Milan Broz [Sun, 9 Oct 2022 18:20:45 +0000 (20:20 +0200)]
libblkid: avoid buffer overflow in ocfs superblock parsing
Label and mount values are checked only according to on-disk
values and not checked against the real structure size.
This can lead to reading of memory outside of superblock
struct and subsequent crash.
Reproducer found with OSS-Fuzz (issue 52270) running over
cryptsetup project (blkid is used in header init).
Masatake YAMATO [Sat, 1 Oct 2022 21:00:50 +0000 (06:00 +0900)]
lsfd: introduce SOCK. column namespace
lsfd has many columns already. We will add more in the future.
e.g. --help output is too long.
Groping columns is one of the ways to improve the usability of lsfd.
As the first step, this change introduces the "SOCK." column namespace.
Conceptually SOCKNETNS, SOCKSTATE, and SOCKTYPE migrate to the
namespace. At the implementation level, they are renamed to
SOCK.NETNS, SOCK.STATE, and SOCK.TYPE.
Karel Zak [Mon, 3 Oct 2022 07:49:07 +0000 (09:49 +0200)]
Merge branch 'lsfd-inet-xinfo' of https://github.com/masatake/util-linux
* 'lsfd-inet-xinfo' of https://github.com/masatake/util-linux:
lsfd: (man) write about TCP scokets
tests: (lsfd) add a case testing TCP sockets
lsfd: use extra information loaded from /proc/net/tcp
lsfd: cosmetic change, delete whitespaces
lsfd: add SOCKLISTENING column
For measuring and monitoring the performance aspect of a command,
people may want to drop the page caches related to specified files.
In some cases, writing 1 to /proc/sys/vm/drop_caches is overkill. The
fadvise command can be used for dropping page caches related to
specified files; the impact on a system is much smaller than
/proc/sys/vm/drop_caches.
Karel Zak [Fri, 30 Sep 2022 08:44:55 +0000 (10:44 +0200)]
Merge branch 'lsfd-sock-unix-xinfo' of https://github.com/masatake/util-linux
* 'lsfd-sock-unix-xinfo' of https://github.com/masatake/util-linux:
tests: (lsfd) add a case for testing SOCKNETNS column
tests: (lsfd) extend unix-stream test case to test SEQPACKET socket
tests: (lsfd) add a case testing UNIX+DGRAM socket
tests: (lsfd) add a case testing UNIX-STREAM sockets
tests: (mkfds) add a factory making unix sockets
lsfd: (man) write about UNIX-STREAM and UNIX sockets
lsfd: use extra information loaded from /proc/net/unix
lsfd: add new columns: SOCKNETNS, SOCKSTATE, and SOCKTYPE as stubs
lsfd: facilitate the way to attach extra info loaded from /proc/net/* to sockets
tests: (mkfds) quit when a byte is given via standard input
tests: (mkfds) call close method of factory only when it is specified
tests: (mkfds) cosmetic change, deleting empty lines
tests: (mkfds) add boolean, a new parameter type
tests: (mkfds) add a method for printing factory specific data to struct factory
tests: (mkfds) allow a factory to make a factory specific temporarily data
tests: (mkfds) delete unused "child" parameter for factories
tests: (mkfds) delete per-factory "fork" field
Petr Štetiar [Thu, 22 Sep 2022 09:49:13 +0000 (11:49 +0200)]
lib/path: ul_path_cpuparse: fix parsing of empty sysfs files
Kernel 5.15 returns empty content for topology/thread_siblings on
aarch64 platform, which in conjunction of uninitialized `buf` memory
buffer results in the garbage:
(gdb) p buf
$14 = " @\377\367\177\000\000\000\275\000\347j\032\236"
This garbage is then being later consumed by underlying helper functions
like for example cpumask_parse() and this leads to the following crash
later:
in __libc_free (p=0x7ff7f67c00) at src/malloc/mallocng/free.c:105
in free (p=<optimized out>) at src/malloc/free.c:5
in add_cpuset_to_array (setsize=<optimized out>, set=<optimized out>, items=<optimized out>, ary=<optimized out>) at ../sys-utils/lscpu-topology.c:29
in cputype_read_topology (cxt=cxt@entry=0x7ff7fffe70, ct=0x4298a0) at ../sys-utils/lscpu-topology.c:153
in lscpu_read_topology (cxt=cxt@entry=0x7ff7fffe70) at ../sys-utils/lscpu-topology.c:629
in main (argc=1, argv=0x7ffffffdb8) at ../sys-utils/lscpu.c:1341
It looks like the problem is that current logic expects fgets() to set
errno on failure, but fgets() is not documented to do so and and neither
glibc nor musl set errno. So if errno was set to 0 before fgets() call,
the failure from fgets() is ignored and then invalid buffer is being
parsed.
Fixes: #1810 Suggested-by: Thomas Weißschuh <thomas@t-8ch.de> Signed-off-by: Petr Štetiar <ynezz@true.cz>
lsfd: facilitate the way to attach extra info loaded from /proc/net/* to sockets
Files under /proc/net/ like unix, tcp, udp, etc. provides extra
information about sockets. To unitize these information in
lsfd, this change adds stub for loading the information form
/proc/net/* and attaching it to struct file presenting sockets.
tests: (mkfds) quit when a byte is given via standard input
The original code monitored only SIGCONT. It is suitable for using
the command from a test script. Monitoring standard input is helpful
for developing a new factory interactively.
As LGTM is going to be shut down by EOY[0], let's move the code scanning to
CodeQL as recommended. Thanks to GH integration the results from such
scans will be shown both in the respective PR and in the Security ->
Code Scanning tab[1].
Karel Zak [Mon, 19 Sep 2022 10:38:06 +0000 (12:38 +0200)]
Merge branch 'linux_raid/checksum' of https://github.com/t-8ch/util-linux
* 'linux_raid/checksum' of https://github.com/t-8ch/util-linux:
libblkid: linux_raid: add checksum support
libblkid: mdraid: add test for version 1 superblock
Karel Zak [Mon, 19 Sep 2022 10:36:16 +0000 (12:36 +0200)]
Merge branch 'f2fs/fixes' of https://github.com/t-8ch/util-linux
* 'f2fs/fixes' of https://github.com/t-8ch/util-linux:
libblkid: f2fs: ensure checksum offset is within superblock
libblkid: f2fs: fix checksum initialization on big-endian
Karel Zak [Mon, 19 Sep 2022 09:39:09 +0000 (11:39 +0200)]
Revert "libblkid: luks: add checksum support"
See discussion at https://github.com/util-linux/util-linux/pull/1801
The change is unwanted by LUKS upstream developers, the checksum
functionality is designed for libcryptsetup internal use only.
Issues:
* introduces security issue (allocated buffer is not checked agaisnt
maximal value) - inserting LUKS2 device with header faking oversized
header size will cause allocating of huge amount of memory (perhaps
crash of blkid)
* we support JSON area up to 4MB in size (checksum covers also this part
that was not intended to be read by blkid) - calculating SHA256 for
such area is really not fast operation; readin of 4MB of data is waste
of resources either (that's why there is smaill 4k binary header)
* even if checksum check is disabled, it is calculated (complete waste
of time here)
* it does not support anything else that SHA256 (we can switch to different
hash or other algorithm later); blkid should not introduce such limits.
* checksum for the second heder is not calculated at all
Karel Zak [Tue, 13 Sep 2022 06:57:49 +0000 (08:57 +0200)]
Merge branch 'lsfd-refine-columns' of https://github.com/masatake/util-linux
* 'lsfd-refine-columns' of https://github.com/masatake/util-linux:
lsfd: cosmetic change
lsfd: (man) write about PIDFD.* columns
lsfd: show pid, comm, and nspid of pidfd in PIDFD.{PID,COMM,NSPID} columns
lsfd: (filter): accept '.' used in column names
tests: (lsfd) fix the potential problems reported by github-code-scan
tests: (lsfd) put double quote characters around variable expansions
lsfd: use NAME column to show cooked file names
lsfd: use TYPE column to show cooked file types
lsfd: show classes of anonyomous inodes in AINODECLASS column
lsfd: cosmetic changes
tests: (mkfds) add a factory for making an inotify fd
tests: (mkfds) cosmetic change, deleting an empty line
lsfd: show pid, comm, and nspid of pidfd in PIDFD.{PID,COMM,NSPID} columns
The values shown in the new columns are already shown in NAME column.
Showing these values together in the NAME column helps users
understand the pidfds opened quickly. However, the showing them
together is not suitable for machine processing. The newly introduced
columns are for machine processing.
This change splits the NAME column
into cooked NAME column and raw KNAME column.
KNAME represents the type information extracted from /proc/$pid/fd or
/proc/$pid/map_files. NAME is the same as KNAME but humans friendly
and talkative if a special handler is implemented for the type of the
file.
Peter Ujfalusi [Wed, 7 Sep 2022 05:41:41 +0000 (08:41 +0300)]
lib/timeutils: Require '@' prefix for seconds since the Epoch timestamp
Since the seconds since the Epoch is just a number it might be better to
require special prefix to indicate the intention that the user wants to
interpret the number as seconds since the Epoch.
Use the same '@' character as prefix as used by systemd.time to make it
easier to integrate in scripts intended to be used on systems with or
without systemd.
Fix also the initial support which discarded the seconds from the converted
timestamp.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
projects / thirdparty / util-linux.git / log
