proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 06:06:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
11,443 Commits 6 Branches 17 Tags 29 MiB
16ebb29dcc
Commit Graph

11443 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
405b28a4de
confile: don't leak memory in case multiple shmounts are set 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32503
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 20:59:15 +01:00
Christian Brauner
79d2f54fd5
confile: add missing prefix validation 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32488
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 20:49:19 +01:00
Stéphane Graber
d734e61169
Merge pull request #3741 from brauner/2021-03-27/fixes_2 
confile_utils: free list during lxc_remove_nic_by_idx()
 2021-03-27 14:32:51 -04:00
Christian Brauner
9a096e987e
confile_utils: free list during lxc_remove_nic_by_idx() 
Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 18:42:24 +01:00
Stéphane Graber
cc98c47021
Merge pull request #3739 from brauner/2021-03-27/fixes 
oss-fuzz: fixes
 2021-03-27 11:48:18 -04:00
Evgeny Vereshchagin
b2606302de
ci: turn on ASan on CIFuzz 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-27 14:35:48 +01:00
Christian Brauner
1504790389
confile: prevent recursion when parsing networks 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 14:31:50 +01:00
Evgeny Vereshchagin
f6848c5fbc
confile: fix a memory leak in set_config_net_hwaddr 
It was found by ClusterFuzz in https://oss-fuzz.com/testcase-detail/4747480244813824
but hasn't been reported on Monorail
(https://bugs.chromium.org/p/oss-fuzz/) yet

```
$ cat minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
lxc.net.0.hwaddr=0
lxc.net.0.hwaddr=4

./out/fuzz-lxc-config-read minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
INFO: Seed: 1473396311
INFO: Loaded 1 modules   (18821 inline 8-bit counters): 18821 [0x885fa0, 0x88a925),
INFO: Loaded 1 PC tables (18821 PCs): 18821 [0x88a928,0x8d4178),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e

=================================================================
==226185==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4d25d7 in strdup (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x4d25d7)
    #1 0x58e48f in set_config_net_hwaddr /home/vagrant/lxc/src/lxc/confile.c:654:14
    #2 0x59af3b in set_config_net_nic /home/vagrant/lxc/src/lxc/confile.c:5276:9
    #3 0x571c29 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2958:9
    #4 0x61b0b2 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
    #5 0x5710ed in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3035:9
    #6 0x542cd6 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
    #7 0x449e8c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x449e8c)
    #8 0x42bbad in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42bbad)
    #9 0x432c50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x432c50)
    #10 0x423136 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423136)
    #11 0x7f2cbb992081 in __libc_start_main (/lib64/libc.so.6+0x27081)

SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-27 14:31:37 +01:00
Christian Brauner
299ddd1663
confile: improve network vetting 
Move all input sanity checks up and add two missing checks for the
correct network type when using veth-vlan and vlan network types.

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32513
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 14:31:37 +01:00
Christian Brauner
bbc9892535
confile: use correct check for too large network lists 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 08:09:56 +01:00
Christian Brauner
6a52a513f9
confile: make string calculations in get_network_config_ops() more obvious 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 08:09:09 +01:00
Christian Brauner
ced5587c03
conf: coding style cleanups 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 07:56:22 +01:00
Christian Brauner
25ed0305b1
confile_utils: free network list items 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 07:52:33 +01:00
Christian Brauner
cc36133d43
conf: reinitialize lists 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 07:52:10 +01:00
Christian Brauner
c45833e39c
string_utils: always memset buf in lxc_safe_int64_residual() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32482
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 07:14:56 +01:00
Stéphane Graber
6a374b65e7
Merge pull request #3738 from brauner/2021-03-26/fixes_3 
oss-fuzz: fixes
 2021-03-26 18:22:30 -04:00
Christian Brauner
5837aa8448
confile: fix returns in set_config_net_veth_vlan_tagged_id() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32494
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 23:02:59 +01:00
Christian Brauner
631d271533
confile: fix setting prlimits 
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 22:58:01 +01:00
Christian Brauner
59bc24cd0d
conf: don't leak list 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 22:57:58 +01:00
Stéphane Graber
8c70a4080b
Merge pull request #3736 from brauner/2021-03-26/fixes_3 
oss-fuzz: fixes
 2021-03-26 17:52:57 -04:00
Christian Brauner
06fdc710a8
log: avoid regressions for relative log paths 
We need to allow relative log paths.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 22:32:18 +01:00
Christian Brauner
b2480b2950
string_utils: fix parse_byte_size_string() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 22:28:36 +01:00
Christian Brauner
0b73eb0590
confile_utils: improve network parser 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 22:28:36 +01:00
Christian Brauner
6583a65090
Merge pull request #3737 from evverx/oss-fuzz-fixes 
oss-fuzz: a few follow-up commits
 2021-03-26 20:45:39 +01:00
Christian Brauner
647d0e011a
Merge pull request #3731 from samboyles1/master 
network: handle name collisions when returning interfaces to host
 2021-03-26 17:18:08 +01:00
Stéphane Graber
627c766cba
Merge pull request #3735 from brauner/2021-03-26/fixes_2 
oss-fuzz: fixes
 2021-03-26 12:00:04 -04:00
Christian Brauner
786467cbdd
conf: prevent UAF in lxc_clear_limits() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 16:42:57 +01:00
Christian Brauner
b8e539f448
confile_utils: fix real-time signal parsing 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32521
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 16:38:49 +01:00
Christian Brauner
c04f422182
confile: don't leak memory when overwriting lxc.rootfs.options 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32473
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 16:02:04 +01:00
Christian Brauner
e50319aaaf
Merge pull request #3733 from evverx/move-from-oss-fuzz 
oss-fuzz: make it possible to build the fuzzer without docker
 2021-03-26 15:35:37 +01:00
Stéphane Graber
6a3b579505
Merge pull request #3734 from brauner/2021-03-26/fixes_2 
confile: be stricter in config helpers
 2021-03-26 10:30:47 -04:00
Christian Brauner
d60ba56821
confile: be stricter in config helpers 
We never call these helper without an initialized config afaict but
since we're now exposing these two functions to oss-fuzz directly in a
way we never do to users so let's be stricter about it.

Inspired-by: #3733
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 15:11:08 +01:00
Stéphane Graber
0912bf6b77
Merge pull request #3732 from brauner/2021-03-26/fixes 
log: dont create log file for fuzz builds
 2021-03-26 08:26:41 -04:00
Christian Brauner
2f6d309983
log: handle empty log name 
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32491
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 12:21:48 +01:00
Christian Brauner
e459cf6831
log: don't create directories for fuzz builds 
Fixes: #3730
Fixes: https://github.com/google/oss-fuzz/issues/5509
Suggested-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 11:52:54 +01:00
Christian Brauner
a30a4efae5
log: dont create log file for fuzz builds 
Fixes: #3730
Fixes: https://github.com/google/oss-fuzz/issues/5509
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-26 09:20:56 +01:00
Evgeny Vereshchagin
98f9e64d33 fuzz: generate all the config keys and add them to the seed corpus 
It should help to cover more code faster

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-26 05:49:19 +00:00
Evgeny Vereshchagin
77d755ce04 README: add OSS-Fuzz/CIFuzz badges 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-26 05:20:51 +00:00
Evgeny Vereshchagin
f329f022a9 fuzz: create tmpfiles in /tmp 
It's mostly a cosmetic change that should prevent the fuzzer
from cluttering the "$OUT" directory (which OSS-Fuzz uses to
build docker images):

```
Step #44: Already have image: gcr.io/oss-fuzz/lxc
Step #44:   adding: fuzz-lxc-config-read (deflated 67%)
Step #44:   adding: fuzz-lxc-config-read-WBWKxN (deflated 32%)
Step #44:   adding: fuzz-lxc-config-read_seed_corpus.zip (stored 0%)
Step #44:   adding: honggfuzz (deflated 66%)
Step #44:   adding: llvm-symbolizer (deflated 65%)
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-26 05:20:07 +00:00
Sam Boyles
bb301db761 network: handle name collisions when returning physical interfaces to host 
Reviewed-by: Blair Steven <blair.steven@alliedtelesis.co.nz>
Signed-off-by: Sam Boyles <sam.boyles@alliedtelesis.co.nz>
 2021-03-26 15:27:07 +13:00
Evgeny Vereshchagin
dec64820a3 oss-fuzz: make it possible to build the fuzzer without docker 
With this patch applied the fuzz target can be built (with ASan)
and run with
```
./src/tests/oss-fuzz.sh
./out/fuzz-lxc-config-read doc/examples/
```

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475 can be
reproduced by running
```
$ echo "lxc.console.buffer.size=d" >oss-fuzz-32475
$ ./out/fuzz-lxc-config-read ./oss-fuzz-32475
INFO: Seed: 1044753468
INFO: Loaded 1 modules   (18770 inline 8-bit counters): 18770 [0x883cc0, 0x888612),
INFO: Loaded 1 PC tables (18770 PCs): 18770 [0x888618,0x8d1b38),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: oss-fuzz-32475
=================================================================
==2052097==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcca063e7f at pc 0x000000659e0d bp 0x7ffcca063e30 sp 0x7ffcca063e28
READ of size 1 at 0x7ffcca063e7f thread T0
...
```

I'll point OSS-Fuzz to the build script once this patch is merged.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-26 01:11:23 +00:00
Stéphane Graber
27df252817
Merge pull request #3729 from brauner/2021-03-25/fixes_3 
oss-fuzz: fixes
 2021-03-25 19:17:37 -04:00
Christian Brauner
b8e43ef0bd
conf: use lxc_list_new() everywhere 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-25 23:49:37 +01:00
Christian Brauner
642751ccd0
confile: use lxc_list_new() everywhere 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-25 23:38:24 +01:00
Christian Brauner
89d34eb2ed
list: add lxc_list_new() helper 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-25 23:33:12 +01:00
Christian Brauner
c461b9c7ed
confile_utils: delete netdev from list 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32478
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-25 23:22:53 +01:00
Christian Brauner
4a2c9b4023
conf: reinitialize sysctl list after clearing it 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32474
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-25 23:10:57 +01:00
Christian Brauner
b5fdc164e3
confile: fix set_config_sysctl() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32487
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-25 23:07:22 +01:00
Christian Brauner
65c5bc571b
Merge pull request #3726 from evverx/cifuzz 
ci: turn on CIFuzz
 2021-03-25 16:45:02 +01:00
Christian Brauner
854e6c5c01
Merge pull request #3725 from evverx/se_keyring_context_memory_leak 
conf: fix a memory leak
 2021-03-25 15:51:19 +01:00