Merge pull request #3739 from brauner/2021-03-27/fixes

oss-fuzz: fixes

Merge pull request #3739 from brauner/2021-03-27/fixes
cc98c470 · Stéphane Graber · GitHub · 6a374b65 · b2606302 · cc98c470
Unverified Commit cc98c470 authored Mar 27, 2021 by Stéphane Graber Committed by GitHub Mar 27, 2021
Showing with 30 additions and 14 deletions

cifuzz.yml .github/workflows/cifuzz.yml +1 -1

conf.c src/lxc/conf.c +25 -10

confile.c src/lxc/confile.c +0 -0

confile_utils.c src/lxc/confile_utils.c +1 -0

string_utils.c src/lxc/string_utils.c +3 -3

No files found.
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -29,7 +29,7 @@ jobs:
        with:
          oss-fuzz-project-name: 'lxc'
          fuzz-seconds: 180
-          dry-run: true
+          dry-run: ${{ matrix.sanitizer != 'address' }}
          sanitizer: ${{ matrix.sanitizer }}
      - name: Upload Crash
        uses: actions/upload-artifact@v1

--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3627,6 +3627,7 @@ int lxc_clear_config_caps(struct lxc_conf *c)
 		free(it);
 	}

+	lxc_list_init(&c->caps);
 	return 0;
 }

@@ -3640,6 +3641,7 @@ static int lxc_free_idmap(struct lxc_list *id_map)
 		free(it);
 	}

+	lxc_list_init(id_map);
 	return 0;
 }

@@ -3666,16 +3668,15 @@ int lxc_clear_config_keepcaps(struct lxc_conf *c)
 		free(it);
 	}

+	lxc_list_init(&c->keepcaps);
 	return 0;
 }

 int lxc_clear_namespace(struct lxc_conf *c)
 {
-	int i;
-	for (i = 0; i < LXC_NS_MAX; i++) {
-		free(c->ns_share[i]);
-		c->ns_share[i] = NULL;
-	}
+	for (int i = 0; i < LXC_NS_MAX; i++)
+		free_disarm(c->ns_share[i]);
+
 	return 0;
 }

@@ -3708,7 +3709,7 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
 	else
 		return ret_errno(EINVAL);

-	lxc_list_for_each_safe (it, list, next) {
+	lxc_list_for_each_safe(it, list, next) {
 		struct lxc_cgroup *cg = it->elem;

 		if (!all && !strequal(cg->subsystem, k))
@@ -3721,6 +3722,9 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
 		free(it);
 	}

+	if (all)
+		lxc_list_init(list);
+
 	return 0;
 }

@@ -3808,7 +3812,7 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
 	else
 		return -1;

-	lxc_list_for_each_safe (it, &c->procs, next) {
+	lxc_list_for_each_safe(it, &c->procs, next) {
 		struct lxc_proc *proc = it->elem;

 		if (!all && !strequal(proc->filename, k))
@@ -3821,6 +3825,9 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
 		free(it);
 	}

+	if (all)
+		lxc_list_init(&c->procs);
+
 	return 0;
 }

@@ -3834,6 +3841,7 @@ int lxc_clear_groups(struct lxc_conf *c)
 		free(it);
 	}

+	lxc_list_init(&c->groups);
 	return 0;
 }

@@ -3847,6 +3855,7 @@ int lxc_clear_environment(struct lxc_conf *c)
 		free(it);
 	}

+	lxc_list_init(&c->environment);
 	return 0;
 }

@@ -3860,6 +3869,7 @@ int lxc_clear_mount_entries(struct lxc_conf *c)
 		free(it);
 	}

+	lxc_list_init(&c->mount_list);
 	return 0;
 }

@@ -3871,7 +3881,6 @@ int lxc_clear_automounts(struct lxc_conf *c)

 int lxc_clear_hooks(struct lxc_conf *c, const char *key)
 {
-	int i;
 	struct lxc_list *it, *next;
 	const char *k = NULL;
 	bool all = false, done = false;
@@ -3883,13 +3892,14 @@ int lxc_clear_hooks(struct lxc_conf *c, const char *key)
 	else
 		return -1;

-	for (i = 0; i < NUM_LXC_HOOKS; i++) {
+	for (int i = 0; i < NUM_LXC_HOOKS; i++) {
 		if (all || strequal(k, lxchook_names[i])) {
 			lxc_list_for_each_safe (it, &c->hooks[i], next) {
 				lxc_list_del(it);
 				free(it->elem);
 				free(it);
 			}
+			lxc_list_init(&c->hooks[i]);

 			done = true;
 		}
@@ -3910,17 +3920,21 @@ static inline void lxc_clear_aliens(struct lxc_conf *conf)
 		free(it->elem);
 		free(it);
 	}
+
+	lxc_list_init(&conf->aliens);
 }

 void lxc_clear_includes(struct lxc_conf *conf)
 {
 	struct lxc_list *it, *next;

-	lxc_list_for_each_safe (it, &conf->includes, next) {
+	lxc_list_for_each_safe(it, &conf->includes, next) {
 		lxc_list_del(it);
 		free(it->elem);
 		free(it);
 	}
+
+	lxc_list_init(&conf->includes);
 }

 int lxc_clear_apparmor_raw(struct lxc_conf *c)
@@ -3933,6 +3947,7 @@ int lxc_clear_apparmor_raw(struct lxc_conf *c)
 		free(it);
 	}

+	lxc_list_init(&c->lsm_aa_raw);
 	return 0;
 }


--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -481,6 +481,7 @@ void lxc_free_networks(struct lxc_list *networks)

 		lxc_list_del(cur);
 		lxc_free_netdev(netdev);
+		free(cur);
 	}

 	/* prevent segfaults */

--- a/src/lxc/string_utils.c
+++ b/src/lxc/string_utils.c
@@ -677,6 +677,8 @@ int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, ch
 	if (!residual && residual_len != 0)
 		return ret_errno(EINVAL);

+	memset(residual, 0, residual_len);
+
 	while (isspace(*numstr))
 		numstr++;

@@ -691,10 +693,8 @@ int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, ch
 	if (residual) {
 		size_t len = 0;

-		if (*remaining == '\0') {
-			memset(residual, 0, residual_len);
+		if (*remaining == '\0')
 			goto out;
-		}

 		len = strlen(remaining);
 		if (len >= residual_len)