mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-24 12:05:26 +00:00

Author	SHA1	Message	Date
Evgeny Vereshchagin	fe069142a6	oss-fuzz.sh: get rid of the sed "no-undefined" kludge Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-04-02 16:10:58 +02:00
Evgeny Vereshchagin	b2378a563f	ci: stop passing --enable-ubsan It's just a follow-up to `5f40423627` (where --enable-ubsan was removed). Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-04-02 16:10:57 +02:00
Thomas Parrott	df9bfcf026	doc: Documented that net type field must come before other options on the net device Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>	2021-04-02 16:10:56 +02:00
Christian Brauner	38743a8954	README: remove Travis and add Github actions badge Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-02 16:10:54 +02:00
Christian Brauner	96c61d3ad8	autotools: remove --enable-{asan,ubsan} in favor of --enable-sanitizers Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-04-02 16:10:53 +02:00
Evgeny Vereshchagin	95e142f5e8	oss-fuzz.sh: put the "lxc.net" keys in the seed corpus as well It's just a follow-up to `0abcc213e2` (where the "lxc.net" keys were moved from config_jump_table to config_jump_table_net) Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-04-02 16:10:49 +02:00
Christian Brauner	03fd67960a	compiler: fix thread_local detection Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:24 +02:00
Christian Brauner	3d76476790	lxccontainer: ensure second parameter to bsearch is never NULL Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:23 +02:00
Christian Brauner	6334098841	conf: fix thread_local support detection Our detection for TLS wasn't working. Fix it. Fixes: https://github.com/lxc/lxd/issues/8327 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:22 +02:00
Christian Brauner	90accff309	tests: add another test for garbage config key where a valid key has trailing garbage at the end before the "=". Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:21 +02:00
Christian Brauner	f44eb24426	tests: fix two false negatives in parse_config_file() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:21 +02:00
Christian Brauner	01e3ca9b1e	confile: cleanup set_config_net_script_down() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:20 +02:00
Christian Brauner	ab34ded6e5	confile: cleanup set_config_net_script_up() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:19 +02:00
Christian Brauner	d47e383174	confile: cleanup set_config_net_mtu() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:17 +02:00
Christian Brauner	c72590da70	confile: cleanup set_config_net_hwaddr() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:16 +02:00
Christian Brauner	942b2d3186	confile: clear netdev on network type change Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32584 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:06:14 +02:00
Christian Brauner	24ca942032	confile: vet keys more aggressively Enforce an exact match for all keys where we now the subkeys must match exactly. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:05:57 +02:00
Christian Brauner	9d5a073d6f	confile: safely clean previous value in set_config_net_ipv4_gateway() Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32586 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:43 +02:00
Christian Brauner	ed3a03cb86	confile: safely clean previous value in set_config_net_ipv6_gateway() Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32610 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:42 +02:00
Evgeny Vereshchagin	a348e8f47b	string_utils: work around an MSan false positive MSan doesn't instrument stpncpy (https://github.com/google/sanitizers/issues/926), which causes the fuzzer to fail with: ``` $ cat ../minimized-from-740f56329efc60eab59b8194132b712a873e88a3 lxc.console.size=123 $ ./out/fuzz-lxc-config-read ../minimized-from-740f56329efc60eab59b8194132b712a873e88a3 INFO: Seed: 3561494591 INFO: Loaded 1 modules (18795 inline 8-bit counters): 18795 [0x866b98, 0x86b503), INFO: Loaded 1 PC tables (18795 PCs): 18795 [0x86b508,0x8b4bb8), ./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each. Running: ../minimized-from-740f56329efc60eab59b8194132b712a873e88a3 ==850885==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x6b3e7f in parse_byte_size_string /home/vagrant/lxc/src/lxc/string_utils.c:912:6 #1 0x550991 in set_config_console_size /home/vagrant/lxc/src/lxc/confile.c:2483:8 #2 0x5346e2 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2962:9 #3 0x64b3cd in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9 #4 0x53340c in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3039:9 #5 0x4e7ec2 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2 #6 0x44ad2c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x44ad2c) #7 0x42ca4d in fuzzer::RunOneTest(fuzzer::Fuzzer, char const, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42ca4d) #8 0x433af0 in fuzzer::FuzzerDriver(int, char**, int ()(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x433af0) #9 0x423ff6 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423ff6) #10 0x7f79bdc89081 in __libc_start_main (/lib64/libc.so.6+0x27081) #11 0x42402d in _start (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42402d) Uninitialized value was created by an allocation of 'dup' in the stack frame of function 'parse_byte_size_string' #0 0x6b3330 in parse_byte_size_string /home/vagrant/lxc/src/lxc/string_utils.c:901 SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/vagrant/lxc/src/lxc/string_utils.c:912:6 in parse_byte_size_string Exiting ``` Closes https://oss-fuzz.com/testcase-detail/5829890470445056 Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:42 +02:00
Evgeny Vereshchagin	0e24c1b257	cifuzz: turn on MSan Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:41 +02:00
Christian Brauner	8ccd3d762a	string_utils: handle overflow correct in parse_byte_size_string() This takes the overflow handling code from the kernel. Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32549 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:40 +02:00
Evgeny Vereshchagin	51b0e727ef	cifuzz: turn on UBsan Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:39 +02:00
Evgeny Vereshchagin	affdb4a484	oss-fuzz.sh: take SANITIZER into account to make it possible to build the fuzzer with UBSan and MSan locally ``` $ SANITIZER=undefined ./src/tests/oss-fuzz.sh $ printf 'lxc.signal.stop=sigrtmax-020000000020' >oss-fuzz-32596 $ UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 ./out/fuzz-lxc-config-read oss-fuzz-32596 INFO: Seed: 595864277 INFO: Loaded 1 modules (61553 inline 8-bit counters): 61553 [0x80a1b0, 0x819221), INFO: Loaded 1 PC tables (61553 PCs): 61553 [0x819228,0x909938), ./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each. Running: oss-fuzz-32596 confile_utils.c:1051:20: runtime error: signed integer overflow: 64 - -2147483632 cannot be represented in type 'int' #0 0x51799a in rt_sig_num /home/vagrant/lxc/src/lxc/confile_utils.c:1051:20 #1 0x517268 in sig_parse /home/vagrant/lxc/src/lxc/confile_utils.c:1069:11 #2 0x500ca4 in set_config_signal_stop /home/vagrant/lxc/src/lxc/confile.c:1738:10 #3 0x4b8c7c in parse_line /home/vagrant/lxc/src/lxc/confile.c:2962:9 #4 0x5a5eb0 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9 ``` Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:39 +02:00
Evgeny Vereshchagin	8122eb0f64	confile_utils: fix a signed integer overflow This was triggered by the following chain of conversions: lxc_safe_uint("020000000020") -> 2147483664 (uint) sig_num(2147483664 (uint)) -> -2147483632 (int) 64 - -2147483632 cannot be represented in type 'int' Closes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32596 Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:38 +02:00
Christian Brauner	285dd691fc	confile: don't leak memory in case multiple shmounts are set Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32503 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:37 +02:00
Christian Brauner	265542bb27	confile: add missing prefix validation Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32488 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:36 +02:00
Christian Brauner	5335a80ff8	confile_utils: free list during lxc_remove_nic_by_idx() Reported-by: Evgeny Vereshchagin <evvers@ya.ru> Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:35 +02:00
Evgeny Vereshchagin	1998f661a0	ci: turn on ASan on CIFuzz Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:34 +02:00
Christian Brauner	0274a0ee9f	confile: prevent recursion when parsing networks Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558 Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:33 +02:00
Evgeny Vereshchagin	1f860b31ea	confile: fix a memory leak in set_config_net_hwaddr It was found by ClusterFuzz in https://oss-fuzz.com/testcase-detail/4747480244813824 but hasn't been reported on Monorail (https://bugs.chromium.org/p/oss-fuzz/) yet ``` $ cat minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e lxc.net.0.hwaddr=0 lxc.net.0.hwaddr=4 ./out/fuzz-lxc-config-read minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e INFO: Seed: 1473396311 INFO: Loaded 1 modules (18821 inline 8-bit counters): 18821 [0x885fa0, 0x88a925), INFO: Loaded 1 PC tables (18821 PCs): 18821 [0x88a928,0x8d4178), ./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each. Running: minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e ================================================================= ==226185==ERROR: LeakSanitizer: detected memory leaks Direct leak of 2 byte(s) in 1 object(s) allocated from: #0 0x4d25d7 in strdup (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x4d25d7) #1 0x58e48f in set_config_net_hwaddr /home/vagrant/lxc/src/lxc/confile.c:654:14 #2 0x59af3b in set_config_net_nic /home/vagrant/lxc/src/lxc/confile.c:5276:9 #3 0x571c29 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2958:9 #4 0x61b0b2 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9 #5 0x5710ed in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3035:9 #6 0x542cd6 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2 #7 0x449e8c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x449e8c) #8 0x42bbad in fuzzer::RunOneTest(fuzzer::Fuzzer, char const, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42bbad) #9 0x432c50 in fuzzer::FuzzerDriver(int, char**, int ()(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x432c50) #10 0x423136 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423136) #11 0x7f2cbb992081 in __libc_start_main (/lib64/libc.so.6+0x27081) SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s). ``` Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>	2021-03-29 17:02:32 +02:00
Christian Brauner	8fa51b7a5b	confile: improve network vetting Move all input sanity checks up and add two missing checks for the correct network type when using veth-vlan and vlan network types. Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32513 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:02:17 +02:00
Christian Brauner	0977c023aa	confile: use correct check for too large network lists Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:01:27 +02:00
Christian Brauner	6712de30a4	confile: make string calculations in get_network_config_ops() more obvious Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:01:26 +02:00
Christian Brauner	6219606ba1	conf: coding style cleanups Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:01:25 +02:00
Christian Brauner	5c1a9b8ac3	confile_utils: free network list items Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:01:24 +02:00
Christian Brauner	c98770b9fc	conf: reinitialize lists Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:01:22 +02:00
Christian Brauner	3cec50fc4c	string_utils: always memset buf in lxc_safe_int64_residual() Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32482 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:01:21 +02:00
Christian Brauner	b47332893f	confile: fix setting prlimits Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:44 +02:00
Christian Brauner	2896136e1c	conf: don't leak list Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:43 +02:00
Christian Brauner	9253c08364	log: avoid regressions for relative log paths We need to allow relative log paths. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:42 +02:00
Christian Brauner	71cfd6ccfb	string_utils: fix parse_byte_size_string() Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:41 +02:00
Christian Brauner	05eac3f298	confile_utils: improve network parser Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:41 +02:00
Christian Brauner	19c8192fbf	conf: prevent UAF in lxc_clear_limits() Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:40 +02:00
Christian Brauner	2875de4a35	confile_utils: fix real-time signal parsing Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32521 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:39 +02:00
Christian Brauner	e6d15fca7b	confile: don't leak memory when overwriting lxc.rootfs.options Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32473 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:38 +02:00
Christian Brauner	b4d341d7ca	confile: be stricter in config helpers We never call these helper without an initialized config afaict but since we're now exposing these two functions to oss-fuzz directly in a way we never do to users so let's be stricter about it. Inspired-by: #3733 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:37 +02:00
Christian Brauner	f04892685f	log: handle empty log name Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32491 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:36 +02:00
Christian Brauner	a842308f63	log: don't create directories for fuzz builds Fixes: #3730 Fixes: https://github.com/google/oss-fuzz/issues/5509 Suggested-by: Evgeny Vereshchagin <evvers@ya.ru> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:35 +02:00
Christian Brauner	b61757b3ad	log: dont create log file for fuzz builds Fixes: #3730 Fixes: https://github.com/google/oss-fuzz/issues/5509 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-03-29 17:00:31 +02:00

... 8 9 10 11 12 ...

10680 Commits