alloc-util: make mfree() typesafe

Make sure we return the same type as we accept. One incorrect use of mfree() is discovered and fixed this way.
Merge pull request #20414 from yuwata/sd-dhcp6-client-trivial-fixes
2026-03-25 08:14:54 +01:00 · 2021-08-11 04:47:10 +09:00 · 2021-08-10 20:32:29 +01:00 · 2021-08-10 20:31:36 +01:00 · 2021-08-10 20:30:41 +01:00 · 2021-08-10 21:57:42 +09:00
8 changed files with 79 additions and 80 deletions
--- a/src/basic/alloc-util.h
+++ b/src/basic/alloc-util.h
@ -44,10 +44,11 @@ typedef void (*free_func_t)(void *p);
 #define malloc0(n) (calloc(1, (n) ?: 1))
-static inline void *mfree(void *memory) {
+#define mfree(memory)                           \
-        free(memory);
+        ({                                      \
-        return NULL;
+                free(memory);                   \
-}
+                (typeof(memory)) NULL;          \
        })
 #define free_and_replace(a, b)                  \
        ({                                      \
--- a/src/basic/memory-util.h
+++ b/src/basic/memory-util.h
@ -71,6 +71,16 @@ static inline void *memmem_safe(const void *haystack, size_t haystacklen, const
        return memmem(haystack, haystacklen, needle, needlelen);
 }
 static inline void *mempmem_safe(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) {
        const uint8_t *p;
        p = memmem_safe(haystack, haystacklen, needle, needlelen);
        if (!p)
                return NULL;
        return (uint8_t*) p + needlelen;
 }
 #if HAVE_EXPLICIT_BZERO
 static inline void* explicit_bzero_safe(void *p, size_t l) {
        if (l > 0)
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@ -159,12 +159,11 @@ static int get_file_version(int fd, char **v) {
        if (buf == MAP_FAILED)
                return log_error_errno(errno, "Failed to memory map EFI binary: %m");
-        s = memmem(buf, st.st_size - 8, "#### LoaderInfo: ", 17);
+        s = mempmem_safe(buf, st.st_size - 8, "#### LoaderInfo: ", 17);
        if (!s)
                goto finish;
        s += 17;
-        e = memmem(s, st.st_size - (s - buf), " ####", 5);
+        e = memmem_safe(s, st.st_size - (s - buf), " ####", 5);
        if (!e || e - s < 3) {
                r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed version string.");
                goto finish;
--- a/src/core/unit.c
+++ b/src/core/unit.c
@ -5497,10 +5497,19 @@ const char *unit_label_path(const Unit *u) {
        /* Returns the file system path to use for MAC access decisions, i.e. the file to read the SELinux label off
         * when validating access checks. */
        if (IN_SET(u->load_state, UNIT_MASKED, UNIT_NOT_FOUND, UNIT_MERGED))
                return NULL; /* Shortcut things if we know there is no real, relevant unit file around */
        p = u->source_path ?: u->fragment_path;
        if (!p)
                return NULL;
        if (IN_SET(u->load_state, UNIT_LOADED, UNIT_BAD_SETTING, UNIT_ERROR))
                return p; /* Shortcut things, if we successfully loaded at least some stuff from the unit file */
        /* Not loaded yet, we need to go to disk */
        assert(u->load_state == UNIT_STUB);
        /* If a unit is masked, then don't read the SELinux label of /dev/null, as that really makes no sense */
        if (null_or_empty_path(p) > 0)
                return NULL;
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@ -10,6 +10,7 @@
 #include "escape.h"
 #include "fd-util.h"
 #include "io-util.h"
 #include "memory-util.h"
 #include "path-util.h"
 #include "process-util.h"
 #include "pull-common.h"
@ -342,7 +343,7 @@ static int verify_one(PullJob *checksum_job, PullJob *job) {
        line = strjoina(job->checksum, " *", fn, "\n");
-        p = memmem(checksum_job->payload,
+        p = memmem_safe(checksum_job->payload,
                        checksum_job->payload_size,
                        line,
                        strlen(line));
@ -350,7 +351,7 @@ static int verify_one(PullJob *checksum_job, PullJob *job) {
        if (!p) {
                line = strjoina(job->checksum, "  ", fn, "\n");
-                p = memmem(checksum_job->payload,
+                p = memmem_safe(checksum_job->payload,
                                checksum_job->payload_size,
                                line,
                                strlen(line));
--- a/src/libsystemd-network/sd-dhcp6-client.c
+++ b/src/libsystemd-network/sd-dhcp6-client.c
@ -1134,30 +1134,24 @@ static int client_parse_message(
                switch (optcode) {
                case SD_DHCP6_OPTION_CLIENTID:
-                        if (clientid) {
+                        if (clientid)
-                                log_dhcp6_client(client, "%s contains multiple clientids",
+                                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s contains multiple clientids",
                                                              dhcp6_message_type_to_string(message->type));
                                return -EINVAL;
                        }
                        if (optlen != client->duid_len ||
-                            memcmp(&client->duid, optval, optlen) != 0) {
+                            memcmp(&client->duid, optval, optlen) != 0)
-                                log_dhcp6_client(client, "%s DUID does not match",
+                                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s DUID does not match",
                                                              dhcp6_message_type_to_string(message->type));
                                return -EINVAL;
                        }
                        clientid = true;
                        break;
                case SD_DHCP6_OPTION_SERVERID:
                        r = dhcp6_lease_get_serverid(lease, NULL, NULL);
-                        if (r >= 0) {
+                        if (r >= 0)
-                                log_dhcp6_client(client, "%s contains multiple serverids",
+                                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s contains multiple serverids",
                                                              dhcp6_message_type_to_string(message->type));
                                return -EINVAL;
                        }
                        r = dhcp6_lease_set_serverid(lease, optval, optlen);
                        if (r < 0)
@ -1180,20 +1174,16 @@ static int client_parse_message(
                        if (status < 0)
                                return status;
-                        if (status > 0) {
+                        if (status > 0)
-                                log_dhcp6_client(client, "%s Status %s",
+                                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s Status %s",
                                                              dhcp6_message_type_to_string(message->type),
                                                              dhcp6_message_status_to_string(status));
                                return -EINVAL;
                        }
                        break;
                case SD_DHCP6_OPTION_IA_NA:
                        if (client->state == DHCP6_STATE_INFORMATION_REQUEST) {
-                                log_dhcp6_client(client, "Information request ignoring IA NA option");
+                                log_dhcp6_client(client, "Ignoring IA NA option in information requesting mode.");
                                break;
                        }
@ -1210,23 +1200,20 @@ static int client_parse_message(
                        if (r < 0)
                                return r;
-                        if (client->ia_na.ia_na.id != iaid_lease) {
+                        if (client->ia_na.ia_na.id != iaid_lease)
-                                log_dhcp6_client(client, "%s has wrong IAID for IA NA",
+                                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s has wrong IAID for IA NA",
                                                              dhcp6_message_type_to_string(message->type));
                                return -EINVAL;
                        }
                        if (lease->ia.addresses) {
                                lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1));
-                                lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t1));
+                                lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2));
                        }
                        break;
                case SD_DHCP6_OPTION_IA_PD:
                        if (client->state == DHCP6_STATE_INFORMATION_REQUEST) {
-                                log_dhcp6_client(client, "Information request ignoring IA PD option");
+                                log_dhcp6_client(client, "Ignoring IA PD option in information requesting mode.");
                                break;
                        }
@ -1243,11 +1230,9 @@ static int client_parse_message(
                        if (r < 0)
                                return r;
-                        if (client->ia_pd.ia_pd.id != iaid_lease) {
+                        if (client->ia_pd.ia_pd.id != iaid_lease)
-                                log_dhcp6_client(client, "%s has wrong IAID for IA PD",
+                                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s has wrong IAID for IA PD",
                                                              dhcp6_message_type_to_string(message->type));
                                return -EINVAL;
                        }
                        if (lease->pd.addresses) {
                                lt_t1 = MIN(lt_t1, be32toh(lease->pd.ia_pd.lifetime_t1));
@ -1309,26 +1294,20 @@ static int client_parse_message(
                pos += offsetof(DHCP6Option, data) + optlen;
        }
-        if (ia_na_status > 0 && ia_pd_status > 0) {
+        if (ia_na_status > 0 && ia_pd_status > 0)
-                log_dhcp6_client(client, "No IA_PD prefix or IA_NA address received. Ignoring.");
+                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "No IA_PD prefix or IA_NA address received. Ignoring.");
                return -EINVAL;
        }
-        if (!clientid) {
+        if (!clientid)
-                log_dhcp6_client(client, "%s has incomplete options",
+                return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s has incomplete options",
                                              dhcp6_message_type_to_string(message->type));
                return -EINVAL;
        }
        if (client->state != DHCP6_STATE_INFORMATION_REQUEST) {
                r = dhcp6_lease_get_serverid(lease, NULL, NULL);
-                if (r < 0) {
+                if (r < 0)
-                        log_dhcp6_client(client, "%s has no server id",
+                        return log_dhcp6_client_errno(client, r, "%s has no server id",
                                                      dhcp6_message_type_to_string(message->type));
                        return -EINVAL;
        }
        } else {
        if (lease->ia.addresses) {
                lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1);
                lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2);
@ -1338,7 +1317,6 @@ static int client_parse_message(
                lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1);
                lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2);
        }
        }
        client->information_refresh_time_usec = MAX(irt, IRT_MINIMUM);
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@ -173,12 +173,12 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
        if (!d)
                return 0;
-        e = memmem(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
+        e = memmem_safe(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
        if (!e)
                return 0;
        if (b->accept_fd) {
-                f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
+                f = memmem_safe(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
                if (!f)
                        return 0;
@ -399,7 +399,7 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
        for (;;) {
                /* Check if line is complete */
                line = (char*) b->rbuffer + b->auth_rbegin;
-                e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
+                e = memmem_safe(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
                if (!e)
                        return processed;
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/resolve/resolved-dns-rr.c
@ -47,8 +47,8 @@ DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const D
        if (cname->key->type == DNS_TYPE_CNAME)
                return dns_resource_key_new(key->class, key->type, cname->cname.name);
        else {
                _cleanup_free_ char *destination = NULL;
                DnsResourceKey *k;
                char *destination = NULL;
                r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
                if (r < 0)
@ -58,8 +58,9 @@ DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const D
                k = dns_resource_key_new_consume(key->class, key->type, destination);
                if (!k)
-                        return mfree(destination);
+                        return NULL;
                TAKE_PTR(destination);
                return k;
        }
 }
Author	SHA1	Message	Date
Lennart Poettering	5afcf89ca2	alloc-util: make mfree() typesafe Make sure we return the same type as we accept. One incorrect use of mfree() is discovered and fixed this way.	2021-08-11 04:47:10 +09:00
Luca Boccassi	76f226d71b	Merge pull request #20414 from yuwata/sd-dhcp6-client-trivial-fixes sd-dhcp6-client: several fixes and cleanups	2021-08-10 20:32:29 +01:00
Luca Boccassi	06e8d75a5d	Merge pull request #20413 from poettering/mempmen add and use mempmem_safe()	2021-08-10 20:31:36 +01:00
Lennart Poettering	9cbf128202	core: don't go to disk for masked unit state if we know it anyway This should speed up our selinux checks a bit, since in most cases we already know if a unit is masked, so use that info.	2021-08-10 20:30:41 +01:00
Yu Watanabe	0eec7f5ffa	sd-dhcp6-client: use SYNTHETIC_ERRNO()	2021-08-10 21:57:42 +09:00
Lennart Poettering	e8b08edcdf	tree-wide: use memmem_safe() Let's be paranoid and do something useful if we operate with empty haystack/needle. This doesn't actually fix anything, as the places as far as I can see check for non-emptyness already beforehand, but I will sleep safer at night, if we don't even allow the trap to be fallen in, ever, even if the code is changed sooner or later.	2021-08-10 14:55:50 +02:00
Lennart Poettering	d8782cc5c2	memory-util: add mempmem_safe() This is like memmem_safe() but returns a pointer after the needle, instead to the beginning of the needle. This is then used at one place. Not much, but it makes me sleep safer at night, as it avoids the manual counting done so far.	2021-08-10 14:55:50 +02:00
Yu Watanabe	de949e911e	sd-dhcp6-client: cirtainly adjust T1 and T2 This fixes a bug introduced by 99f1d3fc5043b33dea5faa88f7015a487965333f. Note that in the information requesting mode, the lease has neither addresses nor PD prefixes.	2021-08-10 21:39:30 +09:00
Yu Watanabe	0c42b61348	sd-dhcp6-client: fix copy-and-paste mistake Fix bug introduced by b47fb949b338a8e77be789542fffb8c86da79284.	2021-08-10 21:36:07 +09:00