diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-10-19 10:48:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-19 10:48:41 +0200 |
| commit | a4544f53c4613c07d66afd1eb284d17879aa19d4 (patch) | |
| tree | cf0ef4a2afbf5f8ea184d98307c96560b29d7128 /src/libsystemd-network | |
| parent | core: stop ignoring errors in connect_logger_as (diff) | |
| parent | sd-dhcp6: drop empty 'error' label (diff) | |
| download | systemd-a4544f53c4613c07d66afd1eb284d17879aa19d4.tar.xz systemd-a4544f53c4613c07d66afd1eb284d17879aa19d4.zip | |
Merge pull request #10457 from yuwata/fuzz-11019
sd-dhcp: fixes oss-fuzz#11019 and several cleanups
Diffstat (limited to 'src/libsystemd-network')
| -rw-r--r-- | src/libsystemd-network/dhcp6-option.c | 123 | ||||
| -rw-r--r-- | src/libsystemd-network/sd-dhcp6-client.c | 26 | ||||
| -rw-r--r-- | src/libsystemd-network/sd-dhcp6-lease.c | 11 | ||||
| -rw-r--r-- | src/libsystemd-network/test-dhcp6-client.c | 36 |
4 files changed, 86 insertions, 110 deletions
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c index cf19d366d3..d6c73b1f40 100644 --- a/src/libsystemd-network/dhcp6-option.c +++ b/src/libsystemd-network/dhcp6-option.c @@ -354,10 +354,8 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { switch (iatype) { case SD_DHCP6_OPTION_IA_NA: - if (len < DHCP6_OPTION_IA_NA_LEN) { - r = -ENOBUFS; - goto error; - } + if (len < DHCP6_OPTION_IA_NA_LEN) + return -ENOBUFS; iaaddr_offset = DHCP6_OPTION_IA_NA_LEN; memcpy(&ia->ia_na, iaoption->data, sizeof(ia->ia_na)); @@ -368,18 +366,15 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { if (lt_t1 && lt_t2 && lt_t1 > lt_t2) { log_dhcp6_client(client, "IA NA T1 %ds > T2 %ds", lt_t1, lt_t2); - r = -EINVAL; - goto error; + return -EINVAL; } break; case SD_DHCP6_OPTION_IA_PD: - if (len < sizeof(ia->ia_pd)) { - r = -ENOBUFS; - goto error; - } + if (len < sizeof(ia->ia_pd)) + return -ENOBUFS; iaaddr_offset = sizeof(ia->ia_pd); memcpy(&ia->ia_pd, iaoption->data, sizeof(ia->ia_pd)); @@ -390,17 +385,14 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { if (lt_t1 && lt_t2 && lt_t1 > lt_t2) { log_dhcp6_client(client, "IA PD T1 %ds > T2 %ds", lt_t1, lt_t2); - r = -EINVAL; - goto error; + return -EINVAL; } break; case SD_DHCP6_OPTION_IA_TA: - if (len < DHCP6_OPTION_IA_TA_LEN) { - r = -ENOBUFS; - goto error; - } + if (len < DHCP6_OPTION_IA_TA_LEN) + return -ENOBUFS; iaaddr_offset = DHCP6_OPTION_IA_TA_LEN; memcpy(&ia->ia_ta.id, iaoption->data, sizeof(ia->ia_ta)); @@ -408,8 +400,7 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { break; default: - r = -ENOMSG; - goto error; + return -ENOMSG; } ia->type = iatype; @@ -418,10 +409,8 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { while (i < len) { DHCP6Option *option = (DHCP6Option *)&iaoption->data[i]; - if (len < i + sizeof(*option) || len < i + sizeof(*option) + be16toh(option->len)) { - r = -ENOBUFS; - goto error; - } + if (len < i + sizeof(*option) || len < i + sizeof(*option) + be16toh(option->len)) + return -ENOBUFS; opt = be16toh(option->code); optlen = be16toh(option->len); @@ -431,13 +420,12 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { if (!IN_SET(ia->type, SD_DHCP6_OPTION_IA_NA, SD_DHCP6_OPTION_IA_TA)) { log_dhcp6_client(client, "IA Address option not in IA NA or TA option"); - r = -EINVAL; - goto error; + return -EINVAL; } r = dhcp6_option_parse_address(option, ia, <_valid); if (r < 0) - goto error; + return r; if (lt_valid < lt_min) lt_min = lt_valid; @@ -448,13 +436,12 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { if (!IN_SET(ia->type, SD_DHCP6_OPTION_IA_PD)) { log_dhcp6_client(client, "IA PD Prefix option not in IA PD option"); - r = -EINVAL; - goto error; + return -EINVAL; } r = dhcp6_option_parse_pdprefix(option, ia, <_valid); if (r < 0) - goto error; + return r; if (lt_valid < lt_min) lt_min = lt_valid; @@ -463,15 +450,14 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { case SD_DHCP6_OPTION_STATUS_CODE: - status = dhcp6_option_parse_status(option, optlen); - if (status) { + status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option)); + if (status < 0) + return status; + if (status > 0) { log_dhcp6_client(client, "IA status %d", status); - dhcp6_lease_free_ia(ia); - - r = -EINVAL; - goto error; + return -EINVAL; } break; @@ -515,8 +501,7 @@ int dhcp6_option_parse_ia(DHCP6Option *iaoption, DHCP6IA *ia) { break; } -error: - return r; + return 0; } int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, @@ -551,6 +536,7 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * bool first = true; for (;;) { + const char *label; uint8_t c; c = optval[pos++]; @@ -558,47 +544,41 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * if (c == 0) /* End of name */ break; - else if (c <= 63) { - const char *label; - - /* Literal label */ - label = (const char *)&optval[pos]; - pos += c; - if (pos >= optlen) - return -EMSGSIZE; - - if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) { - r = -ENOMEM; - goto fail; - } - - if (first) - first = false; - else - ret[n++] = '.'; - - r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX); - if (r < 0) - goto fail; - - n += r; - continue; - } else { - r = -EBADMSG; - goto fail; - } - } + if (c > 63) + return -EBADMSG; + + /* Literal label */ + label = (const char *)&optval[pos]; + pos += c; + if (pos >= optlen) + return -EMSGSIZE; + + if (!GREEDY_REALLOC(ret, allocated, n + !first + DNS_LABEL_ESCAPED_MAX)) + return -ENOMEM; + + if (first) + first = false; + else + ret[n++] = '.'; + + r = dns_label_escape(label, c, ret + n, DNS_LABEL_ESCAPED_MAX); + if (r < 0) + return r; - if (!GREEDY_REALLOC(ret, allocated, n + 1)) { - r = -ENOMEM; - goto fail; + n += r; } + if (n == 0) + continue; + + if (!GREEDY_REALLOC(ret, allocated, n + 1)) + return -ENOMEM; + ret[n] = 0; r = strv_extend(&names, ret); if (r < 0) - goto fail; + return r; idx++; } @@ -606,7 +586,4 @@ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char * *str_arr = TAKE_PTR(names); return idx; - -fail: - return r; } diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index c07d831f7d..2ddfead4b0 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -829,10 +829,11 @@ static int client_parse_message( DHCP6Message *message, size_t len, sd_dhcp6_lease *lease) { + + uint32_t lt_t1 = ~0, lt_t2 = ~0; + bool clientid = false; size_t pos = 0; int r; - bool clientid = false; - uint32_t lt_t1 = ~0, lt_t2 = ~0; assert(client); assert(message); @@ -842,20 +843,22 @@ static int client_parse_message( len -= sizeof(DHCP6Message); while (pos < len) { - DHCP6Option *option = (DHCP6Option *)&message->options[pos]; + DHCP6Option *option = (DHCP6Option *) &message->options[pos]; uint16_t optcode, optlen; - int status; - uint8_t *optval; be32_t iaid_lease; + uint8_t *optval; + int status; - if (len < pos + offsetof(DHCP6Option, data) || - len < pos + offsetof(DHCP6Option, data) + be16toh(option->len)) + if (len < pos + offsetof(DHCP6Option, data)) return -ENOBUFS; optcode = be16toh(option->code); optlen = be16toh(option->len); optval = option->data; + if (len < pos + offsetof(DHCP6Option, data) + optlen) + return -ENOBUFS; + switch (optcode) { case SD_DHCP6_OPTION_CLIENTID: if (clientid) { @@ -900,13 +903,14 @@ static int client_parse_message( break; case SD_DHCP6_OPTION_STATUS_CODE: - status = dhcp6_option_parse_status(option, optlen); - if (status) { + status = dhcp6_option_parse_status(option, optlen + sizeof(DHCP6Option)); + if (status < 0) + return status; + + if (status > 0) { log_dhcp6_client(client, "%s Status %s", dhcp6_message_type_to_string(message->type), dhcp6_message_status_to_string(status)); - dhcp6_lease_free_ia(&lease->ia); - dhcp6_lease_free_ia(&lease->pd); return -EINVAL; } diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c index 15fec2d851..8b424811ad 100644 --- a/src/libsystemd-network/sd-dhcp6-lease.c +++ b/src/libsystemd-network/sd-dhcp6-lease.c @@ -52,15 +52,16 @@ DHCP6IA *dhcp6_lease_free_ia(DHCP6IA *ia) { int dhcp6_lease_set_serverid(sd_dhcp6_lease *lease, const uint8_t *id, size_t len) { + uint8_t *serverid; + assert_return(lease, -EINVAL); assert_return(id, -EINVAL); - free(lease->serverid); - - lease->serverid = memdup(id, len); - if (!lease->serverid) - return -EINVAL; + serverid = memdup(id, len); + if (!serverid) + return -ENOMEM; + free_and_replace(lease->serverid, serverid); lease->serverid_len = len; return 0; diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index 5ec8403df0..0a93f8786c 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -26,8 +26,6 @@ static struct ether_addr mac_addr = { .ether_addr_octet = {'A', 'B', 'C', '1', '2', '3'} }; -static bool verbose = true; - static sd_event_source *hangcheck; static int test_dhcp_fd[2]; static int test_index = 42; @@ -39,8 +37,7 @@ static int test_client_basic(sd_event *e) { sd_dhcp6_client *client; int v; - if (verbose) - printf("* %s\n", __FUNCTION__); + log_debug("/* %s */", __func__); assert_se(sd_dhcp6_client_new(&client) >= 0); assert_se(client); @@ -129,8 +126,7 @@ static int test_option(sd_event *e) { size_t zero = 0, pos = 3; size_t buflen = sizeof(packet), outlen = sizeof(result); - if (verbose) - printf("* %s\n", __FUNCTION__); + log_debug("/* %s */", __func__); assert_se(buflen == outlen); @@ -243,8 +239,7 @@ static int test_option_status(sd_event *e) { DHCP6IA ia, pd; int r = 0; - if (verbose) - printf("* %s\n", __FUNCTION__); + log_debug("/* %s */", __func__); zero(ia); option = (DHCP6Option *)option1; @@ -377,8 +372,7 @@ static int test_advertise_option(sd_event *e) { struct in6_addr *addrs; char **domains; - if (verbose) - printf("* %s\n", __FUNCTION__); + log_debug("/* %s */", __func__); assert_se(len >= sizeof(DHCP6Message)); @@ -525,6 +519,8 @@ static void test_client_solicit_cb(sd_dhcp6_client *client, int event, struct in6_addr *addrs; char **domains; + log_debug("/* %s */", __func__); + assert_se(e); assert_se(event == SD_DHCP6_CLIENT_EVENT_IP_ACQUIRE); @@ -542,9 +538,6 @@ static void test_client_solicit_cb(sd_dhcp6_client *client, int event, assert_se(sd_dhcp6_client_set_request_option(client, SD_DHCP6_OPTION_DNS_SERVERS) == -EBUSY); - if (verbose) - printf(" got DHCPv6 event %d\n", event); - sd_event_exit(e, 0); } @@ -575,8 +568,9 @@ static int test_client_verify_request(DHCP6Message *request, size_t len) { be32_t val; uint32_t lt_pref, lt_valid; - assert_se(request->type == DHCP6_REQUEST); + log_debug("/* %s */", __func__); + assert_se(request->type == DHCP6_REQUEST); assert_se(dhcp6_lease_new(&lease) >= 0); len -= sizeof(DHCP6Message); @@ -683,6 +677,8 @@ static int test_client_verify_solicit(DHCP6Message *solicit, size_t len) { found_elapsed_time = false, found_fqdn = false; size_t pos = 0; + log_debug("/* %s */", __func__); + assert_se(solicit->type == DHCP6_SOLICIT); len -= sizeof(DHCP6Message); @@ -750,6 +746,8 @@ static void test_client_information_cb(sd_dhcp6_client *client, int event, struct in6_addr address = { { { 0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01 } } }; char **domains; + log_debug("/* %s */", __func__); + assert_se(e); assert_se(event == SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST); @@ -765,9 +763,6 @@ static void test_client_information_cb(sd_dhcp6_client *client, int event, assert_se(sd_dhcp6_lease_get_ntp_addrs(lease, &addrs) == 1); assert_se(!memcmp(addrs, &msg_advertise[159], 16)); - if (verbose) - printf(" got DHCPv6 event %d\n", event); - assert_se(sd_dhcp6_client_set_information_request(client, false) == -EBUSY); assert_se(sd_dhcp6_client_set_callback(client, NULL, e) >= 0); assert_se(sd_dhcp6_client_stop(client) >= 0); @@ -791,8 +786,9 @@ static int test_client_verify_information_request(DHCP6Message *information_requ struct in6_addr addr; uint32_t lt_pref, lt_valid; - assert_se(information_request->type == DHCP6_INFORMATION_REQUEST); + log_debug("/* %s */", __func__); + assert_se(information_request->type == DHCP6_INFORMATION_REQUEST); assert_se(dhcp6_lease_new(&lease) >= 0); len -= sizeof(DHCP6Message); @@ -856,7 +852,6 @@ int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address, assert_se(server_address); assert_se(packet); assert_se(len > sizeof(DHCP6Message) + 4); - assert_se(IN6_ARE_ADDR_EQUAL(server_address, &mcast)); message = (DHCP6Message *)packet; @@ -895,8 +890,7 @@ static int test_client_solicit(sd_event *e) { struct in6_addr address = { { { 0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01 } } }; int val; - if (verbose) - printf("* %s\n", __FUNCTION__); + log_debug("/* %s */", __func__); assert_se(sd_dhcp6_client_new(&client) >= 0); assert_se(client); |