[lxc-devel] [lxc/lxc] c45833: string_utils: always memset buf in lxc_safe_int64_...
Stéphane Graber
noreply at github.com
Sat Mar 27 15:48:32 UTC 2021
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: c45833e39c85c5e16270aa4122b1929dd086127a
https://github.com/lxc/lxc/commit/c45833e39c85c5e16270aa4122b1929dd086127a
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/string_utils.c
Log Message:
-----------
string_utils: always memset buf in lxc_safe_int64_residual()
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32482
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: cc36133d43b65a2e7b0e1e6fa086d5ff20854392
https://github.com/lxc/lxc/commit/cc36133d43b65a2e7b0e1e6fa086d5ff20854392
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: reinitialize lists
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 25ed0305b1e511ef79cbbc725628476099d18afd
https://github.com/lxc/lxc/commit/25ed0305b1e511ef79cbbc725628476099d18afd
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/confile_utils.c
Log Message:
-----------
confile_utils: free network list items
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: ced5587c03620e61ff402d24dc45898b9c0eed30
https://github.com/lxc/lxc/commit/ced5587c03620e61ff402d24dc45898b9c0eed30
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: coding style cleanups
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 6a52a513f9015926ccc023863e17fa7a2bad7a8d
https://github.com/lxc/lxc/commit/6a52a513f9015926ccc023863e17fa7a2bad7a8d
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
confile: make string calculations in get_network_config_ops() more obvious
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: bbc9892535bb5fb8e2571372a9d82513c22732ab
https://github.com/lxc/lxc/commit/bbc9892535bb5fb8e2571372a9d82513c22732ab
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
confile: use correct check for too large network lists
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 299ddd1663b86eabb0080b0cca044d2b7850e3c8
https://github.com/lxc/lxc/commit/299ddd1663b86eabb0080b0cca044d2b7850e3c8
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
confile: improve network vetting
Move all input sanity checks up and add two missing checks for the
correct network type when using veth-vlan and vlan network types.
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32513
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: f6848c5fbc29ebbe3363dc93b8575a7f024399c9
https://github.com/lxc/lxc/commit/f6848c5fbc29ebbe3363dc93b8575a7f024399c9
Author: Evgeny Vereshchagin <evvers at ya.ru>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
confile: fix a memory leak in set_config_net_hwaddr
It was found by ClusterFuzz in https://oss-fuzz.com/testcase-detail/4747480244813824
but hasn't been reported on Monorail
(https://bugs.chromium.org/p/oss-fuzz/) yet
```
$ cat minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
lxc.net.0.hwaddr=0
lxc.net.0.hwaddr=4
./out/fuzz-lxc-config-read minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
INFO: Seed: 1473396311
INFO: Loaded 1 modules (18821 inline 8-bit counters): 18821 [0x885fa0, 0x88a925),
INFO: Loaded 1 PC tables (18821 PCs): 18821 [0x88a928,0x8d4178),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
=================================================================
==226185==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4d25d7 in strdup (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x4d25d7)
#1 0x58e48f in set_config_net_hwaddr /home/vagrant/lxc/src/lxc/confile.c:654:14
#2 0x59af3b in set_config_net_nic /home/vagrant/lxc/src/lxc/confile.c:5276:9
#3 0x571c29 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2958:9
#4 0x61b0b2 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
#5 0x5710ed in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3035:9
#6 0x542cd6 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
#7 0x449e8c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x449e8c)
#8 0x42bbad in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42bbad)
#9 0x432c50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x432c50)
#10 0x423136 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423136)
#11 0x7f2cbb992081 in __libc_start_main (/lib64/libc.so.6+0x27081)
SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
```
Signed-off-by: Evgeny Vereshchagin <evvers at ya.ru>
Commit: 1504790389f07348e722aa760cf06ef3234fc265
https://github.com/lxc/lxc/commit/1504790389f07348e722aa760cf06ef3234fc265
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
confile: prevent recursion when parsing networks
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: b2606302dead642b1f4a352c6804cd7ab5a6c20e
https://github.com/lxc/lxc/commit/b2606302dead642b1f4a352c6804cd7ab5a6c20e
Author: Evgeny Vereshchagin <evvers at ya.ru>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M .github/workflows/cifuzz.yml
Log Message:
-----------
ci: turn on ASan on CIFuzz
Signed-off-by: Evgeny Vereshchagin <evvers at ya.ru>
Commit: cc98c47021322328347d6dbffccebbea4f396e86
https://github.com/lxc/lxc/commit/cc98c47021322328347d6dbffccebbea4f396e86
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2021-03-27 (Sat, 27 Mar 2021)
Changed paths:
M .github/workflows/cifuzz.yml
M src/lxc/conf.c
M src/lxc/confile.c
M src/lxc/confile_utils.c
M src/lxc/string_utils.c
Log Message:
-----------
Merge pull request #3739 from brauner/2021-03-27/fixes
oss-fuzz: fixes
Compare: https://github.com/lxc/lxc/compare/6a374b65e718...cc98c4702132
More information about the lxc-devel
mailing list