mirror of
https://github.com/systemd/systemd
synced 2026-03-24 15:55:00 +01:00
Compare commits
9 Commits
836fb00f21
...
5afcf89ca2
| Author | SHA1 | Date | |
|---|---|---|---|
|
5afcf89ca2 | ||
|
|
76f226d71b | ||
|
|
06e8d75a5d | ||
|
|
9cbf128202 | ||
|
|
0eec7f5ffa | ||
|
|
e8b08edcdf | ||
|
|
d8782cc5c2 | ||
|
|
de949e911e | ||
|
|
0c42b61348 |
@ -44,10 +44,11 @@ typedef void (*free_func_t)(void *p);
|
||||
|
||||
#define malloc0(n) (calloc(1, (n) ?: 1))
|
||||
|
||||
static inline void *mfree(void *memory) {
|
||||
free(memory);
|
||||
return NULL;
|
||||
}
|
||||
#define mfree(memory) \
|
||||
({ \
|
||||
free(memory); \
|
||||
(typeof(memory)) NULL; \
|
||||
})
|
||||
|
||||
#define free_and_replace(a, b) \
|
||||
({ \
|
||||
|
||||
@ -71,6 +71,16 @@ static inline void *memmem_safe(const void *haystack, size_t haystacklen, const
|
||||
return memmem(haystack, haystacklen, needle, needlelen);
|
||||
}
|
||||
|
||||
static inline void *mempmem_safe(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) {
|
||||
const uint8_t *p;
|
||||
|
||||
p = memmem_safe(haystack, haystacklen, needle, needlelen);
|
||||
if (!p)
|
||||
return NULL;
|
||||
|
||||
return (uint8_t*) p + needlelen;
|
||||
}
|
||||
|
||||
#if HAVE_EXPLICIT_BZERO
|
||||
static inline void* explicit_bzero_safe(void *p, size_t l) {
|
||||
if (l > 0)
|
||||
|
||||
@ -159,12 +159,11 @@ static int get_file_version(int fd, char **v) {
|
||||
if (buf == MAP_FAILED)
|
||||
return log_error_errno(errno, "Failed to memory map EFI binary: %m");
|
||||
|
||||
s = memmem(buf, st.st_size - 8, "#### LoaderInfo: ", 17);
|
||||
s = mempmem_safe(buf, st.st_size - 8, "#### LoaderInfo: ", 17);
|
||||
if (!s)
|
||||
goto finish;
|
||||
s += 17;
|
||||
|
||||
e = memmem(s, st.st_size - (s - buf), " ####", 5);
|
||||
e = memmem_safe(s, st.st_size - (s - buf), " ####", 5);
|
||||
if (!e || e - s < 3) {
|
||||
r = log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Malformed version string.");
|
||||
goto finish;
|
||||
|
||||
@ -5497,10 +5497,19 @@ const char *unit_label_path(const Unit *u) {
|
||||
/* Returns the file system path to use for MAC access decisions, i.e. the file to read the SELinux label off
|
||||
* when validating access checks. */
|
||||
|
||||
if (IN_SET(u->load_state, UNIT_MASKED, UNIT_NOT_FOUND, UNIT_MERGED))
|
||||
return NULL; /* Shortcut things if we know there is no real, relevant unit file around */
|
||||
|
||||
p = u->source_path ?: u->fragment_path;
|
||||
if (!p)
|
||||
return NULL;
|
||||
|
||||
if (IN_SET(u->load_state, UNIT_LOADED, UNIT_BAD_SETTING, UNIT_ERROR))
|
||||
return p; /* Shortcut things, if we successfully loaded at least some stuff from the unit file */
|
||||
|
||||
/* Not loaded yet, we need to go to disk */
|
||||
assert(u->load_state == UNIT_STUB);
|
||||
|
||||
/* If a unit is masked, then don't read the SELinux label of /dev/null, as that really makes no sense */
|
||||
if (null_or_empty_path(p) > 0)
|
||||
return NULL;
|
||||
|
||||
@ -10,6 +10,7 @@
|
||||
#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
#include "io-util.h"
|
||||
#include "memory-util.h"
|
||||
#include "path-util.h"
|
||||
#include "process-util.h"
|
||||
#include "pull-common.h"
|
||||
@ -342,18 +343,18 @@ static int verify_one(PullJob *checksum_job, PullJob *job) {
|
||||
|
||||
line = strjoina(job->checksum, " *", fn, "\n");
|
||||
|
||||
p = memmem(checksum_job->payload,
|
||||
checksum_job->payload_size,
|
||||
line,
|
||||
strlen(line));
|
||||
p = memmem_safe(checksum_job->payload,
|
||||
checksum_job->payload_size,
|
||||
line,
|
||||
strlen(line));
|
||||
|
||||
if (!p) {
|
||||
line = strjoina(job->checksum, " ", fn, "\n");
|
||||
|
||||
p = memmem(checksum_job->payload,
|
||||
checksum_job->payload_size,
|
||||
line,
|
||||
strlen(line));
|
||||
p = memmem_safe(checksum_job->payload,
|
||||
checksum_job->payload_size,
|
||||
line,
|
||||
strlen(line));
|
||||
}
|
||||
|
||||
if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n'))
|
||||
|
||||
@ -1134,30 +1134,24 @@ static int client_parse_message(
|
||||
|
||||
switch (optcode) {
|
||||
case SD_DHCP6_OPTION_CLIENTID:
|
||||
if (clientid) {
|
||||
log_dhcp6_client(client, "%s contains multiple clientids",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
return -EINVAL;
|
||||
}
|
||||
if (clientid)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s contains multiple clientids",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
|
||||
if (optlen != client->duid_len ||
|
||||
memcmp(&client->duid, optval, optlen) != 0) {
|
||||
log_dhcp6_client(client, "%s DUID does not match",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
memcmp(&client->duid, optval, optlen) != 0)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s DUID does not match",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
|
||||
return -EINVAL;
|
||||
}
|
||||
clientid = true;
|
||||
|
||||
break;
|
||||
|
||||
case SD_DHCP6_OPTION_SERVERID:
|
||||
r = dhcp6_lease_get_serverid(lease, NULL, NULL);
|
||||
if (r >= 0) {
|
||||
log_dhcp6_client(client, "%s contains multiple serverids",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
return -EINVAL;
|
||||
}
|
||||
if (r >= 0)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s contains multiple serverids",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
|
||||
r = dhcp6_lease_set_serverid(lease, optval, optlen);
|
||||
if (r < 0)
|
||||
@ -1180,20 +1174,16 @@ static int client_parse_message(
|
||||
if (status < 0)
|
||||
return status;
|
||||
|
||||
if (status > 0) {
|
||||
log_dhcp6_client(client, "%s Status %s",
|
||||
dhcp6_message_type_to_string(message->type),
|
||||
dhcp6_message_status_to_string(status));
|
||||
|
||||
return -EINVAL;
|
||||
}
|
||||
if (status > 0)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s Status %s",
|
||||
dhcp6_message_type_to_string(message->type),
|
||||
dhcp6_message_status_to_string(status));
|
||||
|
||||
break;
|
||||
|
||||
case SD_DHCP6_OPTION_IA_NA:
|
||||
if (client->state == DHCP6_STATE_INFORMATION_REQUEST) {
|
||||
log_dhcp6_client(client, "Information request ignoring IA NA option");
|
||||
|
||||
log_dhcp6_client(client, "Ignoring IA NA option in information requesting mode.");
|
||||
break;
|
||||
}
|
||||
|
||||
@ -1210,23 +1200,20 @@ static int client_parse_message(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (client->ia_na.ia_na.id != iaid_lease) {
|
||||
log_dhcp6_client(client, "%s has wrong IAID for IA NA",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
return -EINVAL;
|
||||
}
|
||||
if (client->ia_na.ia_na.id != iaid_lease)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s has wrong IAID for IA NA",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
|
||||
if (lease->ia.addresses) {
|
||||
lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1));
|
||||
lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t1));
|
||||
lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2));
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case SD_DHCP6_OPTION_IA_PD:
|
||||
if (client->state == DHCP6_STATE_INFORMATION_REQUEST) {
|
||||
log_dhcp6_client(client, "Information request ignoring IA PD option");
|
||||
|
||||
log_dhcp6_client(client, "Ignoring IA PD option in information requesting mode.");
|
||||
break;
|
||||
}
|
||||
|
||||
@ -1243,11 +1230,9 @@ static int client_parse_message(
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (client->ia_pd.ia_pd.id != iaid_lease) {
|
||||
log_dhcp6_client(client, "%s has wrong IAID for IA PD",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
return -EINVAL;
|
||||
}
|
||||
if (client->ia_pd.ia_pd.id != iaid_lease)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s has wrong IAID for IA PD",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
|
||||
if (lease->pd.addresses) {
|
||||
lt_t1 = MIN(lt_t1, be32toh(lease->pd.ia_pd.lifetime_t1));
|
||||
@ -1309,35 +1294,28 @@ static int client_parse_message(
|
||||
pos += offsetof(DHCP6Option, data) + optlen;
|
||||
}
|
||||
|
||||
if (ia_na_status > 0 && ia_pd_status > 0) {
|
||||
log_dhcp6_client(client, "No IA_PD prefix or IA_NA address received. Ignoring.");
|
||||
return -EINVAL;
|
||||
}
|
||||
if (ia_na_status > 0 && ia_pd_status > 0)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "No IA_PD prefix or IA_NA address received. Ignoring.");
|
||||
|
||||
if (!clientid) {
|
||||
log_dhcp6_client(client, "%s has incomplete options",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
return -EINVAL;
|
||||
}
|
||||
if (!clientid)
|
||||
return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(EINVAL), "%s has incomplete options",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
|
||||
if (client->state != DHCP6_STATE_INFORMATION_REQUEST) {
|
||||
r = dhcp6_lease_get_serverid(lease, NULL, NULL);
|
||||
if (r < 0) {
|
||||
log_dhcp6_client(client, "%s has no server id",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
return -EINVAL;
|
||||
}
|
||||
if (r < 0)
|
||||
return log_dhcp6_client_errno(client, r, "%s has no server id",
|
||||
dhcp6_message_type_to_string(message->type));
|
||||
}
|
||||
|
||||
} else {
|
||||
if (lease->ia.addresses) {
|
||||
lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1);
|
||||
lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2);
|
||||
}
|
||||
if (lease->ia.addresses) {
|
||||
lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1);
|
||||
lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2);
|
||||
}
|
||||
|
||||
if (lease->pd.addresses) {
|
||||
lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1);
|
||||
lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2);
|
||||
}
|
||||
if (lease->pd.addresses) {
|
||||
lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1);
|
||||
lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2);
|
||||
}
|
||||
|
||||
client->information_refresh_time_usec = MAX(irt, IRT_MINIMUM);
|
||||
|
||||
@ -173,12 +173,12 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
|
||||
if (!d)
|
||||
return 0;
|
||||
|
||||
e = memmem(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
|
||||
e = memmem_safe(d + 2, b->rbuffer_size - (d - (char*) b->rbuffer) - 2, "\r\n", 2);
|
||||
if (!e)
|
||||
return 0;
|
||||
|
||||
if (b->accept_fd) {
|
||||
f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
|
||||
f = memmem_safe(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
|
||||
if (!f)
|
||||
return 0;
|
||||
|
||||
@ -399,7 +399,7 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
|
||||
for (;;) {
|
||||
/* Check if line is complete */
|
||||
line = (char*) b->rbuffer + b->auth_rbegin;
|
||||
e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
|
||||
e = memmem_safe(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
|
||||
if (!e)
|
||||
return processed;
|
||||
|
||||
|
||||
@ -47,8 +47,8 @@ DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const D
|
||||
if (cname->key->type == DNS_TYPE_CNAME)
|
||||
return dns_resource_key_new(key->class, key->type, cname->cname.name);
|
||||
else {
|
||||
_cleanup_free_ char *destination = NULL;
|
||||
DnsResourceKey *k;
|
||||
char *destination = NULL;
|
||||
|
||||
r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
|
||||
if (r < 0)
|
||||
@ -58,8 +58,9 @@ DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const D
|
||||
|
||||
k = dns_resource_key_new_consume(key->class, key->type, destination);
|
||||
if (!k)
|
||||
return mfree(destination);
|
||||
return NULL;
|
||||
|
||||
TAKE_PTR(destination);
|
||||
return k;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user