proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-12 05:25:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,890 Commits 6 Branches 17 Tags 29 MiB
e5e7c954c5
Commit Graph

10890 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Evgeny Vereshchagin
1a46f8537e confile: fix a memory leak lxc_config_define_add 
```
2021-04-02T05:45:54.9410345Z ==13==ERROR: LeakSanitizer: detected memory leaks
2021-04-02T05:45:54.9410737Z
2021-04-02T05:45:54.9411488Z Direct leak of 16 byte(s) in 1 object(s) allocated from:
2021-04-02T05:45:54.9412556Z     #0 0x54d752 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
2021-04-02T05:45:54.9413360Z     #1 0x583795 in parse_new_conf_line /src/lxc/src/lxc/confile.c:3048:8
2021-04-02T05:45:54.9414057Z     #2 0x582f1a in lxc_config_define_add /src/lxc/src/lxc/confile.c:3090:15
2021-04-02T05:45:54.9415352Z     #3 0x5810fa in LLVMFuzzerTestOneInput /src/lxc/src/tests/fuzz-lxc-define-load.c:30:6
2021-04-02T05:45:54.9419212Z     #4 0x483b93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
2021-04-02T05:45:54.9421819Z     #5 0x48309a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:505:3
2021-04-02T05:45:54.9424205Z     #6 0x485474 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:814:7
2021-04-02T05:45:54.9426658Z     #7 0x485689 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:845:3
2021-04-02T05:45:54.9428616Z     #8 0x473717 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:906:6
2021-04-02T05:45:54.9429989Z     #9 0x49f572 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
2021-04-02T05:45:54.9433312Z     #10 0x7fa96041b83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
2021-04-02T05:45:54.9433795Z
2021-04-02T05:45:54.9434661Z DEDUP_TOKEN: calloc--parse_new_conf_line--lxc_config_define_add
2021-04-02T05:45:54.9435483Z SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
2021-04-02T05:45:54.9435958Z
2021-04-02T05:45:54.9436404Z INFO: a leak has been found in the initial corpus.
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-01 01:25:26 +00:00
Evgeny Vereshchagin
e8694d9a22 oss-fuzz: fuzz lxc_config_define_add and lxc_config_define_load 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-01 01:25:09 +00:00
Christian Brauner
f5312e35d3
Merge pull request #3759 from evverx/san-compatible 
build-system: make it compatible with ASan/UBsan/Msan
 2021-03-31 22:03:07 +02:00
Stéphane Graber
6dcd23e2bd
Merge pull request #3758 from brauner/2021-03-31/fixes 
confile: cap to last bit in set_config_net_ipv4_address()
 2021-03-31 13:36:04 -04:00
Christian Brauner
365136359f
confile: cap to last bit in set_config_net_ipv4_address() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32708
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-31 10:54:28 +02:00
Christian Brauner
ea35e2ccda
Merge pull request #3755 from evverx/lxc-net 
oss-fuzz.sh: put the "lxc.net" keys to the seed corpus as well
 2021-03-30 20:50:52 +02:00
Stéphane Graber
21e9bead12
Merge pull request #3756 from brauner/2021-03-30/fixes_3 
string_utils: switch to path_simplify()
 2021-03-30 12:58:28 -04:00
Christian Brauner
28e54be15f
string_utils: switch to path_simplify() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32689
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-30 17:20:51 +02:00
Stéphane Graber
ec6de2c3e7
Merge pull request #3754 from brauner/2021-03-30/fixes_2 
confile: don't jump into the global table twice
 2021-03-30 08:31:41 -04:00
Christian Brauner
0abcc213e2
confile: don't jump into the global table twice 
instead move networking keys into a subtable. This avoids even just the
remote danger of recursion and also speeds up config parsing.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-30 12:51:54 +02:00
Evgeny Vereshchagin
e7e0343fd9 oss-fuzz: reject giant configs early 
It should help the fuzzer to avoid running into timeouts
like https://oss-fuzz.com/testcase-detail/5132999948632064.
Hopefully, once this is merged OSS-Fuzz will report only
infinite loops as timeouts.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 07:26:39 +00:00
Evgeny Vereshchagin
792a48b180 build-system: make it compatible with ASan/UBsan/MSan 
Closes: https://github.com/lxc/lxc/issues/3727

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 06:09:35 +00:00
Evgeny Vereshchagin
b31484bd1b ci: enable PAM 
to make sure pam_cgfs is buildable with ASan/UBsan too

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 04:22:46 +00:00
Evgeny Vereshchagin
7bf9dc49e7 ci: also build with ASan/UBsan 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 04:22:46 +00:00
Evgeny Vereshchagin
49ffe5da49 oss-fuzz.sh: get rid of the sed "no-undefined" kludge 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 04:22:46 +00:00
Evgeny Vereshchagin
85d70be752 ci: stop passing --enable-ubsan 
It's just a follow-up to 5f40423627 (where --enable-ubsan
was removed).

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 03:35:50 +00:00
Stéphane Graber
dce56ec228
Merge pull request #3750 from brauner/2021-03-29/fixes_2 
autotools: remove --enable-{asan,ubsan} in favor of --enable-sanitizers
 2021-03-29 13:11:25 -04:00
Christian Brauner
fb33b35c88
Merge pull request #3751 from tomponline/tp-nic-ordering 
doc: Documented that net type field must come before other options on the net device
 2021-03-29 18:29:57 +02:00
Thomas Parrott
320061b34f doc: Documented that net type field must come before other options on the net device 
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
 2021-03-29 17:20:42 +01:00
Christian Brauner
73c852f7d6
README: remove Travis and add Github actions badge 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 18:05:39 +02:00
Christian Brauner
5f40423627
autotools: remove --enable-{asan,ubsan} in favor of --enable-sanitizers 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 17:35:59 +02:00
Stéphane Graber
d96134fa74
Merge pull request #3749 from brauner/2021-03-29/fixes 
compiler: fix thread_local detection
 2021-03-29 10:45:46 -04:00
Christian Brauner
86624ee4a5
Merge pull request #3746 from evverx/CIFuzz-unblock-msan 
CIFuzz: turn on MSan
 2021-03-29 16:06:16 +02:00
Christian Brauner
448439729d
compiler: fix thread_local detection 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 16:03:57 +02:00
Stéphane Graber
be43adcda9
Merge pull request #3748 from brauner/2021-03-29/fixes 
fixes & config key validation
 2021-03-29 08:13:08 -04:00
Evgeny Vereshchagin
593f13bf0a oss-fuzz.sh: put the "lxc.net" keys in the seed corpus as well 
It's just a follow-up to 0abcc213e2 (where the "lxc.net" keys
were moved from config_jump_table to config_jump_table_net)

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-29 11:49:01 +00:00
Christian Brauner
ea60ca9565
lxccontainer: ensure second parameter to bsearch is never NULL 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 13:32:00 +02:00
Christian Brauner
52ce85046b
conf: fix thread_local support detection 
Our detection for TLS wasn't working. Fix it.

Fixes: https://github.com/lxc/lxd/issues/8327
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 13:32:00 +02:00
Christian Brauner
2d676c005c
tests: add another test for garbage config key 
where a valid key has trailing garbage at the end before the "=".

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:34:33 +02:00
Christian Brauner
cea88c47ac
tests: fix two false negatives in parse_config_file() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:33:33 +02:00
Christian Brauner
f0383b96e0
confile: cleanup set_config_net_script_down() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:26:12 +02:00
Christian Brauner
040b3e1d24
confile: cleanup set_config_net_script_up() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:26:11 +02:00
Christian Brauner
6d0297b9ae
confile: cleanup set_config_net_mtu() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:26:11 +02:00
Christian Brauner
a8b7aefc15
confile: cleanup set_config_net_hwaddr() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:26:11 +02:00
Christian Brauner
8d508eaa9b
confile: clear netdev on network type change 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32584
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 12:26:11 +02:00
Christian Brauner
12babd78e3
confile: vet keys more aggressively 
Enforce an exact match for all keys where we now the subkeys must match
exactly.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 10:19:30 +02:00
Christian Brauner
d21e950059
confile: safely clean previous value in set_config_net_ipv4_gateway() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32586
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 10:07:39 +02:00
Christian Brauner
e0f420d5ae
confile: safely clean previous value in set_config_net_ipv6_gateway() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32610
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-29 10:07:39 +02:00
Christian Brauner
cc19bc5406
Merge pull request #3745 from evverx/ubsan-msan-support 
oss-fuzz/cifuzz: a couple of follow-up commits
 2021-03-28 23:16:45 +02:00
Christian Brauner
94d05c50c9
Merge pull request #3744 from evverx/oss-fuzz-32596 
confile_utils: fix a signed integer overflow
 2021-03-28 19:20:49 +02:00
Stéphane Graber
db62570f0f
Merge pull request #3743 from brauner/2021-03-27/fixes_3 
oss-fuzz: fixes
 2021-03-28 12:35:16 -04:00
Evgeny Vereshchagin
f6727edbf7 string_utils: work around an MSan false positive 
MSan doesn't instrument stpncpy (https://github.com/google/sanitizers/issues/926),
which causes the fuzzer to fail with:
```
$ cat ../minimized-from-740f56329efc60eab59b8194132b712a873e88a3
lxc.console.size=123

$ ./out/fuzz-lxc-config-read ../minimized-from-740f56329efc60eab59b8194132b712a873e88a3
INFO: Seed: 3561494591
INFO: Loaded 1 modules   (18795 inline 8-bit counters): 18795 [0x866b98, 0x86b503),
INFO: Loaded 1 PC tables (18795 PCs): 18795 [0x86b508,0x8b4bb8),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: ../minimized-from-740f56329efc60eab59b8194132b712a873e88a3
==850885==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x6b3e7f in parse_byte_size_string /home/vagrant/lxc/src/lxc/string_utils.c:912:6
    #1 0x550991 in set_config_console_size /home/vagrant/lxc/src/lxc/confile.c:2483:8
    #2 0x5346e2 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2962:9
    #3 0x64b3cd in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
    #4 0x53340c in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3039:9
    #5 0x4e7ec2 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
    #6 0x44ad2c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x44ad2c)
    #7 0x42ca4d in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42ca4d)
    #8 0x433af0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x433af0)
    #9 0x423ff6 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423ff6)
    #10 0x7f79bdc89081 in __libc_start_main (/lib64/libc.so.6+0x27081)
    #11 0x42402d in _start (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42402d)

  Uninitialized value was created by an allocation of 'dup' in the stack frame of function 'parse_byte_size_string'
    #0 0x6b3330 in parse_byte_size_string /home/vagrant/lxc/src/lxc/string_utils.c:901

SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/vagrant/lxc/src/lxc/string_utils.c:912:6 in parse_byte_size_string
Exiting
```

Closes https://oss-fuzz.com/testcase-detail/5829890470445056

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-28 16:05:29 +00:00
Evgeny Vereshchagin
cf0f7aba41 cifuzz: turn on MSan 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-28 16:05:13 +00:00
Christian Brauner
4c5479d21e
string_utils: handle overflow correct in parse_byte_size_string() 
This takes the overflow handling code from the kernel.

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32549
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-28 11:55:13 +02:00
Evgeny Vereshchagin
a6fa6772e1 cifuzz: turn on UBsan 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-28 06:53:44 +00:00
Evgeny Vereshchagin
745d60487b oss-fuzz.sh: take SANITIZER into account 
to make it possible to build the fuzzer with UBSan and MSan locally

```
$ SANITIZER=undefined ./src/tests/oss-fuzz.sh
$ printf 'lxc.signal.stop=sigrtmax-020000000020' >oss-fuzz-32596
$ UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 ./out/fuzz-lxc-config-read oss-fuzz-32596
INFO: Seed: 595864277
INFO: Loaded 1 modules   (61553 inline 8-bit counters): 61553 [0x80a1b0, 0x819221),
INFO: Loaded 1 PC tables (61553 PCs): 61553 [0x819228,0x909938),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: oss-fuzz-32596
confile_utils.c:1051:20: runtime error: signed integer overflow: 64 - -2147483632 cannot be represented in type 'int'
    #0 0x51799a in rt_sig_num /home/vagrant/lxc/src/lxc/confile_utils.c:1051:20
    #1 0x517268 in sig_parse /home/vagrant/lxc/src/lxc/confile_utils.c:1069:11
    #2 0x500ca4 in set_config_signal_stop /home/vagrant/lxc/src/lxc/confile.c:1738:10
    #3 0x4b8c7c in parse_line /home/vagrant/lxc/src/lxc/confile.c:2962:9
    #4 0x5a5eb0 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9

```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-28 06:52:01 +00:00
Evgeny Vereshchagin
e6b35fbfb6 confile_utils: fix a signed integer overflow 
This was triggered by the following chain of conversions:

lxc_safe_uint("020000000020") -> 2147483664 (uint)
sig_num(2147483664 (uint)) -> -2147483632 (int)

64 - -2147483632 cannot be represented in type 'int'

Closes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32596

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-28 05:41:34 +00:00
Christian Brauner
405b28a4de
confile: don't leak memory in case multiple shmounts are set 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32503
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 20:59:15 +01:00
Christian Brauner
79d2f54fd5
confile: add missing prefix validation 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32488
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-27 20:49:19 +01:00
Stéphane Graber
d734e61169
Merge pull request #3741 from brauner/2021-03-27/fixes_2 
confile_utils: free list during lxc_remove_nic_by_idx()
 2021-03-27 14:32:51 -04:00