Commit graph

9 commits

Author SHA1 Message Date
Petr Štetiar
cd75136b13 blobmsg: fix wrong payload len passed from blobmsg_check_array
Fix incorrect use of blob_raw_len() on passed blobmsg to
blobmsg_check_array_len()  introduced in commit b0e21553ae ("blobmsg:
add _len variants for all attribute checking methods") by using correct
blobmsg_len().

This wrong (higher) length was then for example causing issues in
procd's instance_config_parse_command() where blobmsg_check_attr_list()
was failing sanity checking of service command, thus resulting in the
startup failures of some services like collectd, nlbwmon and samba4.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Fixes: b0e21553ae ("blobmsg: add _len variants for all attribute checking methods")
Reported-by: Hannu Nyman <hannu.nyman@welho.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 21:17:46 +01:00
Petr Štetiar
2df6d35e32 tests: add test cases for blobmsg parsing
Increasing test coverage.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
478597b9f9 blob: fix OOB access in blob_check_type
Found by fuzzer:

 ERROR: AddressSanitizer: SEGV on unknown address 0x602100000455
 The signal is caused by a READ memory access.
     #0 in blob_check_type blob.c:214:43
     #1 in blob_parse_attr blob.c:234:9
     #2 in blob_parse_untrusted blob.c:272:12
     #3 in fuzz_blob_parse tests/fuzzer/test-blob-parse-fuzzer.c:34:2
     #4 in LLVMFuzzerTestOneInput tests/fuzzer/test-blob-parse-fuzzer.c:39:2

Caused by following line:

	if (type == BLOB_ATTR_STRING && data[len - 1] != 0)

where len was pointing outside of the data buffer.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
09ee90f8d6 tests: add test cases for blob parsing
Increasing test coverage.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
bf680707ac tests: add unit tests covered with Clang sanitizers
Currently we run all tests via Valgrind. This patch adds 2nd batch of
tests which are compiled with Clang AddressSanitizer[1],
LeakSanitizer[2] and UndefinedBehaviorSanitizer[3] in order to catch
more issues during QA on CI.

AddressSanitizer is a fast memory error detector.  The tool can detect
the following types of bugs:

 * Out-of-bounds accesses to heap, stack and globals
 * Use-after-free, use-after-return, use-after-scope
 * Double-free, invalid free

LeakSanitizer is a run-time memory leak detector. It can be combined
with AddressSanitizer to get both memory error and leak detection, or
used in a stand-alone mode.

UndefinedBehaviorSanitizer (UBSan) is a fast undefined behavior
detector. UBSan modifies the program at compile-time to catch various
kinds of undefined behavior during program execution, for example:

 * Using misaligned or null pointer
 * Signed integer overflow
 * Conversion to, from, or between floating-point types which would
   overflow the destination

1. http://clang.llvm.org/docs/AddressSanitizer.html
2. http://http://clang.llvm.org/docs/LeakSanitizer.html
3. http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
07413cce72 tests: jshn: add more test cases
In order to cover all command line options.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-24 13:26:58 +01:00
Petr Štetiar
26586dae43 jshn: fix missing usage for -p and -o arguments
Add missing usage hints for -p and -o arguments.

Fixes: e16fa068a5 ("jshn: add support for namespaces")
Fixes: eb30a03048 ("libubox, jshn: add option to write output to a file")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-24 13:26:58 +01:00
Petr Štetiar
0003ea9c45 base64: fix possible null pointer dereference
clang-10 analyzer reports following:

 base64.c:325:20: warning: Array access (from variable 'target') results in a null pointer dereference
                 target[tarindex] = 0;
                 ~~~~~~           ^

and prepared test case confirms it:

 Invalid write of size 1
    at 0x4E4463F: b64_decode (base64.c:325)
    by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
    by 0x40088C: main (tests/test-base64.c:32)
  Address 0x1 is not stack'd, malloc'd or (recently) free'd

 Process terminating with default action of signal 11 (SIGSEGV)
  Access not within mapped region at address 0x1
    at 0x4E4463F: b64_decode (base64.c:325)
    by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
    by 0x40088C: main (tests/test-base64.c:32)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-24 13:26:58 +01:00
Petr Štetiar
b0a5cd8a28 add cram based unit tests
For improved QA etc. For the start with initial test cases for avl,
base64, jshn and list components. Moved runqueue and blobmsg from
examples to tests.  Converted just a few first test cases from
json-script example into the new cram based unit test, more to come.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-24 13:26:58 +01:00