From patchwork Wed Feb 16 10:43:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1593622 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=k4J4vmaw; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JzF6s1fbYz9sFk for ; Wed, 16 Feb 2022 21:48:20 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=iaie3nW2penFR0VMemEIWVDsG45QnxLBl0RB9rjcaTM=; b=k4J4vmawi1lh+c JbShKkX0aJzf1BkLV2MXJi4T7mQ9haSNztlYIXzWw1TJhzDi5YbPJjzKtC3DlsG3h2UT1L4iDhgVw 0gL3I0+NBuP6wqahbQxGs1Bi60H4HwgQ21p0omuO6vkXXpDKMES4R97XdElsBsP0cDArNKx67mx/v 7Vs7AVnmDN6t/p3anGzgBAAm2RgQxxC0ZmW421JrHdF7uNbtotEYnp5nz3WHWsUV8+x3yi0Occl0w qFTSb3lKLXTkvMG6jhWGJTOsdeiDI47/LjZejkcv8mxHI515rObxwEI6FgUU3bAB/Znmb6fyDN50K YSEdRlZopq0J1uOxRu/Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nKHnF-006bQr-FY; Wed, 16 Feb 2022 10:44:17 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nKHms-006bJg-7D for openwrt-devel@lists.openwrt.org; Wed, 16 Feb 2022 10:43:56 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id D33503D07; Wed, 16 Feb 2022 11:43:48 +0100 (CET) Received: by meh.true.cz (OpenSMTPD) with ESMTP id e175cc70; Wed, 16 Feb 2022 11:43:24 +0100 (CET) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Cc: =?utf-8?q?Petr_=C5=A0tetiar?= , Felix Fietkau , Hauke Mehrtens Subject: [PATCH 19.07 ubus 0/3] backport fixes for UAF and other issues Date: Wed, 16 Feb 2022 11:43:35 +0100 Message-Id: <20220216104338.15704-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220216_024354_461730_7E3867FF X-CRM114-Status: UNSURE ( 5.82 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, I would like to backport following fixes, where at least commit 2099bb3ad997 ("libubus: use list_empty/list_first_entry in ubus_process_pending_msg") fixes UAF issue I've introduced in commit c5f2053d [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Hi, I would like to backport following fixes, where at least commit 2099bb3ad997 ("libubus: use list_empty/list_first_entry in ubus_process_pending_msg") fixes UAF issue I've introduced in commit c5f2053dfcfd ("workaround possibly false positive uses of memory after it is freed") while fixing another false positive UAF reported[1] by clang's static analyzer. Those fixes are being used in master/21.02 for about 6 months, so should be tested enough and considered for backporting. I've just runtested those fixes on mvebu/turris-omnia and ipq40xx/glinet-b1300 devices. 1. https://openwrt.gitlab.io/-/project/ubus/-/jobs/2096090992/artifacts/build/scan/2022-02-15-150310-70-1/index.html Cheers, Petr Felix Fietkau (3): libubus: use list_empty/list_first_entry in ubus_process_pending_msg libubus: process pending messages in data handler if stack depth is 0 libubus: increase stack depth for processing obj msgs libubus-io.c | 10 +++++++++- libubus.c | 7 +++++-- 2 files changed, 14 insertions(+), 3 deletions(-)