mirror of
https://github.com/systemd/systemd
synced 2024-10-15 12:34:37 +00:00
Merge pull request #27527 from mrc0mmand/fuzz-manager-serialize
core: a couple of follow-ups for issues found by fuzz-manager-serialize
This commit is contained in:
commit
8069cdc7e7
|
@ -2597,6 +2597,7 @@ static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
|
||||||
|
|
||||||
static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
|
static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
|
||||||
Socket *s = SOCKET(u);
|
Socket *s = SOCKET(u);
|
||||||
|
int r;
|
||||||
|
|
||||||
assert(u);
|
assert(u);
|
||||||
assert(key);
|
assert(key);
|
||||||
|
@ -2651,124 +2652,183 @@ static int socket_deserialize_item(Unit *u, const char *key, const char *value,
|
||||||
s->control_command = s->exec_command[id];
|
s->control_command = s->exec_command[id];
|
||||||
}
|
}
|
||||||
} else if (streq(key, "fifo")) {
|
} else if (streq(key, "fifo")) {
|
||||||
int fd, skip = 0;
|
_cleanup_free_ char *fdv = NULL;
|
||||||
|
bool found = false;
|
||||||
|
int fd;
|
||||||
|
|
||||||
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
|
r = extract_first_word(&value, &fdv, NULL, 0);
|
||||||
|
if (r <= 0) {
|
||||||
log_unit_debug(u, "Failed to parse fifo value: %s", value);
|
log_unit_debug(u, "Failed to parse fifo value: %s", value);
|
||||||
else {
|
return 0;
|
||||||
bool found = false;
|
|
||||||
|
|
||||||
LIST_FOREACH(port, p, s->ports)
|
|
||||||
if (p->fd < 0 &&
|
|
||||||
p->type == SOCKET_FIFO &&
|
|
||||||
path_equal_or_files_same(p->path, value+skip, 0)) {
|
|
||||||
p->fd = fdset_remove(fds, fd);
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!found)
|
|
||||||
log_unit_debug(u, "No matching fifo socket found: %s", value+skip);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fd = parse_fd(fdv);
|
||||||
|
if (fd < 0 || !fdset_contains(fds, fd)) {
|
||||||
|
log_unit_debug(u, "Invalid fifo value: %s", fdv);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(port, p, s->ports)
|
||||||
|
if (p->fd < 0 &&
|
||||||
|
p->type == SOCKET_FIFO &&
|
||||||
|
path_equal_or_files_same(p->path, value, 0)) {
|
||||||
|
p->fd = fdset_remove(fds, fd);
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!found)
|
||||||
|
log_unit_debug(u, "No matching fifo socket found: %s", value);
|
||||||
|
|
||||||
} else if (streq(key, "special")) {
|
} else if (streq(key, "special")) {
|
||||||
int fd, skip = 0;
|
_cleanup_free_ char *fdv = NULL;
|
||||||
|
bool found = false;
|
||||||
|
int fd;
|
||||||
|
|
||||||
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
|
r = extract_first_word(&value, &fdv, NULL, 0);
|
||||||
|
if (r <= 0) {
|
||||||
log_unit_debug(u, "Failed to parse special value: %s", value);
|
log_unit_debug(u, "Failed to parse special value: %s", value);
|
||||||
else {
|
return 0;
|
||||||
bool found = false;
|
|
||||||
|
|
||||||
LIST_FOREACH(port, p, s->ports)
|
|
||||||
if (p->fd < 0 &&
|
|
||||||
p->type == SOCKET_SPECIAL &&
|
|
||||||
path_equal_or_files_same(p->path, value+skip, 0)) {
|
|
||||||
p->fd = fdset_remove(fds, fd);
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!found)
|
|
||||||
log_unit_debug(u, "No matching special socket found: %s", value+skip);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fd = parse_fd(fdv);
|
||||||
|
if (fd < 0 || !fdset_contains(fds, fd)) {
|
||||||
|
log_unit_debug(u, "Invalid special value: %s", fdv);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(port, p, s->ports)
|
||||||
|
if (p->fd < 0 &&
|
||||||
|
p->type == SOCKET_SPECIAL &&
|
||||||
|
path_equal_or_files_same(p->path, value, 0)) {
|
||||||
|
p->fd = fdset_remove(fds, fd);
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!found)
|
||||||
|
log_unit_debug(u, "No matching special socket found: %s", value);
|
||||||
|
|
||||||
} else if (streq(key, "mqueue")) {
|
} else if (streq(key, "mqueue")) {
|
||||||
int fd, skip = 0;
|
_cleanup_free_ char *fdv = NULL;
|
||||||
|
bool found = false;
|
||||||
|
int fd;
|
||||||
|
|
||||||
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
|
r = extract_first_word(&value, &fdv, NULL, 0);
|
||||||
|
if (r <= 0) {
|
||||||
log_unit_debug(u, "Failed to parse mqueue value: %s", value);
|
log_unit_debug(u, "Failed to parse mqueue value: %s", value);
|
||||||
else {
|
return 0;
|
||||||
bool found = false;
|
|
||||||
|
|
||||||
LIST_FOREACH(port, p, s->ports)
|
|
||||||
if (p->fd < 0 &&
|
|
||||||
p->type == SOCKET_MQUEUE &&
|
|
||||||
streq(p->path, value+skip)) {
|
|
||||||
p->fd = fdset_remove(fds, fd);
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!found)
|
|
||||||
log_unit_debug(u, "No matching mqueue socket found: %s", value+skip);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fd = parse_fd(fdv);
|
||||||
|
if (fd < 0 || !fdset_contains(fds, fd)) {
|
||||||
|
log_unit_debug(u, "Invalid mqueue value: %s", fdv);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(port, p, s->ports)
|
||||||
|
if (p->fd < 0 &&
|
||||||
|
p->type == SOCKET_MQUEUE &&
|
||||||
|
streq(p->path, value)) {
|
||||||
|
p->fd = fdset_remove(fds, fd);
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!found)
|
||||||
|
log_unit_debug(u, "No matching mqueue socket found: %s", value);
|
||||||
|
|
||||||
} else if (streq(key, "socket")) {
|
} else if (streq(key, "socket")) {
|
||||||
int fd, type, skip = 0;
|
_cleanup_free_ char *fdv = NULL, *typev = NULL;
|
||||||
|
bool found = false;
|
||||||
|
int fd, type;
|
||||||
|
|
||||||
if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
|
r = extract_first_word(&value, &fdv, NULL, 0);
|
||||||
log_unit_debug(u, "Failed to parse socket value: %s", value);
|
if (r <= 0) {
|
||||||
else {
|
log_unit_debug(u, "Failed to parse socket fd from value: %s", value);
|
||||||
bool found = false;
|
return 0;
|
||||||
|
|
||||||
LIST_FOREACH(port, p, s->ports)
|
|
||||||
if (p->fd < 0 &&
|
|
||||||
socket_address_is(&p->address, value+skip, type)) {
|
|
||||||
p->fd = fdset_remove(fds, fd);
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!found)
|
|
||||||
log_unit_debug(u, "No matching %s socket found: %s",
|
|
||||||
socket_address_type_to_string(type), value+skip);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fd = parse_fd(fdv);
|
||||||
|
if (fd < 0 || !fdset_contains(fds, fd)) {
|
||||||
|
log_unit_debug(u, "Invalid socket fd: %s", fdv);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
r = extract_first_word(&value, &typev, NULL, 0);
|
||||||
|
if (r <= 0) {
|
||||||
|
log_unit_debug(u, "Failed to parse socket type from value: %s", value);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (safe_atoi(typev, &type) < 0 || type < 0) {
|
||||||
|
log_unit_debug(u, "Invalid socket type: %s", typev);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(port, p, s->ports)
|
||||||
|
if (p->fd < 0 &&
|
||||||
|
socket_address_is(&p->address, value, type)) {
|
||||||
|
p->fd = fdset_remove(fds, fd);
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!found)
|
||||||
|
log_unit_debug(u, "No matching %s socket found: %s",
|
||||||
|
socket_address_type_to_string(type), value);
|
||||||
|
|
||||||
} else if (streq(key, "netlink")) {
|
} else if (streq(key, "netlink")) {
|
||||||
int fd, skip = 0;
|
_cleanup_free_ char *fdv = NULL;
|
||||||
|
bool found = false;
|
||||||
|
int fd;
|
||||||
|
|
||||||
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
|
r = extract_first_word(&value, &fdv, NULL, 0);
|
||||||
|
if (r <= 0) {
|
||||||
log_unit_debug(u, "Failed to parse socket value: %s", value);
|
log_unit_debug(u, "Failed to parse socket value: %s", value);
|
||||||
else {
|
return 0;
|
||||||
bool found = false;
|
|
||||||
|
|
||||||
LIST_FOREACH(port, p, s->ports)
|
|
||||||
if (p->fd < 0 &&
|
|
||||||
socket_address_is_netlink(&p->address, value+skip)) {
|
|
||||||
p->fd = fdset_remove(fds, fd);
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!found)
|
|
||||||
log_unit_debug(u, "No matching netlink socket found: %s", value+skip);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fd = parse_fd(fdv);
|
||||||
|
if (fd < 0 || !fdset_contains(fds, fd)) {
|
||||||
|
log_unit_debug(u, "Invalid socket value: %s", fdv);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(port, p, s->ports)
|
||||||
|
if (p->fd < 0 &&
|
||||||
|
socket_address_is_netlink(&p->address, value)) {
|
||||||
|
p->fd = fdset_remove(fds, fd);
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!found)
|
||||||
|
log_unit_debug(u, "No matching netlink socket found: %s", value);
|
||||||
|
|
||||||
} else if (streq(key, "ffs")) {
|
} else if (streq(key, "ffs")) {
|
||||||
int fd, skip = 0;
|
_cleanup_free_ char *fdv = NULL;
|
||||||
|
bool found = false;
|
||||||
|
int fd;
|
||||||
|
|
||||||
if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
|
r = extract_first_word(&value, &fdv, NULL, 0);
|
||||||
|
if (r <= 0) {
|
||||||
log_unit_debug(u, "Failed to parse ffs value: %s", value);
|
log_unit_debug(u, "Failed to parse ffs value: %s", value);
|
||||||
else {
|
return 0;
|
||||||
bool found = false;
|
|
||||||
|
|
||||||
LIST_FOREACH(port, p, s->ports)
|
|
||||||
if (p->fd < 0 &&
|
|
||||||
p->type == SOCKET_USB_FUNCTION &&
|
|
||||||
path_equal_or_files_same(p->path, value+skip, 0)) {
|
|
||||||
p->fd = fdset_remove(fds, fd);
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (!found)
|
|
||||||
log_unit_debug(u, "No matching ffs socket found: %s", value+skip);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fd = parse_fd(fdv);
|
||||||
|
if (fd < 0 || !fdset_contains(fds, fd)) {
|
||||||
|
log_unit_debug(u, "Invalid ffs value: %s", fdv);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
LIST_FOREACH(port, p, s->ports)
|
||||||
|
if (p->fd < 0 &&
|
||||||
|
p->type == SOCKET_USB_FUNCTION &&
|
||||||
|
path_equal_or_files_same(p->path, value, 0)) {
|
||||||
|
p->fd = fdset_remove(fds, fd);
|
||||||
|
found = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!found)
|
||||||
|
log_unit_debug(u, "No matching ffs socket found: %s", value);
|
||||||
|
|
||||||
} else
|
} else
|
||||||
log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
|
log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
|
||||||
|
|
||||||
|
|
|
@ -6162,7 +6162,9 @@ int activation_details_deserialize(const char *key, const char *value, Activatio
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
t = unit_type_from_string(value);
|
t = unit_type_from_string(value);
|
||||||
if (t == _UNIT_TYPE_INVALID)
|
/* The activation details vtable has defined ops only for path
|
||||||
|
* and timer units */
|
||||||
|
if (!IN_SET(t, UNIT_PATH, UNIT_TIMER))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
*details = malloc0(activation_details_vtable[t]->object_size);
|
*details = malloc0(activation_details_vtable[t]->object_size);
|
||||||
|
|
|
@ -77,6 +77,10 @@ int fdset_put(FDSet *s, int fd) {
|
||||||
assert(s);
|
assert(s);
|
||||||
assert(fd >= 0);
|
assert(fd >= 0);
|
||||||
|
|
||||||
|
/* Avoid integer overflow in FD_TO_PTR() */
|
||||||
|
if (fd == INT_MAX)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing invalid fd: %d", fd);
|
||||||
|
|
||||||
return set_put(MAKE_SET(s), FD_TO_PTR(fd));
|
return set_put(MAKE_SET(s), FD_TO_PTR(fd));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,6 +119,12 @@ bool fdset_contains(FDSet *s, int fd) {
|
||||||
assert(s);
|
assert(s);
|
||||||
assert(fd >= 0);
|
assert(fd >= 0);
|
||||||
|
|
||||||
|
/* Avoid integer overflow in FD_TO_PTR() */
|
||||||
|
if (fd == INT_MAX) {
|
||||||
|
log_debug("Refusing invalid fd: %d", fd);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return !!set_get(MAKE_SET(s), FD_TO_PTR(fd));
|
return !!set_get(MAKE_SET(s), FD_TO_PTR(fd));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -122,6 +132,10 @@ int fdset_remove(FDSet *s, int fd) {
|
||||||
assert(s);
|
assert(s);
|
||||||
assert(fd >= 0);
|
assert(fd >= 0);
|
||||||
|
|
||||||
|
/* Avoid integer overflow in FD_TO_PTR() */
|
||||||
|
if (fd == INT_MAX)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "Refusing invalid fd: %d", fd);
|
||||||
|
|
||||||
return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT;
|
return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -0,0 +1,3 @@
|
||||||
|
|
||||||
|
l.socket
|
||||||
|
socket=2147483647 5
|
|
@ -0,0 +1,4 @@
|
||||||
|
|
||||||
|
d.socket
|
||||||
|
job
|
||||||
|
activation-details-unit-type=service
|
Loading…
Reference in a new issue