Jan Venekamp [Sun, 20 Nov 2022 01:08:23 +0000 (02:08 +0100)]
uci: fix use-after-free uci_add_list
When uci_add_list is called with ptr->o set and ptr->option = NULL,
then in uci_expand_ptr ptr->option is set to ptr->o->e.name.
If ptr->o->type is UCI_TYPE_STRING then prev is set to ptr->o.
This will result in use-after-free because ptr->option is used in
the call to uci_add_delta in uci_add_element_list after
uci_free_option(prev).
Signed-off-by: Jan Venekamp <jan@venekamp.net>
Jan Venekamp [Sun, 20 Nov 2022 01:08:22 +0000 (02:08 +0100)]
uci: optimize update option in uci_set
Optimize for the case when there is no need to reallocate memory when
updating an option in uci_set.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
Jan Venekamp [Sun, 20 Nov 2022 01:08:21 +0000 (02:08 +0100)]
uci: maintain option position in uci_set
Maintain the position of an option in the list when updating an option
in uci_set.
Signed-off-by: Jan Venekamp <jan@venekamp.net>
Jan Venekamp [Sun, 20 Nov 2022 01:08:20 +0000 (02:08 +0100)]
uci: fix use-after-free uci_set on update option
When uci_set is called with ptr->o set and ptr->option = NULL,
then in uci_expand_ptr ptr->option is set to ptr->o->e.name.
This will result in use-after-free because ptr->option is used in
the call to uci_add_delta after uci_free_option(ptr->o).
Signed-off-by: Jan Venekamp <jan@venekamp.net>
Rafał Miłecki [Tue, 16 Aug 2022 11:57:44 +0000 (13:57 +0200)]
delta: simplify uci_load_delta() by using a helper
In the commit
3c7f3556b0039 ("Fix delta path handling.")
uci_load_delta() was modified by open coding uci_load_delta_file(). It
seems that reason behind it was to avoid uci_parse_delta(). The same can
be achieved by passing NULL as "struct uci_package *p" argument.
Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Tue, 16 Aug 2022 10:08:51 +0000 (12:08 +0200)]
cli: drop redundant uci_add_delta_path() call for -P
savedir is always present in the list of delta paths. It's guaranteed by
1. uci_alloc_context() which sets defaults
2. uci_set_savedir() which allows changing savedir
Calling uci_add_delta_path() with ctx->savedir argument seems to always
return UCI_ERR_DUPLICATE.
Fixes: 2b4872345ab2b ("make use of the history path feature in the cli")
Cc: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Tue, 5 Oct 2021 16:54:39 +0000 (18:54 +0200)]
cmake: Allow override of install directories
Use the GNUInstallDirs include to allow callers to override the install
directories. This is helpful when building uci in build systems like
Yocto which prefer to use /usr/lib64 for the 64 bit libraries.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Rafał Miłecki [Mon, 12 Apr 2021 14:05:52 +0000 (16:05 +0200)]
cli: add option for changing save path
Save path is a directory where config change (delta) files are stored.
Having a custom individual save dir can be used to prevent two (or more)
"uci" cli callers (e.g. bash scripts) from commiting each other changes.
In the following example:
App0 App1
---- ----
uci set system.@system[0].timezone=UTC
uci set system.@system[0].hostname=OpenWrt
uci commit system
App1 would unintentionally commit changes made by App0. This can be
avoided by at least 1 "uci" cli user specifying a custom -t option.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Sun, 4 Oct 2020 15:14:51 +0000 (17:14 +0200)]
Replace malloc() + memset() with calloc()
Instead of manually clearing the memory with memset() use calloc().
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 4 Oct 2020 15:14:50 +0000 (17:14 +0200)]
ucimap: Check return of malloc()
Check the return value of malloc() before accessing it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 4 Oct 2020 15:14:49 +0000 (17:14 +0200)]
file: Check buffer size after strtok()
This fixes a heap overflow in the parsing of the uci line.
The line which is parsed and put into pctx->buf is null terminated and
stored on the heap. In the uci_parse_line() function we use strtok() to
split this string in multiple parts after divided by a space or tab.
strtok() replaces these characters with a NULL byte. If the next byte is
NULL we assume that this NULL byte was added by strtok() and try to
parse the string after this NULL byte. If this NULL byte was not added
by strtok(), but by fgets() to mark the end of the string we would read
over this end of the string in uninitialized memory and later over the
allocated buffer.
Fix this problem by storing how long the line we read was and check if
we would read over the end of the string here.
This also adds the input which detected this crash to the corpus of the
fuzzer.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[fixed merge conflict in tests]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Hauke Mehrtens [Sun, 4 Oct 2020 15:14:48 +0000 (17:14 +0200)]
file: use size_t for position and pointer
The bufsz variable is used to store the size of the buf memory region
and pos is used to index a position in this memory. Use size_t for these
variables in the internal handling instaed of int to not break with big
files.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jo-Philipp Wich [Tue, 6 Oct 2020 06:06:16 +0000 (08:06 +0200)]
file: use dynamic memory allocation for tempfile name
Allocating a 4KB stack space buffer just for formatting a tempfile name
does not seem ideal.
Fixes: aa46546794ac ("file: uci_file_commit: fix memory leak")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 3 Oct 2020 07:14:35 +0000 (09:14 +0200)]
file: uci_file_commit: fix memory leak
Fixes following memory leak:
26 bytes in 1 blocks are definitely lost in loss record 1 of 1
at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x52DA68F: vasprintf (vasprintf.c:73)
by 0x52B71D3: asprintf (asprintf.c:35)
by 0x4E40F67: uci_file_commit (file.c:738)
by 0x4E3FD94: uci_commit (libuci.c:193)
by 0x401ED9: uci_do_import (cli.c:408)
by 0x401ED9: uci_cmd (cli.c:685)
by 0x4016FA: main (cli.c:776)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 2 Oct 2020 12:52:19 +0000 (14:52 +0200)]
uci: silence UBSAN error by using offsetof macro from compiler
Fixes following ubdefined-behavior as reported by clang version 10.0.0-4ubuntu1~18.04.2:
delta.c:139:52: runtime error: member access within null pointer of type 'struct uci_element'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior delta.c:139:52
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 3 Oct 2020 07:18:17 +0000 (09:18 +0200)]
tests: cram: add uci import testing on fuzzer corpus
Use valgrind and uci cli compiled with undefined, address and leak
sanitizers.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 2 Oct 2020 22:15:21 +0000 (00:15 +0200)]
cmake: add uci-san cli built with clang sanitizers
Will be used for testing.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 2 Oct 2020 23:29:21 +0000 (01:29 +0200)]
file: uci_parse_package: fix heap use after free
Fixes following issue which is caused by usage of pointer which pointed
to a reallocated address:
ERROR: AddressSanitizer: heap-use-after-free on address 0x619000000087 at pc 0x000000509aa7 bp 0x7ffd6b9c3c40 sp 0x7ffd6b9c3400
READ of size 2 at 0x619000000087 thread T0
#0 0x509aa6 in strdup (test-fuzz+0x509aa6)
#1 0x7fc36d2a1636 in uci_strdup util.c:60:8
#2 0x7fc36d29e1ac in uci_alloc_generic list.c:55:13
#3 0x7fc36d29e241 in uci_alloc_package list.c:253:6
#4 0x7fc36d2a0ba3 in uci_switch_config file.c:375:18
#5 0x7fc36d2a09b8 in uci_parse_package file.c:397:2
#6 0x7fc36d2a09b8 in uci_parse_line file.c:513:6
#7 0x7fc36d2a09b8 in uci_import file.c:681:4
0x619000000087 is located 7 bytes inside of 1024-byte region [0x619000000080,0x619000000480)
freed by thread T0 here:
#0 0x51daa9 in realloc (test-fuzz+0x51daa9)
#1 0x7fc36d2a1612 in uci_realloc util.c:49:8
previously allocated by thread T0 here:
#0 0x51daa9 in realloc (test-fuzz+0x51daa9)
#1 0x7fc36d2a1612 in uci_realloc util.c:49:8
Reported-by: Jeremy Galindo <jgalindo@datto.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 2 Oct 2020 23:53:53 +0000 (01:53 +0200)]
tests: add libFuzzer based fuzzing
LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
LibFuzzer is linked with the library under test, and feeds fuzzed inputs
to the library via a specific fuzzing entrypoint (aka "target
function"); the fuzzer then tracks which areas of the code are reached,
and generates mutations on the corpus of input data in order to maximize
the code coverage.
So lets use libFuzzer to fuzz uci_import for the start.
Ref: https://llvm.org/docs/LibFuzzer.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Alin Nastac [Fri, 24 Apr 2020 14:49:55 +0000 (16:49 +0200)]
file: preserve original file mode after commit
Because mkstemp() create a file with mode 0600, only user doing
the commit (typically root) will be allowed to inspect the content
of the file after uci commit.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Luka Koznjak [Wed, 4 Dec 2019 20:36:34 +0000 (21:36 +0100)]
file: fix segfault in uci_parse_option
Fixed a segmentation fault caused by using a pointer to a reallocated
address. The name pointer in the uci_parse_option function
becomes invalid if assert_eol calls uci_realloc down the line,
resulting in a segmentation fault when attempting to dereference
name in a strcmp check in uci_lookup_list. A simple fix is
to call assert_eol before retrieving the actual address for
the name and type pointers.
The segmentation fault has been found while fuzzing the
uci configuration system for various types of different crashes
and undefined behavious, which resulted in multiple different
import files causing instability and sementation faults.
Signed-off-by: Luka Kožnjak <luka.koznjak@sartura.hr>
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
Luka Koznjak [Wed, 4 Dec 2019 20:35:10 +0000 (21:35 +0100)]
file: fix segfault in uci_parse_config
Fixed a segmentation fault caused by using a pointer to a reallocated
address. The name pointer in the uci_parse_config function
becomes invalid if assert_eol calls uci_realloc down the line,
resulting in a segmentation fault when attempting to dereference
name. A simple fix is to call assert_eol before retrieving the
actual address for the name and type pointers.
The segmentation fault has been found while fuzzing the
uci configuration system for various types of different crashes
and undefined behavious, which resulted in multiple different
import files causing instability and sementation faults.
Signed-off-by: Luka Kožnjak <luka.koznjak@sartura.hr>
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
Rosen Penev [Sat, 30 Nov 2019 21:42:03 +0000 (13:42 -0800)]
uci: Fix extra semicolons warnings
Found with clang's -Wextra-semi-stmt
Fixes:
error: empty expression statement has no effect; remove unnecessary ';' to
silence this warning [-Werror,-Wextra-semi-stmt]
UCI_TRAP_SAVE(ctx, error);
^
error: empty expression statement has no effect; remove unnecessary ';' to
silence this warning [-Werror,-Wextra-semi-stmt]
UCI_TRAP_SAVE(ctx, ignore);
error: empty expression statement has no effect; remove unnecessary ';' to
silence this warning [-Werror,-Wextra-semi-stmt]
};
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Petr Štetiar [Sat, 7 Dec 2019 21:45:59 +0000 (22:45 +0100)]
cmake: add more hardening compiler flags
In order to spot possible issues with direct impact on security during
QA on CI (GCC version 6 and higher).
Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 7 Dec 2019 21:56:29 +0000 (22:56 +0100)]
libuci: refactor uci_get_errorstr
* replace strange error_info[0]=0 with complete zeroing of the buffer
* make the function body shorter and more clear, decrease indentation
levels
* fix format string warnings:
libuci.c:172:24: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
libuci.c:181:19: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 7 Dec 2019 22:36:51 +0000 (23:36 +0100)]
tests: cram: Lua: add test case for uci_get_errorstr
In order to extend test coverage and help testing refactoring.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 7 Dec 2019 22:12:24 +0000 (23:12 +0100)]
lua: add missing forward declaration
Fixes following warning reported by clang-10:
lua/uci.c:1050:1: error: no previous declaration for ‘luaopen_uci’ [-Werror=missing-declarations]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Rosen Penev [Sat, 7 Dec 2019 21:52:49 +0000 (22:52 +0100)]
cli: fix format string clang-10 warning
Fixes:
cli.c:196:19: error: format string is not a string literal [-Werror=format-nonliteral]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[split into separate commit]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 23:45:30 +0000 (00:45 +0100)]
lua: fix error handling
scan-build from clang version 9 has reported following issues:
uci.c:389:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:393:3: warning: Value stored to 'err' is never read
err = UCI_ERR_NOTFOUND;
^ ~~~~~~~~~~~~~~~~
uci.c:417:4: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:524:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:533:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:565:4: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:575:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:584:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:642:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
uci.c:651:3: warning: Value stored to 'err' is never read
err = UCI_ERR_INVAL;
^ ~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 23:43:46 +0000 (00:43 +0100)]
ucimap: fix possible use of memory after it is freed
scan-build from clang version 9 has reported following issue:
ucimap.c:710:8: warning: Use of memory after it is freed
err = ucimap_parse_options(map, sm, sd, s);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 23:39:46 +0000 (00:39 +0100)]
delta: prevent possible null pointer use
scan-build from clang version 9 has reported following issue:
delta.c:39:13: warning: Null pointer passed to 1st parameter expecting 'nonnull'
int size = strlen(section) + 1;
^~~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 23:28:15 +0000 (00:28 +0100)]
cli: remove unused variable assigment
scan-build from clang version 9 has reported following issue:
cli.c:574:8: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret'
if ((ret = uci_parse_argument(ctx, input, &str, &argv[i])) != UCI_OK) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 22:08:26 +0000 (23:08 +0100)]
lua: fix memory leak in set method
scan-build from clang version 9 has reported following issue:
uci.c:624:12: warning: Potential leak of memory pointed to by 's'
return luaL_error(L, "Cannot set an uci option to an empty table value");
^~~~~~~~~~
valgrind confirmed it on the supplied test case:
==31013== 8 bytes in 1 blocks are definitely lost in loss record 1 of 1
==31013== by 0x56C49B9: strdup (strdup.c:42)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 21:41:18 +0000 (22:41 +0100)]
lua: fix memory leak in changes method
Configs returned by uci_list_configs call are not freed when not needed,
leading to the memory leak. While at it make the code cleaner.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 19:41:55 +0000 (20:41 +0100)]
tests: add cram based unit tests
I find them more flexible then shunit2 ones.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 19:09:30 +0000 (20:09 +0100)]
lua: fix copy&paste in error string
When uci_set_confdir fails we should say so.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 18:46:13 +0000 (19:46 +0100)]
cli: fix realloc issue spotted by cppcheck
Cppcheck 1.90 dev reports following:
cli.c:117:4: error: Common realloc mistake: 'typestr' nulled but not freed upon failure [memleakOnRealloc]
typestr = realloc(typestr, maxlen);
^
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 17:21:44 +0000 (18:21 +0100)]
iron out all extra compiler warnings
gcc 9.1 on x86/64 has reported following issues:
list.c:140:11: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:572:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:850:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:865:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
delta.c:199:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:80:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:81:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
file.c:572:51: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:850:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
file.c:865:15: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
delta.c:199:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:80:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
parse.c:81:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
ucimap.c:146:16: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:151:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:243:34: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:247:9: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:254:39: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:258:9: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:285:34: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:363:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:563:12: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:753:18: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
ucimap.c:879:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 17:18:36 +0000 (18:18 +0100)]
tests: shunit2: run all tests under Valgrind by default
The more tests, the better.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 17:02:35 +0000 (18:02 +0100)]
cmake: enable extra compiler checks
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Mon, 4 Nov 2019 15:18:37 +0000 (16:18 +0100)]
cmake: build Lua module only if enabled
Makes the resulting lua/CMakeLists.txt file simpler.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 1 Nov 2019 09:26:38 +0000 (10:26 +0100)]
tests: shunit2: fix issues reported by shellcheck
In tests.sh line 10:
[ -x $UCI_BIN ] || {
^------^ SC2086: Double quote to prevent globbing and word splitting.
In tests.sh line 63:
for suite in $(ls ${SCRIPTS_DIR}/*)
^--------------------^ SC2045: Iterating over ls output is fragile. Use globs.
In tests.sh line 65:
cat ${suite} >> ${FULL_SUITE}
^------^ SC2086: Double quote to prevent globbing and word splitting.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 17 Oct 2019 12:55:02 +0000 (14:55 +0200)]
add initial GitLab CI support
Uses currently proof-of-concept openwrt-ci[1] in order to:
* improve the quality of the codebase in various areas
* decrease code review time and help merging contributions faster
* get automagic feedback loop on various platforms and tools
- out of tree build with OpenWrt SDK on following targets:
* ath79-generic
* imx6-generic
* malta-be
* mvebu-cortexa53
- out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 9
- out of tree native x86/64 static code analysis with cppcheck and
scan-build from Clang 9
1. https://gitlab.com/ynezz/openwrt-ci/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 1 Nov 2019 08:28:07 +0000 (09:28 +0100)]
tests: shunit2: make it working under CMake
uci is being passed from CMake as environment variable.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 1 Nov 2019 08:13:42 +0000 (09:13 +0100)]
cmake: add unit testing option and shunit2 tests
For convenient tests invocation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Fri, 1 Nov 2019 08:11:48 +0000 (09:11 +0100)]
test: move shunit2 tests under standalone subdirectory
So we could start adding other tests as well. While at it rename the
parent directory from test to the more common tests name.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Hauke Mehrtens [Fri, 1 Nov 2019 14:06:01 +0000 (15:06 +0100)]
build: Add -Wclobbered to detect problems with longjmp
When we jump back to a save point in UCI_THROW() with longjmp all the
registers will be reset to the old values when we called UCI_TRAP_SAVE()
last time, but the memory is not restored. This will revert all the
variables which are stored in registers, but not the variables stored on
the stack.
Mark all the variables which the compiler could put into a register as
volatile to store them safely on the stack and make sure they have the
defined current values also after longjmp was called.
The setjmp() manage says the following:
----------------------------------------------------------------------
The compiler may optimize variables into registers, and longjmp()
may restore the values of other registers in addition to the stack
pointer and program counter. Consequently, the values of automatic
variables are unspecified after a call to longjmp() if they meet all the
following criteria:
* they are local to the function that made the corresponding setjmp()
call;
* their values are changed between the calls to setjmp() and longjmp();
and
* they are not declared as volatile.
---------------------------------------------------------------------
The -Wclobbered compiler option warns about all variables which are
written after setjmp() was called, not all of them could cause problems,
but to make sure to catch all real problems add this warning and fix all
occurrences of this warning.
This also activates a compiler warning which should warn us in such
cases.
This could fix some potential problems in error paths like the one
reported in CVE-2019-15513.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 1 Nov 2019 11:02:13 +0000 (12:02 +0100)]
util: Fix error path
Unlock and close the stream in case some file operations in
uci_open_stream() fail.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Maxim Gorbachyov [Fri, 19 Jul 2019 06:46:42 +0000 (23:46 -0700)]
uci/file: replace mktemp() with mkstemp()
mktemp is unsafe to use as well as deprecated by POSIX.1-2008. uClibc-ng
optionally does not include it when SuSv3 legacy functions are disabled.
Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Sven Eckelmann [Fri, 17 May 2019 12:30:06 +0000 (14:30 +0200)]
uci: fix options list of section after type change
A section can store its name in the same memory region as the section
(after the actual section object). The object is then reallocated when the
type is later changed via an uci_set. But the original address of the
section is (indirectly) stored in the section list, the object and the
object list (HEAD) of this section.
But only the section list was fixed in commit
4fb6a564b8ee ("clean up
uci_set") after the realloc finished. Traversing the object list or
accessing the section pointer caused heap-use-after-free errors.
Reported-by: Charlemagne Lasse <charlemagnelasse@gmail.com>
Fixes: 4fb6a564b8ee ("clean up uci_set")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Yousong Zhou [Sat, 11 Aug 2018 06:31:28 +0000 (06:31 +0000)]
delta: fix parsing malformed delta lines
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Jordan Miner [Sun, 25 Mar 2018 01:30:07 +0000 (20:30 -0500)]
uci: fix a potential use-after-free in uci_set()
When calling uci_set() to update an option, if ptr->o != NULL and
ptr->option == NULL, then uci_expand_ptr() will set ptr->option to
ptr->o->e.name (or the caller could set ptr->option to that value). In
this case, the option will be freed just before calling
uci_alloc_option() with ptr->option, which was just freed.
Signed-off-by: Jordan Miner <jminer7@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jo-Philipp Wich [Thu, 15 Mar 2018 23:21:58 +0000 (00:21 +0100)]
list: only record ordering deltas if element position changed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Andre Castro [Fri, 2 Feb 2018 12:04:44 +0000 (12:04 +0000)]
cmake: Fix cli shared linking against ubox
The 'ubox' library used in 'cli' target is not using the output of the
'find_library' command. This is a problem when the 'ubox' library is not
located on the standard system library locations.
Use the CMake variable 'ubox', output of 'find_library' call that points
to the library found on the system, instead of hardcoding the library's
name to 'ubox'.
Signed-off-by: Andre Castro <andre.castro.sw@gmail.com>
Jo-Philipp Wich [Sun, 31 Dec 2017 10:30:32 +0000 (11:30 +0100)]
lua: additionally return name when looking up sections
Return the resolved name in addition to the type when looking up sections
through `get()` - for example a `cursor:get("firewall", "@rule[0]")` will
now return two values in the form ("rule", "cfg0a92bd") instead of only
the type name.
This is mainly useful to resolve extended section names without having to
reimplement the section count logic in Lua code.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 31 Dec 2017 10:08:22 +0000 (11:08 +0100)]
lua: support extended section notation
Wrap uci_lookup_ptr() to enable extended section format lookups
when the passed section literal is in "@" notation.
This allows calls in the form `cursor:get("conf", "@stype[0]", "opt")`
which is useful to resolve options in numerically indexed anonymous
sections.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hans Dedecker [Thu, 21 Dec 2017 10:56:32 +0000 (11:56 +0100)]
list: remove unncessary increment of n_section (FS#1182)
The package n_section counter is already incremented in uci_alloc_section;
so no need to increment it again in uci_fixup_section.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 21 Dec 2017 10:56:31 +0000 (11:56 +0100)]
file: remove unnecessary uci_fixup_section calls
This makes it clear uci_fixup_section only needs to be called in
uci_add_section when an unnamed section is added.
Before it was a bit misleading when walking through the code seeing
uci_fixup_section being called in uci_parse_config and uci_import.
When uci config is parsed via these functions uci_add_section is
eventually called which in the end constructs a name for an unnamed
section.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Stijn Tintel [Thu, 17 Aug 2017 14:27:20 +0000 (16:27 +0200)]
Add bitfield_set function from libubox.
The bitfield functions and macros where removed from libubox. Add the
bitfield_set function which is used by uci, and prefix it with uci_.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Yousong Zhou [Tue, 21 Mar 2017 03:15:12 +0000 (11:15 +0800)]
file: remove redundant NULL check on return value of uci_realloc()
Because the check will be done by uci_realloc itself.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 21 Mar 2017 03:15:11 +0000 (11:15 +0800)]
build: fix BUILD_STATIC
- Build libuci.a in addition to libuci.so
- Build uci cli utitlity statically if BUILD_STATIC is enabled
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Michal 'vorner' Vaner [Tue, 22 Nov 2016 15:50:24 +0000 (16:50 +0100)]
Fix skipping directories in uci_list_config_files
Don't create a hole in the array of configs if there's a directory. Such
a hole would be mistaken for the end of the array.
Signed-off-by: Michal 'vorner' Vaner <michal.vaner@nic.cz>
Felix Fietkau [Thu, 10 Nov 2016 12:13:00 +0000 (13:13 +0100)]
Revert "mandatory anonymous section identifier"
This reverts commits:
df72af474075 "mandatory anonymous section identifier"
2eb9c097e392 "cli: remove now-defunct UCI_FLAG_EXPORT_NAME support"
fe45f97302cb "test: adjust for auto-naming anonymous sections"
After some discussion we came to the conclusion that we need a different
fix.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Dirk Feytons [Thu, 29 Sep 2016 15:39:57 +0000 (17:39 +0200)]
uci/lua: add explicit close() method
This allows a caller to explicitly free the cursor as soon as it is
no longer needed instead of having to wait for the garbage collector.
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Dirk Feytons [Thu, 29 Sep 2016 15:39:56 +0000 (17:39 +0200)]
uci/lua: add list_configs() function
Returns an array with all the available configs.
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Felix Fietkau [Thu, 6 Oct 2016 18:04:52 +0000 (20:04 +0200)]
test: adjust for auto-naming anonymous sections
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 6 Oct 2016 18:02:36 +0000 (20:02 +0200)]
cli: remove now-defunct UCI_FLAG_EXPORT_NAME support
Preserve command line switches for compatibility reasons
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Antonio Paunovic [Thu, 6 Oct 2016 13:47:56 +0000 (15:47 +0200)]
mandatory anonymous section identifier
This change makes sure there are no more anonymous (unnamed) sections
in configuration files. Previously it was optional and now the choice
is being removed.
All sections will have generated identifiers. This is important because
anonymous sections will be simpler to manipulate.
Signed-off-by: Antonio Paunovic <antonio.paunovic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Karl Palsson [Fri, 15 Apr 2016 15:12:18 +0000 (15:12 +0000)]
projects/uci: lua: use built in pkg-config support for alternatives
Different distributions have different names for the lua 5.1 package.
Use cmake's built in pkg-config support to search for the first one,
rather than running it explicitly and searching for a single version.
Signed-off-by: Karl Palsson <karlp@remake.is>
Jo-Philipp Wich [Thu, 31 Mar 2016 00:06:12 +0000 (02:06 +0200)]
file: write through symlinks on uci commit
The rename() syscall operates on the destination path directly, therfore
resolve the real path before doing the rename to not clobber the destination
in case it is a symlink pointing to another file.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Petr Štetiar [Sat, 5 Mar 2016 13:59:14 +0000 (14:59 +0100)]
cmake: Add ubox library and include dir lookup
Otherwise cmake uses files from system which sometimes isn't wanted, ie.
for testing.
Signed-off-by: Petr Å tetiar <ynezz@true.cz>
Felix Fietkau [Tue, 2 Feb 2016 17:12:54 +0000 (18:12 +0100)]
cli: fix uci show output for anonymous sections (#21781)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jo-Philipp Wich [Thu, 5 Nov 2015 18:15:40 +0000 (19:15 +0100)]
file: raise parse error on conflicting section types in strict mode
If strict mode is enabled and we're parsing a config file with multiple
sections of the same name but different types, then raise a parse error
to notify the user that the subsequent section declaration would shadow
all prior ones of the same name.
The error would be triggered by a config like that:
config typeA example
option test 1
config typeB example
option test 2
In such a case, libuci will raise this error:
uci: Parse error (section of different type overwrites prior section with same name) at line 4, byte 23
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Felix Fietkau [Mon, 11 Jan 2016 12:27:26 +0000 (13:27 +0100)]
file: defer checking the tmpfile until it is actually needed.
Avoids creating useless entries in the kernel dentry cache
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Wed, 11 Nov 2015 12:17:11 +0000 (13:17 +0100)]
remove list.h
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Karl Palsson [Thu, 5 Nov 2015 17:27:48 +0000 (17:27 +0000)]
lua: remove pointless double check of autoload flag
In
e2b1433b the autoload param went from being an enumerated type to a
simple boolean. Drop the pointless double check of this flag.
Signed-off-by: Karl Palsson <karlp@remake.is>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jo-Philipp Wich [Thu, 5 Nov 2015 17:47:34 +0000 (18:47 +0100)]
lua: fix invocation of foreach() with nil type and implicit self
The check for nil on the 2nd argument misses the offset in order to skip over
implicit self which results in
`bad argument #2 to 'foreach' (string expected, got nil)`
when invoking `uci.cursor():foreach("test", nil, function(s) end)`.
The same call works fine when using dot instead of colon notation.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Felix Fietkau [Thu, 27 Aug 2015 12:40:57 +0000 (14:40 +0200)]
file: remove unnecessary sync() call
It can be too expensive during filesystem initialization, and it is not
required for atomic handling of config changes.
If the write gets interrupted, the config file will always contain
either the new state or the old state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Yousong Zhou [Mon, 25 May 2015 12:32:43 +0000 (20:32 +0800)]
tests: add test case for parsing long option values.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Mon, 25 May 2015 12:32:42 +0000 (20:32 +0800)]
file.c: lift the 4096 bytes line length limit.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Mon, 25 May 2015 12:32:41 +0000 (20:32 +0800)]
delta: catch error when parsing delta line.
Reported by sarumpaet [1]
[1] uci fails to handle long values properly,
https://github.com/openwrt/packages/issues/1231
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Mon, 25 May 2015 12:32:40 +0000 (20:32 +0800)]
cli: suppress printing error messages when -q is specified.
- Introduce cli_error() for printing local errors.
- Convert existing fprintf(stderr, ) and perror() to cli_error().
- N.B. error messages will still be printed if they occured before -q
flag was parsed.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hans Dedecker [Tue, 28 Apr 2015 14:07:27 +0000 (16:07 +0200)]
uci: properly close input before exit
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Yousong Zhou [Thu, 9 Apr 2015 13:48:47 +0000 (21:48 +0800)]
file: reset parsing position on starting over a newline.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Thu, 9 Apr 2015 13:48:46 +0000 (21:48 +0800)]
tests: add test coverage for comment lines within batch commands.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 1 Apr 2015 12:44:23 +0000 (20:44 +0800)]
delta: fix adding new savedir.
Newly added savedir should be at the last position while
uci_add_delta_path() will add it to the position second to the last.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 1 Apr 2015 12:44:22 +0000 (20:44 +0800)]
tests: add test coverage for uci export with -P option.
- With "uci -P xxx/ export", changes in "xxx/" should be applied last.
- With "uci -p xxx/ commit", changes in "xxx/" should be applied before
ctx->savedir.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 31 Mar 2015 16:20:18 +0000 (00:20 +0800)]
Fix delta path handling.
- Make ctx->savedir sit at the end of ctx->delta_path.
- Add notes to uci_set_savedir() and uci_add_delta_path() to document
the behaviour changes.
Yousong Zhou [Tue, 31 Mar 2015 16:20:17 +0000 (00:20 +0800)]
tests: add test cases for -P and -p options.
Yousong Zhou [Wed, 18 Mar 2015 04:44:45 +0000 (12:44 +0800)]
lua: restore return value of require('uci') to module table.
Before commit "b121dd lua: add lua 5.2 compatibility changes", the
module table was filled by luaL_register() which would leave the table
at the top of the stack. But in current code the module table will be
popped by lua_setglobal() causing the return value defaulting to boolean
value true.
Also fix the return value of luaopen_uci() to 1 to indicate the number
of return value on stack.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 18 Mar 2015 04:44:44 +0000 (12:44 +0800)]
cli: fix return value of package_cmd().
It's a bug revealed by commit
446e774 "cli: properly unload package
before quit". The current code would exit with value 1 even if
uci_export() succceeded.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Wed, 18 Mar 2015 04:44:43 +0000 (12:44 +0800)]
testenv: test for exit status of "uci export".
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Sat, 24 Jan 2015 15:07:53 +0000 (23:07 +0800)]
Add a few notes on the return value of uci_lookup_ptr().
While at it, use UCI_OK instead of literal integer 0 for return value of
uci_lookup_ptr().
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Sat, 24 Jan 2015 15:07:52 +0000 (23:07 +0800)]
cli: enhance "uci show" command on nonexistent sections and options.
When doing "uci show network.nilsection", the current behaviour is that
uci will emit a error message complaining "Entry not found", then
continue to show all content of the package network itself. This is
couter-intuition.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Sat, 24 Jan 2015 15:07:51 +0000 (23:07 +0800)]
cli: properly unload package before quit.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Sat, 24 Jan 2015 15:07:50 +0000 (23:07 +0800)]
tests: add test cases for showing nonexistent section and option.
Also fix the false error message about absence of uci-static.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Felix Fietkau [Thu, 18 Dec 2014 15:49:16 +0000 (16:49 +0100)]
lua: add lua 5.2 compatibility changes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Thu, 18 Dec 2014 14:19:47 +0000 (15:19 +0100)]
allow "-" in package names
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Yousong Zhou [Tue, 16 Dec 2014 07:00:17 +0000 (15:00 +0800)]
delta: fix outputing of delta entries occupying multiple lines.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Tue, 16 Dec 2014 07:00:16 +0000 (15:00 +0800)]
delta: use a table for converting between UCI_CMD_XXX and prefixes.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>