From cc87b3f68f7c3b44be0c3fb1deee9d08bedc93d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 5 May 2021 15:38:33 +0200 Subject: [PATCH] core: fix crash in parsing of SocketBind{Allow,Deny}= Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33876. --- src/core/load-fragment.c | 45 +++++++++++++++--------- test/fuzz/fuzz-unit-file/oss-fuzz-33876 | Bin 0 -> 6164 bytes 2 files changed, 28 insertions(+), 17 deletions(-) create mode 100644 test/fuzz/fuzz-unit-file/oss-fuzz-33876 diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 4f506e51e8..cbc85d9695 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -5670,11 +5670,11 @@ int config_parse_cgroup_socket_bind( void *data, void *userdata) { _cleanup_free_ CGroupSocketBindItem *item = NULL; - const char *address_family = NULL, *user_port; + const char *user_port; uint16_t nr_ports = 0, port_min = 0; CGroupSocketBindItem **head = data; _cleanup_free_ char *word = NULL; - int af = AF_UNSPEC, r; + int af, r; if (isempty(rvalue)) { cgroup_context_remove_socket_bind(head); @@ -5684,29 +5684,40 @@ int config_parse_cgroup_socket_bind( r = extract_first_word(&rvalue, &word, ":", 0); if (r == -ENOMEM) return log_oom(); - - if (rvalue) - address_family = word; - - if (address_family) { - if (streq(address_family, "IPv4")) - af = AF_INET; - else if (streq(address_family, "IPv6")) - af = AF_INET6; - else - return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), - "Only IPv4 or IPv6 protocols are supported, ignoring"); + if (r <= 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Unable to parse %s= assignment, ignoring: %s", lvalue, rvalue); + return 0; + } + + if (rvalue) { + if (streq(word, "IPv4")) + af = AF_INET; + else if (streq(word, "IPv6")) + af = AF_INET6; + else { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Only IPv4 and IPv6 protocols are supported, ignoring."); + return 0; + } + + user_port = rvalue; + } else { + af = AF_UNSPEC; + user_port = word; } - user_port = rvalue ?: word; if (!streq(user_port, "any")) { uint16_t port_max; r = parse_ip_port_range(user_port, &port_min, &port_max); if (r == -ENOMEM) return log_oom(); - if (r < 0) - return log_warning_errno(r, "Invalid port or port range, ignoring: %m"); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, + "Invalid port or port range, ignoring: %m"); + return 0; + } nr_ports = 1 + port_max - port_min; } diff --git a/test/fuzz/fuzz-unit-file/oss-fuzz-33876 b/test/fuzz/fuzz-unit-file/oss-fuzz-33876 new file mode 100644 index 0000000000000000000000000000000000000000..00b38581f8ce44853c95492886c3b7e7fe64bdb8 GIT binary patch literal 6164 zcmXR;Eh@`QPUVUYhA?8ef>Mi15{qMEVhjunDhv!1V!(uBW^!sQmx3WzP-uN^H4;OA?DpN(-C=LW46B^K*35i}Fhg7#O@W zb8>u3ia-J>PKkLb<(VlZ8Ma(bIr+$%Vceq3l2oU}w8YY!65rHZTP|Oi3Hd3hw#oT< z5QC6R#xI_ko?*-7o0^+nROyqMn^^+qz z^K|qHj(70{vHgQ03FyHz4UYxribwMV0|NtH@;h>}9!Ys(w5+9VJu*_$6>Z8|s+79$ zVjf$eKUCd~SqssX_3n8is zu7o#lobpTaN;31(VGRY30cc{tnp&_%6Sf9eQ7Wj(l3!FwxFwT?qa{O(HK1l4Qfmxf z^GwfD!9dRv(in40P9`xNYv>3-%|&qI59C-7E~@m+%maxc2WDPL5o#kBsVPdCUqLp( z?FZWpOKr&Z6Ka-zUeGuL+Ey(~0XI$I5lUj%Be{o=rBDm=@LLFPDp1%>3c=lIuC#@8 zzrcOJ3Il`DK2(k`QUXQko#7WBfC7%V0-SKQq>aB52JRz`_Mx0c#}%kJu0TZRf3)QR zttN(H%L7(ZQ(k{V!w6cHQmaVBYzKo&L6i|I5{g7}TI!&o*3mL&FpgzfA&qW=Ta1G= J)e#!Z1OU6h2u%P0 literal 0 HcmV?d00001