[PATCH 0/3] avoid segfault when using include from a parsed buffer

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 0/3] avoid segfault when using include from a parsed buffer

Carlo Marcelo Arenas Belon
The following series fixes a failure in the logic for handling buffers for
inclusion which will result in a segfault if the include command is found
as part of processing an in memory buffer (string).

The first patch adds a failing test case to demonstrate the failure while
the two following changes correct the problem in the lexer code so that
a NULL pointer dereference will be avoided.

  PATCH 1/3: tests: add failing test for include() when parsing a buffer
  PATCH 2/3: confuse: do not move to a NULL buffer
  PATCH 3/3: confuse: make EOF detection independent of depth from buffer processing

It has been tested in Linux (x86 and amd64) with trunk as well as backported
to the currently released version of libconfuse (2.6)

 src/lexer.l       |    5 +++--
 tests/Makefile.am |    2 +-
 tests/include.c   |   34 ++++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 tests/include.c

Carlo


_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/3] tests: add failing test for include() when parsing a buffer

Carlo Marcelo Arenas Belon
Add a test case that parses a buffer to include a.conf (also used by the
suite_dup test case).

Signed-off-by: Carlo Marcelo Arenas Belon <[hidden email]>
---
 tests/Makefile.am |    2 +-
 tests/include.c   |   34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletions(-)
 create mode 100644 tests/include.c

Carlo
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5774c35..c874716 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,6 +1,6 @@
 TESTS = suite_single suite_dup suite_func suite_list \
  suite_validate list_plus_syntax section_title_dupes \
- single_title_sections quote_before_print
+ single_title_sections quote_before_print include
 check_PROGRAMS=$(TESTS)
 
 LDADD=-L../src ../src/libconfuse.la $(LTLIBINTL)
diff --git a/tests/include.c b/tests/include.c
new file mode 100644
index 0000000..968842d
--- /dev/null
+++ b/tests/include.c
@@ -0,0 +1,34 @@
+/* Test cfg_include when called from a buffer
+ */
+
+#include <string.h>
+#include "check_confuse.h"
+
+/* reuse suite_dup.c profile so that a.conf could be used for testing */
+cfg_opt_t sec_opts[] = {
+ CFG_INT("a", 1, CFGF_NONE),
+ CFG_INT("b", 2, CFGF_NONE),
+ CFG_END()
+};
+
+cfg_opt_t opts[] = {
+ CFG_SEC("sec", sec_opts, CFGF_MULTI | CFGF_TITLE),
+ CFG_FUNC("include", &cfg_include),
+ CFG_END()
+};
+
+int
+main(void)
+{
+ char *buf = "include (\"a.conf\")\n";
+ cfg_t *cfg = cfg_init(opts, CFGF_NONE);
+ fail_unless(cfg);
+ fail_unless(cfg_parse_buf(cfg, buf) == CFG_SUCCESS);
+ fail_unless(cfg_size(cfg, "sec") == 1);
+ fail_unless(cfg_getint(cfg, "sec|a") == 5);
+ fail_unless(cfg_getint(cfg, "sec|b") == 2);
+ cfg_free(cfg);
+
+ return 0;
+}
+

_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 2/3] confuse: do not move to a NULL buffer

Carlo Marcelo Arenas Belon
In reply to this post by Carlo Marcelo Arenas Belon
avoids a segfault when processing a buffer that called cfg_include

Signed-off-by: Carlo Marcelo Arenas Belon <[hidden email]>
---
 src/lexer.l |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)


diff --git a/src/lexer.l b/src/lexer.l
index 1e0fa91..bb996cd 100644
--- a/src/lexer.l
+++ b/src/lexer.l
@@ -342,7 +342,8 @@ void cfg_scan_string_end(void)
     /* restore to previous state
      */
     yy_delete_buffer(string_scan_state);
-    yy_switch_to_buffer(pre_string_scan_state);
+    if (pre_string_scan_state)
+        yy_switch_to_buffer(pre_string_scan_state);
     free(cfg_qstring);
     cfg_qstring = 0;
     qstring_index = qstring_len = 0;

_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel
Reply | Threaded
Open this post in threaded view
|

[PATCH 3/3] confuse: make EOF detection independent of depth from buffer processing

Carlo Marcelo Arenas Belon
In reply to this post by Carlo Marcelo Arenas Belon
avoid aborting processing of the configuration buffer after returning
from include processing.

Signed-off-by: Carlo Marcelo Arenas Belon <[hidden email]>
---
 src/lexer.l |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


diff --git a/src/lexer.l b/src/lexer.l
index bb996cd..195cf10 100644
--- a/src/lexer.l
+++ b/src/lexer.l
@@ -227,7 +227,7 @@ static YY_BUFFER_STATE string_scan_state = 0;
 }
 
 <<EOF>> {
-             if( string_scan_state != 0 || cfg_include_stack_ptr <= 0 )
+             if( cfg_include_stack_ptr <= 0 )
                  {
                  return EOF;
                  }

_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH 0/3] avoid segfault when using include from a parsed buffer

Martin Hedenfalk-4
In reply to this post by Carlo Marcelo Arenas Belon
Thank you. I have applied them to HEAD.

        -martin

2 jan 2009 kl. 02.24 skrev Carlo Marcelo Arenas Belon:

> The following series fixes a failure in the logic for handling  
> buffers for
> inclusion which will result in a segfault if the include command is  
> found
> as part of processing an in memory buffer (string).
>
> The first patch adds a failing test case to demonstrate the failure  
> while
> the two following changes correct the problem in the lexer code so  
> that
> a NULL pointer dereference will be avoided.
>
>  PATCH 1/3: tests: add failing test for include() when parsing a  
> buffer
>  PATCH 2/3: confuse: do not move to a NULL buffer
>  PATCH 3/3: confuse: make EOF detection independent of depth from  
> buffer processing
>
> It has been tested in Linux (x86 and amd64) with trunk as well as  
> backported
> to the currently released version of libconfuse (2.6)
>
> src/lexer.l       |    5 +++--
> tests/Makefile.am |    2 +-
> tests/include.c   |   34 ++++++++++++++++++++++++++++++++++
> 3 files changed, 38 insertions(+), 3 deletions(-)
> create mode 100644 tests/include.c
>
> Carlo
>
>
> _______________________________________________
> Confuse-devel mailing list
> [hidden email]
> http://lists.nongnu.org/mailman/listinfo/confuse-devel



_______________________________________________
Confuse-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/confuse-devel