[lxc-devel] [lxc/lxc] c45833: string_utils: always memset buf in lxc_safe_int64_...

St├ęphane Graber noreply at github.com
Sat Mar 27 15:48:32 UTC 2021


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: c45833e39c85c5e16270aa4122b1929dd086127a
      https://github.com/lxc/lxc/commit/c45833e39c85c5e16270aa4122b1929dd086127a
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/string_utils.c

  Log Message:
  -----------
  string_utils: always memset buf in lxc_safe_int64_residual()

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32482
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: cc36133d43b65a2e7b0e1e6fa086d5ff20854392
      https://github.com/lxc/lxc/commit/cc36133d43b65a2e7b0e1e6fa086d5ff20854392
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf: reinitialize lists

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 25ed0305b1e511ef79cbbc725628476099d18afd
      https://github.com/lxc/lxc/commit/25ed0305b1e511ef79cbbc725628476099d18afd
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/confile_utils.c

  Log Message:
  -----------
  confile_utils: free network list items

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: ced5587c03620e61ff402d24dc45898b9c0eed30
      https://github.com/lxc/lxc/commit/ced5587c03620e61ff402d24dc45898b9c0eed30
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf: coding style cleanups

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 6a52a513f9015926ccc023863e17fa7a2bad7a8d
      https://github.com/lxc/lxc/commit/6a52a513f9015926ccc023863e17fa7a2bad7a8d
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  confile: make string calculations in get_network_config_ops() more obvious

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: bbc9892535bb5fb8e2571372a9d82513c22732ab
      https://github.com/lxc/lxc/commit/bbc9892535bb5fb8e2571372a9d82513c22732ab
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  confile: use correct check for too large network lists

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 299ddd1663b86eabb0080b0cca044d2b7850e3c8
      https://github.com/lxc/lxc/commit/299ddd1663b86eabb0080b0cca044d2b7850e3c8
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  confile: improve network vetting

Move all input sanity checks up and add two missing checks for the
correct network type when using veth-vlan and vlan network types.

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32513
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: f6848c5fbc29ebbe3363dc93b8575a7f024399c9
      https://github.com/lxc/lxc/commit/f6848c5fbc29ebbe3363dc93b8575a7f024399c9
  Author: Evgeny Vereshchagin <evvers at ya.ru>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  confile: fix a memory leak in set_config_net_hwaddr

It was found by ClusterFuzz in https://oss-fuzz.com/testcase-detail/4747480244813824
but hasn't been reported on Monorail
(https://bugs.chromium.org/p/oss-fuzz/) yet

```
$ cat minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
lxc.net.0.hwaddr=0
lxc.net.0.hwaddr=4

./out/fuzz-lxc-config-read minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
INFO: Seed: 1473396311
INFO: Loaded 1 modules   (18821 inline 8-bit counters): 18821 [0x885fa0, 0x88a925),
INFO: Loaded 1 PC tables (18821 PCs): 18821 [0x88a928,0x8d4178),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e

=================================================================
==226185==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4d25d7 in strdup (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x4d25d7)
    #1 0x58e48f in set_config_net_hwaddr /home/vagrant/lxc/src/lxc/confile.c:654:14
    #2 0x59af3b in set_config_net_nic /home/vagrant/lxc/src/lxc/confile.c:5276:9
    #3 0x571c29 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2958:9
    #4 0x61b0b2 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
    #5 0x5710ed in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3035:9
    #6 0x542cd6 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
    #7 0x449e8c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x449e8c)
    #8 0x42bbad in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42bbad)
    #9 0x432c50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x432c50)
    #10 0x423136 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423136)
    #11 0x7f2cbb992081 in __libc_start_main (/lib64/libc.so.6+0x27081)

SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
```

Signed-off-by: Evgeny Vereshchagin <evvers at ya.ru>


  Commit: 1504790389f07348e722aa760cf06ef3234fc265
      https://github.com/lxc/lxc/commit/1504790389f07348e722aa760cf06ef3234fc265
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M src/lxc/confile.c

  Log Message:
  -----------
  confile: prevent recursion when parsing networks

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: b2606302dead642b1f4a352c6804cd7ab5a6c20e
      https://github.com/lxc/lxc/commit/b2606302dead642b1f4a352c6804cd7ab5a6c20e
  Author: Evgeny Vereshchagin <evvers at ya.ru>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M .github/workflows/cifuzz.yml

  Log Message:
  -----------
  ci: turn on ASan on CIFuzz

Signed-off-by: Evgeny Vereshchagin <evvers at ya.ru>


  Commit: cc98c47021322328347d6dbffccebbea4f396e86
      https://github.com/lxc/lxc/commit/cc98c47021322328347d6dbffccebbea4f396e86
  Author: St├ęphane Graber <stgraber at ubuntu.com>
  Date:   2021-03-27 (Sat, 27 Mar 2021)

  Changed paths:
    M .github/workflows/cifuzz.yml
    M src/lxc/conf.c
    M src/lxc/confile.c
    M src/lxc/confile_utils.c
    M src/lxc/string_utils.c

  Log Message:
  -----------
  Merge pull request #3739 from brauner/2021-03-27/fixes

oss-fuzz: fixes


Compare: https://github.com/lxc/lxc/compare/6a374b65e718...cc98c4702132


More information about the lxc-devel mailing list