Commit graph

46 commits

Author SHA1 Message Date
Jo-Philipp Wich
d3f2041f43 uci: manually clear uci_ptr flags after uci_delete() operations
This is required to avoid potential use-after-free errors through the
uci_set()->uci_delete()->uci_expand_ptr() call chain when passing
zero-length strings as values.

Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3528
Suggested-by: olegio170 <olegios170@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-01-17 21:14:46 +01:00
Jo-Philipp Wich
078bb57e07 uci: reset uci_ptr flags when merging options during section add
Fixes: FS#3126
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:00:34 +02:00
Yousong Zhou
9ecfada16d uci: free configs list memory on return
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:25:17 +01:00
Jo-Philipp Wich
bd0ed25214 uci: reset uci_ptr flags when merging set operations
In some cases, e.g. when subsequently setting multiple empty option
values, uci_set() might free the section pointer of the given reused
uci_ptr structure without zeroing it, leading to a use-after-free on
processing subsequent options.

Avoid this issue by clearing the lookup pointer flags in order to
prevent uci_set() from incorrectly branching into a uci_delete()
operation leading to the freeing of the section member.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019592.html
Reported-by: Daniel Danzberger <daniel@dd-wrt.com>
Suggested-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 08:28:17 +01:00
Jo-Philipp Wich
41333abee4 uci: tighten uci reorder operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
2018-08-09 00:07:27 +02:00
Jo-Philipp Wich
f91751b767 uci: tighten uci delete operation error handling
- Return UBUS_STATUS_NOT_FOUND if no object could be resolved for delete
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names or types

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 00:07:27 +02:00
Jo-Philipp Wich
c2c612b67c uci: tighten uci set operation error handling
- Return UBUS_STATUS_NOT_FOUND if no section could be resolved for set
 - Return UBUS_STATUS_INVALID_ARGUMENT if unserializable values are found

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 00:07:27 +02:00
Jo-Philipp Wich
948bb51875 uci: tighten uci add operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section or option names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 00:07:26 +02:00
Jo-Philipp Wich
51980c687b uci: reject invalid section and option names
The invoked libuci functions do not reliably check their arguments, causing
malformed section and option names to end up in the delta file, letting the
uci cli and other components to segfault when processung such invalid
entries.

In order to prevent that, manually test received values before passing them
on to libuci.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-08 23:58:37 +02:00
Jo-Philipp Wich
820621952d uci: fix memory leak in rpc_uci_replace_savedir()
The rpc_uci_replace_savedir() function did not take into account that libuci
uci_set_savedir() does an additional implicit uci_strdup() of the directory
path string when appending a new delta directory item.

Due to this oversight, only the struct uci_element items got freed, but not
the duplicated path string, leading to leaking memory when invoking the uci
api with session id argument.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-13 21:13:05 +02:00
Jo-Philipp Wich
92d0d75716 uci: use correct sort index when reordering sections
When reordering, the section indexes must be 0-based while the current
implementation incorrectly numbers starting with 1.

Fix this by start numbering ther sections with index 0.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-28 18:23:59 +02:00
Jo-Philipp Wich
66a9bad1a7 uci: fix memory leak in rpc_uci_apply_timeout()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-20 13:17:28 +02:00
Jo-Philipp Wich
2423162234 uci: switch to proper save directory on apply/rollback
The existing code failed to set the uci cursor save directory to the current
session path, causing the apply routine to either fail or to merge settings
from unrelated neighboring sessions, potentially leaking data.

Solve the issue by switching the uci cursor save directory to the session
directory before performing the actual apply actions.

Additionally set the save directory path to "/dev/null" during rollback, to
avoid merging unrelated system wide uci changes when restoring configs from
the snapshot directory.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-20 13:15:46 +02:00
Jo-Philipp Wich
edd37f8dbb uci: add rpc_uci_replace_savedir() helper
The rpc_uci_replace_savedir() function removes all configured save directories
from the uci cursor instance and adds the given path argument as sole item.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-19 13:54:40 +02:00
Jo-Philipp Wich
3d400c723b session: support reclaiming pending apply session
Reclaim the pending apply session upon login when the username matches the
current login.

This is required to support apply-confirm-rollback workflow for ubus browser
clients, since changing IPs requires re-login to the device due to cross
domain restrictions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-15 12:29:15 +01:00
Jo-Philipp Wich
6994c87a42 uci: fix session delta isolation
The libuci `uci_set_savedir()` function does not replace, but appends the
requested delta directory to the search path, this causes information leaks
between sessions.

Due to a lack of an official api for this, clear the uci contexts private
delta path before setting the save directory.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-15 12:29:15 +01:00
Jo-Philipp Wich
e64cbdd9b4 uci: allow setting zero-length values (to delete an option)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-11-23 19:11:44 +01:00
John Crispin
f00890cd6e add a reload_config method to the uci object
Signed-off-by: John Crispin <blogic@openwrt.org>
2015-08-25 23:56:32 +02:00
Jo-Philipp Wich
3d655417ab uci: unload package on revert
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2015-05-17 14:13:02 +02:00
Luka Perkov
7c789622a6 uci: rework variable usage
Signed-off-by: Luka Perkov <luka@openwrt.org>
2014-05-29 13:04:21 +02:00
Jo-Philipp Wich
49f6e218a4 uci: fix same buffer reuse introduced by previous commit 2014-01-12 17:43:48 +00:00
Jo-Philipp Wich
b0254d1203 debug 2014-01-12 17:42:05 +00:00
Jo-Philipp Wich
7cac6af5ed uci: grant access to confirm and rollback methods only to initiating session
Previously any session with access permissions for the corresponding method
was able to confirm or rollback commits initiated by another session.

Change those methods to only grant access to the initiating session.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-01-12 17:23:27 +00:00
Jo-Philipp Wich
0239c345ca uci: introduce confirm method to cancel pending rollbacks without side effects
Calling commit with rollback=false to cancel a pending rollback timer can
potentially trigger another commit if no rollback is actually pending.

This introduces a new method "confirm" which cancels the rollback timer
without any other possible side effects.

While being at it, change the return code when trying to commit during
a pending rollback or when trying to rollback without a pending timeout to
UBUS_STATUS_NO_DATA. This is needed to be able to differentiate between a
denied request and an inappropriate state.

Also change the error return code for glob() failures to the more
appropriate UBUS_STATUS_NOT_FOUND.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
2014-01-12 17:02:43 +00:00
Jo-Philipp Wich
0c4e97b4e7 Extend copyright 2014-01-12 12:48:58 +00:00
Jo-Philipp Wich
64633f3136 uci: rename uci.apply "commit" attribute to "roolback" and invert its logic 2014-01-12 12:45:11 +00:00
John Crispin
bbaaa41f8c config.change triggers should only run if the config is valid
Signed-off-by: John Crispin <blogic@openwrt.org>
2013-12-18 14:01:33 +01:00
John Crispin
326f5bcaf6 fix inverted apply_running check
Signed-off-by: John Crispin <blogic@openwrt.org>
2013-12-18 13:56:54 +01:00
Jo-Philipp Wich
065d8f47fc uci: make config argument of changes call optional to allow listing all changes in all files 2013-11-23 20:38:09 +00:00
Jo-Philipp Wich
2f5a613718 uci: add state call to retrieve uci state variables 2013-11-23 19:30:29 +00:00
Jo-Philipp Wich
095b1058c8 uci: clear ptr.value in rpc_uci_merge_set(), this fixes missing delete deltas if multiple options are merged 2013-09-29 13:11:37 +00:00
Jo-Philipp Wich
ae63188069 uci: properly deal with uci_load() failures 2013-09-11 13:16:27 +02:00
John Crispin
6f78bfbbdf add config transaction support
Signed-off-by: John Crispin <blogic@openwrt.org>
2013-09-06 01:42:02 +02:00
John Crispin
7abfa9bc05 make uci commit calls trigger config.change events
Signed-off-by: John Crispin <blogic@openwrt.org>
2013-09-06 01:31:23 +02:00
John Crispin
f1882ac5bd rename rpc_uci_purge_savedir to rpc_uci_purge_dir
Signed-off-by: John Crispin <blogic@openwrt.org>
2013-09-06 01:31:16 +02:00
Jo-Philipp Wich
fa53571f2b Use common /var/run/rpcd base directory to store runtime information 2013-09-05 15:14:00 +02:00
Jo-Philipp Wich
fc1b008e08 uci: expose rpc_uci_purge_savedirs() helper 2013-09-05 14:38:01 +02:00
Jo-Philipp Wich
e0afdb10ae Move includes into subdirectory 2013-09-04 12:46:11 +02:00
Jo-Philipp Wich
b3a5c08e08 uci: use per-session save directory and register session destroy callback to purge leftover deltas 2013-09-03 13:40:47 +02:00
Jo-Philipp Wich
07c2f0a9b1 Rename from "luci-rpcd" to "rpcd" 2013-09-02 17:23:30 +02:00
Jo-Philipp Wich
97384dd72a uci: refactor revert code to avoid illegal pointer access 2013-08-12 14:50:09 +02:00
Jo-Philipp Wich
c2a7fcf947 uci: implement config level ACLs 2013-08-12 13:53:09 +02:00
Jo-Philipp Wich
51458f4ece uci: expose section ordering index when dumping complete packages 2013-06-19 11:33:17 +02:00
Jo-Philipp Wich
1b829f936d uci: add delete method 2013-06-18 15:08:37 +02:00
Jo-Philipp Wich
e01004fb08 uci: add configs method to list all existing packages 2013-02-02 19:05:02 +01:00
Jo-Philipp Wich
2dec70f271 add ubus uci api 2013-02-02 18:36:50 +01:00