Merge pull request #3729 from brauner/2021-03-25/fixes_3

oss-fuzz: fixes

Merge pull request #3729 from brauner/2021-03-25/fixes_3
27df2528 · Stéphane Graber · GitHub · 65c5bc57 · b8e43ef0 · 27df2528
Unverified Commit 27df2528 authored Mar 25, 2021 by Stéphane Graber Committed by GitHub Mar 25, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 76 additions and 80 deletions

conf.c src/lxc/conf.c +25 -26

confile.c src/lxc/confile.c +37 -53

confile_utils.c src/lxc/confile_utils.c +2 -1

list.h src/lxc/list.h +12 -0

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -286,7 +286,7 @@ static int run_buffer(char *buffer)
 	if (!f)
 		return log_error_errno(-1, errno, "Failed to popen() %s", buffer);

-	output = malloc(LXC_LOG_BUFFER_SIZE);
+	output = zalloc(LXC_LOG_BUFFER_SIZE);
 	if (!output)
 		return log_error_errno(-1, ENOMEM, "Failed to allocate memory for %s", buffer);

@@ -357,7 +357,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
 			return -EFBIG;
 	}

-	buffer = malloc(size);
+	buffer = zalloc(size);
 	if (!buffer)
 		return -ENOMEM;

@@ -797,7 +797,7 @@ static bool append_ttyname(char **pp, char *name)
 	size_t size;

 	if (!*pp) {
-		*pp = malloc(strlen(name) + strlen("container_ttys=") + 1);
+		*pp = zalloc(strlen(name) + strlen("container_ttys=") + 1);
 		if (!*pp)
 			return false;

@@ -2655,10 +2655,9 @@ struct lxc_conf *lxc_conf_init(void)
 	int i;
 	struct lxc_conf *new;

-	new = malloc(sizeof(*new));
+	new = zalloc(sizeof(*new));
 	if (!new)
 		return NULL;
-	memset(new, 0, sizeof(*new));

 	new->loglevel = LXC_LOG_LEVEL_NOTSET;
 	new->personality = -1;
@@ -3773,7 +3772,7 @@ int lxc_clear_sysctls(struct lxc_conf *c, const char *key)
 	else
 		return -1;

-	lxc_list_for_each_safe (it, &c->sysctls, next) {
+	lxc_list_for_each_safe(it, &c->sysctls, next) {
 		struct lxc_sysctl *elem = it->elem;

 		if (!all && !strequal(elem->key, k))
@@ -3786,6 +3785,9 @@ int lxc_clear_sysctls(struct lxc_conf *c, const char *key)
 		free(it);
 	}

+	if (all)
+		lxc_list_init(&c->sysctls);
+
 	return 0;
 }

@@ -4033,7 +4035,7 @@ static struct id_map *mapped_nsid_add(const struct lxc_conf *conf, unsigned id,
 	if (!map)
 		return NULL;

-	retmap = malloc(sizeof(*retmap));
+	retmap = zalloc(sizeof(*retmap));
 	if (!retmap)
 		return NULL;

@@ -4072,7 +4074,7 @@ static struct id_map *mapped_hostid_add(const struct lxc_conf *conf, uid_t id,
 	int hostid_mapped;
 	struct id_map *tmp = NULL;

-	entry = malloc(sizeof(*entry));
+	entry = zalloc(sizeof(*entry));
 	if (!entry)
 		return NULL;

@@ -4136,13 +4138,12 @@ static struct lxc_list *get_minimal_idmap(const struct lxc_conf *conf,
 		return log_debug(NULL, "Failed to find mapping for gid %d", egid);

 	/* Allocate new {g,u}id map list. */
-	idmap = malloc(sizeof(*idmap));
+	idmap = lxc_list_new();
 	if (!idmap)
 		return NULL;
-	lxc_list_init(idmap);

 	/* Add container root to the map. */
-	tmplist = malloc(sizeof(*tmplist));
+	tmplist = lxc_list_new();
 	if (!tmplist)
 		return NULL;
 	/* idmap will now keep track of that memory. */
@@ -4151,7 +4152,7 @@ static struct lxc_list *get_minimal_idmap(const struct lxc_conf *conf,

 	if (container_root_uid) {
 		/* Add container root to the map. */
-		tmplist = malloc(sizeof(*tmplist));
+		tmplist = lxc_list_new();
 		if (!tmplist)
 			return NULL;
 		/* idmap will now keep track of that memory. */
@@ -4159,7 +4160,7 @@ static struct lxc_list *get_minimal_idmap(const struct lxc_conf *conf,
 		lxc_list_add_tail(idmap, tmplist);
 	}

-	tmplist = malloc(sizeof(*tmplist));
+	tmplist = lxc_list_new();
 	if (!tmplist)
 		return NULL;
 	/* idmap will now keep track of that memory. */
@@ -4167,7 +4168,7 @@ static struct lxc_list *get_minimal_idmap(const struct lxc_conf *conf,
 	lxc_list_add_tail(idmap, tmplist);

 	if (container_root_gid) {
-		tmplist = malloc(sizeof(*tmplist));
+		tmplist = lxc_list_new();
 		if (!tmplist)
 			return NULL;
 		/* idmap will now keep track of that memory. */
@@ -4437,20 +4438,19 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
 	egid = getegid();

 	/* Allocate new {g,u}id map list. */
-	idmap = malloc(sizeof(*idmap));
+	idmap = lxc_list_new();
 	if (!idmap)
 		goto on_error;
-	lxc_list_init(idmap);

 	/* Find container root. */
 	lxc_list_for_each (cur, &conf->id_map) {
 		struct id_map *tmpmap;

-		tmplist = malloc(sizeof(*tmplist));
+		tmplist = lxc_list_new();
 		if (!tmplist)
 			goto on_error;

-		tmpmap = malloc(sizeof(*tmpmap));
+		tmpmap = zalloc(sizeof(*tmpmap));
 		if (!tmpmap) {
 			free(tmplist);
 			goto on_error;
@@ -4512,7 +4512,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,

 	if (host_uid_map && (host_uid_map != container_root_uid)) {
 		/* Add container root to the map. */
-		tmplist = malloc(sizeof(*tmplist));
+		tmplist = lxc_list_new();
 		if (!tmplist)
 			goto on_error;
 		lxc_list_add_elem(tmplist, host_uid_map);
@@ -4522,7 +4522,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
 	host_uid_map = NULL;

 	if (host_gid_map && (host_gid_map != container_root_gid)) {
-		tmplist = malloc(sizeof(*tmplist));
+		tmplist = lxc_list_new();
 		if (!tmplist)
 			goto on_error;
 		lxc_list_add_elem(tmplist, host_gid_map);
@@ -4672,10 +4672,9 @@ int userns_exec_mapped_root(const char *path, int path_fd,
 		TRACE("Chowned %d(%s) to -1:%d", target_fd, path, hostgid);
 	}

-	idmap = malloc(sizeof(*idmap));
+	idmap = lxc_list_new();
 	if (!idmap)
 		return -ENOMEM;
-	lxc_list_init(idmap);

 	/* "u:0:rootuid:1" */
 	ret = add_idmap_entry(idmap, ID_TYPE_UID, 0, container_host_uid, 1);
@@ -4807,7 +4806,7 @@ static char *getuname(void)
 	if (bufsize == -1)
 		bufsize = 1024;

-	buf = malloc(bufsize);
+	buf = zalloc(bufsize);
 	if (!buf)
 		return NULL;

@@ -4835,7 +4834,7 @@ static char *getgname(void)
 	if (bufsize == -1)
 		bufsize = 1024;

-	buf = malloc(bufsize);
+	buf = zalloc(bufsize);
 	if (!buf)
 		return NULL;

@@ -4974,14 +4973,14 @@ struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings)
 	struct lxc_cgroup *cg = NULL;
 	struct lxc_list *it = NULL, *item = NULL, *memsw_limit = NULL;

-	result = malloc(sizeof(*result));
+	result = lxc_list_new();
 	if (!result)
 		return NULL;
 	lxc_list_init(result);

 	/* Iterate over the cgroup settings and copy them to the output list. */
 	lxc_list_for_each (it, cgroup_settings) {
-		item = malloc(sizeof(*item));
+		item = zalloc(sizeof(*item));
 		if (!item) {
 			free_cgroup_settings(result);
 			return NULL;

--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -560,11 +560,10 @@ static int set_config_net_veth_vlan_tagged_id(const char *key, const char *value
 	if (vlan_id > BRIDGE_VLAN_ID_MAX)
 		ret_errno(EINVAL);

-	list = malloc(sizeof(*list));
+	list = lxc_list_new();
 	if (!list)
 		return ret_errno(ENOMEM);

-	lxc_list_init(list);
 	list->elem = UINT_TO_PTR(vlan_id);

 	lxc_list_add_tail(&netdev->priv.veth_attr.vlan_tagged_ids, move_ptr(list));
@@ -703,17 +702,14 @@ static int set_config_net_ipv4_address(const char *key, const char *value,
 	if (!netdev)
 		return ret_errno(EINVAL);

-	inetdev = malloc(sizeof(*inetdev));
+	inetdev = zalloc(sizeof(*inetdev));
 	if (!inetdev)
 		return ret_errno(ENOMEM);
-	memset(inetdev, 0, sizeof(*inetdev));

-	list = malloc(sizeof(*list));
+	list = lxc_list_new();
 	if (!list)
 		return ret_errno(ENOMEM);

-	lxc_list_init(list);
-
 	addr = strdup(value);
 	if (!addr)
 		return ret_errno(ENOMEM);
@@ -790,7 +786,7 @@ static int set_config_net_ipv4_gateway(const char *key, const char *value,
 		__do_free struct in_addr *gw = NULL;
 		int ret;

-		gw = malloc(sizeof(*gw));
+		gw = zalloc(sizeof(*gw));
 		if (!gw)
 			return ret_errno(ENOMEM);

@@ -826,16 +822,14 @@ static int set_config_net_veth_ipv4_route(const char *key, const char *value,
 				       EINVAL, "Invalid ipv4 route \"%s\", can only be used with veth network",
 				       value);

-	inetdev = malloc(sizeof(*inetdev));
+	inetdev = zalloc(sizeof(*inetdev));
 	if (!inetdev)
 		return ret_errno(ENOMEM);
-	memset(inetdev, 0, sizeof(*inetdev));

-	list = malloc(sizeof(*list));
+	list = lxc_list_new();
 	if (!list)
 		return ret_errno(ENOMEM);

-	lxc_list_init(list);
 	list->elem = inetdev;

 	valdup = strdup(value);
@@ -884,17 +878,14 @@ static int set_config_net_ipv6_address(const char *key, const char *value,
 	if (!netdev)
 		return ret_errno(EINVAL);

-	inet6dev = malloc(sizeof(*inet6dev));
+	inet6dev = zalloc(sizeof(*inet6dev));
 	if (!inet6dev)
 		return ret_errno(ENOMEM);
-	memset(inet6dev, 0, sizeof(*inet6dev));

-	list = malloc(sizeof(*list));
+	list = lxc_list_new();
 	if (!list)
 		return ret_errno(ENOMEM);

-	lxc_list_init(list);
-
 	valdup = strdup(value);
 	if (!valdup)
 		return ret_errno(ENOMEM);
@@ -946,7 +937,7 @@ static int set_config_net_ipv6_gateway(const char *key, const char *value,
 		int ret;
 		__do_free struct in6_addr *gw = NULL;

-		gw = malloc(sizeof(*gw));
+		gw = zalloc(sizeof(*gw));
 		if (!gw)
 			return ret_errno(ENOMEM);

@@ -983,17 +974,14 @@ static int set_config_net_veth_ipv6_route(const char *key, const char *value,
 				       EINVAL, "Invalid ipv6 route \"%s\", can only be used with veth network",
 				       value);

-	inet6dev = malloc(sizeof(*inet6dev));
+	inet6dev = zalloc(sizeof(*inet6dev));
 	if (!inet6dev)
 		return ret_errno(ENOMEM);
-	memset(inet6dev, 0, sizeof(*inet6dev));

-	list = malloc(sizeof(*list));
+	list = lxc_list_new();
 	if (!list)
 		return ret_errno(ENOMEM);

-	lxc_list_init(list);
-
 	valdup = strdup(value);
 	if (!valdup)
 		return -1;
@@ -1058,7 +1046,7 @@ static int add_hook(struct lxc_conf *lxc_conf, int which, __owns char *hook)
 	__do_free char *val = hook;
 	struct lxc_list *hooklist;

-	hooklist = malloc(sizeof(*hooklist));
+	hooklist = lxc_list_new();
 	if (!hooklist)
 		return ret_errno(ENOMEM);

@@ -1434,7 +1422,7 @@ static int set_config_group(const char *key, const char *value,
 	lxc_iterate_parts(token, groups, " \t") {
 		__do_free struct lxc_list *grouplist = NULL;

-		grouplist = malloc(sizeof(*grouplist));
+		grouplist = lxc_list_new();
 		if (!grouplist)
 			return ret_errno(ENOMEM);

@@ -1456,7 +1444,7 @@ static int set_config_environment(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return lxc_clear_environment(lxc_conf);

-	list_item = malloc(sizeof(*list_item));
+	list_item = lxc_list_new();
 	if (!list_item)
 		return ret_errno(ENOMEM);

@@ -1570,7 +1558,7 @@ static int set_config_apparmor_raw(const char *key,
 	if (lxc_config_value_empty(value))
 		return lxc_clear_apparmor_raw(lxc_conf);

-	list = malloc(sizeof(*list));
+	list = lxc_list_new();
 	if (!list)
 		return ret_errno(ENOMEM);

@@ -1771,14 +1759,13 @@ static int __set_config_cgroup_controller(const char *key, const char *value,
 	if (*subkey == '\0')
 		return ret_errno(EINVAL);

-	cglist = malloc(sizeof(*cglist));
+	cglist = lxc_list_new();
 	if (!cglist)
 		return ret_errno(ENOMEM);

-	cgelem = malloc(sizeof(*cgelem));
+	cgelem = zalloc(sizeof(*cgelem));
 	if (!cgelem)
 		return ret_errno(ENOMEM);
-	memset(cgelem, 0, sizeof(*cgelem));

 	cgelem->subsystem = strdup(subkey);
 	if (!cgelem->subsystem)
@@ -2005,14 +1992,13 @@ static int set_config_prlimit(const char *key, const char *value,
 	}

 	/* allocate list element */
-	limlist = malloc(sizeof(*limlist));
+	limlist = lxc_list_new();
 	if (!limlist)
 		return ret_errno(ENOMEM);

-	limelem = malloc(sizeof(*limelem));
+	limelem = zalloc(sizeof(*limelem));
 	if (!limelem)
 		return ret_errno(ENOMEM);
-	memset(limelem, 0, sizeof(*limelem));

 	limelem->resource = strdup(key);
 	if (!limelem->resource)
@@ -2039,35 +2025,35 @@ static int set_config_sysctl(const char *key, const char *value,
 		return -1;

 	key += STRLITERALLEN("lxc.sysctl.");
+	if (is_empty_string(key))
+		return ret_errno(-EINVAL);

 	/* find existing list element */
 	lxc_list_for_each(iter, &lxc_conf->sysctls) {
 		__do_free char *replace_value = NULL;
+		struct lxc_sysctl *cur = iter->elem;

-		sysctl_elem = iter->elem;
-
-		if (!strequal(key, sysctl_elem->key))
+		if (!strequal(key, cur->key))
 			continue;

 		replace_value = strdup(value);
 		if (!replace_value)
 			return ret_errno(EINVAL);

-		free(sysctl_elem->value);
-		sysctl_elem->value = move_ptr(replace_value);
+		free(cur->value);
+		cur->value = move_ptr(replace_value);

 		return 0;
 	}

 	/* allocate list element */
-	sysctl_list = malloc(sizeof(*sysctl_list));
+	sysctl_list = lxc_list_new();
 	if (!sysctl_list)
 		return ret_errno(ENOMEM);

-	sysctl_elem = malloc(sizeof(*sysctl_elem));
+	sysctl_elem = zalloc(sizeof(*sysctl_elem));
 	if (!sysctl_elem)
 		return ret_errno(ENOMEM);
-	memset(sysctl_elem, 0, sizeof(*sysctl_elem));

 	sysctl_elem->key = strdup(key);
 	if (!sysctl_elem->key)
@@ -2100,14 +2086,13 @@ static int set_config_proc(const char *key, const char *value,
 	if (*subkey == '\0')
 		return ret_errno(EINVAL);

-	proclist = malloc(sizeof(*proclist));
+	proclist = lxc_list_new();
 	if (!proclist)
 		return ret_errno(ENOMEM);

-	procelem = malloc(sizeof(*procelem));
+	procelem = zalloc(sizeof(*procelem));
 	if (!procelem)
 		return ret_errno(ENOMEM);
-	memset(procelem, 0, sizeof(*procelem));

 	procelem->filename = strdup(subkey);
 	if (!procelem->filename)
@@ -2135,14 +2120,13 @@ static int set_config_idmaps(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return lxc_clear_idmaps(lxc_conf);

-	idmaplist = malloc(sizeof(*idmaplist));
+	idmaplist = lxc_list_new();
 	if (!idmaplist)
 		return ret_errno(ENOMEM);

-	idmap = malloc(sizeof(*idmap));
+	idmap = zalloc(sizeof(*idmap));
 	if (!idmap)
 		return ret_errno(ENOMEM);
-	memset(idmap, 0, sizeof(*idmap));

 	ret = parse_idmaps(value, &type, &nsid, &hostid, &range);
 	if (ret < 0)
@@ -2298,7 +2282,7 @@ static int set_config_mount(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return lxc_clear_mount_entries(lxc_conf);

-	mntlist = malloc(sizeof(*mntlist));
+	mntlist = lxc_list_new();
 	if (!mntlist)
 		return ret_errno(ENOMEM);

@@ -2337,7 +2321,7 @@ static int set_config_cap_keep(const char *key, const char *value,
 		if (strequal(token, "none"))
 			lxc_clear_config_keepcaps(lxc_conf);

-		keeplist = malloc(sizeof(*keeplist));
+		keeplist = lxc_list_new();
 		if (!keeplist)
 			return ret_errno(ENOMEM);

@@ -2369,7 +2353,7 @@ static int set_config_cap_drop(const char *key, const char *value,
 	 * split these caps in a single element for the list.
 	 */
 	lxc_iterate_parts(token, dropcaps, " \t") {
-		droplist = malloc(sizeof(*droplist));
+		droplist = lxc_list_new();
 		if (!droplist)
 			return ret_errno(ENOMEM);

@@ -2709,7 +2693,7 @@ static int set_config_uts_name(const char *key, const char *value,
 		return 0;
 	}

-	utsname = malloc(sizeof(*utsname));
+	utsname = zalloc(sizeof(*utsname));
 	if (!utsname)
 		return ret_errno(ENOMEM);

@@ -2993,7 +2977,7 @@ static struct new_config_item *parse_new_conf_line(char *buffer)
 		}
 	}

-	new = malloc(sizeof(struct new_config_item));
+	new = zalloc(sizeof(struct new_config_item));
 	if (!new)
 		return NULL;

@@ -3028,7 +3012,7 @@ int lxc_config_define_add(struct lxc_list *defines, char *arg)
 {
 	__do_free struct lxc_list *dent = NULL;

-	dent = malloc(sizeof(struct lxc_list));
+	dent = lxc_list_new();
 	if (!dent)
 		return ret_errno(ENOMEM);


--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -477,7 +477,8 @@ void lxc_free_networks(struct lxc_list *networks)

 	lxc_list_for_each_safe (cur, networks, next) {
 		struct lxc_netdev *netdev = cur->elem;
-		netdev = cur->elem;
+
+		lxc_list_del(cur);
 		lxc_free_netdev(netdev);
 	}


--- a/src/lxc/list.h
+++ b/src/lxc/list.h
@@ -5,6 +5,8 @@

 #include <stdio.h>

+#include "memory_utils.h"
+
 struct lxc_list {
 	void *elem;
 	struct lxc_list *next;
@@ -143,4 +145,14 @@ static inline size_t lxc_list_len(struct lxc_list *list)
 	return i;
 }

+static inline struct lxc_list *lxc_list_new(void)
+{
+	struct lxc_list *l;
+
+	l = zalloc(sizeof(struct lxc_list));
+	if (l)
+		lxc_list_init(l);
+	return l;
+}
+
 #endif /* __LXC_LIST_H */