| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The macro uci_alloc_element is in the public header file uci.h. However,
the macros output refers to uci_alloc_generic wich is in uci_internal.h
and not public. Thus, uci_alloc_element should be private as well and
moved to uci_internal.h.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
|
| |
Optimize for the case when there is no need to update the section and
the case there is no need to reallocate memory when updating a section
in uci_set.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If uci_realloc fails when updating a section in uci_set the reference
to the memory allocated by s = uci_strdup() is lost.
Also, if uci_strdup and uci_realloc both succeed it could happen that
ptr->s->type == uci_dataptr(ptr->s) by accident. Then later on in
uci_free_section the allocated ptr->s->type is not freed.
In order to fix this, instead of splitting the allocation of the the
section and the type string, we create a new section with in-section
storage to replace the old one. This also brings the code for updating
a section more in line with the simular code for updating an option.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
| |
Maintain the position of an option in the list when a string option
is converted to a list option in uci_add_list.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The function uci_add_list is not atomic, when an alloc inside
uci_add_element_list fails the option can be left in an indeterminate
state.
Refactor uci_add_list to fix this and make the code flow easier to
read.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
|
|
|
|
| |
When uci_add_list is called with ptr->o set and ptr->option = NULL,
then in uci_expand_ptr ptr->option is set to ptr->o->e.name.
If ptr->o->type is UCI_TYPE_STRING then prev is set to ptr->o.
This will result in use-after-free because ptr->option is used in
the call to uci_add_delta in uci_add_element_list after
uci_free_option(prev).
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
| |
Optimize for the case when there is no need to reallocate memory when
updating an option in uci_set.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
| |
Maintain the position of an option in the list when updating an option
in uci_set.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
|
|
| |
When uci_set is called with ptr->o set and ptr->option = NULL,
then in uci_expand_ptr ptr->option is set to ptr->o->e.name.
This will result in use-after-free because ptr->option is used in
the call to uci_add_delta after uci_free_option(ptr->o).
Signed-off-by: Jan Venekamp <jan@venekamp.net>
|
|
|
|
|
|
|
|
|
|
| |
In the commit 3c7f3556b0039 ("Fix delta path handling.")
uci_load_delta() was modified by open coding uci_load_delta_file(). It
seems that reason behind it was to avoid uci_parse_delta(). The same can
be achieved by passing NULL as "struct uci_package *p" argument.
Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
savedir is always present in the list of delta paths. It's guaranteed by
1. uci_alloc_context() which sets defaults
2. uci_set_savedir() which allows changing savedir
Calling uci_add_delta_path() with ctx->savedir argument seems to always
return UCI_ERR_DUPLICATE.
Fixes: 2b4872345ab2b ("make use of the history path feature in the cli")
Cc: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
Use the GNUInstallDirs include to allow callers to override the install
directories. This is helpful when building uci in build systems like
Yocto which prefer to use /usr/lib64 for the 64 bit libraries.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Save path is a directory where config change (delta) files are stored.
Having a custom individual save dir can be used to prevent two (or more)
"uci" cli callers (e.g. bash scripts) from commiting each other changes.
In the following example:
App0 App1
---- ----
uci set system.@system[0].timezone=UTC
uci set system.@system[0].hostname=OpenWrt
uci commit system
App1 would unintentionally commit changes made by App0. This can be
avoided by at least 1 "uci" cli user specifying a custom -t option.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
Instead of manually clearing the memory with memset() use calloc().
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
Check the return value of malloc() before accessing it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a heap overflow in the parsing of the uci line.
The line which is parsed and put into pctx->buf is null terminated and
stored on the heap. In the uci_parse_line() function we use strtok() to
split this string in multiple parts after divided by a space or tab.
strtok() replaces these characters with a NULL byte. If the next byte is
NULL we assume that this NULL byte was added by strtok() and try to
parse the string after this NULL byte. If this NULL byte was not added
by strtok(), but by fgets() to mark the end of the string we would read
over this end of the string in uninitialized memory and later over the
allocated buffer.
Fix this problem by storing how long the line we read was and check if
we would read over the end of the string here.
This also adds the input which detected this crash to the corpus of the
fuzzer.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[fixed merge conflict in tests]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
The bufsz variable is used to store the size of the buf memory region
and pos is used to index a position in this memory. Use size_t for these
variables in the internal handling instaed of int to not break with big
files.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
Allocating a 4KB stack space buffer just for formatting a tempfile name
does not seem ideal.
Fixes: aa46546794ac ("file: uci_file_commit: fix memory leak")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following memory leak:
26 bytes in 1 blocks are definitely lost in loss record 1 of 1
at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x52DA68F: vasprintf (vasprintf.c:73)
by 0x52B71D3: asprintf (asprintf.c:35)
by 0x4E40F67: uci_file_commit (file.c:738)
by 0x4E3FD94: uci_commit (libuci.c:193)
by 0x401ED9: uci_do_import (cli.c:408)
by 0x401ED9: uci_cmd (cli.c:685)
by 0x4016FA: main (cli.c:776)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Fixes following ubdefined-behavior as reported by clang version 10.0.0-4ubuntu1~18.04.2:
delta.c:139:52: runtime error: member access within null pointer of type 'struct uci_element'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior delta.c:139:52
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
| |
Use valgrind and uci cli compiled with undefined, address and leak
sanitizers.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
Will be used for testing.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue which is caused by usage of pointer which pointed
to a reallocated address:
ERROR: AddressSanitizer: heap-use-after-free on address 0x619000000087 at pc 0x000000509aa7 bp 0x7ffd6b9c3c40 sp 0x7ffd6b9c3400
READ of size 2 at 0x619000000087 thread T0
#0 0x509aa6 in strdup (test-fuzz+0x509aa6)
#1 0x7fc36d2a1636 in uci_strdup util.c:60:8
#2 0x7fc36d29e1ac in uci_alloc_generic list.c:55:13
#3 0x7fc36d29e241 in uci_alloc_package list.c:253:6
#4 0x7fc36d2a0ba3 in uci_switch_config file.c:375:18
#5 0x7fc36d2a09b8 in uci_parse_package file.c:397:2
#6 0x7fc36d2a09b8 in uci_parse_line file.c:513:6
#7 0x7fc36d2a09b8 in uci_import file.c:681:4
0x619000000087 is located 7 bytes inside of 1024-byte region [0x619000000080,0x619000000480)
freed by thread T0 here:
#0 0x51daa9 in realloc (test-fuzz+0x51daa9)
#1 0x7fc36d2a1612 in uci_realloc util.c:49:8
previously allocated by thread T0 here:
#0 0x51daa9 in realloc (test-fuzz+0x51daa9)
#1 0x7fc36d2a1612 in uci_realloc util.c:49:8
Reported-by: Jeremy Galindo <jgalindo@datto.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
LibFuzzer is linked with the library under test, and feeds fuzzed inputs
to the library via a specific fuzzing entrypoint (aka "target
function"); the fuzzer then tracks which areas of the code are reached,
and generates mutations on the corpus of input data in order to maximize
the code coverage.
So lets use libFuzzer to fuzz uci_import for the start.
Ref: https://llvm.org/docs/LibFuzzer.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
Because mkstemp() create a file with mode 0600, only user doing
the commit (typically root) will be allowed to inspect the content
of the file after uci commit.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed a segmentation fault caused by using a pointer to a reallocated
address. The name pointer in the uci_parse_option function
becomes invalid if assert_eol calls uci_realloc down the line,
resulting in a segmentation fault when attempting to dereference
name in a strcmp check in uci_lookup_list. A simple fix is
to call assert_eol before retrieving the actual address for
the name and type pointers.
The segmentation fault has been found while fuzzing the
uci configuration system for various types of different crashes
and undefined behavious, which resulted in multiple different
import files causing instability and sementation faults.
Signed-off-by: Luka Kožnjak <luka.koznjak@sartura.hr>
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed a segmentation fault caused by using a pointer to a reallocated
address. The name pointer in the uci_parse_config function
becomes invalid if assert_eol calls uci_realloc down the line,
resulting in a segmentation fault when attempting to dereference
name. A simple fix is to call assert_eol before retrieving the
actual address for the name and type pointers.
The segmentation fault has been found while fuzzing the
uci configuration system for various types of different crashes
and undefined behavious, which resulted in multiple different
import files causing instability and sementation faults.
Signed-off-by: Luka Kožnjak <luka.koznjak@sartura.hr>
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Found with clang's -Wextra-semi-stmt
Fixes:
error: empty expression statement has no effect; remove unnecessary ';' to
silence this warning [-Werror,-Wextra-semi-stmt]
UCI_TRAP_SAVE(ctx, error);
^
error: empty expression statement has no effect; remove unnecessary ';' to
silence this warning [-Werror,-Wextra-semi-stmt]
UCI_TRAP_SAVE(ctx, ignore);
error: empty expression statement has no effect; remove unnecessary ';' to
silence this warning [-Werror,-Wextra-semi-stmt]
};
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
| |
In order to spot possible issues with direct impact on security during
QA on CI (GCC version 6 and higher).
Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* replace strange error_info[0]=0 with complete zeroing of the buffer
* make the function body shorter and more clear, decrease indentation
levels
* fix format string warnings:
libuci.c:172:24: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
libuci.c:181:19: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
In order to extend test coverage and help testing refactoring.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
Fixes following warning reported by clang-10:
lua/uci.c:1050:1: error: no previous declaration for ‘luaopen_uci’ [-Werror=missing-declarations]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
cli.c:196:19: error: format string is not a string literal [-Werror=format-nonliteral]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[split into separate commit]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
scan-build from clang version 9 has reported following issues:
uci.c:389:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:393:3: warning: Value stored to 'err' is never read
err = UCI_ERR_NOTFOUND;
^ ~~~~~~~~~~~~~~~~
uci.c:417:4: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:524:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:533:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:565:4: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:575:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:584:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:642:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:651:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
scan-build from clang version 9 has reported following issue:
ucimap.c:710:8: warning: Use of memory after it is freed
err = ucimap_parse_options(map, sm, sd, s);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
scan-build from clang version 9 has reported following issue:
delta.c:39:13: warning: Null pointer passed to 1st parameter expecting 'nonnull'
int size = strlen(section) + 1;
^~~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
scan-build from clang version 9 has reported following issue:
cli.c:574:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
if ((ret = uci_parse_argument(ctx, input, &str, &argv[i])) != UCI_OK) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
scan-build from clang version 9 has reported following issue:
uci.c:624:12: warning: Potential leak of memory pointed to by 's'
return luaL_error(L, "Cannot set an uci option to an empty table value");
^~~~~~~~~~
valgrind confirmed it on the supplied test case:
==31013== 8 bytes in 1 blocks are definitely lost in loss record 1 of 1
==31013== by 0x56C49B9: strdup (strdup.c:42)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
| |
Configs returned by uci_list_configs call are not freed when not needed,
leading to the memory leak. While at it make the code cleaner.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
I find them more flexible then shunit2 ones.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
When uci_set_confdir fails we should say so.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
Cppcheck 1.90 dev reports following:
cli.c:117:4: error: Common realloc mistake: 'typestr' nulled but not freed upon failure [memleakOnRealloc]
typestr = realloc(typestr, maxlen);
^
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 9.1 on x86/64 has reported following issues:
list.c:140:11: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:572:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:850:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:865:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
delta.c:199:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:80:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:81:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
file.c:572:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:850:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:865:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
delta.c:199:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:80:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:81:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
ucimap.c:146:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:151:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:243:34: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:247:9: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:254:39: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:258:9: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:285:34: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:363:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:563:12: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:753:18: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:879:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
The more tests, the better.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
| |
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
Makes the resulting lua/CMakeLists.txt file simpler.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In tests.sh line 10:
[ -x $UCI_BIN ] || {
^------^ SC2086: Double quote to prevent globbing and word splitting.
In tests.sh line 63:
for suite in $(ls ${SCRIPTS_DIR}/*)
^--------------------^ SC2045: Iterating over ls output is fragile. Use globs.
In tests.sh line 65:
cat ${suite} >> ${FULL_SUITE}
^------^ SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uses currently proof-of-concept openwrt-ci[1] in order to:
* improve the quality of the codebase in various areas
* decrease code review time and help merging contributions faster
* get automagic feedback loop on various platforms and tools
- out of tree build with OpenWrt SDK on following targets:
* ath79-generic
* imx6-generic
* malta-be
* mvebu-cortexa53
- out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 9
- out of tree native x86/64 static code analysis with cppcheck and
scan-build from Clang 9
1. https://gitlab.com/ynezz/openwrt-ci/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
uci is being passed from CMake as environment variable.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
For convenient tests invocation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|