summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-01-23sd-network: fix memleak in dhcp6_lease_set_domains (#5113)Evgeny Vereshchagin
The simplest way to reproduce: ```diff diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index bd289fa..4e14d8f 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -286,6 +286,8 @@ static int test_advertise_option(sd_event *e) { assert_se(optlen == 11); assert_se(dhcp6_lease_set_domains(lease, optval, optlen) >= 0); + assert_se(dhcp6_lease_set_domains(lease, optval, + optlen) >= 0); break; case SD_DHCP6_OPTION_SNTP_SERVERS: ``` Fixes: ``` ==27369==ERROR: LeakSanitizer: detected memory leaks Direct leak of 10 byte(s) in 1 object(s) allocated from: #0 0x7f90e7d21160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f90e7467f69 in strv_extend src/basic/strv.c:552 #2 0x5612fcc19379 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x5612fcc1acdf in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x5612fcc06b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287 #5 0x5612fcc0a987 in main src/libsystemd-network/test-dhcp6-client.c:761 #6 0x7f90e6d46400 in __libc_start_main (/lib64/libc.so.6+0x20400) SUMMARY: AddressSanitizer: 10 byte(s) leaked in 1 allocation(s). ```
2017-01-23sd-network: fix memleak in dhcp6_option_parse_domainname (#5114)Evgeny Vereshchagin
The simplest way to reproduce: ```diff diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c index bd289fa..7b0a5ef 100644 --- a/src/libsystemd-network/test-dhcp6-client.c +++ b/src/libsystemd-network/test-dhcp6-client.c @@ -168,7 +168,7 @@ static uint8_t msg_advertise[198] = { 0x00, 0x17, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x0b, - 0x03, 0x6c, 0x61, 0x62, 0x05, 0x69, 0x6e, 0x74, + 0x01, 0x6c, 0x01, 0x62, 0x00, 0x0a, 0x6e, 0x74, 0x72, 0x61, 0x00, 0x00, 0x1f, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, @@ -338,9 +338,7 @@ static int test_advertise_option(sd_event *e) { assert_se(!memcmp(addrs, &msg_advertise[124], r * 16)); r = sd_dhcp6_lease_get_domains(lease, &domains); - assert_se(r == 1); - assert_se(!strcmp("lab.intra", domains[0])); - assert_se(domains[1] == NULL); + assert_se(r == -ENOENT); r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs); assert_se(r == 1); ``` Fixes: ``` ================================================================= ==15043==ERROR: LeakSanitizer: detected memory leaks Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552 #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x55f775774b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287 #5 0x55f77577883e in main src/libsystemd-network/test-dhcp6-client.c:759 #6 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400) Direct leak of 4 byte(s) in 1 object(s) allocated from: #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160) #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552 #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399 #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225 #4 0x55f775781348 in client_parse_message src/libsystemd-network/sd-dhcp6-client.c:807 #5 0x55f775781ba2 in client_receive_advertise src/libsystemd-network/sd-dhcp6-client.c:895 #6 0x55f775782453 in client_receive_message src/libsystemd-network/sd-dhcp6-client.c:994 #7 0x7f13c7e447f4 in source_dispatch src/libsystemd/sd-event/sd-event.c:2268 #8 0x7f13c7e471b0 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627 #9 0x7f13c7e47ab3 in sd_event_run src/libsystemd/sd-event/sd-event.c:2686 #10 0x7f13c7e47c21 in sd_event_loop src/libsystemd/sd-event/sd-event.c:2706 #11 0x55f77577863c in test_client_solicit src/libsystemd-network/test-dhcp6-client.c:737 #12 0x55f77577884b in main src/libsystemd-network/test-dhcp6-client.c:760 #13 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400) SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s). ```
2017-01-23hwdb: mark Wacom touchpads as external (#5115)Peter Hutterer
Wacom doesn't have any internal touchpads.
2017-01-23Merge pull request #5112 from yuwata/fix-5105Zbigniew Jędrzejewski-Szmek
core: add missing unit_add_to_load_queue() to mount_setup_new_unit()
2017-01-23core: add missing unit_add_to_load_queue() to mount_setup_new_unit()Yu Watanabe
unit_add_to_load_queue was present in the code before 03b8cfede9ff3441b1ec8ff5cdf6876294846aa4, and was inadvertently dropped. Fixes #5105
2017-01-23core: minor error handling fix in mount_setup_new_unit()Yu Watanabe
The function mount_setup_new_unit() should return -ENOMEM if at least one of `strdup` calls are failed.
2017-01-21Fixi caching in zsh completion (#5122)Александр Тихонов
I found several issues with zsh completion code: 1. typo in cache filename: "SYS_ALL_PROPRTIES", so cache just not loading from this file 2. cache stored in one file, despite user or system mode. So it can be loaded later in wrong mode 3. most serious problem: broken logic - it retrieves cache when _cache_invalid is true How to reproduce: type "systemctl --user status <TAB>" and you will see user units. Then press control+C and type "systemctl --system status <TAB>" in same session and you'll see user units again
2017-01-21Merge pull request #5126 from namhyung/journalctl-completionZbigniew Jędrzejewski-Szmek
bash_completion: Small update for journalctl completion.
2017-01-21bash_completion: journalctl: Complete -t option valuesNamhyung Kim
The -t or --identifier requires a syslog identifier.
2017-01-21bash_completion: journalctl: add missing optionsNamhyung Kim
The --no-hostname and --vacuum-files were missing, add them.
2017-01-20man: fix flag in systemd-run (#5107)Rike-Benjamin Schuppner
2017-01-19man: fix typos (#5109)Jakub Wilk
2017-01-18Merge pull request #5098 from evverx/fix-nspawn-notificationsDjalal Harouni
nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root
2017-01-17Merge pull request #4991 from poettering/seccomp-fixZbigniew Jędrzejewski-Szmek
2017-01-17pid1: provide a more detailed error message when execution fails (#5074)Zbigniew Jędrzejewski-Szmek
Fixes #5000.
2017-01-17seccomp: minor simplifications for is_seccomp_available()Lennart Poettering
2017-01-17seccomp: rework seccomp code, to improve compat with some archsLennart Poettering
This substantially reworks the seccomp code, to ensure better compatibility with some architectures, including i386. So far we relied on libseccomp's internal handling of the multiple syscall ABIs supported on Linux. This is problematic however, as it does not define clear semantics if an ABI is not able to support specific seccomp rules we install. This rework hence changes a couple of things: - We no longer use seccomp_rule_add(), but only seccomp_rule_add_exact(), and fail the installation of a filter if the architecture doesn't support it. - We no longer rely on adding multiple syscall architectures to a single filter, but instead install a separate filter for each syscall architecture supported. This way, we can install a strict filter for x86-64, while permitting a less strict filter for i386. - All high-level filter additions are now moved from execute.c to seccomp-util.c, so that we can test them independently of the service execution logic. - Tests have been added for all types of our seccomp filters. - SystemCallFilters= and SystemCallArchitectures= are now implemented in independent filters and installation logic, as they semantically are very much independent of each other. Fixes: #4575
2017-01-17man: fix typo (#5093)AsciiWolf
2017-01-17tests: check that we can write to /run/systemd/nspawn/notifyEvgeny Vereshchagin
See https://github.com/systemd/systemd/issues/4944
2017-01-17nspawn: change owner/group of /run/systemd/nspawn/notify to userns-rootEvgeny Vereshchagin
Fixes #4944
2017-01-16core: make sure to init mount params before calling mount_is_extrinsic() (#5087)Franck Bui
When a new entry appears in /proc/self/mountinfo, mount_setup_unit() allocated a new mount unit for it and starts initializing it. mount_setup_unit() is also used to update a mount unit when a change happens in /proc/self/mountinfo, for example a mountpoint can be remounted with additional mount options. This patch introduces 2 separate functions to deal with those 2 cases instead of mount_setup_unit() dealing with both of them. The common code is small and doing the split makes the code easier to read and less error prone if extended later. It also makes sure to initialize in both functions the mount parameters of the mount unit before calling mount_is_extrinsic() since this function relies on them. Fixes: #4902
2017-01-16ndisc: honor IPv6AcceptRA.UseDNS when parsing RA options (#5071)Cédric Schieli
RDNSS and DNSLL options received in RA are always used, possibly breaking the resolution of private domains hosted on a local DNS server. When setting UseDNS=no in a [IPv6AcceptRA] section of a .network file, both RDNSS and DNSLL options in received RA should be ignored. Fixes: #5040
2017-01-16hwdb: add axis range corrections for Lenovo X1 Carbon 4th gen. / X1 Yoga (#5089)Björn
The parameters were calculated on my X1 Yoga using touchpad-edge-detector; As as the device name indicates, the Touchpad is exactly the same as the X1 Carbon 4th gen.
2017-01-16Merge pull request #5085 from keszybz/variablesMartin Pitt
Fixes for gcc and coverity warnings
2017-01-15hwdb: Include X220 for pointingstick sensitivity (#5083)Earnestly
Without this the trackpoint is very difficult to manoeuvre until manually correcting the sysfs serio1/sensitivity entry.
2017-01-15hwdb: add Logitech TrackMan Wheel (#5084)kilian-k
2017-01-15nspawn: fix memleakZbigniew Jędrzejewski-Szmek
CID #1368262: fn is allocated with new, so it should be freed.
2017-01-15shared/install-printf: fix memleakZbigniew Jędrzejewski-Szmek
instance might be "", and that string would be leaked. CID #1368264.
2017-01-15systemctl: fix alignment with units in not-found stateZbigniew Jędrzejewski-Szmek
A fixed value (6 and later 5) was added back in 4deb3b93911, and not updated when load_len was added later on. Also the other 5 with 1 + 1 + 1 + 1 + 1 to make it easier to see that this is about the column separators.
2017-01-15systemctl: uninitalized variableZbigniew Jędrzejewski-Szmek
CID #1368270. Easily reproduced with COLUMNS=50 ./systemctl --no-pager.
2017-01-15process-util: rename char *r to ans and add commentZbigniew Jędrzejewski-Szmek
Add a comment about the return value and rename r to ans. r is nowadays reserved for the integer return value, and char *r is confusing.
2017-01-15journalctl: fix memleakZbigniew Jędrzejewski-Szmek
This is harmless, it would only happen if --verify-key is used multiple times. But let's fix it for correctness. CID ##1368415.
2017-01-15cryptsetup: fix unitialized variableZbigniew Jędrzejewski-Szmek
CID #1368416. Coverity web interface is back, yay!
2017-01-15udev: fix variable assignmentZbigniew Jędrzejewski-Szmek
gcc doesn't like &, even though &sbuf and buf are the same things afaiu. Follow-up for e20a917105b.
2017-01-14journalctl: expunge verification key from argv (#5081)Lucas Werkmeister
After parsing the --verify-key argument, overwrite it with null bytes. This minimizes (but does not completely eliminate) the time frame within which another process on the system can extract the verification key from the journalctl command line.
2017-01-14Merge pull request #4879 from poettering/systemdZbigniew Jędrzejewski-Szmek
2017-01-14man: provide a basic guide to the `systemctl status` output (#4950)Mark Stosberg
- Show example of all `systemctl status` output and documents what possible "Loaded:", "Active" and "Enabled" values mean. - Documents what different colors of the dot mean. - Documents "gotcha" with load-on-demand behavior which will report units as "loaded" even if they are only loaded to show their status. (From @poettering: https://github.com/systemd/systemd/issues/5063#issuecomment-272115024 )
2017-01-12Merge pull request #5069 from keszybz/fixletsLennart Poettering
Small fixes and enhancements to docs and code
2017-01-12Merge pull request #5068 from keszybz/kernel-install-process-subHarald Hoyer
kernel-install: avoid process substitution
2017-01-12rpm triggers: do nothing if systemd is not running (#5065)Zbigniew Jędrzejewski-Szmek
If we are running in a chroot/container/..., we would print a useless warning about not being able to communicate with systemd. Trying to do daemon-reload is pointless in those cases, so let's just skip all actions in that case. The check uses /run/system/system, as recommended by sd_booted(3). https://bugzilla.redhat.com/show_bug.cgi?id=1411299
2017-01-11systemctl: remove duplicate entries showed by list-dependencies (#5049)Franck Bui
When a unit is part of several dependency constraints of another unit, list-dependencies repeats the name of the dependency for each dep constraint the unit is encountered. For example: $ systemctl cat test-main.target # /etc/systemd/system/test-main.target [Unit] Description=Main Target $ systemctl cat test.target [Unit] Description=Sub target PartOf=test-main.target [Install] WantedBy=test-main.target $ systemctl enable test.target Created symlink from /etc/systemd/system/test-main.target.wants/test.target to /etc/systemd/system/test.target. $ systemctl show test-main.target | grep test.target Wants=test.target ConsistsOf=test.target [...] $ systemctl list-dependencies test-main.target test-main.target ● ├─test.target ● └─test.target With this patch applied, dependencies are shown only once.
2017-01-11Merge pull request #4837 from ddstreet/masterZbigniew Jędrzejewski-Szmek
Replace spaces in expanded fields in SYMLINK properties by default.
2017-01-11man: link to sd-j-{remote,upload} from journalctl(1)Zbigniew Jędrzejewski-Szmek
2017-01-11shell-completion: redirect all errors from systemctl to /dev/nullZbigniew Jędrzejewski-Szmek
Completion scripts should not generate errors, ever. https://bugzilla.redhat.com/show_bug.cgi?id=1409649
2017-01-11socket-util: drop _pure_ from a function with an output parameterZbigniew Jędrzejewski-Szmek
If it writes to memory, it's not pure, by definition. Fixup for 882ac6e769c5c.
2017-01-11core: add missing "=" in messageZbigniew Jędrzejewski-Szmek
For consistency. Also drop "e.g." because it's somewhat redundant with the ellipsis and the message is pretty long already. Follow-up for 4d1fe20a585ca.
2017-01-11networkd: reorder gperf fieldsZbigniew Jędrzejewski-Szmek
In eb64b435ebb2a7cb1274d5 ActiveSlave/PrimarySlave were inserted in between IPv6AcceptRA and IPv6AcceptRouterAdvertisements and the comment then didn't make sense. It turns out that gperf does not understand C-style comments, and that there's no comment syntax in the keywords section. The following was generated: {"/* legacy alias for the above */"}, {"Network.IPv6AcceptRA", config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra)}, In practice this wouldn't lead to problems because this fake pattern would be hard to match, but it seems better to remove the comments altogether. Readers of the .gperf file will have to look for the repeated output field to notice legacy options. To make this easier, let's always keep the legacy option second.
2017-01-11kernel-install: avoid process substitutionMichal Schmidt
bash implements process substitution using /dev/fd/N (this is documented in man bash). We'd like kernel-install to work in chrooted RPM scriptlets without /dev. We can use here-strings instead. bash uses temporary files to implement those.
2017-01-11Merge pull request #5009 from ian-kelling/ian-mnt-namespace-docZbigniew Jędrzejewski-Szmek
2017-01-11Document how restart actions work (#5052)micah
When a user is trying to understand what is going on with a restart action, it is useful to explicitly describe how the action is run. It may seem obvious, but it is helpful to be explicit so one knows there isn't a special ExecRestart= or similar option that they could be looking at.