picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #14992 from keszybz/syslog-address-length-fix 

Syslog address length fix
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2020-03-02 21:31:24 +01:00 committed by GitHub
parent 3b355677b8 2b43402c84
commit 52c222db11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 120 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/core/dbus.c
View File

@ -865,9 +865,10 @@ int bus_init_system(Manager *m) {
int bus_init_private(Manager *m) {
_cleanup_close_ int fd = -1;
union sockaddr_union sa = {};
union sockaddr_union sa;
socklen_t sa_len;
sd_event_source *s;
int r, salen;
int r;
assert(m);
@ -880,7 +881,7 @@ int bus_init_private(Manager *m) {
if (getpid_cached() != 1)
return 0;
salen = sockaddr_un_set_path(&sa.un, "/run/systemd/private");
r = sockaddr_un_set_path(&sa.un, "/run/systemd/private");
} else {
const char *e, *joined;
@ -890,10 +891,11 @@ int bus_init_private(Manager *m) {
"XDG_RUNTIME_DIR is not set, refusing.");
joined = strjoina(e, "/systemd/private");
salen = sockaddr_un_set_path(&sa.un, joined);
r = sockaddr_un_set_path(&sa.un, joined);
}
if (salen < 0)
return log_error_errno(salen, "Can't set path for AF_UNIX socket to bind to: %m");
if (r < 0)
return log_error_errno(r, "Can't set path for AF_UNIX socket to bind to: %m");
sa_len = r;
(void) mkdir_parents_label(sa.un.sun_path, 0755);
(void) sockaddr_un_unlink(&sa.un);
@ -902,7 +904,7 @@ int bus_init_private(Manager *m) {
if (fd < 0)
return log_error_errno(errno, "Failed to allocate private socket: %m");
r = bind(fd, &sa.sa, salen);
r = bind(fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "Failed to bind private socket: %m");

28
src/core/execute.c
View File

@ -271,9 +271,8 @@ static int connect_journal_socket(
uid_t uid,
gid_t gid) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
};
union sockaddr_union sa;
socklen_t sa_len;
uid_t olduid = UID_INVALID;
gid_t oldgid = GID_INVALID;
const char *j;
@ -285,6 +284,7 @@ static int connect_journal_socket(
r = sockaddr_un_set_path(&sa.un, j);
if (r < 0)
return r;
sa_len = r;
if (gid_is_valid(gid)) {
oldgid = getgid();
@ -302,7 +302,7 @@ static int connect_journal_socket(
}
}
r = connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0 ? -errno : 0;
r = connect(fd, &sa.sa, sa_len) < 0 ? -errno : 0;
/* If we fail to restore the uid or gid, things will likely
fail later on. This should only happen if an LSM interferes. */
@ -383,9 +383,10 @@ static int open_terminal_as(const char *path, int flags, int nfd) {
}
static int acquire_path(const char *path, int flags, mode_t mode) {
union sockaddr_union sa = {};
union sockaddr_union sa;
socklen_t sa_len;
_cleanup_close_ int fd = -1;
int r, salen;
int r;
assert(path);
@ -398,20 +399,19 @@ static int acquire_path(const char *path, int flags, mode_t mode) {
if (errno != ENXIO) /* ENXIO is returned when we try to open() an AF_UNIX file system socket on Linux */
return -errno;
if (strlen(path) >= sizeof(sa.un.sun_path)) /* Too long, can't be a UNIX socket */
return -ENXIO;
/* So, it appears the specified path could be an AF_UNIX socket. Let's see if we can connect to it. */
r = sockaddr_un_set_path(&sa.un, path);
if (r < 0)
return r == -EINVAL ? -ENXIO : r;
sa_len = r;
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0)
return -errno;
salen = sockaddr_un_set_path(&sa.un, path);
if (salen < 0)
return salen;
if (connect(fd, &sa.sa, salen) < 0)
if (connect(fd, &sa.sa, sa_len) < 0)
return errno == EINVAL ? -ENXIO : -errno; /* Propagate initial error if we get EINVAL, i.e. we have
* indication that his wasn't an AF_UNIX socket after all */
@ -420,7 +420,7 @@ static int acquire_path(const char *path, int flags, mode_t mode) {
else if ((flags & O_ACCMODE) == O_WRONLY)
r = shutdown(fd, SHUT_RD);
else
return TAKE_FD(fd);
r = 0;
if (r < 0)
return -errno;

14
src/core/manager.c
View File

@ -924,8 +924,8 @@ static int manager_setup_notify(Manager *m) {
if (m->notify_fd < 0) {
_cleanup_close_ int fd = -1;
union sockaddr_union sa = {};
int salen;
union sockaddr_union sa;
socklen_t sa_len;
/* First free all secondary fields */
m->notify_socket = mfree(m->notify_socket);
@ -941,14 +941,16 @@ static int manager_setup_notify(Manager *m) {
if (!m->notify_socket)
return log_oom();
salen = sockaddr_un_set_path(&sa.un, m->notify_socket);
if (salen < 0)
return log_error_errno(salen, "Notify socket '%s' not valid for AF_UNIX socket address, refusing.", m->notify_socket);
r = sockaddr_un_set_path(&sa.un, m->notify_socket);
if (r < 0)
return log_error_errno(r, "Notify socket '%s' not valid for AF_UNIX socket address, refusing.",
m->notify_socket);
sa_len = r;
(void) mkdir_parents_label(m->notify_socket, 0755);
(void) sockaddr_un_unlink(&sa.un);
r = bind(fd, &sa.sa, salen);
r = bind(fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "bind(%s) failed: %m", m->notify_socket);

9
src/home/homed-manager.c
View File

@ -1056,7 +1056,10 @@ static int on_notify_socket(sd_event_source *s, int fd, uint32_t revents, void *
static int manager_listen_notify(Manager *m) {
_cleanup_close_ int fd = -1;
union sockaddr_union sa;
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
.un.sun_path = "/run/systemd/home/notify",
};
int r;
assert(m);
@ -1066,10 +1069,6 @@ static int manager_listen_notify(Manager *m) {
if (fd < 0)
return log_error_errno(errno, "Failed to create listening socket: %m");
r = sockaddr_un_set_path(&sa.un, "/run/systemd/home/notify");
if (r < 0)
return log_error_errno(r, "Failed to set AF_UNIX socket path: %m");
(void) mkdir_parents(sa.un.sun_path, 0755);
(void) sockaddr_un_unlink(&sa.un);

8
src/journal/journald-native.c
View File

@ -457,13 +457,13 @@ int server_open_native_socket(Server *s, const char *native_socket) {
assert(native_socket);
if (s->native_fd < 0) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
};
union sockaddr_union sa;
size_t sa_len;
r = sockaddr_un_set_path(&sa.un, native_socket);
if (r < 0)
return log_error_errno(r, "Unable to use namespace path %s for AF_UNIX socket: %m", native_socket);
sa_len = r;
s->native_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (s->native_fd < 0)
@ -471,7 +471,7 @@ int server_open_native_socket(Server *s, const char *native_socket) {
(void) sockaddr_un_unlink(&sa.un);
r = bind(s->native_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
r = bind(s->native_fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);

14
src/journal/journald-server.c
View File

@ -1840,9 +1840,10 @@ static int dispatch_watchdog(sd_event_source *es, uint64_t usec, void *userdata)
}
static int server_connect_notify(Server *s) {
union sockaddr_union sa = {};
union sockaddr_union sa;
socklen_t sa_len;
const char *e;
int r, salen;
int r;
assert(s);
assert(s->notify_fd < 0);
@ -1865,9 +1866,10 @@ static int server_connect_notify(Server *s) {
if (!e)
return 0;
salen = sockaddr_un_set_path(&sa.un, e);
if (salen < 0)
return log_error_errno(salen, "NOTIFY_SOCKET set to invalid value '%s': %m", e);
r = sockaddr_un_set_path(&sa.un, e);
if (r < 0)
return log_error_errno(r, "NOTIFY_SOCKET set to invalid value '%s': %m", e);
sa_len = r;
s->notify_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (s->notify_fd < 0)
@ -1875,7 +1877,7 @@ static int server_connect_notify(Server *s) {
(void) fd_inc_sndbuf(s->notify_fd, NOTIFY_SNDBUF_SIZE);
r = connect(s->notify_fd, &sa.sa, salen);
r = connect(s->notify_fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "Failed to connect to notify socket: %m");

8
src/journal/journald-stream.c
View File

@ -849,13 +849,13 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) {
assert(stdout_socket);
if (s->stdout_fd < 0) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
};
union sockaddr_union sa;
socklen_t sa_len;
r = sockaddr_un_set_path(&sa.un, stdout_socket);
if (r < 0)
return log_error_errno(r, "Unable to use namespace path %s for AF_UNIX socket: %m", stdout_socket);
sa_len = r;
s->stdout_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (s->stdout_fd < 0)
@ -863,7 +863,7 @@ int server_open_stdout_socket(Server *s, const char *stdout_socket) {
(void) sockaddr_un_unlink(&sa.un);
r = bind(s->stdout_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
r = bind(s->stdout_fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);

18
src/journal/journald-syslog.c
View File

@ -32,14 +32,11 @@ static void forward_syslog_iovec(
const struct ucred *ucred,
const struct timeval *tv) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
};
union sockaddr_union sa;
struct msghdr msghdr = {
.msg_iov = (struct iovec *) iovec,
.msg_iovlen = n_iovec,
.msg_name = (struct sockaddr*) &sa.sa,
.msg_namelen = SOCKADDR_UN_LEN(sa.un),
};
struct cmsghdr *cmsg;
union {
@ -60,6 +57,9 @@ static void forward_syslog_iovec(
return;
}
msghdr.msg_name = &sa.sa;
msghdr.msg_namelen = r;
if (ucred) {
zero(control);
msghdr.msg_control = &control;
@ -461,13 +461,13 @@ int server_open_syslog_socket(Server *s, const char *syslog_socket) {
assert(syslog_socket);
if (s->syslog_fd < 0) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
};
union sockaddr_union sa;
socklen_t sa_len;
r = sockaddr_un_set_path(&sa.un, syslog_socket);
if (r < 0)
return log_error_errno(r, "Unable to use namespace path %s for AF_UNIX socket: %m", syslog_socket);
sa_len = r;
s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (s->syslog_fd < 0)
@ -475,7 +475,7 @@ int server_open_syslog_socket(Server *s, const char *syslog_socket) {
(void) sockaddr_un_unlink(&sa.un);
r = bind(s->syslog_fd, &sa.sa, SOCKADDR_UN_LEN(sa.un));
r = bind(s->syslog_fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);

12
src/libsystemd/sd-bus/test-bus-watch-bind.c
View File

@ -41,9 +41,9 @@ static const sd_bus_vtable vtable[] = {
static void* thread_server(void *p) {
_cleanup_free_ char *suffixed = NULL, *suffixed2 = NULL, *d = NULL;
_cleanup_close_ int fd = -1;
union sockaddr_union u = {};
union sockaddr_union u;
const char *path = p;
int salen;
int r;
log_debug("Initializing server");
@ -66,13 +66,15 @@ static void* thread_server(void *p) {
assert_se(symlink(basename(suffixed), suffixed2) >= 0);
(void) usleep(100 * USEC_PER_MSEC);
salen = sockaddr_un_set_path(&u.un, path);
assert_se(salen >= 0);
socklen_t sa_len;
r = sockaddr_un_set_path(&u.un, path);
assert_se(r >= 0);
sa_len = r;
fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
assert_se(fd >= 0);
assert_se(bind(fd, &u.sa, salen) >= 0);
assert_se(bind(fd, &u.sa, sa_len) >= 0);
usleep(100 * USEC_PER_MSEC);
assert_se(listen(fd, SOMAXCONN) >= 0);

12
src/libsystemd/sd-daemon/sd-daemon.c
View File

@ -443,7 +443,7 @@ _public_ int sd_pid_notify_with_fds(
const int *fds,
unsigned n_fds) {
union sockaddr_union sockaddr = {};
union sockaddr_union sockaddr;
struct iovec iovec;
struct msghdr msghdr = {
.msg_iov = &iovec,
@ -454,7 +454,7 @@ _public_ int sd_pid_notify_with_fds(
struct cmsghdr *cmsg = NULL;
const char *e;
bool send_ucred;
int r, salen;
int r;
if (!state) {
r = -EINVAL;
@ -470,11 +470,10 @@ _public_ int sd_pid_notify_with_fds(
if (!e)
return 0;
salen = sockaddr_un_set_path(&sockaddr.un, e);
if (salen < 0) {
r = salen;
r = sockaddr_un_set_path(&sockaddr.un, e);
if (r < 0)
goto finish;
}
msghdr.msg_namelen = r;
fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0);
if (fd < 0) {
@ -485,7 +484,6 @@ _public_ int sd_pid_notify_with_fds(
(void) fd_inc_sndbuf(fd, SNDBUF_SIZE);
iovec = IOVEC_MAKE_STRING(state);
msghdr.msg_namelen = salen;
send_ucred =
(pid != 0 && pid != getpid_cached()) ||

14
src/login/pam_systemd.c
View File

@ -219,11 +219,12 @@ static int socket_from_display(const char *display, char **path) {
}
static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
union sockaddr_union sa = {};
union sockaddr_union sa;
socklen_t sa_len;
_cleanup_free_ char *p = NULL, *sys_path = NULL, *tty = NULL;
_cleanup_close_ int fd = -1;
struct ucred ucred;
int v, r, salen;
int v, r;
dev_t display_ctty;
assert(display);
@ -238,15 +239,16 @@ static int get_seat_from_display(const char *display, const char **seat, uint32_
r = socket_from_display(display, &p);
if (r < 0)
return r;
salen = sockaddr_un_set_path(&sa.un, p);
if (salen < 0)
return salen;
r = sockaddr_un_set_path(&sa.un, p);
if (r < 0)
return r;
sa_len = r;
fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
if (fd < 0)
return -errno;
if (connect(fd, &sa.sa, salen) < 0)
if (connect(fd, &sa.sa, sa_len) < 0)
return -errno;
r = getpeercred(fd, &ucred);

17
src/shared/ask-password-api.c
View File

@ -696,9 +696,10 @@ finish:
static int create_socket(char **ret) {
_cleanup_free_ char *path = NULL;
union sockaddr_union sa = {};
union sockaddr_union sa;
socklen_t sa_len;
_cleanup_close_ int fd = -1;
int salen, r;
int r;
assert(ret);
@ -709,14 +710,14 @@ static int create_socket(char **ret) {
if (asprintf(&path, "/run/systemd/ask-password/sck.%" PRIx64, random_u64()) < 0)
return -ENOMEM;
salen = sockaddr_un_set_path(&sa.un, path);
if (salen < 0)
return salen;
r = sockaddr_un_set_path(&sa.un, path);
if (r < 0)
return r;
sa_len = r;
RUN_WITH_UMASK(0177) {
if (bind(fd, &sa.sa, salen) < 0)
RUN_WITH_UMASK(0177)
if (bind(fd, &sa.sa, sa_len) < 0)
return -errno;
}
r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
if (r < 0)

8
src/shared/varlink.c
View File

@ -271,6 +271,7 @@ static int varlink_new(Varlink **ret) {
int varlink_connect_address(Varlink **ret, const char *address) {
_cleanup_(varlink_unrefp) Varlink *v = NULL;
union sockaddr_union sockaddr;
socklen_t sockaddr_len;
int r;
assert_return(ret, -EINVAL);
@ -279,6 +280,7 @@ int varlink_connect_address(Varlink **ret, const char *address) {
r = sockaddr_un_set_path(&sockaddr.un, address);
if (r < 0)
return r;
sockaddr_len = r;
r = varlink_new(&v);
if (r < 0)
@ -290,7 +292,7 @@ int varlink_connect_address(Varlink **ret, const char *address) {
v->fd = fd_move_above_stdio(v->fd);
if (connect(v->fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0) {
if (connect(v->fd, &sockaddr.sa, sockaddr_len) < 0) {
if (!IN_SET(errno, EAGAIN, EINPROGRESS))
return -errno;
@ -2224,6 +2226,7 @@ int varlink_server_listen_fd(VarlinkServer *s, int fd) {
int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t m) {
union sockaddr_union sockaddr;
socklen_t sockaddr_len;
_cleanup_close_ int fd = -1;
int r;
@ -2234,6 +2237,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
r = sockaddr_un_set_path(&sockaddr.un, address);
if (r < 0)
return r;
sockaddr_len = r;
fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (fd < 0)
@ -2244,7 +2248,7 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t
(void) sockaddr_un_unlink(&sockaddr.un);
RUN_WITH_UMASK(~m & 0777)
if (bind(fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0)
if (bind(fd, &sockaddr.sa, sockaddr_len) < 0)
return -errno;
if (listen(fd, SOMAXCONN) < 0)

13
src/socket-proxy/socket-proxyd.c
View File

@ -373,20 +373,21 @@ static int resolve_remote(Connection *c) {
.ai_flags = AI_ADDRCONFIG
};
union sockaddr_union sa = {};
const char *node, *service;
int r;
if (IN_SET(arg_remote_host[0], '/', '@')) {
int salen;
union sockaddr_union sa;
int sa_len;
salen = sockaddr_un_set_path(&sa.un, arg_remote_host);
if (salen < 0) {
log_error_errno(salen, "Specified address doesn't fit in an AF_UNIX address, refusing: %m");
r = sockaddr_un_set_path(&sa.un, arg_remote_host);
if (r < 0) {
log_error_errno(r, "Specified address doesn't fit in an AF_UNIX address, refusing: %m");
goto fail;
}
sa_len = r;
return connection_start(c, &sa.sa, salen);
return connection_start(c, &sa.sa, sa_len);
}
service = strrchr(arg_remote_host, ':');

3
src/test/test-sizeof.c
View File

@ -3,6 +3,8 @@
#include <sched.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#define __STDC_WANT_IEC_60559_TYPES_EXT__
#include <float.h>
@ -65,6 +67,7 @@ int main(void) {
info(pid_t);
info(uid_t);
info(gid_t);
info(socklen_t);
info(__cpu_mask);

14
src/tty-ask-password-agent/tty-ask-password-agent.c
View File

@ -57,17 +57,19 @@ static const char *arg_device = NULL;
static int send_passwords(const char *socket_name, char **passwords) {
_cleanup_(erase_and_freep) char *packet = NULL;
_cleanup_close_ int socket_fd = -1;
union sockaddr_union sa = {};
union sockaddr_union sa;
socklen_t sa_len;
size_t packet_length = 1;
char **p, *d;
ssize_t n;
int salen;
int r;
assert(socket_name);
salen = sockaddr_un_set_path(&sa.un, socket_name);
if (salen < 0)
return salen;
r = sockaddr_un_set_path(&sa.un, socket_name);
if (r < 0)
return r;
sa_len = r;
STRV_FOREACH(p, passwords)
packet_length += strlen(*p) + 1;
@ -86,7 +88,7 @@ static int send_passwords(const char *socket_name, char **passwords) {
if (socket_fd < 0)
return log_debug_errno(errno, "socket(): %m");
n = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, salen);
n = sendto(socket_fd, packet, packet_length, MSG_NOSIGNAL, &sa.sa, sa_len);
if (n < 0)
return log_debug_errno(errno, "sendto(): %m");

4
src/userdb/userdbctl.c
View File

@ -494,6 +494,7 @@ static int display_services(int argc, char *argv[], void *userdata) {
FOREACH_DIRENT(de, d, return -errno) {
_cleanup_free_ char *j = NULL, *no = NULL;
union sockaddr_union sockaddr;
socklen_t sockaddr_len;
_cleanup_close_ int fd = -1;
j = path_join("/run/systemd/userdb/", de->d_name);
@ -503,12 +504,13 @@ static int display_services(int argc, char *argv[], void *userdata) {
r = sockaddr_un_set_path(&sockaddr.un, j);
if (r < 0)
return log_error_errno(r, "Path %s does not fit in AF_UNIX socket address: %m", j);
sockaddr_len = r;
fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (fd < 0)
return log_error_errno(r, "Failed to allocate AF_UNIX/SOCK_STREAM socket: %m");
if (connect(fd, &sockaddr.un, SOCKADDR_UN_LEN(sockaddr.un)) < 0) {
if (connect(fd, &sockaddr.un, sockaddr_len) < 0) {
no = strjoin("No (", errno_to_name(errno), ")");
if (!no)
return log_oom();

9
src/userdb/userdbd-manager.c
View File

@ -265,11 +265,10 @@ int manager_startup(Manager *m) {
if (n == 1)
m->listen_fd = SD_LISTEN_FDS_START;
else {
union sockaddr_union sockaddr;
r = sockaddr_un_set_path(&sockaddr.un, "/run/systemd/userdb/io.systemd.NameServiceSwitch");
if (r < 0)
return log_error_errno(r, "Cannot assign socket path to socket address: %m");
union sockaddr_union sockaddr = {
.un.sun_family = AF_UNIX,
.un.sun_path = "/run/systemd/userdb/io.systemd.NameServiceSwitch",
};
r = mkdir_p("/run/systemd/userdb", 0755);
if (r < 0)