| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Discovered by LGTM.
(cherry picked from commit 944072feddb73333023d0a98bf87fd2a17f894d3)
Resolves: #1705971
|
| |
|
|
|
|
| |
(cherry picked from commit 2f6c9b6f3fb0128cee7f74985c143b4850feff6d)
Resolves: #1705971
|
| |
|
|
|
|
|
|
| |
Suggested by LGTM.
(cherry picked from commit c497e449f41774a36e01ae2cc2abade6133dffe1)
Resolves: #1705971
|
| |
|
|
|
|
| |
(cherry picked from commit 0e1f17561f5f6061ec5503de044298372ed7ca37)
Resolves: #1683334
|
| |
|
|
|
|
|
|
| |
if sd-bus and machined grok it, then sd-login should grok it too.
(cherry picked from commit a8c9b7a0fc0aa02666042543ff9a652aae3c9499)
Resolves: #1683334
|
| |
|
|
|
|
|
|
|
|
|
|
| |
machined exposes the pseudo-container ".host" as a reference to the host
system, and this means "machinectl login .host" and "machinectl shell
.host" get your a login/shell on the host. systemd-run currently doesn't
allow that. Let's fix that, and make sd-bus understand ".host" as an
alias for connecting to the host system.
(cherry picked from commit 1e5057b904473696ae0d591d7555233adcb51fa4)
Resolves: #1683334
|
| |
|
|
|
|
|
|
|
|
| |
And while we are at it, let's rearrange and extend the Type=
documentation a bit. Let's make it an itemized list, and let's add a
paragraph explaining which type best to use.
(cherry picked from commit 79905a246d645d21633f09f564b3672d5085a85c)
Resolves: #1683334
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users are often surprised that "systemd-run" command lines like
"systemd-run -p User=idontexist /bin/true" will return successfully,
even though the logs show that the process couldn't be invoked, as the
user "idontexist" doesn't exist. This is because Type=simple will only
wait until fork() succeeded before returning start-up success.
This patch adds a new service type Type=exec, which is very similar to
Type=simple, but waits until the child process completed the execve()
before returning success. It uses a pipe that has O_CLOEXEC set for this
logic, so that the kernel automatically sends POLLHUP on it when the
execve() succeeded but leaves the pipe open if not. This means PID 1
waits exactly until the execve() succeeded in the child, and not longer
and not shorter, which is the desired functionality.
Making use of this new functionality, the command line
"systemd-run -p User=idontexist -p Type=exec /bin/true" will now fail,
as expected.
(cherry picked from commit 5686391b006ee82d8a4559067ad9818e3e631247)
Resolves: #1683334
|
| |
|
|
|
|
| |
(cherry picked from commit ce0d60a7c4e07c5bdfed9f076bd48752287f0777)
Resolves: #1683334
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When process fd lists to pass to activated programs we always place the
socket activation fds first, and the storage fds last. Irritatingly in
almost all calls the "n_storage_fds" parameter (i.e. the number of
storage fds to pass) came first so far, and the "n_socket_fds" parameter
second. Let's clean this up, and specify the number of fds in the order
the fds themselves are passed.
(Also, let's fix one more case where "unsigned" was used to size an
array, while we should use "size_t" instead.)
(cherry picked from commit 25b583d7ffd699384435eba8e49f6ce927a83af0)
Resolves: #1683334
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These take a struct iovec to send data together with the passed FD.
The receive function returns the FD through an output argument. In case data is
received, but no FD is passed, the receive function will set the output
argument to -1 explicitly.
Update code in dynamic-user to use the new helpers.
(cherry picked from commit d34673ecb825aa9ecf6958b0caab792f5061c56a)
Resolves: #1683319
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Test it when sending an FD without any contents, or an FD and some contents,
or only contents and no FD (using a bare send().)
Also fix the previous test which forked but was missing an _exit() at the
end of the child execution code.
(cherry picked from commit 8a3386ab4fea9c4efa9c72e7c149cf510a46f03e)
Resolves: #1683319
|
| |
|
|
|
|
|
|
| |
This should fix the timeout in test-event
Taken from: b635e4ef6b2f35f07111bb66a68fe850a2ccab72
Resolves: #1683319
|
| |
|
|
|
|
|
| |
Fixes: #11092
(cherry picked from commit be24321f3dae91a166166b239954032727439942)
Resolves: #1683319
|
| |
|
|
|
|
|
|
| |
Also, use the same type everywhere for dealing with it.
(cherry picked from commit 92a40e20bf970c3ded8a50fbeeae882a7b970c9a)
Resolves: #1683319
|
| |
|
|
|
|
| |
(cherry picked from commit 3cae6c21e732fd46ff024d6625243d88ef6377ed)
Resolves: #1683319
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
linux/capability.h's CAP_TO_MASK potentially shifts a signed int "1"
(i.e. 32bit wide) left by 31 which means it becomes negative. That's
just weird, and ubsan complains about it. Let's introduce our own macro
CAP_TO_MASK_CORRECTED which doesn't fall into this trap, and make use of
it.
Fixes: #10347
(cherry picked from commit 5f00c5684f96c93a22840f7241ee444b9a632b1e)
Resolves: #1683319
|
| |
|
|
|
|
|
| |
Fixes: #10383
(cherry picked from commit 9e8b1ec08e8eb0b4611b7caf6adb8828feb32312)
Resolves: #1683319
|
| |
|
|
|
|
|
|
|
| |
valgrind reports the allocation done in the short-lived child as a leak.
Let's restructure the code to avoid this.
(cherry picked from commit 181c4ba750770b54a54b5abbe8ae8ff4f6db59b5)
Resolves: #1683319
|
| |
|
|
|
|
| |
(cherry picked from commit f30faf854b9bf01da294547a1bc3660506d750db)
Resolves: #1683319
|
| |
|
|
|
|
|
| |
Fixes: #10346
(cherry picked from commit 65f95765d05ddcd9e5849b68c379afa7e87d1248)
Resolves: #1683319
|
| |
|
|
|
|
| |
(cherry picked from commit 7a3025658836c536f81fdd742fa338545294f5bf)
Resolves: #1683319
|
| |
|
|
|
| |
Resolves: #1683319
rhel-only
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This replaces strndupa() by strndup() in socket_address_parse(),
as input string may be too long.
Fixes issue 10007 by ClusterFuzz-External:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10007
(cherry picked from commit 8d30fcb9b51b1d102a589171b6e28f5f370236f6)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.
The fuzzer test case is just for one site, but they all look similar.
v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
(cherry picked from commit 902000c19830f5e5a96e8948d691b42e91ecb1e7)
Resolves: #1696224
|
| |
|
|
|
|
| |
(cherry picked from commit d831fb6f2bde829f9309aea242f502587662d1cc)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
| |
It seems that they got fixed by one of the patches. Let's add them
just in case.
(cherry picked from commit edde66ffc2404de58e8b19810951f376efb344da)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
| |
The change is similar to that in the previous commit, but I don't have
a reproducer / test case case for this one, so I'm keeping it seperate.
(cherry picked from commit 3d338a302f56c0ef0445660d9856794abe1af8b5)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
| |
We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
(cherry picked from commit 73777ddba5100fe6c0791cd37a91f24a515f3202)
Resolves: #1696224
|
| |
|
|
|
|
| |
(cherry picked from commit 0b4775b52747bebf7ecb62062798475629767044)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
| |
The function does no processing on it's own, and just forwards arguments
to the other function. Let's just use the asserts there.
(cherry picked from commit 8792bdf8a3311f9e629daa0ec592c97c1cfb2a7c)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is similar to the grandparent commit 'fix calculation of offsets table',
except that now the change is for array elements. Same story as before: we need
to make sure that the offsets increase enough taking alignment into account.
While at it, rename 'p' to 'previous' to match similar code in other places.
(cherry picked from commit f88214cf9d66c93f4d22c4c8980de9ee3ff45bab)
Resolves: #1696224
|
| |
|
|
|
|
| |
(cherry picked from commit 4d82a8d5052fce8c1ea51f8bdec3476fb8cc4747)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The offsets specify the ends of variable length data. We would trust the
incoming data, putting the offsets specified in our message
into the offsets tables after doing some superficial verification.
But when actually reading the data we apply alignment, so we would take
the previous offset, align it, making it bigger then current offset, and
then we'd try to read data of negative length.
In the attached example, the message specifies the following offsets:
[1, 4]
but the alignment of those items is
[1, 8]
so we'd calculate the second item as starting at 8 and ending at 4.
(cherry picked from commit 12603b84d2fb07603e2ea94b240c6b78ad17510e)
Resolves: #1696224
|
| |
|
|
|
|
| |
(cherry picked from commit e8fd7e4b5b5269377efc641a7da43850822c1250)
Resolves: #1696224
|
| |
|
|
|
|
| |
(cherry picked from commit f22c308aff556bf5c6599ffcb61e637e366ab232)
Resolves: #1696224
|
| |
|
|
|
|
|
|
| |
There's already message_free_last_container(), so rename to match.
(cherry picked from commit 9c65778d614588d21645163dea97a5fe2c1c4ca5)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
| |
-EINVAL means the arguments were somehow wrong, so translate the code we get
internally into -EBADMSG when returning.
(cherry picked from commit 69bd42ca072dfb2f7603b1f82053063293ab54b5)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The alternative would be to treat gvariant and !gvariant messages differently.
But this is a problem because we check signatures is variuos places before we
have an actual message, for example in sd_bus_add_object_vtable(). It seems
better to treat things consistent (i.e. follow the lowest common denominator)
and disallow empty structures everywhere.
(cherry picked from commit ec6bda56cbca9509b1abde1122645630caca877c)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
| |
As far as I can see, we would either reuse some values from a previously exited
container or just random bytes from the heap.
Should fix #10127.
(cherry picked from commit cf81c68e96aa29d0c28b5d3a26d1de9aa1b53b85)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
| |
As with other fuzzers, SYSTEMD_FUZZ_OUTPUT=1 and SYSTEMD_LOG_LEVEL=debug can be
used for debugging.
(cherry picked from commit 56b560c26339c4b282c06038316a91509eae75fd)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
318/365 fuzz-bus-message:crash-26bba7182dedc8848939931d9fcefcb7922f2e56:address OK 0.03 s
319/365 fuzz-bus-message:crash-29ed3c202e0ffade3cad42c8bbeb6cc68a21eb8e:address OK 0.03 s
320/365 fuzz-bus-message:crash-b88ad9ecf4aacf4a0caca5b5543953265367f084:address OK 0.03 s
321/365 fuzz-bus-message:crash-c1b37b4729b42c0c05b23cba4eed5d8102498a1e:address OK 0.03 s
322/365 fuzz-bus-message:crash-d8f3941c74219b4c03532c9b244d5ea539c61af5:address OK 0.03 s
323/365 fuzz-bus-message:crash-e1b811da5ca494e494b77c6bd8e1c2f2989425c5:address OK 0.03 s
324/365 fuzz-bus-message:leak-c09c0e2256d43bc5e2d02748c8d8760e7bc25d20:address OK 0.04 s
325/365 fuzz-bus-message:message1:address OK 0.03 s
326/365 fuzz-bus-message:timeout-08ee8f6446a4064db064e8e0b3d220147f7d0b5b:address OK 0.03 s
327/365 fuzz-dhcp-server:discover-existing:address OK 0.04 s
328/365 fuzz-dhcp-server:discover-new:address OK 0.03 s
329/365 fuzz-dhcp-server:release:address OK 0.04 s
330/365 fuzz-dhcp-server:request-existing:address OK 0.03 s
331/365 fuzz-dhcp-server:request-new:address OK 0.03 s
332/365 fuzz-dhcp-server:request-reboot:address OK 0.03 s
333/365 fuzz-dhcp-server:request-renew:address OK 0.03 s
334/365 fuzz-dns-packet:issue-7888:address OK 0.03 s
335/365 fuzz-dns-packet:oss-fuzz-5465:address OK 0.03 s
336/365 fuzz-journal-remote:crash-5a8f03d4c3a46fcded39527084f437e8e4b54b76:address OK 0.06 s
337/365 fuzz-journal-remote:crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45:address OK 0.04 s
338/365 fuzz-journal-remote:invalid-ts.txt:address OK 0.04 s
339/365 fuzz-journal-remote:oss-fuzz-8659:address OK 0.06 s
340/365 fuzz-journal-remote:oss-fuzz-8686:address OK 0.04 s
341/365 fuzz-journal-remote:sample.txt:address OK 0.07 s
342/365 fuzz-unit-file:directives.service:address OK 0.03 s
343/365 fuzz-unit-file:empty.scope:address OK 0.04 s
344/365 fuzz-unit-file:machine.slice:address OK 0.03 s
345/365 fuzz-unit-file:oss-fuzz-6884:address OK 0.05 s
346/365 fuzz-unit-file:oss-fuzz-6885:address OK 0.03 s
347/365 fuzz-unit-file:oss-fuzz-6886:address OK 0.04 s
348/365 fuzz-unit-file:oss-fuzz-6892:address OK 0.03 s
349/365 fuzz-unit-file:oss-fuzz-6897:address OK 0.05 s
350/365 fuzz-unit-file:oss-fuzz-6897-evverx:address OK 0.04 s
351/365 fuzz-unit-file:oss-fuzz-6908:address OK 0.05 s
352/365 fuzz-unit-file:oss-fuzz-6917:address OK 0.06 s
353/365 fuzz-unit-file:oss-fuzz-6977:address OK 0.08 s
354/365 fuzz-unit-file:oss-fuzz-6977-unminimized:address OK 0.10 s
355/365 fuzz-unit-file:oss-fuzz-7004:address OK 0.03 s
356/365 fuzz-unit-file:oss-fuzz-8064:address OK 0.03 s
357/365 fuzz-unit-file:oss-fuzz-8827:address OK 0.50 s
358/365 fuzz-unit-file:proc-sys-fs-binfmt_misc.automount:address OK 0.03 s
359/365 fuzz-unit-file:syslog.socket:address OK 0.03 s
360/365 fuzz-unit-file:systemd-ask-password-console.path:address OK 0.03 s
361/365 fuzz-unit-file:systemd-machined.service:address OK 0.03 s
362/365 fuzz-unit-file:systemd-resolved.service:address OK 0.03 s
363/365 fuzz-unit-file:systemd-tmpfiles-clean.timer:address OK 0.03 s
364/365 fuzz-unit-file:timers.target:address OK 0.03 s
365/365 fuzz-unit-file:var-lib-machines.mount:address OK 0.04 s
This gives us slightly nicer coverage in the normal test run.
When in a git repo, git ls-files is used to get a list of files known to git.
This mirrors what update-man-rules does for man files. Only looking at files
known to git makes it easier to not forget to commit the test file to git,
and also makes bisecting easier if some files are left in repo.
When outside of a git repo, we expect to be unpacked from a tarball, so just
using all files reported by ls is OK.
(cherry picked from commit e6bad6746151c79a5f408e95714ffa5cea290ab0)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
| |
In the main meson.build file, .source_root() and .current_source_dir() are
equivalent, but it seems more appropriate to use .source_root() when we are appending
a path which is by design relative to repo root.
(cherry picked from commit 243e5cecc3a211519544ccba01c44edc827ac517)
Resolves: #1696224
|
| |
|
|
|
|
|
|
| |
The generic check suffices for those four.
(cherry picked from commit 6bd2bc8e16a6d515f8a21c47fd6b833d7fcfdd1c)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds -Dnss-resolve= and -Dnss-mymachines= meson options.
By using this option, e.g., resolved can be built without nss-resolve.
When no nss modules are built, then test-nss is neither built.
Also, This changes the option name -Dmyhostname= to -Dnss-myhostname=
for consistency to other nss related options.
Closes #9596.
(cherry picked from commit 08540a9591efe105439be81fc43d6dc65b715978)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
| |
The justification is the same as for -Dvalgrind: setting config in
meson in this way is easier, because when the value is changed stuff
that should be rebuilt is rebuilt.
(cherry picked from commit fd5dec9adf76591d713f163d43d04e3beb76893e)
Resolves: #1696224
|
| |
|
|
|
|
|
|
| |
It is easier to see the contents this way by eye.
(cherry picked from commit 3ddf3d439463ab2c76391a4d22b54166be2dbe94)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There isn't really much need to keep them separate. Anything which is a good
corpus entry can be used as a smoke test, and anything which which is a
regression test can just as well be inserted into the corpus.
The only functional difference from this patch (apart from different paths in
output) is that the regression tests are now zipped together with the rest of
the corpus.
$ meson configure build -Dslow-tests=true && ninja -C build test
...
307/325 fuzz-dns-packet:issue-7888:address OK 0.06 s
308/325 fuzz-dns-packet:oss-fuzz-5465:address OK 0.04 s
309/325 fuzz-journal-remote:crash-5a8f03d4c3a46fcded39527084f437e8e4b54b76:address OK 0.07 s
310/325 fuzz-journal-remote:crash-96dee870ea66d03e89ac321eee28ea63a9b9aa45:address OK 0.05 s
311/325 fuzz-journal-remote:oss-fuzz-8659:address OK 0.05 s
312/325 fuzz-journal-remote:oss-fuzz-8686:address OK 0.07 s
313/325 fuzz-unit-file:oss-fuzz-6884:address OK 0.06 s
314/325 fuzz-unit-file:oss-fuzz-6885:address OK 0.05 s
315/325 fuzz-unit-file:oss-fuzz-6886:address OK 0.05 s
316/325 fuzz-unit-file:oss-fuzz-6892:address OK 0.05 s
317/325 fuzz-unit-file:oss-fuzz-6897:address OK 0.05 s
318/325 fuzz-unit-file:oss-fuzz-6897-evverx:address OK 0.06 s
319/325 fuzz-unit-file:oss-fuzz-6908:address OK 0.07 s
320/325 fuzz-unit-file:oss-fuzz-6917:address OK 0.07 s
321/325 fuzz-unit-file:oss-fuzz-6977:address OK 0.13 s
322/325 fuzz-unit-file:oss-fuzz-6977-unminimized:address OK 0.12 s
323/325 fuzz-unit-file:oss-fuzz-7004:address OK 0.05 s
324/325 fuzz-unit-file:oss-fuzz-8064:address OK 0.05 s
325/325 fuzz-unit-file:oss-fuzz-8827:address OK 0.52 s
(cherry picked from commit c74a3f973e3e0bac13d66a28728a47f10046b71f)
Resolves: #1696224
|
| |
|
|
|
|
| |
(cherry picked from commit a1a605f144e5635fdae57125a92032b3e5ebeca9)
Resolves: #1696224
|
| |
|
|
|
|
|
|
|
| |
Also, all corpus subdirectories are named exactly the same as the fuzzer they
are for. This makes the paths a bit longer, but easier.
(cherry picked from commit 93b575b26605c347a717b2aa24ddf9cad08b8080)
Resolves: #1696224
|
