)
|
|
|
|
|
|
| |
Fixes: 37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d442d62dea8d7c5f9bb58f1be257230a469f343f)
|
|
|
|
|
|
|
|
|
|
| |
A previous commit changed the allocation method for the call context to
include the method name string memory directly, so we must not treat the
method member separately anymore.
Fixes: 37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ca3e2d5e70f188cc73a9bd1dadd3dcf2603bdba7)
|
|
|
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 02c6e1d08c9abfebae050ebeab5766935e849dc2)
|
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit cc502635046a2015d07fab5a21edbda7b7b98f38)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The invoked method name was separately duplicated from the call_context
structure. The structure itself is eventually freed by rpc_exec_reply()
but the method string it points to is lost after that.
Use calloc_a() instead to allocate the string copy buffer together with
the context structure, to ensure that all involved memory is freed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 37aa9196b603769ffbff4d0c58f76259a3791384)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The special characters '!' and '*' in /etc/shadow are
used to disable password login for a specific account.
The character 'x' has no special meaning, but should not
be interpreted as an empty password.
However, rpcd did treat these special characters like no
password was set, which allows access even though the account
is disabled.
By removing the additional checks for these characters, the
encrypted password string is passed to crypt, which returns NULL
if the salt has an invalid format and therefore access is denied.
Fixes: FS#2634
Signed-off-by: Fabian Bläse <fabian@blaese.de>
(cherry picked from commit 3df62bcebd2caff47506ccffb42df8d2d2123c06)
|
|
|
|
|
|
| |
Fixes: FS#3126
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 078bb57e0769c987c05244abe1f7d8d53e0e323e)
|
|
|
|
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9ecfada16d7ad5ae942e6c0e65e1b9d7e89e21df)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases, e.g. when subsequently setting multiple empty option
values, uci_set() might free the section pointer of the given reused
uci_ptr structure without zeroing it, leading to a use-after-free on
processing subsequent options.
Avoid this issue by clearing the lookup pointer flags in order to
prevent uci_set() from incorrectly branching into a uci_delete()
operation leading to the freeing of the section member.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019592.html
Reported-by: Daniel Danzberger <daniel@dd-wrt.com>
Suggested-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bd0ed2521476c3e5b6c1a0e0bd2c386ea809d74b)
|
|
|
|
|
|
|
|
| |
Since the plugin is not linked, but dlopen()'d with RTLD_LOCAL, we cannot
access global rpcd variables but need to access them via the common ops
structure symbol.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
This is required for plugins that need access to the configured execution
timeout. The global variable cannot be used as-is since we dlopen() with
RTLD_LOCAL.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
Rename the extern int to denote a global symbol.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
Increase the maximum possible execution time to 120 seconds and add a new
command line flag `-t` which allows overwriting the default value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
| |
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
|
|
|
|
|
|
|
| |
- Return UBUS_STATUS_NOT_FOUND if no object could be resolved for delete
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names or types
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
- Return UBUS_STATUS_NOT_FOUND if no section could be resolved for set
- Return UBUS_STATUS_INVALID_ARGUMENT if unserializable values are found
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section or option names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The invoked libuci functions do not reliably check their arguments, causing
malformed section and option names to end up in the delta file, letting the
uci cli and other components to segfault when processung such invalid
entries.
In order to prevent that, manually test received values before passing them
on to libuci.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rpc_uci_replace_savedir() function did not take into account that libuci
uci_set_savedir() does an additional implicit uci_strdup() of the directory
path string when appending a new delta directory item.
Due to this oversight, only the struct uci_element items got freed, but not
the duplicated path string, leading to leaking memory when invoking the uci
api with session id argument.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
This prevents timing out ubus call when the child invokes further detached
childs inheriting stdio descriptors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
| |
When reordering, the section indexes must be 0-based while the current
implementation incorrectly numbers starting with 1.
Fix this by start numbering ther sections with index 0.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing code failed to set the uci cursor save directory to the current
session path, causing the apply routine to either fail or to merge settings
from unrelated neighboring sessions, potentially leaking data.
Solve the issue by switching the uci cursor save directory to the session
directory before performing the actual apply actions.
Additionally set the save directory path to "/dev/null" during rollback, to
avoid merging unrelated system wide uci changes when restoring configs from
the snapshot directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
The rpc_uci_replace_savedir() function removes all configured save directories
from the uci cursor instance and adds the given path argument as sole item.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
When restoring session information from blob data, only consider the
embedded username attribute if it is a string value.
Other types may cause invalid memory accesses when attempting to strcmp()
the attribute value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Reclaim the pending apply session upon login when the username matches the
current login.
This is required to support apply-confirm-rollback workflow for ubus browser
clients, since changing IPs requires re-login to the device due to cross
domain restrictions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
The given const char *key was used to look up the blob attribute, while
the blob attributes internal name was used to store it in the avl tree.
This leads to confusion and potential memory leaks when the given key name
does not match the blob attributes internal name.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
| |
The libuci `uci_set_savedir()` function does not replace, but appends the
requested delta directory to the search path, this causes information leaks
between sessions.
Due to a lack of an official api for this, clear the uci contexts private
delta path before setting the save directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
Introduce optional boolean attribute 'all' to allow listing all
installed packages instead of only the user-selected ones.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
Signed-off-by: Roman Yeryomin <roman@advem.lv>
|
|
|
|
|
|
| |
Fixes commit 4e483312b0.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
Add method to list installed software packages directly from
/usr/lib/opkg/status (ie. no need to have opkg installed).
ubus call rpc-sys packagelist
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RTLD_GLOBAL was used to allow plugins use each other symbols but this
facility was (most likely) never used and is a bad design anyway. If
there is a common code it should just go to a library.
Using RTLD_LOCAL on the other hand saves us from conflicting symbols
used by different plugins. An example can be iwinfo plugin using libnl.
If there appears to be another plugin using incompatible netlink
implementation this will result in a problem. Both plugins will start
using the same libnl which will break one of them.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for blobmsg_json.h.
Some external toolchains which do not include standard locations would fail to
find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following warnings:
rpcd/sys.c: In function 'rpc_cgi_password_set':
rpcd/sys.c:116:8: error: ignoring return value of 'chdir', declared with attribute warn_unused_result [-Werror=unused-result]
chdir("/");
^
rpcd/sys.c:125:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:127:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
rpcd/sys.c:131:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:133:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
cc1: all warnings being treated as errors
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
| |
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for libubus.h. Some
external toolchains which do not include standard locations would fail
to find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Making an ubus call iwinfo countrylist '{"device":"radio0"}' will result
in some entries having garbage uninitialized stack bytes in the "code"
fields.
With this patch we zero-initialize the buffer that libiwinfo writes to,
making it NUL-terminated so that behavior doesn't happen anymore.
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
|
|
|
|
|
|
|
|
|
| |
Solve this compile warning:
file.c:300:16: error: comparison of unsigned expression < 0 is always false [-Werror,-Wtautological-compare]
if (data_len < 0)
Signed-off-by: Luka Perkov <luka@openwrt.org>
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
|
|
| |
Signed-off-by: Javier Domingo Cansino <javierdo1@gmail.com>
|