Commit graph

316 commits

Author SHA1 Message Date
Petr Štetiar
a1523d76b0 fix blob parsing vulnerability by using blob_parse_untrusted
blob_parse expects blobs from trusted inputs, but it can be supplied
with possibly malicious blobs from untrusted inputs as well, which might
lead to undefined behaviour and/or crash of ubus daemon. In order to
prevent such conditions, switch to blob_parse_untrusted which should
hopefully handle such untrusted inputs appropriately.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 19:53:25 +01:00
Petr Štetiar
c60583743c ubus_monitor: workaround possibly false positive uses of memory after it is freed
scan-build from clang-9 has reported following:

 libubox/list.h:141:2: warning: Use of memory after it is freed
        _list_add(_new, head, head->next);

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 19:53:25 +01:00
Petr Štetiar
dac6c7c575 ubusd_monitor: fix possible null pointer dereference
This dereference could possibly happen if the calloc call fails as the
return value is unchecked. While at it refactor the code little bit to
make it easier to follow, use safe list iterator and provide return
value for ubusd_monitor_connect.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 19:53:25 +01:00
Petr Štetiar
060dfbb26d ubus_common: remove duplicate ARRAY_SIZE and add missing include
ARRAY_SIZE is available from libubox/utils.h.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 11:18:07 +01:00
Petr Štetiar
c5f2053dfc workaround possibly false positive uses of memory after it is freed
scan-build from clang-9 has reported following:

 libubox/list.h:83:22: warning: Use of memory after it is freed
        entry->next->prev = entry->prev;
                            ^~~~~~~~~~~

 ubusd_event.c:42:3: warning: Use of memory after it is freed
                ubusd_delete_event_source(ev);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Which might be a false positives, but in order to make the code pass the
static analyzer checks, rewrite the while loops on lists with the safe
list iterator.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 11:18:07 +01:00
Petr Štetiar
72be8e93f0 lua: ubus_lua_do_subscribe: fix copy&paste error
Fix copy&paste error in Lua ubus subscriber removal callback.

Addresses-Coverity-ID: 1412311 ("Copy-paste error")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
a995b1e681 lua: workaround false positive dereference of null pointer
scan-build from clang-9 has reported following:

 ubus.c:837:16: warning: Access to field 'rnotify' results in a dereference of a null pointer (loaded from variable 'sub')
                 sub->rnotify = luaL_ref(L, -2);

Which is false positive as the lua_error() does a long jump and
therefore never returns and this long jump probably confuses the static
analyzer. So this patch workarounds this false positive by helping
static analyzer by using common Lua idiom which is to return
lua_error()'s return value.

Ref: https://www.lua.org/manual/5.1/manual.html#lua_error
Addresses-Coverity-ID: 1412355 ("Dereference after null check")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
08f17c87a0 add fuzzer and cram based unit tests
For improved QA etc.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
c413be9b37 refactor ubusd.c into reusable ubusd_library
In order to allow reusability in unit testing & fuzzing.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
afd47189e8 examples: remove dead increments
Fixes following error reported by clang-9 analyzer:

 examples/server.c:244:2: warning: Value stored to 'argc' is never read
        argc -= optind;
        ^       ~~~~~~

 examples/server.c:245:2: warning: Value stored to 'argv' is never read
        argv += optind;
        ^       ~~~~~~

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
b2e5442386 add initial GitLab CI support
Uses currently proof-of-concept openwrt-ci[1] in order to:

 * improve the quality of the codebase in various areas
 * decrease code review time and help merging contributions faster
 * get automagic feedback loop on various platforms and tools
   - out of tree build with OpenWrt SDK on following targets:
     * ath79-generic
     * imx6-generic
     * malta-be
     * mvebu-cortexa53
   - out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 10
   - out of tree native x86/64 static code analysis with cppcheck and
     scan-build from Clang 9

1. https://gitlab.com/ynezz/openwrt-ci/

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
058f4e9526 libubus: fix incompatible pointer types assigment
Fixes following error reported by clang-9 analyzer:

 libubus.c:286:19: error: incompatible pointer types assigning to 'struct blob_attr *' from 'char *' [-Werror,-Wincompatible-pointer-types]
         ctx->msgbuf.data = (char *) calloc(UBUS_MSG_CHUNK_SIZE, sizeof(char));

Result of 'calloc' is converted to a pointer of type 'struct blob_attr',
which is incompatible with sizeof operand type 'char'.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
d2e026a33d iron out all extra compiler warnings
clang-9 on x86/64 has reported following warnings/errors:

 libubus-acl.c:123:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 libubus-io.c:108:18: error: comparison of integers of different signs: 'int' and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 libubus-io.c:395:56: error: comparison of integers of different signs: 'ssize_t' (aka 'long') and 'size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 libubus-req.c:441:4: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:119:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd_acl.c:152:5: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:348:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:352:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:357:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:362:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:367:3: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 ubusd_acl.c:447:16: error: comparison of integers of different signs: 'int' and '__size_t' (aka 'unsigned long') [-Werror,-Wsign-compare]
 ubusd_acl.c:502:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd.c:123:13: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd.c:170:15: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd.c:262:43: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd.c:287:30: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd_event.c:170:18: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 ubusd_obj.c:71:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
5d7ca8309d ubusd/libubus-io: fix variable sized struct position warning
Fixes following clang-9 compiler warnings:

 ubusd.c:99:18: error: field 'h' with variable sized type 'struct cmsghdr' not at the end of a struct or class is a GNU extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
                struct cmsghdr h;
                               ^

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
d61282db56 ubusd: fix comparison of integers of different signs
Fixes following clang-9 compiler warning:

 ubusd.c:36:19: error: comparison of integers of different signs: 'uint32_t' (aka 'unsigned int') and 'int' [-Werror,-Wsign-compare]
         if (ub->refcount == ~0) {
             ~~~~~~~~~~~~ ^  ~~

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-16 23:39:16 +01:00
Petr Štetiar
90fb16234c cmake: enable extra compiler checks
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-11 09:59:02 +01:00
Alban Bedel
2e051f6289 ubus: Support static builds
Extend the cmake config to build and install static libraries
when -DBUILD_STATIC=ON is used.

Signed-off-by: Alban Bedel <albeu@free.fr>
2019-07-01 16:07:26 +02:00
Felix Fietkau
588baa3cd7 ubusd: retry sending messages on EINTR
Avoids unnecessary delays and/or blocking on messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-23 09:40:30 +02:00
Felix Fietkau
76ea27a627 libubus: attempt to receive data before calling poll
Data is often already present here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-16 11:02:53 +02:00
Felix Fietkau
4daab27d00 libubus: do not abort recv_retry before completing a message
If the header is read but not the remainder of the message, the stream
will be out of sync and parsing of future messages won't work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-16 10:34:46 +02:00
Hans Dedecker
221ce7e7ff ubusd_acl: event send access list support
Adds event send access list support in ubus via the "send" keyword

Example of a json file:
{
	"user": "superuser",
	"send": [ "wireless.*" ],
}

Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-06 20:40:24 +02:00
Hans Dedecker
da503db660 ubusd_acl: event listen access list support
Adds event listen access list support in ubus via the "listen" keyword

Example of a json file:

{
    "user": "superuser",
    "listen": [ "network.*" ],
}

Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-06 20:39:34 +02:00
Hans Dedecker
c035bab01c ubusd_acl: rework wildcard support
Wildcard access list support was failing in case multiple wildcards
entries were defined and/or when a specific access list string
overlapped a wildcard entry.
Root cause of the problem was the way how wildcard entries were sorted
in the avl tree by the compare function ubusd_acl_match_path resulting
into a non acces list match for a given object path.

The avl_tree sorting has been changed to make use of avl_strcmp; as such
there's no distinction anymore between non-wildcard and wildcard entries
in the avl_tree compare function as the boolean partial marks an access
list entry as a wildcard entry.

When trying to find an access list match for an object path the access list
tree is iterated as long as the number of characters between the access list
string and object path is monotonically increasing.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-06 20:39:20 +02:00
Hans Dedecker
73bd84748f ubusd_event: move strmatch_len to ubus_common.h
Rename strmatch_len into ubus_strmatch_len and move it to ubus_common.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-06 20:39:03 +02:00
Marcus Comstedt
0327a91beb ubus/lua: add support for BLOBMSG_TYPE_DOUBLE
Signed-off-by: Marcus Comstedt <marcus@mc.pp.se>
2018-09-10 09:48:17 +02:00
Felix Fietkau
40e0931e70 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-26 15:20:40 +02:00
Felix Fietkau
884be45162 libubus: check for non-NULL data before running callbacks
UBUS_MSG_INVOKE and UBUS_MSG_DATA can be sent without UBUS_ATTR_DATA
present. Most ubus users assume that the msg argument passed can never
be NULL, so this change prevents a crash

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-25 10:45:34 +02:00
Dirk Feytons
5bae22eb54 ubus/lua: pass notification name to callback
The callback function registered to be invoked when subscribing to a
notification was only passed the notification data (if any) but not the name
of the notification.

This name is now passed as second argument to remain backwards compatible.
The example subscriber.lua has also be updated.

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2018-01-17 09:59:58 +01:00
John Crispin
212ceb1b02 valgrind complained about these
==18834== Warning: invalid file descriptor -1 in syscall close()
==18834==    at 0x5326D20: __close_nocancel (syscall-template.S:84)
==18834==    by 0x5046DC7: ubus_process_obj_msg (libubus-obj.c:143)
==18834==    by 0x5045E98: ubus_process_msg (libubus.c:106)
==18834==    by 0x50468D0: ubus_handle_data (libubus-io.c:314)
==18834==    by 0x4E3D125: uloop_run_events (uloop.c:198)
==18834==    by 0x4E3D125: uloop_run_timeout (uloop.c:555)
==18834==    by 0x109BEF: uloop_run (uloop.h:111)
==18834==    by 0x109BEF: main (main.c:25)

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-17 09:59:58 +01:00
John Crispin
d57907c2b3 fix invalid close() call
valgrind complained about this one

==18632== Warning: invalid file descriptor -1 in syscall close()
==18632==    at 0x5326D20: __close_nocancel (syscall-template.S:84)
==18632==    by 0x5046C02: ubus_process_invoke (libubus-obj.c:98)
==18632==    by 0x5046DC3: ubus_process_obj_msg (libubus-obj.c:142)
==18632==    by 0x5045E98: ubus_process_msg (libubus.c:106)
==18632==    by 0x50468D0: ubus_handle_data (libubus-io.c:314)
==18632==    by 0x4E3D125: uloop_run_events (uloop.c:198)
==18632==    by 0x4E3D125: uloop_run_timeout (uloop.c:555)
==18632==    by 0x109BEF: uloop_run (uloop.h:111)
==18632==    by 0x109BEF: main (main.c:25)

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-17 09:58:54 +01:00
Alexandru Ardelean
5f87f5480e ubusd: move global retmsg per client
Even with the tx_queue-ing issue resolved, what
seems to happen afterwards, is that all the messages
seems to get through, but the client still loops
in the `ubus_complete_request()` waiting for
`req->status_msg` or for a timeout.

Though, the timeout does not seem to happen, because
the data is processed in `ubus_poll_data()`, with
a infinite poll() timeout (ubus_complete_request() is
called with timeout 0).

It's likely that either the `seq` or `peer` sent from
ubusd are wrong, and the client cannot get the correct
ubus request in `ubus_process_req_msg()`.
I haven't digged too deep into this ; setting the
`retmsg` object on the client struct seems to have
resolved any hanging with the `ubus list` command.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix placement of retmsg in cl]
2017-11-13 10:09:28 +01:00
Alexandru Ardelean
27d712d394 ubusd_monitor: alloc & free the buffer outside of the loop
Should save a few cycles, since the data that's
being changed is only the seq number.
And the `ub` is always created as shared.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-11-13 09:57:55 +01:00
Alexandru Ardelean
be146ad2bc ubusd: rename goto label from error to out
Semantic has changed a bit.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-11-13 09:55:48 +01:00
Alexandru Ardelean
e02813b2cc ubusd: don't free messages in ubus_send_msg() anymore
This makes it clear that `ubus_msg_send()` is only
about sending and queue-ing messages, and has nothing
to do with free-ing.

It can be a bit misleading/confusing when trying to go
through the code and make assumptions about whether a
buffer is free'd in ubus_send_msg(), or is free'd outside.

In `ubusd_proto_receive_message()` the `ubus_msg_free()`
is now called before the `if (ret == -1)` check.
That way, all callbacks will have their messages free'd,
which is what's desired, but confusing, because:
* ubusd_handle_invoke() called ubus_msg_free() before returning -1
* ubusd_handle_notify() called ubus_msg_free() before returning -1
* ubusd_handle_response() called ubus_msg_send(,,free=true) before returning -1
* ubus_msg_send() would call ubus_msg_send(,,free=false)
* all other callback callers would `ubus_msg_send(,,free=true)`
  (free the buffers in ubus_msg_send() )

In all other places, where `ubus_msg_send(,,free=true)`
an explicit `ubus_msg_free()` was added.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-11-13 09:55:19 +01:00
Bob Ham
6d1ea6c33d libubus: Fix deletion from context's object AVL tree when removing object
Objects are stored in the ubus context in an AVL tree.  An AVL tree
node contains a pointer to a key value.  For the ubus context, this
points to the id member of the object structure.  In
ubus_remove_object_cb, the id member is set to zero and then after,
avl_delete is called and fails.  To fix this, we call avl_delete
before setting the object id to zero.

Signed-off-by: Bob Ham <bob.ham@tomltd.co.uk>
2017-11-13 09:51:40 +01:00
Rosen Penev
9c13096b16 ubus: Remove unnecessary memset calls.
Replace malloc+memset with calloc.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-13 09:46:12 +01:00
John Crispin
24ffe9b582 libubus-req: add data_cb callback handling for ubus notifications
Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 08:23:08 +01:00
Hans Dedecker
34c6e818e4 cli: fix listen_timeout compile issue
Variable listen_timeout is redefined as a function resulting into
a compile issue. Define the function as ubus_cli_listen_timeout
to fix the compile issue.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-20 11:32:19 +01:00
Hans Dedecker
dfe338350e libubus: reset ctx->sock.error when doing ubus reconnect
When ubus connect fails ctx->sock.eof will be set but ctx->sock.error
can be set as well. Reset ctx->sock.error as well when doing ubus
reconnect

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-20 11:31:56 +01:00
Felix Fietkau
6eb3c9647e cli: do not use default timeout for listen
Default to listening for events forever unless -t is explicitly
specified on the command line

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 11:35:38 +01:00
Felix Fietkau
453b87f631 cli: add support for subscribing to objects
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-14 15:58:49 +01:00
Alexandru Ardelean
c09e4f06f0 ubusd: fix incomplete copy of shared buf during queue-ing
For a shared ubus_msg_buf, the ubus_msg_ref function will
create a copy for queue-ing.

Problem is, that during the dequeue (especially) in client_cb,
the header is 0-ed (because it's was a newly alloc-ed buffer).

And during ubus_msg_writev(), the header info will be ignored
by the client.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-02-07 10:45:14 +01:00
Felix Fietkau
91acde66b9 libubus: do not modify uloop_cancelled
uloop_cancelled was used for two purposes within ubus_complete_request:
- interrupting recursive requests on SIGINT/SIGTERM
- breaking out of the poll loop in a recursive request that completed

Saving/restorung uloop_cancelled was buggy, leading to SIGTERM not being
processed properly. Simplify the logic by using a separate field for
internal use

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 18:39:15 +01:00
Felix Fietkau
763b9b2cf2 libubus: reset ctx->sock.eof to fix reconnect issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 14:13:54 +01:00
Felix Fietkau
6f4e11e1db libubus: do not register/unregister with uloop during sync requests
This was leftover code from before this codepath was converted to
polling directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-22 14:39:34 +01:00
Felix Fietkau
cd82f9758d libubus: move uloop_init() call to ubus_connect_ctx
uloop should not be used before it is initialized

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-22 14:28:49 +01:00
Mihai Richard
97ac89f972 ubusd: fix issue caused by an implicit cast
An -1 returned by ubus_msg_writev() will be interpreted as
UINT_MAX during a check to see how much data had could be
written on the socket.

Because sizeof() will return size_t it will promote the
comparsion to unsigned

Signed-off-by: Mihai Richard <mihairichard@live.com>
2017-01-20 11:27:00 +01:00
Abhimanyu Vishwakarma
ad5333a73b ubus: ubus_free: clear pending timers before freeing context
If a synchronous operation is executed on a ubus context after
uloop_done() has been called, the context's pending_timer
may remain in uloop's list of timeouts.
This leads to undefined behaviour during next execution of uloop
code, as it may be referring to unavailable memory or memory
that has been allocated for different purposes.

Signed-off-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
Signed-off-by: Abhimanyu Vishwakarma <Abhimanyu.Vishwakarma@imgtec.com>
2017-01-04 22:02:43 +01:00
Felix Fietkau
d5fabacba1 libubus: reduce code duplication, fix indentation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-24 14:35:58 +01:00
amine ahd
df088f03c0 Allow sending a fd along a ubus_request
Signed-off-by: amine.ahd <amine.ahd@gmail.com>
2016-12-24 14:31:04 +01:00