1. 06 Oct, 2020 5 commits
  2. 03 Oct, 2020 6 commits
    • ynezz's avatar
      file: uci_file_commit: fix memory leak · aa465467
      ynezz authored
      
      
      Fixes following memory leak:
      
       26 bytes in 1 blocks are definitely lost in loss record 1 of 1
         at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
         by 0x52DA68F: vasprintf (vasprintf.c:73)
         by 0x52B71D3: asprintf (asprintf.c:35)
         by 0x4E40F67: uci_file_commit (file.c:738)
         by 0x4E3FD94: uci_commit (libuci.c:193)
         by 0x401ED9: uci_do_import (cli.c:408)
         by 0x401ED9: uci_cmd (cli.c:685)
         by 0x4016FA: main (cli.c:776)
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      aa465467
    • ynezz's avatar
      uci: silence UBSAN error by using offsetof macro from compiler · 671c7554
      ynezz authored
      
      
      Fixes following ubdefined-behavior as reported by clang version 10.0.0-4ubuntu1~18.04.2:
      
       delta.c:139:52: runtime error: member access within null pointer of type 'struct uci_element'
       SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior delta.c:139:52
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      671c7554
    • ynezz's avatar
      tests: cram: add uci import testing on fuzzer corpus · ea5bbd57
      ynezz authored
      
      
      Use valgrind and uci cli compiled with undefined, address and leak
      sanitizers.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      ea5bbd57
    • ynezz's avatar
      cmake: add uci-san cli built with clang sanitizers · 31f78bfb
      ynezz authored
      
      
      Will be used for testing.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      31f78bfb
    • ynezz's avatar
      file: uci_parse_package: fix heap use after free · a3e65091
      ynezz authored
      
      
      Fixes following issue which is caused by usage of pointer which pointed
      to a reallocated address:
      
       ERROR: AddressSanitizer: heap-use-after-free on address 0x619000000087 at pc 0x000000509aa7 bp 0x7ffd6b9c3c40 sp 0x7ffd6b9c3400
       READ of size 2 at 0x619000000087 thread T0
           #0 0x509aa6 in strdup (test-fuzz+0x509aa6)
           #1 0x7fc36d2a1636 in uci_strdup util.c:60:8
           #2 0x7fc36d29e1ac in uci_alloc_generic list.c:55:13
           #3 0x7fc36d29e241 in uci_alloc_package list.c:253:6
           #4 0x7fc36d2a0ba3 in uci_switch_config file.c:375:18
           #5 0x7fc36d2a09b8 in uci_parse_package file.c:397:2
           #6 0x7fc36d2a09b8 in uci_parse_line file.c:513:6
           #7 0x7fc36d2a09b8 in uci_import file.c:681:4
      
       0x619000000087 is located 7 bytes inside of 1024-byte region [0x619000000080,0x619000000480)
       freed by thread T0 here:
           #0 0x51daa9 in realloc (test-fuzz+0x51daa9)
           #1 0x7fc36d2a1612 in uci_realloc util.c:49:8
      
       previously allocated by thread T0 here:
           #0 0x51daa9 in realloc (test-fuzz+0x51daa9)
           #1 0x7fc36d2a1612 in uci_realloc util.c:49:8
      Reported-by: default avatarJeremy Galindo <jgalindo@datto.com>
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      a3e65091
    • ynezz's avatar
      tests: add libFuzzer based fuzzing · 9bd361ca
      ynezz authored
      LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
      
      LibFuzzer is linked with the library under test, and feeds fuzzed inputs
      to the library via a specific fuzzing entrypoint (aka "target
      function"); the fuzzer then tracks which areas of the code are reached,
      and generates mutations on the corpus of input data in order to maximize
      the code coverage.
      
      So lets use libFuzzer to fuzz uci_import for the start.
      
      Ref: https://llvm.org/docs/LibFuzzer.html
      
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      9bd361ca
  3. 27 Apr, 2020 1 commit
  4. 27 Jan, 2020 2 commits
    • Luka Koznjak's avatar
      file: fix segfault in uci_parse_option · e8d83732
      Luka Koznjak authored
      
      
      Fixed a segmentation fault caused by using a pointer to a reallocated
      address. The name pointer in the uci_parse_option function
      becomes invalid if assert_eol calls uci_realloc down the line,
      resulting in a segmentation fault when attempting to dereference
      name in a strcmp check in uci_lookup_list. A simple fix is
      to call assert_eol before retrieving the actual address for
      the name and type pointers.
      
      The segmentation fault has been found while fuzzing the
      uci configuration system for various types of different crashes
      and undefined behavious, which resulted in multiple different
      import files causing instability and sementation faults.
      Signed-off-by: default avatarLuka Kožnjak <luka.koznjak@sartura.hr>
      Signed-off-by: default avatarJuraj Vijtiuk <juraj.vijtiuk@sartura.hr>
      CC: Luka Perkov <luka.perkov@sartura.hr>
      e8d83732
    • Luka Koznjak's avatar
      file: fix segfault in uci_parse_config · aa5e77a1
      Luka Koznjak authored
      
      
      Fixed a segmentation fault caused by using a pointer to a reallocated
      address. The name pointer in the uci_parse_config function
      becomes invalid if assert_eol calls uci_realloc down the line,
      resulting in a segmentation fault when attempting to dereference
      name. A simple fix is to call assert_eol before retrieving the
      actual address for the name and type pointers.
      
      The segmentation fault has been found while fuzzing the
      uci configuration system for various types of different crashes
      and undefined behavious, which resulted in multiple different
      import files causing instability and sementation faults.
      Signed-off-by: default avatarLuka Kožnjak <luka.koznjak@sartura.hr>
      Signed-off-by: default avatarJuraj Vijtiuk <juraj.vijtiuk@sartura.hr>
      CC: Luka Perkov <luka.perkov@sartura.hr>
      aa5e77a1
  5. 11 Dec, 2019 1 commit
    • Rosen Penev's avatar
      uci: Fix extra semicolons warnings · 165b4441
      Rosen Penev authored
      
      
      Found with clang's -Wextra-semi-stmt
      
      Fixes:
      
      error: empty expression statement has no effect; remove unnecessary ';' to
      silence this warning [-Werror,-Wextra-semi-stmt]
                      UCI_TRAP_SAVE(ctx, error);
                                               ^
      error: empty expression statement has no effect; remove unnecessary ';' to
      silence this warning [-Werror,-Wextra-semi-stmt]
              UCI_TRAP_SAVE(ctx, ignore);
      
      error: empty expression statement has no effect; remove unnecessary ';' to
      silence this warning [-Werror,-Wextra-semi-stmt]
              };
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      165b4441
  6. 07 Dec, 2019 5 commits
  7. 14 Nov, 2019 18 commits
    • ynezz's avatar
      lua: fix error handling · 8dd50da2
      ynezz authored
      
      
      scan-build from clang version 9 has reported following issues:
      
       uci.c:389:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
       uci.c:393:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_NOTFOUND;
                      ^     ~~~~~~~~~~~~~~~~
       uci.c:417:4: warning: Value stored to 'err' is never read
                              err = UCI_ERR_INVAL;
                              ^     ~~~~~~~~~~~~~
       uci.c:524:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
       uci.c:533:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
       uci.c:565:4: warning: Value stored to 'err' is never read
                              err = UCI_ERR_INVAL;
                              ^     ~~~~~~~~~~~~~
       uci.c:575:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
       uci.c:584:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
       uci.c:642:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
       uci.c:651:3: warning: Value stored to 'err' is never read
                      err = UCI_ERR_INVAL;
                      ^     ~~~~~~~~~~~~~
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      8dd50da2
    • ynezz's avatar
      ucimap: fix possible use of memory after it is freed · a2cab3b0
      ynezz authored
      
      
      scan-build from clang version 9 has reported following issue:
      
       ucimap.c:710:8: warning: Use of memory after it is freed
              err = ucimap_parse_options(map, sm, sd, s);
                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      a2cab3b0
    • ynezz's avatar
      delta: prevent possible null pointer use · 9cf978bc
      ynezz authored
      
      
      scan-build from clang version 9 has reported following issue:
      
       delta.c:39:13: warning: Null pointer passed to 1st parameter expecting 'nonnull'
              int size = strlen(section) + 1;
                         ^~~~~~~~~~~~~~~
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      9cf978bc
    • ynezz's avatar
      cli: remove unused variable assigment · 7736f497
      ynezz authored
      
      
      scan-build from clang version 9 has reported following issue:
      
       cli.c:574:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
                      if ((ret = uci_parse_argument(ctx, input, &str, &argv[i])) != UCI_OK) {
                           ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      7736f497
    • ynezz's avatar
      lua: fix memory leak in set method · 39093f3b
      ynezz authored
      
      
      scan-build from clang version 9 has reported following issue:
      
       uci.c:624:12: warning: Potential leak of memory pointed to by 's'
             return luaL_error(L, "Cannot set an uci option to an empty table value");
                    ^~~~~~~~~~
      
      valgrind confirmed it on the supplied test case:
      
       ==31013== 8 bytes in 1 blocks are definitely lost in loss record 1 of 1
       ==31013==    by 0x56C49B9: strdup (strdup.c:42)
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      39093f3b
    • ynezz's avatar
      lua: fix memory leak in changes method · 19ceff32
      ynezz authored
      
      
      Configs returned by uci_list_configs call are not freed when not needed,
      leading to the memory leak. While at it make the code cleaner.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      19ceff32
    • ynezz's avatar
      tests: add cram based unit tests · 18049a84
      ynezz authored
      
      
      I find them more flexible then shunit2 ones.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      18049a84
    • ynezz's avatar
      lua: fix copy&paste in error string · 2b549cc0
      ynezz authored
      
      
      When uci_set_confdir fails we should say so.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      2b549cc0
    • ynezz's avatar
      cli: fix realloc issue spotted by cppcheck · f5dd5217
      ynezz authored
      
      
      Cppcheck 1.90 dev reports following:
      
       cli.c:117:4: error: Common realloc mistake: 'typestr' nulled but not freed upon failure [memleakOnRealloc]
          typestr = realloc(typestr, maxlen);
          ^
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      f5dd5217
    • ynezz's avatar
      iron out all extra compiler warnings · af59f86a
      ynezz authored
      
      
      gcc 9.1 on x86/64 has reported following issues:
      
       list.c:140:11: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       file.c:572:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       file.c:850:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       file.c:865:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       delta.c:199:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
       parse.c:80:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
       parse.c:81:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
       file.c:572:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       file.c:850:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       file.c:865:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       delta.c:199:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
       parse.c:80:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
       parse.c:81:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
       ucimap.c:146:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:151:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:243:34: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:247:9: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:254:39: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:258:9: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:285:34: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:363:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:563:12: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:753:18: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
       ucimap.c:879:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      af59f86a
    • ynezz's avatar
      tests: shunit2: run all tests under Valgrind by default · 1637d291
      ynezz authored
      
      
      The more tests, the better.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      1637d291
    • ynezz's avatar
      cmake: enable extra compiler checks · c1af73bf
      ynezz authored
      
      
      Let's enforce additional automatic checks enforced by the compiler in
      order to catch possible errors during compilation.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      c1af73bf
    • ynezz's avatar
      cmake: build Lua module only if enabled · be69504e
      ynezz authored
      
      
      Makes the resulting lua/CMakeLists.txt file simpler.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      be69504e
    • ynezz's avatar
      tests: shunit2: fix issues reported by shellcheck · 38a2f12e
      ynezz authored
      
      
       In tests.sh line 10:
       [ -x $UCI_BIN ] || {
            ^------^ SC2086: Double quote to prevent globbing and word splitting.
      
       In tests.sh line 63:
       for suite in $(ls ${SCRIPTS_DIR}/*)
                    ^--------------------^ SC2045: Iterating over ls output is fragile. Use globs.
      
       In tests.sh line 65:
       	cat ${suite} >> ${FULL_SUITE}
                   ^------^ SC2086: Double quote to prevent globbing and word splitting.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      38a2f12e
    • ynezz's avatar
      add initial GitLab CI support · 266fc9e9
      ynezz authored
      Uses currently proof-of-concept openwrt-ci[1] in order to:
      
       * improve the quality of the codebase in various areas
       * decrease code review time and help merging contributions faster
       * get automagic feedback loop on various platforms and tools
         - out of tree build with OpenWrt SDK on following targets:
           * ath79-generic
           * imx6-generic
           * malta-be
           * mvebu-cortexa53
         - out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 9
         - out of tree native x86/64 static code analysis with cppcheck and
           scan-build from Clang 9
      
      1. https://gitlab.com/ynezz/openwrt-ci/
      
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      266fc9e9
    • ynezz's avatar
      tests: shunit2: make it working under CMake · 17d6144a
      ynezz authored
      
      
      uci is being passed from CMake as environment variable.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      17d6144a
    • ynezz's avatar
      cmake: add unit testing option and shunit2 tests · a6e8bbef
      ynezz authored
      
      
      For convenient tests invocation.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      a6e8bbef
    • ynezz's avatar
      test: move shunit2 tests under standalone subdirectory · 0ca93fec
      ynezz authored
      
      
      So we could start adding other tests as well. While at it rename the
      parent directory from test to the more common tests name.
      Signed-off-by: ynezz's avatarPetr Štetiar <ynezz@true.cz>
      0ca93fec
  8. 08 Nov, 2019 1 commit
    • Hauke Mehrtens's avatar
      build: Add -Wclobbered to detect problems with longjmp · fc417e80
      Hauke Mehrtens authored
      
      
      When we jump back to a save point in UCI_THROW() with longjmp all the
      registers will be reset to the old values when we called UCI_TRAP_SAVE()
      last time, but the memory is not restored. This will revert all the
      variables which are stored in registers, but not the variables stored on
      the stack.
      
      Mark all the variables which the compiler could put into a register as
      volatile to store them safely on the stack and make sure they have the
      defined current values also after longjmp was called.
      
      The setjmp() manage says the following:
      ----------------------------------------------------------------------
      The  compiler  may  optimize  variables into registers, and longjmp()
      may restore the values of other registers in addition to the stack
      pointer and program counter.  Consequently, the values of automatic
      variables are unspecified after a call to longjmp() if they meet all the
      following criteria:
      * they are local to the function that made the corresponding setjmp()
        call;
      * their values are changed between the calls to setjmp() and longjmp();
        and
      * they are not declared as volatile.
      ---------------------------------------------------------------------
      
      The -Wclobbered compiler option warns about all variables which are
      written after setjmp() was called, not all of them could cause problems,
      but to make sure to catch all real problems add this warning and fix all
      occurrences of this warning.
      
      This also activates a compiler warning which should warn us in such
      cases.
      This could fix some potential problems in error paths like the one
      reported in CVE-2019-15513.
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      fc417e80
  9. 01 Nov, 2019 1 commit