oweals/libubox.git
4 years agotests: fuzz: fuzz _len variants of checking methods
Petr Štetiar [Wed, 11 Dec 2019 05:35:17 +0000 (06:35 +0100)]
tests: fuzz: fuzz _len variants of checking methods

In order to increase test coverage.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblobmsg: add _len variants for all attribute checking methods
Tobias Schramm [Thu, 15 Nov 2018 02:42:48 +0000 (03:42 +0100)]
blobmsg: add _len variants for all attribute checking methods

Introduce _len variants of blobmsg attribute checking functions which
aims to provide safer implementation as those functions should limit all
memory accesses performed on the blob to the range [attr, attr + len]
(upper bound non inclusive) and thus should be suited for checking of
untrusted blob attributes.

While at it add some comments in order to make it clear.

Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[_safe -> _len, blobmsg_check_array_len fix, commit subject/desc facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoReplace use of blobmsg_check_attr by blobmsg_check_attr_len
Tobias Schramm [Tue, 13 Nov 2018 03:16:12 +0000 (04:16 +0100)]
Replace use of blobmsg_check_attr by blobmsg_check_attr_len

blobmsg_check_attr_len adds a length limit specifying the max offset
from attr that can be read safely.

Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[rebased and reworked, line wrapped commit message, _safe -> _len]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoEnsure blob_attr length check does not perform out of bounds reads
Tobias Schramm [Wed, 28 Nov 2018 12:39:29 +0000 (13:39 +0100)]
Ensure blob_attr length check does not perform out of bounds reads

Before there might have been as little as one single byte left which
would result in 3 bytes of blob_attr->id_len being out of bounds.

Acked-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[line wrapped < 72 chars]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblobmsg: fix heap buffer overflow in blobmsg_parse
Petr Štetiar [Tue, 10 Dec 2019 11:02:40 +0000 (12:02 +0100)]
blobmsg: fix heap buffer overflow in blobmsg_parse

Fixes following error found by the fuzzer:

 ==29774==ERROR: AddressSanitizer: heap-buffer-overflow
 READ of size 1 at 0x6020004f1c56 thread T0
     #0 strcmp sanitizer_common_interceptors.inc:442:3
     #1 blobmsg_parse blobmsg.c:168:8

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
Petr Štetiar [Tue, 10 Dec 2019 10:53:23 +0000 (11:53 +0100)]
blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value

One usually doesn't guard against negative length values in the code.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotests: add test cases for blobmsg parsing
Petr Štetiar [Tue, 10 Dec 2019 10:51:43 +0000 (11:51 +0100)]
tests: add test cases for blobmsg parsing

Increasing test coverage.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotest: fuzz: add blobmsg_check_attr crashes
Petr Štetiar [Tue, 10 Dec 2019 13:58:40 +0000 (14:58 +0100)]
test: fuzz: add blobmsg_check_attr crashes

 ==31775==ERROR: AddressSanitizer: SEGV on unknown address 0x604000a7c715
 ==31775==The signal is caused by a READ memory access.
    #0 blobmsg_check_attr blobmsg.c:48:6
    #1 blobmsg_parse_array blobmsg.c:118:8
    #2 fuzz_blobmsg_parse test-blobmsg-parse-fuzzer.c:35:2

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblob: fix OOB access in blob_check_type
Petr Štetiar [Mon, 9 Dec 2019 14:27:16 +0000 (15:27 +0100)]
blob: fix OOB access in blob_check_type

Found by fuzzer:

 ERROR: AddressSanitizer: SEGV on unknown address 0x602100000455
 The signal is caused by a READ memory access.
     #0 in blob_check_type blob.c:214:43
     #1 in blob_parse_attr blob.c:234:9
     #2 in blob_parse_untrusted blob.c:272:12
     #3 in fuzz_blob_parse tests/fuzzer/test-blob-parse-fuzzer.c:34:2
     #4 in LLVMFuzzerTestOneInput tests/fuzzer/test-blob-parse-fuzzer.c:39:2

Caused by following line:

if (type == BLOB_ATTR_STRING && data[len - 1] != 0)

where len was pointing outside of the data buffer.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotests: use blob_parse_untrusted variant
Petr Štetiar [Mon, 9 Dec 2019 13:47:40 +0000 (14:47 +0100)]
tests: use blob_parse_untrusted variant

In order to be able to use invalid input for testing as well.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblob: introduce blob_parse_untrusted
Petr Štetiar [Mon, 9 Dec 2019 13:11:45 +0000 (14:11 +0100)]
blob: introduce blob_parse_untrusted

blob_parse can be only used on trusted input as it has no possibility to
check the length of the provided input buffer, which might lead to
undefined behaviour and/or crashes when supplied with malformed,
corrupted or otherwise specially crafted input.

So this introduces blob_parse_untrusted variant which expects additional
input buffer length argument and thus should be able to process also
inputs from untrusted sources.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblob: refactor attr parsing into separate function
Petr Štetiar [Mon, 9 Dec 2019 12:53:27 +0000 (13:53 +0100)]
blob: refactor attr parsing into separate function

Making blob_parse easier to review.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotest: fuzz: add blob_parse crashes
Petr Štetiar [Tue, 10 Dec 2019 16:12:07 +0000 (17:12 +0100)]
test: fuzz: add blob_parse crashes

==5872==ERROR: AddressSanitizer: SEGV on unknown address 0x6020004100b4
==5872==The signal is caused by a READ memory access.
    #0 blob_data blob.h
    #1 blob_parse blob.c:228:2

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotests: add test cases for blob parsing
Petr Štetiar [Mon, 9 Dec 2019 12:28:25 +0000 (13:28 +0100)]
tests: add test cases for blob parsing

Increasing test coverage.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotests: add libFuzzer based tests
Petr Štetiar [Sun, 8 Dec 2019 14:11:02 +0000 (15:11 +0100)]
tests: add libFuzzer based tests

LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.

LibFuzzer is linked with the library under test, and feeds fuzzed inputs
to the library via a specific fuzzing entrypoint (aka "target
function"); the fuzzer then tracks which areas of the code are reached,
and generates mutations on the corpus of input data in order to maximize
the code coverage.

Lets use libFuzzer to fuzz blob and blobmsg parsing for the start.

Ref: https://llvm.org/docs/LibFuzzer.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agotests: add unit tests covered with Clang sanitizers
Petr Štetiar [Sun, 8 Dec 2019 12:12:47 +0000 (13:12 +0100)]
tests: add unit tests covered with Clang sanitizers

Currently we run all tests via Valgrind. This patch adds 2nd batch of
tests which are compiled with Clang AddressSanitizer[1],
LeakSanitizer[2] and UndefinedBehaviorSanitizer[3] in order to catch
more issues during QA on CI.

AddressSanitizer is a fast memory error detector.  The tool can detect
the following types of bugs:

 * Out-of-bounds accesses to heap, stack and globals
 * Use-after-free, use-after-return, use-after-scope
 * Double-free, invalid free

LeakSanitizer is a run-time memory leak detector. It can be combined
with AddressSanitizer to get both memory error and leak detection, or
used in a stand-alone mode.

UndefinedBehaviorSanitizer (UBSan) is a fast undefined behavior
detector. UBSan modifies the program at compile-time to catch various
kinds of undefined behavior during program execution, for example:

 * Using misaligned or null pointer
 * Signed integer overflow
 * Conversion to, from, or between floating-point types which would
   overflow the destination

1. http://clang.llvm.org/docs/AddressSanitizer.html
2. http://http://clang.llvm.org/docs/LeakSanitizer.html
3. http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agocmake: add more hardening compiler flags
Petr Štetiar [Sat, 7 Dec 2019 12:29:05 +0000 (13:29 +0100)]
cmake: add more hardening compiler flags

In order to spot possible issues with direct impact on security during
QA on CI (GCC version 6 and higher).

Ref: https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
4 years agoblobmsg/ulog: fix format string compiler warnings
Petr Štetiar [Sat, 7 Dec 2019 12:34:25 +0000 (13:34 +0100)]
blobmsg/ulog: fix format string compiler warnings

Fixes following compiler warnings:

 blobmsg.c:242:39: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
 blobmsg.c:248:23: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
 ulog.c:100:18: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
 ulog.c:112:16: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
 ulog.c:117:20: error: format string is not a string literal [-Werror,-Wformat-nonliteral]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agocmake: use extra compiler warnings only on gcc6+
Petr Štetiar [Tue, 26 Nov 2019 07:32:57 +0000 (08:32 +0100)]
cmake: use extra compiler warnings only on gcc6+

gcc version 4.8.4 (Ubuntu 14.04) and -Wextra produces following:

 json_script.c:124:3: error: missing initializer for field 'name' of 'struct blobmsg_policy' [-Werror=missing-field-initializers]

Reported-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agotests: jshn: add more test cases
Petr Štetiar [Sat, 23 Nov 2019 22:51:20 +0000 (23:51 +0100)]
tests: jshn: add more test cases

In order to cover all command line options.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agojshn: fix missing usage for -p and -o arguments
Petr Štetiar [Sat, 23 Nov 2019 22:40:48 +0000 (23:40 +0100)]
jshn: fix missing usage for -p and -o arguments

Add missing usage hints for -p and -o arguments.

Fixes: e16fa068a573 ("jshn: add support for namespaces")
Fixes: eb30a03048f8 ("libubox, jshn: add option to write output to a file")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agojshn: fix off by one in jshn_parse_file
Petr Štetiar [Sat, 23 Nov 2019 21:48:25 +0000 (22:48 +0100)]
jshn: fix off by one in jshn_parse_file

Fixes following error:

 Invalid read of size 1
   at 0x4C32D04: strlen
   by 0x5043367: json_tokener_parse_ex
   by 0x5045316: json_tokener_parse_verbose
   by 0x504537D: json_tokener_parse
   by 0x401AB1: jshn_parse (jshn.c:179)
   by 0x40190D: jshn_parse_file (jshn.c:370)
   by 0x40190D: main (jshn.c:434)
 Address 0x5848c4c is 0 bytes after a block of size 1,036 alloc'd
   at 0x4C2FB0F: malloc
   by 0x4018E2: jshn_parse_file (jshn.c:357)
   by 0x4018E2: main (jshn.c:434)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agojshn: jshn_parse: fix leaks of memory pointed to by 'obj'
Petr Štetiar [Tue, 19 Nov 2019 13:09:43 +0000 (14:09 +0100)]
jshn: jshn_parse: fix leaks of memory pointed to by 'obj'

Fixes following leaks of memory:

 352 (72 direct, 280 indirect) bytes in 1 blocks are definitely lost in loss record 3 of 3
   at 0x4C31B25: calloc
   by 0x5042E1F: json_object_new_array
   by 0x5044B02: json_tokener_parse_ex
   by 0x5045316: json_tokener_parse_verbose
   by 0x504537D: json_tokener_parse
   by 0x401AA9: jshn_parse (jshn.c:179)
   by 0x401977: main (jshn.c:378)

 752 (72 direct, 680 indirect) bytes in 1 blocks are definitely lost in loss record 6 of 6
   at 0x4C31B25: calloc
   by 0x50424CF: json_object_new_object
   by 0x5044B38: json_tokener_parse_ex
   by 0x5045316: json_tokener_parse_verbose
   by 0x504537D: json_tokener_parse
   by 0x401AA9: jshn_parse (jshn.c:179)
   by 0x401977: main (jshn.c:380)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agojshn: main: fix leak of memory pointed to by 'vars'
Petr Štetiar [Tue, 19 Nov 2019 11:34:14 +0000 (12:34 +0100)]
jshn: main: fix leak of memory pointed to by 'vars'

Fixes following leak of memory:

 6,016 bytes in 1 blocks are possibly lost in loss record 1 of 1
    at 0x4C31B25: calloc
    by 0x1098F8: main (jshn.c:353)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agojshn: refactor main into smaller pieces
Petr Štetiar [Sat, 23 Nov 2019 21:27:46 +0000 (22:27 +0100)]
jshn: refactor main into smaller pieces

Turn longer switch cases into separate functions in order to make it
easier to follow. Don't return from the cases as it makes future
cleaning up harder.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoavl: guard against theoretical null pointer dereference
Petr Štetiar [Wed, 20 Nov 2019 08:31:08 +0000 (09:31 +0100)]
avl: guard against theoretical null pointer dereference

clang-10 analyzer reports following:

 avl.c:671:25: warning: Access to field 'parent' results in a dereference of a null pointer (loaded from field 'right')
     node->right->parent = parent;
           ~~~~~         ^

Which seems to be impossible to trigger via exported AVL public API, but
it could be probably trigerred by fiddling with the AVL tree node struct
members manually as they are exposed.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoblobmsg_json: fix possible uninitialized struct member
Petr Štetiar [Tue, 19 Nov 2019 16:34:25 +0000 (17:34 +0100)]
blobmsg_json: fix possible uninitialized struct member

clang-10 analyzer reports following:

 blobmsg_json.c:285:2: warning: The expression is an uninitialized value. The computed value will also be garbage
         s->indent_level++;
         ^~~~~~~~~~~~~~~~~

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agobase64: fix possible null pointer dereference
Petr Štetiar [Tue, 19 Nov 2019 16:16:40 +0000 (17:16 +0100)]
base64: fix possible null pointer dereference

clang-10 analyzer reports following:

 base64.c:325:20: warning: Array access (from variable 'target') results in a null pointer dereference
                 target[tarindex] = 0;
                 ~~~~~~           ^

and prepared test case confirms it:

 Invalid write of size 1
    at 0x4E4463F: b64_decode (base64.c:325)
    by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
    by 0x40088C: main (tests/test-base64.c:32)
  Address 0x1 is not stack'd, malloc'd or (recently) free'd

 Process terminating with default action of signal 11 (SIGSEGV)
  Access not within mapped region at address 0x1
    at 0x4E4463F: b64_decode (base64.c:325)
    by 0x40088C: test_invalid_inputs (tests/test-base64.c:26)
    by 0x40088C: main (tests/test-base64.c:32)

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoadd assert.h component
Petr Štetiar [Wed, 20 Nov 2019 17:02:39 +0000 (18:02 +0100)]
add assert.h component

In order to allow seamless assert() usage in release builds without the
need for fiddling with CMake C flags as CMake adds -DNDEBUG switch in
release builds which disable assert().

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoadd cram based unit tests
Petr Štetiar [Tue, 19 Nov 2019 13:31:44 +0000 (14:31 +0100)]
add cram based unit tests

For improved QA etc. For the start with initial test cases for avl,
base64, jshn and list components. Moved runqueue and blobmsg from
examples to tests.  Converted just a few first test cases from
json-script example into the new cram based unit test, more to come.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoadd initial GitLab CI support
Petr Štetiar [Fri, 27 Sep 2019 21:24:44 +0000 (23:24 +0200)]
add initial GitLab CI support

Uses currently proof-of-concept openwrt-ci[1] in order to:

 * improve the quality of the codebase in various areas
 * decrease code review time and help merging contributions faster
 * get automagic feedback loop on various platforms and tools
   - out of tree build with OpenWrt SDK on following targets:
     * ath79-generic
     * imx6-generic
     * malta-be
     * mvebu-cortexa53
   - out of tree native build on x86/64 with GCC (versions 7, 8, 9) and Clang 10
   - out of tree native x86/64 static code analysis with cppcheck and
     scan-build from Clang 10

1. https://gitlab.com/ynezz/openwrt-ci/

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoenable extra compiler checks
Petr Štetiar [Mon, 10 Jun 2019 06:45:56 +0000 (08:45 +0200)]
enable extra compiler checks

Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoiron out all extra compiler warnings
Petr Štetiar [Mon, 10 Jun 2019 06:47:38 +0000 (08:47 +0200)]
iron out all extra compiler warnings

gcc-9 on x86/64 has reported following issues:

 base64.c:173:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:230:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:238:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:242:22: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:252:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:256:22: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:266:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:315:27: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:329:15: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 blob.c:207:11: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blob.c:210:11: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blob.c:243:31: error: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Werror=sign-compare]
 blob.c:246:31: error: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Werror=sign-compare]
 blob.h:245:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blob.h:253:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blobmsg.h:269:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blobmsg_json.c:155:10: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 examples/../blob.h:245:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 examples/../blobmsg.h:269:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 json_script.c:590:7: error: this statement may fall through [-Werror=implicit-fallthrough=]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agovlist: add more macros for loop iteration
Yousong Zhou [Tue, 29 Oct 2019 07:24:20 +0000 (07:24 +0000)]
vlist: add more macros for loop iteration

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agolibubox, jshn: add option to write output to a file
Roman Yeryomin [Fri, 13 Sep 2019 22:22:48 +0000 (01:22 +0300)]
libubox, jshn: add option to write output to a file

This would allow board_config_flush to run one command instead
of two and would be faster and safer than redirecting output
and moving a file between filesystems.

Originally discussed here:
http://lists.openwrt.org/pipermail/openwrt-devel/2017-December/010127.html

Signed-off-by: Roman Yeryomin <roman@advem.lv>
5 years agoustream: Add format string checks to ustream_(v)printf()
Hauke Mehrtens [Sun, 9 Jun 2019 11:00:21 +0000 (13:00 +0200)]
ustream: Add format string checks to ustream_(v)printf()

This tells the compiler that these functions are takeing a format
string, the compiler will now do additional checks and is able to emitt
a compile warning in case the format string is not valid.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agolibubox: add format string checking to ulog()
Kristupas Savickas [Thu, 6 Jun 2019 18:28:32 +0000 (21:28 +0300)]
libubox: add format string checking to ulog()

This offers an increased level of security, as the arguments will be
checked for validity against the format string at compile time. The
format attribute is supported by both GCC and Clang, so there shouldn't
be any portability issues.

Signed-off-by: Kristupas Savickas <savickas.kristupas@gmail.com>
5 years agoblobmsg_json: blobmsg_format_string: do not escape '/'
Yousong Zhou [Wed, 27 Feb 2019 02:48:47 +0000 (02:48 +0000)]
blobmsg_json: blobmsg_format_string: do not escape '/'

Resolves FS#2147

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agofix segfault when passed blobmsg attr is NULL
John Crispin [Wed, 25 Jul 2018 08:30:05 +0000 (10:30 +0200)]
fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoutils: add const_* byteswapping functions
Felix Fietkau [Thu, 7 Jun 2018 13:18:51 +0000 (15:18 +0200)]
utils: add const_* byteswapping functions

Some gcc versions have issues with the __builtin_choose_expr construct
which attempts to automatically use the const versions of those
functions.

Make it possible to explicitly use const_* versions to avoid that.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoutils: fix build error with g++
Felix Fietkau [Thu, 12 Apr 2018 08:26:22 +0000 (10:26 +0200)]
utils: fix build error with g++

g++ does not support __builtin_choose_expr, so we can't support
byte swapping as constant expression there.

Reported-by: Cleynhens Stijn <Stijn.Cleynhens@technicolor.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoswitch from typeof to the more portable __typeof__
Felix Fietkau [Sat, 7 Apr 2018 13:21:25 +0000 (15:21 +0200)]
switch from typeof to the more portable __typeof__

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoutils: ensure that byte-order conversion functions evaluate the argument only once
Felix Fietkau [Sat, 7 Apr 2018 08:43:48 +0000 (10:43 +0200)]
utils: ensure that byte-order conversion functions evaluate the argument only once

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agojshn: fix format string for int64 type
Felix Fietkau [Sat, 7 Apr 2018 08:36:38 +0000 (10:36 +0200)]
jshn: fix format string for int64 type

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoutils: use constant byte-order conversion
Felix Fietkau [Wed, 21 Mar 2018 16:53:40 +0000 (17:53 +0100)]
utils: use constant byte-order conversion

Simplifies portability and ensures that cpu_to_* can be used in const
declarations. If the architecture has special instructions, the compiler
should be able to detect the pattern and use them.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agolibubox: Plug a small memory leak.
Rosen Penev [Fri, 2 Feb 2018 06:52:12 +0000 (22:52 -0800)]
libubox: Plug a small memory leak.

va_end was not called if calloc fails.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agosh/jshn.sh: add json_for_each_item()
Hans Dedecker [Thu, 1 Feb 2018 15:41:27 +0000 (16:41 +0100)]
sh/jshn.sh: add json_for_each_item()

Function usefull to iterate through the different elements of an
array or object; the provided callback function is called for each
element which is passed the value, key and user provided arguments.
For field types different from array or object the callback is called
with the retrieved value.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
6 years agojshn: add functionality to read big JSON
Christian Beier [Thu, 18 Jan 2018 20:21:09 +0000 (21:21 +0100)]
jshn: add functionality to read big JSON

The existing read functionality feeds the complete JSON to jshn as a
cmdline argument, leading to `-ash: jshn: Argument list too long`
errors for JSONs bigger than ca. 100KB.

This commit adds the ability to read the JSON directly from a file if
wanted, removing this shell-imposed size limit.

Tested on x86-64 and ar71xx. An mmap()-based solution was also evaluated,
but found to make no performance difference on either platform.

Signed-off-by: Christian Beier <dontmind@freeshell.org>
6 years agojshn: properly support JSON "null" type
Jo-Philipp Wich [Sun, 7 Jan 2018 14:46:31 +0000 (15:46 +0100)]
jshn: properly support JSON "null" type

Instead of abort parsing, properly deal with "null" values by implementing
support for reading and formatting such values.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agojshn: read and write 64-bit integers
Christian Beier [Sat, 21 Oct 2017 23:42:29 +0000 (01:42 +0200)]
jshn: read and write 64-bit integers

This allows for reading in and writing out bigger JSON Numbers.

Following test script (that fails to print correct values _without_ this
commit) verifies the functionality (tested on x86-64 as well as on ar71xx):

---snip---
# assumes you built jshn and sourced jshn.sh
echo testing reading-in JSON
SHELL_BIGNUM=12147483647
json_init
json_load "{ \"bignum\": $SHELL_BIGNUM }"
json_get_var BIGNUM bignum
echo jshn bignum: $BIGNUM
echo shll bignum: $SHELL_BIGNUM
echo testing writing-out JSON
json_init
json_add_int bigint $SHELL_BIGNUM
json_dump
--snap---

Signed-off-by: Christian Beier <dontmind@freeshell.org>
7 years agoutils: nuke bitfield functions and macros
Stijn Tintel [Thu, 17 Aug 2017 13:50:03 +0000 (15:50 +0200)]
utils: nuke bitfield functions and macros

The bitfield functions and macros were committed without explaining
their purpose in the commit message.

As they are only used in uci, and conflict with similar functions added
in hostapd, breaking our hostapd ubus patch, nuke them from libubox and
add them in uci instead.

If we need them anywhere else in the future we can add it to libubox
again, but preferably prefixed with ubox_.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agouloop: make SIGCHLD signal handling optional
Petar Paradzik [Mon, 3 Jul 2017 11:37:56 +0000 (13:37 +0200)]
uloop: make SIGCHLD signal handling optional

Some programs want to manage their own child life cycle without using
SIGCHLD signal handler. In these cases, uloop is reaping children for
them because they don't have SIGCHLD handler set. This patch makes it
possible to disable reaping children through 'uloop_handle_sigchld'
variable.

Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
7 years agouloop: Fix race condition in SIGCHLD handling
Michal Sojka [Tue, 12 Sep 2017 11:12:31 +0000 (13:12 +0200)]
uloop: Fix race condition in SIGCHLD handling

When uloop_process_add() is called outside of uloop_run(), i.e. not
from a callback (which is the case of at least utrace and ujail),
child events can be missed. The reason is that when SIGCHILD handler
is installed in uloop_run(), after the uloop_process_add() is called,
then an initial signal could be missed.

Commit 4e3a47a ("uloop: use a waker for notifying sigchld and loop
cancel events", 2016-06-09) solved a similar problem and introduced
uloop_init() but forgot to move a call to uloop_setup_signals() there.
This is what this commit does.

Now, uloop_process_add() can be called any time after uloop_init()
without missing any event.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Acked-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agouloop: allow passing 0 as timeout to uloop_run
Felix Fietkau [Sat, 17 Jun 2017 09:47:21 +0000 (11:47 +0200)]
uloop: allow passing 0 as timeout to uloop_run

Useful for processing only immediate timers and fds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agouloop: fix a regression in timeout handling
Felix Fietkau [Sat, 17 Jun 2017 09:39:24 +0000 (11:39 +0200)]
uloop: fix a regression in timeout handling

Variable confusion was breaking timers

Fixes: 368fd2645878 ("uloop: allow specifying a timeout for uloop_run()")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agorunqueue: fix use-after-free bug
Felix Fietkau [Wed, 14 Jun 2017 10:08:42 +0000 (12:08 +0200)]
runqueue: fix use-after-free bug

Calling t->complete in runqueue_task_complete can free the memory
associated with t. Change the runqueue_start_next accordingly.

Fixes https://github.com/openwrt/openwrt/issues/493

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agouloop: allow specifying a timeout for uloop_run()
Felix Fietkau [Thu, 1 Jun 2017 09:24:37 +0000 (11:24 +0200)]
uloop: allow specifying a timeout for uloop_run()

This can be useful for cleanup with pending timers, or for hooking into
existing code that does not use uloop

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agojson_script: enable custom expr handler callback
Denis Osvald [Thu, 18 May 2017 07:39:28 +0000 (09:39 +0200)]
json_script: enable custom expr handler callback

This wires in custom expression handler functionality, which was present
in json script since the original version, but never used.

Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [error handling fix]
7 years agomd5: add "const" qualifier to the "file" argument
Yousong Zhou [Mon, 20 Mar 2017 11:42:01 +0000 (19:42 +0800)]
md5: add "const" qualifier to the "file" argument

This is intended to fix the following compiler warning in opkg-lede:

    /home/yousong/git-repo/lede-project/opkg-lede/libopkg/file_util.c: In function ‘file_md5sum_alloc’:
    /home/yousong/git-repo/lede-project/opkg-lede/libopkg/file_util.c:144:2: warning: passing argument 1 of ‘md5sum’ discards ‘const’ qualifier from pointer target type [enabled by default]
    In file included from /home/yousong/git-repo/lede-project/opkg-lede/libopkg/file_util.c:28:0:
    /home/yousong/.usr/include/libubox/md5.h:56:5: note: expected ‘char *’ but argument is of type ‘const char *’

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
7 years agolibubox: Change calloc_a() to return size_t aligned pointers
Ted Hess [Thu, 23 Feb 2017 20:57:02 +0000 (15:57 -0500)]
libubox: Change calloc_a() to return size_t aligned pointers

Un-aligned pointers were causing seg faults on some targets

Signed-off-by: Ted Hess <thess@kitschensync.net>
7 years agouloop: add uloop_cancelling function
Felix Fietkau [Fri, 3 Feb 2017 15:52:17 +0000 (16:52 +0100)]
uloop: add uloop_cancelling function

Returns true if uloop_run is still running and uloop_cancelled is set

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoutils: fix build on Mac OS X 10.12
Felix Fietkau [Fri, 20 Jan 2017 10:29:51 +0000 (11:29 +0100)]
utils: fix build on Mac OS X 10.12

clock_gettime and CLOCK_MONOTONIC are supported now

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoblobmsg: add support for double
André Gaul [Sat, 19 Nov 2016 17:55:49 +0000 (18:55 +0100)]
blobmsg: add support for double

This adds support for double floating point type to make it more JSON
compatible. For type checking it also adds a stub BLOB_ATTR_DOUBLE type.
If necessary, the accessor functions for blob can be added later

Signed-off-by: André Gaul <andre@gaul.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoutils: add helper functions useful for allocating a ring buffer
Felix Fietkau [Wed, 14 Dec 2016 22:26:51 +0000 (23:26 +0100)]
utils: add helper functions useful for allocating a ring buffer

This creates a mapping with twice the size of the allocated memory. The
second half of that mapping points at the same memory as the first half.

This is useful for ring buffers, because any read starting in the first
half can overflow into the second half as long as the read size is
smaller than the size of the memory area.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agolibubox: replace strtok with _r version.
Rosen Penev [Thu, 22 Dec 2016 19:53:25 +0000 (11:53 -0800)]
libubox: replace strtok with _r version.

_r is re-entrant. Also happens to silence a cppcheck warning.

Signed-off by: Rosen Penev <rosenp@gmail.com>

7 years agolibubox: allow reading out the pid of uloop process in lua
Florian Eckert [Tue, 13 Dec 2016 11:34:31 +0000 (12:34 +0100)]
libubox: allow reading out the pid of uloop process in lua

Add Lua method to get the forked pid of a uloop process

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
7 years agouloop: remove useless epoll data assignment
Felix Fietkau [Mon, 12 Dec 2016 11:24:13 +0000 (12:24 +0100)]
uloop: remove useless epoll data assignment

ev.data is a union, so setting ev.data.fd is lost after setting
ev.data.ptr

Reported-by: Song Yaofei <songyaofei@joyware.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agolibubox: allow reading out the remaining time of a uloop timer in Lua
Stijn Cleynhens [Mon, 5 Dec 2016 14:11:05 +0000 (15:11 +0100)]
libubox: allow reading out the remaining time of a uloop timer in Lua

Add Lua method to the uloop wrapper to allow reading out the remaining time of a uloop timer

Signed-off-by: Stijn Cleynhens <stijncleynhens@gmail.com>
8 years agoblob/blobmsg: add explicit typecasts for attribute iterators
Felix Fietkau [Tue, 29 Nov 2016 13:02:54 +0000 (14:02 +0100)]
blob/blobmsg: add explicit typecasts for attribute iterators

Fixes C++ compatibility.

Reported in https://forum.lede-project.org/t/blobmsg-for-each-attr-from-c/389

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agokvlist: add static initializer macros
Felix Fietkau [Mon, 24 Oct 2016 10:34:09 +0000 (12:34 +0200)]
kvlist: add static initializer macros

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agolibubox: add static initializer macro for runqueues
Felix Fietkau [Fri, 29 Jul 2016 10:00:15 +0000 (12:00 +0200)]
libubox: add static initializer macro for runqueues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoavl: add blob comparator function
Felix Fietkau [Fri, 29 Jul 2016 08:58:55 +0000 (10:58 +0200)]
avl: add blob comparator function

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoblobmsg_json: add new functions blobmsg_format_json_value*
Matthias Schiffer [Mon, 27 Jun 2016 06:50:29 +0000 (08:50 +0200)]
blobmsg_json: add new functions blobmsg_format_json_value*

The current blobmsg_format_json* functions will return invalid JSON when
the "list" argument is given as false (blobmsg_format_element() will
output the name of the blob_attr as if the value is printed as part of a
JSON object).

To avoid breaking software relying on this behaviour, introduce new
functions which will never print the blob_attr name and thus always
produce valid JSON.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cosmetic style fix]
8 years agouloop: handle waker pipe write() return value
Eyal Birger [Mon, 20 Jun 2016 05:36:47 +0000 (08:36 +0300)]
uloop: handle waker pipe write() return value

Recent glibc warns if result of read() or write() is unused.

Added a retry in case of EINTR, all other faults are silently discarded.

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
-----
- I was not able to reproduce the EINTR case, but it seems to be the right
  thing to do
- Retrying on EAGAIN in this case would be weird as there is no one to read
  from the other end of the pipe. We could call waker_consume() directly but
  since the size of the message is just one byte, I think this would be dead
  code

8 years agoloop: make uloop_run() return the cancelling signal
Matthias Schiffer [Tue, 21 Jun 2016 15:19:11 +0000 (17:19 +0200)]
loop: make uloop_run() return the cancelling signal

When a process quits in response to a signal it handles, it should to so
be re-sending the signal to itself. This especially important for SIGINT,
as is explained in [1].

uloop currently hides the reason for quitting uloop_run(). Fix this by
returning the signal that caused the loop to quit (or 0 when uloop_end()
was used), so a program using loop an comply with [1].

[1] https://www.cons.org/cracauer/sigint.html

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
8 years agoFix various memory management issues
Matthias Schiffer [Tue, 21 Jun 2016 15:19:10 +0000 (17:19 +0200)]
Fix various memory management issues

Consistently handle allocation failures. Some functions are changed to
return bool or int instead of void to allow returning an error.

Also fix a buffer size miscalculation in lua/uloop and use _exit() instead
of exit() on errors after forking.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
8 years agouloop: add missing waker_pipe initialization
Felix Fietkau [Wed, 15 Jun 2016 13:14:51 +0000 (15:14 +0200)]
uloop: add missing waker_pipe initialization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: use a waker for notifying sigchld and loop cancel events
Yousong Zhou [Thu, 9 Jun 2016 02:20:32 +0000 (10:20 +0800)]
uloop: use a waker for notifying sigchld and loop cancel events

Fix a race condition when do_sigchld, uloop_cancelled were set just
before epoll_wait(timeout=-1), resulting the loop stuck in the syscall
without noticing the events just happened

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: revert signalfd support for now
Felix Fietkau [Thu, 19 May 2016 08:59:46 +0000 (10:59 +0200)]
uloop: revert signalfd support for now

It hasn't fixed the reported race condition and it introduced some new
issues.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: add back support for overriding signal handlers when signalfd is in use
Felix Fietkau [Tue, 17 May 2016 11:59:05 +0000 (13:59 +0200)]
uloop: add back support for overriding signal handlers when signalfd is in use

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: fix signal unblocking
Felix Fietkau [Tue, 17 May 2016 11:35:00 +0000 (13:35 +0200)]
uloop: fix signal unblocking

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: retry waitpid on signal interrupt
Felix Fietkau [Tue, 17 May 2016 11:27:44 +0000 (13:27 +0200)]
uloop: retry waitpid on signal interrupt

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: try to use signalfd for signal handling if available
Felix Fietkau [Tue, 17 May 2016 11:23:28 +0000 (13:23 +0200)]
uloop: try to use signalfd for signal handling if available

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: move epoll code into a separate file
Felix Fietkau [Tue, 17 May 2016 10:25:19 +0000 (12:25 +0200)]
uloop: move epoll code into a separate file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agouloop: move kqueue code into a separate file
Felix Fietkau [Tue, 17 May 2016 10:24:04 +0000 (12:24 +0200)]
uloop: move kqueue code into a separate file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoblobmsg_json: simplify add_separator and fix thread-safety
Matthias Schiffer [Wed, 6 Apr 2016 15:40:22 +0000 (17:40 +0200)]
blobmsg_json: simplify add_separator and fix thread-safety

The hard-coded length limits are replaced with strlen to make the code more
robust.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
8 years agojshn: use an avl tree for env variables to speed up processing of bigger json files
Felix Fietkau [Sat, 5 Mar 2016 17:51:31 +0000 (18:51 +0100)]
jshn: use an avl tree for env variables to speed up processing of bigger json files

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoexamples: add shunit2 tests for json_script
Yousong Zhou [Wed, 17 Feb 2016 07:45:06 +0000 (15:45 +0800)]
examples: add shunit2 tests for json_script

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
8 years agojson_script: add "isdir" support
Yousong Zhou [Wed, 17 Feb 2016 07:45:05 +0000 (15:45 +0800)]
json_script: add "isdir" support

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
8 years agoblobmsg_json: support json_type_null in blobmsg_add_json_element()
Jo-Philipp Wich [Tue, 9 Feb 2016 21:51:41 +0000 (22:51 +0100)]
blobmsg_json: support json_type_null in blobmsg_add_json_element()

We already serialize BLOBMSG_TYPE_UNSPEC as "null" so represent JSON null
values as blob attribute type unspec with payload size zero.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agousock: implement usock_inet_timeout() with RFC6555 support
Felix Fietkau [Thu, 28 Jan 2016 10:56:46 +0000 (11:56 +0100)]
usock: implement usock_inet_timeout() with RFC6555 support

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoustream-fd: handle ENOTCONN for read/write on not-yet-connected sockets
Felix Fietkau [Fri, 15 Jan 2016 20:35:48 +0000 (21:35 +0100)]
ustream-fd: handle ENOTCONN for read/write on not-yet-connected sockets

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agolua: add gc/delete support for processes
Felix Fietkau [Fri, 15 Jan 2016 20:25:48 +0000 (21:25 +0100)]
lua: add gc/delete support for processes

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agolua: create a common function for userdata with gc
Felix Fietkau [Fri, 15 Jan 2016 20:19:47 +0000 (21:19 +0100)]
lua: create a common function for userdata with gc

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agousock: add usock_inet, which returns the remote address
Felix Fietkau [Fri, 15 Jan 2016 20:04:16 +0000 (21:04 +0100)]
usock: add usock_inet, which returns the remote address

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agolibubox: lua: use pkg-config built in module to search for alternatives
Karl Palsson [Thu, 24 Sep 2015 15:14:04 +0000 (15:14 +0000)]
libubox: lua: use pkg-config built in module to search for alternatives

Different distributions have different names for the lua 5.1 package.
Use cmake's built in pkg-config support to search for the first one,
rather than running it explicitly and searching for a single version.

Signed-off-by: Karl Palsson <karlp@remake.is>
9 years agojson_script: allow non-string types in command arguments
Felix Fietkau [Sun, 8 Nov 2015 19:19:08 +0000 (20:19 +0100)]
json_script: allow non-string types in command arguments

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agojson_script: add support for aborting script processing
Felix Fietkau [Fri, 6 Nov 2015 21:58:15 +0000 (22:58 +0100)]
json_script: add support for aborting script processing

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agoulog: avoid accidental /dev/kmsg creation
Sergiy Kibrik [Tue, 18 Aug 2015 06:28:39 +0000 (09:28 +0300)]
ulog: avoid accidental /dev/kmsg creation

Race is possible in ulog_kmsg(): if no /dev/kmsg exists
(e.g. while /dev gets re-mounted) regular file created instead.
>From this point system goes without kernel logger:
special character file can't be created anymore, all clients keep
overwriting single message in regular file.

To avoid this we open file in "r+" mode which doesn't create
file if it's not found.

Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
Cc: John Crispin <blogic@openwrt.org>
9 years agob64_encode(): fixed input[] not initialized warn under gcc 4.4.5
Bachtin, Dmitri [Wed, 9 Sep 2015 07:23:58 +0000 (09:23 +0200)]
b64_encode(): fixed input[] not initialized warn under gcc 4.4.5

Signed-off-by: Dmitri Bachtin <dbachtin@init-ka.de>