blob_parse expects blobs from trusted inputs, but it can be supplied
with possibly malicious blobs from untrusted inputs as well, which might
lead to undefined behaviour and/or crash of ubus daemon. In order to
prevent such conditions, switch to blob_parse_untrusted which should
hopefully handle such untrusted inputs appropriately.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
UBUS_MSG_INVOKE and UBUS_MSG_DATA can be sent without UBUS_ATTR_DATA
present. Most ubus users assume that the msg argument passed can never
be NULL, so this change prevents a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
==18834== Warning: invalid file descriptor -1 in syscall close()
==18834== at 0x5326D20: __close_nocancel (syscall-template.S:84)
==18834== by 0x5046DC7: ubus_process_obj_msg (libubus-obj.c:143)
==18834== by 0x5045E98: ubus_process_msg (libubus.c:106)
==18834== by 0x50468D0: ubus_handle_data (libubus-io.c:314)
==18834== by 0x4E3D125: uloop_run_events (uloop.c:198)
==18834== by 0x4E3D125: uloop_run_timeout (uloop.c:555)
==18834== by 0x109BEF: uloop_run (uloop.h:111)
==18834== by 0x109BEF: main (main.c:25)
Signed-off-by: John Crispin <john@phrozen.org>
valgrind complained about this one
==18632== Warning: invalid file descriptor -1 in syscall close()
==18632== at 0x5326D20: __close_nocancel (syscall-template.S:84)
==18632== by 0x5046C02: ubus_process_invoke (libubus-obj.c:98)
==18632== by 0x5046DC3: ubus_process_obj_msg (libubus-obj.c:142)
==18632== by 0x5045E98: ubus_process_msg (libubus.c:106)
==18632== by 0x50468D0: ubus_handle_data (libubus-io.c:314)
==18632== by 0x4E3D125: uloop_run_events (uloop.c:198)
==18632== by 0x4E3D125: uloop_run_timeout (uloop.c:555)
==18632== by 0x109BEF: uloop_run (uloop.h:111)
==18632== by 0x109BEF: main (main.c:25)
Signed-off-by: John Crispin <john@phrozen.org>
Objects are stored in the ubus context in an AVL tree. An AVL tree
node contains a pointer to a key value. For the ubus context, this
points to the id member of the object structure. In
ubus_remove_object_cb, the id member is set to zero and then after,
avl_delete is called and fails. To fix this, we call avl_delete
before setting the object id to zero.
Signed-off-by: Bob Ham <bob.ham@tomltd.co.uk>
Set ctx->msgbuf.data to NULL during the call. If ctx->msgbuf is needed
during the call, a new buffer will be allocated. If not,
ctx->msgbuf.data is restored to the previous value afterwards
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
This allows sharing a policy array across methods, but masking out
unused entries for individual methods.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
When process unsubscribes then remove callback is called. But it
can be NULL if not defined, so we should check it before we call it.
Signed-off-by: Lukasz Baj <l.baj@radytek.com>
