unit-file: do not allow bogus IOSchedulingClass values

author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Fri, 16 Mar 2018 10:15:58 +0000 (11:15 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Sat, 17 Mar 2018 08:01:53 +0000 (09:01 +0100)
author Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 16 Mar 2018 10:15:58 +0000 (11:15 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Sat, 17 Mar 2018 08:01:53 +0000 (09:01 +0100)
diff --git a/src/basic/ioprio.h b/src/basic/ioprio.h

index d8bb6eb4971b1332e2ba378e7beb20e21d475a05..8fe74f03f83086cec380698db1f989afd23fb995 100644 (file)
--- a/src/basic/ioprio.h
+++ b/src/basic/ioprio.h
@@ -10,12 +10,13 @@
  /*
   * Gives us 8 prio classes with 13-bits of data for each class
   */
-#define IOPRIO_BITS             (16)
-#define IOPRIO_CLASS_SHIFT      (13)
-#define IOPRIO_PRIO_MASK        ((1UL << IOPRIO_CLASS_SHIFT) - 1)
+#define IOPRIO_BITS             16
+#define IOPRIO_N_CLASSES        8
+#define IOPRIO_CLASS_SHIFT      13
+#define IOPRIO_PRIO_DATA_MASK   ((1UL << IOPRIO_CLASS_SHIFT) - 1)
  
  #define IOPRIO_PRIO_CLASS(mask) ((mask) >> IOPRIO_CLASS_SHIFT)
-#define IOPRIO_PRIO_DATA(mask)  ((mask) & IOPRIO_PRIO_MASK)
+#define IOPRIO_PRIO_DATA(mask)  ((mask) & IOPRIO_PRIO_DATA_MASK)
  #define IOPRIO_PRIO_VALUE(class, data)  (((class) << IOPRIO_CLASS_SHIFT) | data)
  
  #define ioprio_valid(mask)      (IOPRIO_PRIO_CLASS((mask)) != IOPRIO_CLASS_NONE)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c

index aa9846db5dc1373e63c14338fe6d342b364413f2..b407db0ee83ade286b1b3fb71dc05d31bfaffd44 100644 (file)
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1466,7 +1466,7 @@ static const char *const ioprio_class_table[] = {
          [IOPRIO_CLASS_IDLE] = "idle"
  };
  
-DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ioprio_class, int, INT_MAX);
+DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ioprio_class, int, IOPRIO_N_CLASSES);
  
  static const char *const sigchld_code_table[] = {
          [CLD_EXITED] = "exited",
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c

index 1a0164e601f2230abdca613c4899e3df6532b6f5..f540eeb3b0991d0d9bbd81282bb2f2f6a4266be0 100644 (file)
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -541,8 +541,33 @@ static void test_pid_to_ptr(void) {
  #endif
  }
  
-int main(int argc, char *argv[]) {
+static void test_ioprio_class_from_to_string_one(const char *val, int expected) {
+        assert_se(ioprio_class_from_string(val) == expected);
+        if (expected >= 0) {
+                _cleanup_free_ char *s = NULL;
+                unsigned ret;
+
+                assert_se(ioprio_class_to_string_alloc(expected, &s) == 0);
+                /* We sometimes get a class number and sometimes a number back */
+                assert_se(streq(s, val) ||
+                          safe_atou(val, &ret) == 0);
+        }
+}
  
+static void test_ioprio_class_from_to_string(void) {
+        test_ioprio_class_from_to_string_one("none", IOPRIO_CLASS_NONE);
+        test_ioprio_class_from_to_string_one("realtime", IOPRIO_CLASS_RT);
+        test_ioprio_class_from_to_string_one("best-effort", IOPRIO_CLASS_BE);
+        test_ioprio_class_from_to_string_one("idle", IOPRIO_CLASS_IDLE);
+        test_ioprio_class_from_to_string_one("0", 0);
+        test_ioprio_class_from_to_string_one("1", 1);
+        test_ioprio_class_from_to_string_one("7", 7);
+        test_ioprio_class_from_to_string_one("8", 8);
+        test_ioprio_class_from_to_string_one("9", -1);
+        test_ioprio_class_from_to_string_one("-1", -1);
+}
+
+int main(int argc, char *argv[]) {
          log_set_max_level(LOG_DEBUG);
          log_parse_environment();
          log_open();
@@ -569,6 +594,7 @@ int main(int argc, char *argv[]) {
          test_getpid_measure();
          test_safe_fork();
          test_pid_to_ptr();
+        test_ioprio_class_from_to_string();
  
          return 0;
  }
diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6908 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6908

new file mode 100644 (file)

index 0000000..8f2404b
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6908
@@ -0,0 +1,3 @@
+socket
+[Socket]
+IOSchedulingClass=531473
+\ No newline at end of file
diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build

index f9c8e8cd98aae53edb9791c262f9b78c06d49d31..c1ea229a2459b6bd2c08c29d27f7ff0179cdee5c 100644 (file)
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -34,4 +34,5 @@ fuzz_regression_tests = '''
          fuzz-unit-file/oss-fuzz-6886
          fuzz-unit-file/oss-fuzz-6917
          fuzz-unit-file/oss-fuzz-6892
+        fuzz-unit-file/oss-fuzz-6908
  '''.split()
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Fri, 16 Mar 2018 10:15:58 +0000 (11:15 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Sat, 17 Mar 2018 08:01:53 +0000 (09:01 +0100)
src/basic/ioprio.h		patch \| blob \| blame \| history
src/basic/process-util.c		patch \| blob \| blame \| history
src/test/test-process-util.c		patch \| blob \| blame \| history
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6908	[new file with mode: 0644]	patch \| blob
test/fuzz-regressions/meson.build		patch \| blob \| blame \| history