1. 06 Mar, 2020 1 commit
    • Thomas Haller's avatar
      shared/systemd: fix gettid() compat implementation shadowing function from glibc · 4ae20ea8
      Thomas Haller authored
      On Fedora rawhide we get the following build failure:
      
          In file included from shared/systemd/src/basic/alloc-util.c:3:
          ./shared/systemd/sd-adapt-shared/nm-sd-adapt-shared.h:114:21: error: static declaration of 'gettid' follows non-static declaration
            114 | static inline pid_t gettid(void) {
                |                     ^~~~~~
          In file included from /usr/include/unistd.h:1170,
                           from /usr/include/glib-2.0/gio/gcredentials.h:32,
                           from /usr/include/glib-2.0/gio/gio.h:46,
                           from ./shared/nm-utils/nm-macros-internal.h:31,
                           from ./shared/nm-default.h:293,
                           from ./shared/systemd/sd-adapt-shared/nm-sd-adapt-shared.h:22,
                           from shared/systemd/src/basic/alloc-util.c:3:
          /usr/include/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here
             34 | extern __pid_t gettid (void) __THROW;
                |                ^~~~~~
      
      glibc supports now gettid() call ([1]) which conflicts with our compat
      implementation. Rename it.
      
      [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=1d0fc213824eaa2a8f8c4385daaa698ee8fb7c92
      
      (cherry picked from commit 10276322)
      (cherry picked from commit cfb970b2)
      (cherry picked from commit d160b7b9)
      (cherry picked from commit b10a7e57)
      4ae20ea8
  2. 18 Jul, 2019 1 commit
    • Thomas Haller's avatar
      device: fix reapplying changes to connection ID and UUID · 0e8fb0ad
      Thomas Haller authored
      4 properties are not really relevant for an already activated connection
      or it makes not sense to change them. These are connection.id, connection.uuid,
      connection.autoconnect and connection.stable-id.
      
      For convenience, we allow to reapply these. This way, one can take
      a different setting (e.g. with a different connection.id or
      connection.uuid) and reapply them, but such changes are silently
      ignored.
      
      However this was done wrongly. Instead of reverting the change to the new
      applied connection, we would change the input connection.
      
      This is bad, for example with
      
        nmcli connection up uuid cb922f18-e99a-49c6-b200-1678b5070a82
        nmcli connection modify cb922f18-e99a-49c6-b200-1678b5070a82 con-name "bogus"
        nmcli device reapply eth0
      
      the last re-apply would reset the settings-connection's connection ID to
      what was before, while accepting the new name on the applied-connection
      (while it should have been rejected).
      
      Fixes: bf3b3d44 ('device: avoid changing immutable properties during reapply')
      
      (cherry picked from commit adb51c2a)
      (cherry picked from commit 09f37d5b)
      (cherry picked from commit 9c72ca5e)
      (cherry picked from commit b1209e37)
      (cherry picked from commit cacb80e5)
      0e8fb0ad
  3. 09 Jul, 2019 1 commit
  4. 20 Feb, 2019 2 commits
  5. 19 Feb, 2019 1 commit
  6. 11 Dec, 2018 2 commits
  7. 30 Nov, 2018 4 commits
  8. 29 Nov, 2018 1 commit
  9. 28 Nov, 2018 1 commit
    • Thomas Haller's avatar
      platform/tests: fix assertion for unit test for address lifetime · 8912c936
      Thomas Haller authored
      Sometimes the test fail:
      
          $ make -j 10 src/platform/tests/test-address-linux
          $ while true; do
                NMTST_DEBUG=d ./tools/run-nm-test.sh src/platform/tests/test-address-linux 2>&1 > log.txt || break;
            done
      
      fails with:
      
          ERROR: src/platform/tests/test-address-linux - Bail out! test:ERROR:src/platform/tests/test-common.c:790:nmtstp_ip_address_assert_lifetime: assertion failed (adr <= lft): (1001 <= 1000)
      
      That is, because of a wrong check. Fix it.
      
      (cherry picked from commit e180464b)
      (cherry picked from commit 66cbca1f)
      (cherry picked from commit 7820d71e)
      8912c936
  10. 23 Nov, 2018 1 commit
  11. 22 Nov, 2018 5 commits
  12. 20 Nov, 2018 3 commits
  13. 15 Nov, 2018 1 commit
  14. 12 Nov, 2018 1 commit
  15. 29 Oct, 2018 7 commits
    • Thomas Haller's avatar
      00bbf472
    • Lennart Poettering's avatar
      dhcp6: make sure we have enough space for the DHCP6 option header · c3221cb0
      Lennart Poettering authored and Thomas Haller's avatar Thomas Haller committed
      Fixes a vulnerability originally discovered by Felix Wilhelm from
      Google.
      
      CVE-2018-15688
      LP: #1795921
      https://bugzilla.redhat.com/show_bug.cgi?id=1639067
      
      (cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)
      (cherry picked from commit 01ca2053)
      (cherry picked from commit fc230dca)
      (cherry picked from commit cc1e5a7f)
      c3221cb0
    • Li Song's avatar
      sd-dhcp: remove unreachable route after rebinding return NAK · 1cfefbb9
      Li Song authored and Thomas Haller's avatar Thomas Haller committed
      (cherry picked from commit cc3981b1272b9ce37e7d734a7b2f42e84acac535)
      (cherry picked from commit 915c2f67)
      (cherry picked from commit cb77290a)
      (cherry picked from commit f211b140)
      1cfefbb9
    • Yu Watanabe's avatar
      sd-dhcp6: make dhcp6_option_parse_domainname() not store empty domain · 4ca0e57c
      Yu Watanabe authored and Thomas Haller's avatar Thomas Haller committed
      This improves performance of fuzzer.
      C.f. oss-fuzz#11019.
      
      (cherry picked from commit 3c72b6ed4252e7ff5f7704bfe44557ec197b47fa)
      (cherry picked from commit 50403ccc)
      (cherry picked from commit f11f5abb)
      (cherry picked from commit c836279f)
      4ca0e57c
    • Yu Watanabe's avatar
      sd-dhcp-lease: fix memleaks · 4439f078
      Yu Watanabe authored and Thomas Haller's avatar Thomas Haller committed
      (cherry picked from commit e2975f854831d08a25b4f5eb329b6d04102e115f)
      (cherry picked from commit 157094ab)
      (cherry picked from commit 3fd9d116)
      4439f078
    • Evgeny Vereshchagin's avatar
      dhcp6: fix an off-by-one error in dhcp6_option_parse_domainname · 0f25f477
      Evgeny Vereshchagin authored and Thomas Haller's avatar Thomas Haller committed
      ==14==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200055fa9c at pc 0x0000005458f1 bp 0x7ffc78940d90 sp 0x7ffc78940d88
      READ of size 1 at 0x60200055fa9c thread T0
          #0 0x5458f0 in dhcp6_option_parse_domainname /work/build/../../src/systemd/src/libsystemd-network/dhcp6-option.c:555:29
          #1 0x54706e in dhcp6_lease_set_domains /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-lease.c:242:13
          #2 0x53fce0 in client_parse_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:984:29
          #3 0x53f3bc in client_receive_advertise /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1083:13
          #4 0x53d57f in client_receive_message /work/build/../../src/systemd/src/libsystemd-network/sd-dhcp6-client.c:1182:21
          #5 0x7f0f7159deee in source_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3042:21
          #6 0x7f0f7159d431 in sd_event_dispatch /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3455:21
          #7 0x7f0f7159ea8d in sd_event_run /work/build/../../src/systemd/src/libsystemd/sd-event/sd-event.c:3512:21
          #8 0x531f2b in fuzz_client /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:44:9
          #9 0x531bc1 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-dhcp6-client.c:53:9
          #10 0x57bec8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:570:15
          #11 0x579d67 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:479:3
          #12 0x57dc92 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:707:19
          #13 0x580ca6 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:838:5
          #14 0x55e968 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
          #15 0x551a1c in main /src/libfuzzer/FuzzerMain.cpp:20:10
          #16 0x7f0f701a082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
          #17 0x41e928 in _start (/out/fuzz-dhcp6-client+0x41e928)
      
      https://github.com/systemd/systemd/pull/10200
      https://github.com/systemd/systemd/commit/b387d3c1327a3ad2a2509bd3d3491e674392ff21
      (cherry picked from commit 7cb7cffc)
      (cherry picked from commit cd3aacef)
      (cherry picked from commit 5b140a77)
      0f25f477
    • Thomas Haller's avatar
      systemd/dhcp: fix assertion starting DHCP client without MAC address · 1031b2bb
      Thomas Haller authored
      An assertion in dhcp_network_bind_raw_socket() is triggered when
      starting an sd_dhcp_client without setting setting a MAC address
      first.
      
        - sd_dhcp_client_start()
          - client_start()
            - client_start_delayed()
              - dhcp_network_bind_raw_socket()
      
      In that case, the arp-type and MAC address is still unset. Note that
      dhcp_network_bind_raw_socket() already checks for a valid arp-type
      and MAC address below, so we should just gracefully return -EINVAL.
      
      Maybe sd_dhcp_client_start() should fail earlier when starting without
      MAC address. But the failure here will be correctly propagated and
      the start aborted.
      
      See-also: https://github.com/systemd/systemd/pull/10054
      (cherry picked from commit 34af574d)
      (cherry picked from commit 0a797bdc)
      (cherry picked from commit f37ed84c)
      1031b2bb
  16. 25 Oct, 2018 1 commit
  17. 19 Oct, 2018 7 commits