Skip to content

L
lxc
Unverified Commit cc98c470 by Stéphane Graber Committed by GitHub
Options

Merge pull request #3739 from brauner/2021-03-27/fixes

oss-fuzz: fixes
parents 6a374b65 b2606302
Showing with 30 additions and 14 deletions
.github/workflows/cifuzz.yml
...@@ -29,7 +29,7 @@ jobs: ...@@ -29,7 +29,7 @@ jobs:
with: with:
oss-fuzz-project-name: 'lxc' oss-fuzz-project-name: 'lxc'
fuzz-seconds: 180 fuzz-seconds: 180
dry-run: true dry-run: ${{ matrix.sanitizer != 'address' }}
sanitizer: ${{ matrix.sanitizer }} sanitizer: ${{ matrix.sanitizer }}
- name: Upload Crash - name: Upload Crash
uses: actions/upload-artifact@v1 uses: actions/upload-artifact@v1
......
src/lxc/conf.c
...@@ -3627,6 +3627,7 @@ int lxc_clear_config_caps(struct lxc_conf *c) ...@@ -3627,6 +3627,7 @@ int lxc_clear_config_caps(struct lxc_conf *c)
free(it); free(it);
} }
lxc_list_init(&c->caps);
return 0; return 0;
} }
...@@ -3640,6 +3641,7 @@ static int lxc_free_idmap(struct lxc_list *id_map) ...@@ -3640,6 +3641,7 @@ static int lxc_free_idmap(struct lxc_list *id_map)
free(it); free(it);
} }
lxc_list_init(id_map);
return 0; return 0;
} }
...@@ -3666,16 +3668,15 @@ int lxc_clear_config_keepcaps(struct lxc_conf *c) ...@@ -3666,16 +3668,15 @@ int lxc_clear_config_keepcaps(struct lxc_conf *c)
free(it); free(it);
} }
lxc_list_init(&c->keepcaps);
return 0; return 0;
} }
int lxc_clear_namespace(struct lxc_conf *c) int lxc_clear_namespace(struct lxc_conf *c)
{ {
int i; for (int i = 0; i < LXC_NS_MAX; i++)
for (i = 0; i < LXC_NS_MAX; i++) { free_disarm(c->ns_share[i]);
free(c->ns_share[i]);
c->ns_share[i] = NULL;
}
return 0; return 0;
} }
...@@ -3708,7 +3709,7 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version) ...@@ -3708,7 +3709,7 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
else else
return ret_errno(EINVAL); return ret_errno(EINVAL);
lxc_list_for_each_safe (it, list, next) { lxc_list_for_each_safe(it, list, next) {
struct lxc_cgroup *cg = it->elem; struct lxc_cgroup *cg = it->elem;
if (!all && !strequal(cg->subsystem, k)) if (!all && !strequal(cg->subsystem, k))
...@@ -3721,6 +3722,9 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version) ...@@ -3721,6 +3722,9 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
free(it); free(it);
} }
if (all)
lxc_list_init(list);
return 0; return 0;
} }
...@@ -3808,7 +3812,7 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key) ...@@ -3808,7 +3812,7 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
else else
return -1; return -1;
lxc_list_for_each_safe (it, &c->procs, next) { lxc_list_for_each_safe(it, &c->procs, next) {
struct lxc_proc *proc = it->elem; struct lxc_proc *proc = it->elem;
if (!all && !strequal(proc->filename, k)) if (!all && !strequal(proc->filename, k))
...@@ -3821,6 +3825,9 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key) ...@@ -3821,6 +3825,9 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
free(it); free(it);
} }
if (all)
lxc_list_init(&c->procs);
return 0; return 0;
} }
...@@ -3834,6 +3841,7 @@ int lxc_clear_groups(struct lxc_conf *c) ...@@ -3834,6 +3841,7 @@ int lxc_clear_groups(struct lxc_conf *c)
free(it); free(it);
} }
lxc_list_init(&c->groups);
return 0; return 0;
} }
...@@ -3847,6 +3855,7 @@ int lxc_clear_environment(struct lxc_conf *c) ...@@ -3847,6 +3855,7 @@ int lxc_clear_environment(struct lxc_conf *c)
free(it); free(it);
} }
lxc_list_init(&c->environment);
return 0; return 0;
} }
...@@ -3860,6 +3869,7 @@ int lxc_clear_mount_entries(struct lxc_conf *c) ...@@ -3860,6 +3869,7 @@ int lxc_clear_mount_entries(struct lxc_conf *c)
free(it); free(it);
} }
lxc_list_init(&c->mount_list);
return 0; return 0;
} }
...@@ -3871,7 +3881,6 @@ int lxc_clear_automounts(struct lxc_conf *c) ...@@ -3871,7 +3881,6 @@ int lxc_clear_automounts(struct lxc_conf *c)
int lxc_clear_hooks(struct lxc_conf *c, const char *key) int lxc_clear_hooks(struct lxc_conf *c, const char *key)
{ {
int i;
struct lxc_list *it, *next; struct lxc_list *it, *next;
const char *k = NULL; const char *k = NULL;
bool all = false, done = false; bool all = false, done = false;
...@@ -3883,13 +3892,14 @@ int lxc_clear_hooks(struct lxc_conf *c, const char *key) ...@@ -3883,13 +3892,14 @@ int lxc_clear_hooks(struct lxc_conf *c, const char *key)
else else
return -1; return -1;
for (i = 0; i < NUM_LXC_HOOKS; i++) { for (int i = 0; i < NUM_LXC_HOOKS; i++) {
if (all || strequal(k, lxchook_names[i])) { if (all || strequal(k, lxchook_names[i])) {
lxc_list_for_each_safe (it, &c->hooks[i], next) { lxc_list_for_each_safe (it, &c->hooks[i], next) {
lxc_list_del(it); lxc_list_del(it);
free(it->elem); free(it->elem);
free(it); free(it);
} }
lxc_list_init(&c->hooks[i]);
done = true; done = true;
} }
...@@ -3910,17 +3920,21 @@ static inline void lxc_clear_aliens(struct lxc_conf *conf) ...@@ -3910,17 +3920,21 @@ static inline void lxc_clear_aliens(struct lxc_conf *conf)
free(it->elem); free(it->elem);
free(it); free(it);
} }
lxc_list_init(&conf->aliens);
} }
void lxc_clear_includes(struct lxc_conf *conf) void lxc_clear_includes(struct lxc_conf *conf)
{ {
struct lxc_list *it, *next; struct lxc_list *it, *next;
lxc_list_for_each_safe (it, &conf->includes, next) { lxc_list_for_each_safe(it, &conf->includes, next) {
lxc_list_del(it); lxc_list_del(it);
free(it->elem); free(it->elem);
free(it); free(it);
} }
lxc_list_init(&conf->includes);
} }
int lxc_clear_apparmor_raw(struct lxc_conf *c) int lxc_clear_apparmor_raw(struct lxc_conf *c)
...@@ -3933,6 +3947,7 @@ int lxc_clear_apparmor_raw(struct lxc_conf *c) ...@@ -3933,6 +3947,7 @@ int lxc_clear_apparmor_raw(struct lxc_conf *c)
free(it); free(it);
} }
lxc_list_init(&c->lsm_aa_raw);
return 0; return 0;
} }
......
src/lxc/confile_utils.c
...@@ -481,6 +481,7 @@ void lxc_free_networks(struct lxc_list *networks) ...@@ -481,6 +481,7 @@ void lxc_free_networks(struct lxc_list *networks)
lxc_list_del(cur); lxc_list_del(cur);
lxc_free_netdev(netdev); lxc_free_netdev(netdev);
free(cur);
} }
/* prevent segfaults */ /* prevent segfaults */
......
src/lxc/string_utils.c
...@@ -677,6 +677,8 @@ int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, ch ...@@ -677,6 +677,8 @@ int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, ch
if (!residual && residual_len != 0) if (!residual && residual_len != 0)
return ret_errno(EINVAL); return ret_errno(EINVAL);
memset(residual, 0, residual_len);
while (isspace(*numstr)) while (isspace(*numstr))
numstr++; numstr++;
...@@ -691,10 +693,8 @@ int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, ch ...@@ -691,10 +693,8 @@ int lxc_safe_int64_residual(const char *numstr, int64_t *converted, int base, ch
if (residual) { if (residual) {
size_t len = 0; size_t len = 0;
if (*remaining == '\0') { if (*remaining == '\0')
memset(residual, 0, residual_len);
goto out; goto out;
}
len = strlen(remaining); len = strlen(remaining);
if (len >= residual_len) if (len >= residual_len)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment