Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • pkg/systemd
  • em/systemd
  • wlozano/systemd
  • pkg-rebase-trixie/systemd
4 results
Show changes
Commits on Source (129)
29 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 914 additions and 39 deletions
.clang-format 0 → 100644
View file @ 368bca83
# This configuration file can be used to auto-format the code base.
# Not all guidelines specified in CODING_STYLE are followed, so the
# result MUST NOT be committed indiscriminately, but each automated
# change should be reviewed and only the appropriate ones committed.
#
# The easiest way to apply the formatting to your changes ONLY,
# is to use the git-clang-format script (usually installed with clang-format).
#
# - Fix up formatting before committing
# 1. Edit and stage your files.
# 2. Run `git clang-format`.
# 3. Verify + correct + (un)stage changes.
# 4. Commit.
#
# - Fix up formatting after committing
# 1. Commit your changes.
# 2. Run `git clang-format HEAD~` - Refer the commit *before* your changes here.
# 3. Verify + correct changes, `git difftool -d` can help here.
# 4. Stage + commit, potentially with `--amend` (means to fixup the last commit).
#
# To run clang-format on all sourcefiles, use the following line:
# $ git ls-files 'src/*.[ch]' 'src/*.cc' | xargs clang-format -i -style=file
#
# You can find more information on the different config parameters in this file here:
# https://clang.llvm.org/docs/ClangFormatStyleOptions.html
---
AccessModifierOffset: -4
AlignAfterOpenBracket: AlwaysBreak
AlignArrayOfStructures: Right
AlignEscapedNewlines: Left
AlignOperands: false
AllowShortFunctionsOnASingleLine: None
AlwaysBreakBeforeMultilineStrings: true
AlwaysBreakTemplateDeclarations: Yes
BinPackArguments: false
BinPackParameters: false
BraceWrapping:
AfterEnum: false
SplitEmptyFunction: false
SplitEmptyRecord: false
SplitEmptyNamespace: false
BreakBeforeBraces: Custom
BreakBeforeTernaryOperators: false
BreakInheritanceList: BeforeComma
BreakStringLiterals: false
ColumnLimit: 109
CompactNamespaces: true
ConstructorInitializerAllOnOneLineOrOnePerLine: true
ConstructorInitializerIndentWidth: 8
ContinuationIndentWidth: 16
Cpp11BracedListStyle: false
ForEachMacros:
- BITMAP_FOREACH
- CMSG_FOREACH
- _DNS_ANSWER_FOREACH
- DNS_ANSWER_FOREACH
- _DNS_ANSWER_FOREACH_FLAGS
- DNS_ANSWER_FOREACH_FLAGS
- _DNS_ANSWER_FOREACH_FULL
- DNS_ANSWER_FOREACH_FULL
- _DNS_ANSWER_FOREACH_IFINDEX
- DNS_ANSWER_FOREACH_IFINDEX
- _DNS_QUESTION_FOREACH
- DNS_QUESTION_FOREACH
- FDSET_FOREACH
- FOREACH_BTRFS_IOCTL_SEARCH_HEADER
- FOREACH_DEVICE
- FOREACH_DEVICE_AND_SUBSYSTEM
- FOREACH_DEVICE_DEVLINK
- FOREACH_DEVICE_PROPERTY
- FOREACH_DEVICE_SYSATTR
- FOREACH_DEVICE_TAG
- FOREACH_DIRENT
- FOREACH_DIRENT_ALL
- FOREACH_INOTIFY_EVENT
- FOREACH_STRING
- FOREACH_SUBSYSTEM
- HASHMAP_FOREACH
- HASHMAP_FOREACH_IDX
- HASHMAP_FOREACH_KEY
- JOURNAL_FOREACH_DATA_RETVAL
- JSON_VARIANT_ARRAY_FOREACH
- JSON_VARIANT_OBJECT_FOREACH
- LIST_FOREACH
- LIST_FOREACH_AFTER
- LIST_FOREACH_BEFORE
- LIST_FOREACH_OTHERS
- LIST_FOREACH_SAFE
- MESSAGE_FOREACH_PART
- NULSTR_FOREACH
- NULSTR_FOREACH_PAIR
- OBJECT_PATH_FOREACH_PREFIX
- ORDERED_HASHMAP_FOREACH
- ORDERED_HASHMAP_FOREACH_KEY
- ORDERED_SET_FOREACH
- PATH_FOREACH_PREFIX
- PATH_FOREACH_PREFIX_MORE
- SD_HWDB_FOREACH_PROPERTY
- SD_JOURNAL_FOREACH
- SD_JOURNAL_FOREACH_BACKWARDS
- SD_JOURNAL_FOREACH_DATA
- SD_JOURNAL_FOREACH_FIELD
- SD_JOURNAL_FOREACH_UNIQUE
- SECCOMP_FOREACH_LOCAL_ARCH
- SET_FOREACH
- SET_FOREACH_MOVE
- STRV_FOREACH
- STRV_FOREACH_BACKWARDS
- STRV_FOREACH_PAIR
IndentPPDirectives: AfterHash
IndentWidth: 8
IndentWrappedFunctionNames: true
MaxEmptyLinesToKeep: 2
PenaltyBreakAssignment: 65
PenaltyBreakBeforeFirstCallParameter: 16
PenaltyBreakComment: 320
PenaltyBreakFirstLessLess: 50
PenaltyBreakString: 0
PenaltyExcessCharacter: 10
PenaltyReturnTypeOnItsOwnLine: 100
PointerAlignment: Right
SpaceAfterCStyleCast: true
SpaceAroundPointerQualifiers: Both
SpaceBeforeParens: ControlStatementsExceptForEachMacros
SpacesInAngles: true
TabWidth: 8
UseCRLF: false
.clusterfuzzlite/Dockerfile 0 → 100644
View file @ 368bca83
FROM gcr.io/oss-fuzz-base/base-builder:v1
ENV MERGE_WITH_OSS_FUZZ_CORPORA=yes
COPY . $SRC/systemd
WORKDIR $SRC/systemd
COPY tools/oss-fuzz.sh $SRC/build.sh
.ctags 0 → 100644
View file @ 368bca83
--links=no
.dir-locals.el
View file @ 368bca83
......@@ -15,12 +15,13 @@
(eval . (c-set-offset 'statement-case-open 0))
(eval . (c-set-offset 'case-label 0))
(eval . (c-set-offset 'arglist-intro '++))
(eval . (c-set-offset 'arglist-close 0))))
(eval . (c-set-offset 'arglist-close 0))
(eval . (c-set-offset 'arglist-cont-nonempty '(c-lineup-gcc-asm-reg c-lineup-arglist)))))
(nxml-mode . ((nxml-child-indent . 2)
(fill-column . 109)))
(meson-mode . ((meson-indent-basic . 8)))
(sh-mode . ((sh-basic-offset . 8)
(sh-indentation . 8)))
(sh-mode . ((sh-basic-offset . 4)
(sh-indentation . 4)))
(awk-mode . ((c-basic-offset . 8)))
(nil . ((indent-tabs-mode . nil)
(tab-width . 8)
......
.editorconfig
View file @ 368bca83
......@@ -14,11 +14,33 @@ insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
[NEWS]
indent_style = space
indent_size = 4
# Match config files, set indent to spaces with width of eight
[*.{c,h}]
indent_style = space
indent_size = 8
max_line_length = 109
[*.sh,mkosi.build,mkosi.prepare,mkosi.postinst]
indent_style = space
indent_size = 4
[meson.build]
indent_style = space
indent_size = 8
[man/*.xml]
indent_size = 2
indent_style = space
max_line_length = 109
[docs/**/*.css]
indent_style = space
indent_size = 2
[docs/**/*.html]
indent_style = space
indent_size = 2
.gitattributes
View file @ 368bca83
*.[ch] whitespace=tab-in-indent,trailing-space
*.gpg binary generated
*.bmp binary
*.base64 generated
# Mark files as "generated", i.e. no license applies to them.
# This includes output from programs, directive lists generated by grepping
# for all possibilities, samples from fuzzers, files from /proc, packet samples,
# and anything else where no copyright can be asserted.
#
# Use 'git check-attr generated -- <path>' to query the attribute.
[attr]generated
.github/FUNDING.yml 0 → 100644
View file @ 368bca83
custom: ['https://spi-inc.org/projects/systemd/']
.github/ISSUE_TEMPLATE/Bug_report.md deleted 100644 → 0
View file @ 3365dc64
---
name: Bug report
about: A report of an error in a recent systemd version
---
**systemd version the issue has been seen with**
> ...
<!-- **NOTE:** Do not submit bug reports about anything but the two most recently released systemd versions upstream! -->
<!-- For older version please use distribution trackers (see https://github.com/systemd/systemd/blob/master/docs/CONTRIBUTING.md#filing-issues). -->
**Used distribution**
> …
**Expected behaviour you didn't see**
> …
**Unexpected behaviour you saw**
> …
**Steps to reproduce the problem**
.github/ISSUE_TEMPLATE/Feature_request.md deleted 100644 → 0
View file @ 3365dc64
---
name: Feature request
about: Suggest an improvement
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
.github/ISSUE_TEMPLATE/bug_report.yml 0 → 100644
View file @ 368bca83
name: Bug Report
description: A report of an error in a recent systemd version
labels: ["bug 🐛"]
body:
- type: markdown
attributes:
value: Thanks for taking the time to fill out this bug report!
- type: input
id: version
attributes:
label: systemd version the issue has been seen with
description: |
Do not submit bug reports about anything but the two most recently released *major* systemd versions upstream!
If there have been multiple stable releases for that major version, please consider updating to a recent one before reporting an issue.
When using a distro package, please make sure that the version reported is meaningful for upstream.
If a distro build is used, please just paste the package version, e.g. `systemd-254.7-1.fc39.x86_64`.
See https://github.com/systemd/systemd-stable/tags for the list of most recent releases.
For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues).
placeholder: '256.x'
validations:
required: true
- type: input
id: distro
attributes:
label: Used distribution
description: Used distribution and its version
placeholder: Fedora 39
validations:
required: false
- type: input
id: kernel
attributes:
label: Linux kernel version used
description: |
Please use `uname -r` to get linux kernel version.
placeholder: kernel-6.6.8-200.fc39.x86_64
validations:
required: false
- type: dropdown
id: architecture
attributes:
label: CPU architectures issue was seen on
options:
- aarch64
- alpha
- arm
- i686
- ia64
- loongarch
- mips
- parisc
- ppc (big endian)
- ppc64 (big endian)
- ppc64le
- riscv64
- s390x
- sparc
- sparc64
- x86_64
- other
validations:
required: false
- type: dropdown
id: component
attributes:
label: Component
description: Please chose components related to this issue.
multiple: true
# When updating list of components please also update labeling policy
# policy: `.github/advanced-issue-labeler.yml`
options:
- 'bootctl'
- 'coredumpctl'
- 'homectl'
- 'hostnamectl'
- 'hardware database files'
- 'journalctl'
- 'kernel-install'
- 'loginctl'
- 'machinectl'
- 'networkctl'
- 'nss-resolve'
- 'oomctl'
- 'pam_systemd'
- 'pam_systemd_home'
- 'portablectl'
- 'resolvectl'
- 'rpm scriptlets'
- 'systemctl'
- 'systemd'
- 'systemd-analyze'
- 'systemd-ask-password'
- 'systemd-binfmt'
- 'systemd-boot'
- 'systemd-cgtop'
- 'systemd-coredump'
- 'systemd-cryptsetup'
- 'systemd-delta'
- 'systemd-dissect'
- 'systemd-env-generator'
- 'systemd-fsck'
- 'systemd-gpt-auto-generator'
- 'systemd-growfs'
- 'systemd-homed'
- 'systemd-hostnamed'
- 'systemd-hwdb'
- 'systemd-import'
- 'systemd-journal-gatewayd'
- 'systemd-journal-remote'
- 'systemd-journal-upload'
- 'systemd-journald'
- 'systemd-logind'
- 'systemd-machined'
- 'systemd-modules-load'
- 'systemd-network-generator'
- 'systemd-networkd'
- 'systemd-networkd-wait-online'
- 'systemd-nspawn'
- 'systemd-oomd'
- 'systemd-portabled'
- 'systemd-pstore'
- 'systemd-repart'
- 'systemd-resolved'
- 'systemd-rfkill'
- 'systemd-run'
- 'systemd-stub'
- 'systemd-sysctl'
- 'systemd-sysext'
- 'systemd-sysusers'
- 'systemd-sysv-generator'
- 'systemd-timedate'
- 'systemd-timesync'
- 'systemd-tmpfiles'
- 'systemd-udevd'
- 'systemd-userdb'
- 'systemd-veritysetup'
- 'systemd-vmspawn'
- 'systemd-xdg-autostart-generator'
- 'timedatectl'
- 'udevadm'
- 'udev rule files'
- 'userdbctl'
- 'tests'
- 'other'
validations:
required: false
- type: textarea
id: expected-behaviour
attributes:
label: Expected behaviour you didn't see
validations:
required: false
- type: textarea
id: unexpected-behaviour
attributes:
label: Unexpected behaviour you saw
validations:
required: false
- type: textarea
id: steps-to-reproduce
attributes:
label: Steps to reproduce the problem
validations:
required: false
- type: textarea
id: additional-information
attributes:
label: Additional program output to the terminal or log subsystem illustrating the issue
description: |
Please paste relevant program terminal or journal output here, ideally when generated in debug mode (try setting the `SYSTEMD_LOG_LEVEL=debug` environment variable).
For very long copy/pasted data consider using a service like https://gist.github.com/. Where copy/paste is not possible (for example early boot or late shutdown), a photo of the screen might do too, but text is always much preferred.
placeholder: This will be automatically formatted into code, so no need for backticks.
render: sh
validations:
required: false
.github/ISSUE_TEMPLATE/config.yml 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
blank_issues_enabled: true
contact_links:
- name: systemd-devel mailing list
url: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
about: Please ask (and answer) questions here, use the issue tracker only for issues.
.github/ISSUE_TEMPLATE/feature_request.yml 0 → 100644
View file @ 368bca83
name: Feature request
description: Suggest an improvement
labels: ["RFE 🎁"]
body:
- type: markdown
attributes:
value: Thanks for taking the time to fill out this feature request!
- type: dropdown
id: component
attributes:
label: Component
description: Please chose components related to this feature request.
multiple: true
# When updating list of components please also update labeling policy
# policy: `.github/advanced-issue-labeler.yml`
options:
- 'bootctl'
- 'coredumpctl'
- 'homectl'
- 'hostnamectl'
- 'hardware database files'
- 'journalctl'
- 'kernel-install'
- 'loginctl'
- 'machinectl'
- 'networkctl'
- 'nss-resolve'
- 'oomctl'
- 'pam_systemd'
- 'pam_systemd_home'
- 'portablectl'
- 'resolvectl'
- 'rpm scriptlets'
- 'systemctl'
- 'systemd'
- 'systemd-analyze'
- 'systemd-ask-password'
- 'systemd-binfmt'
- 'systemd-boot'
- 'systemd-cgtop'
- 'systemd-coredump'
- 'systemd-cryptsetup'
- 'systemd-delta'
- 'systemd-dissect'
- 'systemd-env-generator'
- 'systemd-fsck'
- 'systemd-gpt-auto-generator'
- 'systemd-growfs'
- 'systemd-homed'
- 'systemd-hostnamed'
- 'systemd-hwdb'
- 'systemd-import'
- 'systemd-journal-gatewayd'
- 'systemd-journal-remote'
- 'systemd-journal-upload'
- 'systemd-journald'
- 'systemd-logind'
- 'systemd-machined'
- 'systemd-modules-load'
- 'systemd-network-generator'
- 'systemd-networkd'
- 'systemd-networkd-wait-online'
- 'systemd-nspawn'
- 'systemd-oomd'
- 'systemd-portabled'
- 'systemd-pstore'
- 'systemd-repart'
- 'systemd-resolved'
- 'systemd-rfkill'
- 'systemd-run'
- 'systemd-stub'
- 'systemd-sysctl'
- 'systemd-sysext'
- 'systemd-sysusers'
- 'systemd-sysv-generator'
- 'systemd-timedate'
- 'systemd-timesync'
- 'systemd-tmpfiles'
- 'systemd-udevd'
- 'systemd-userdb'
- 'systemd-veritysetup'
- 'systemd-vmspawn'
- 'systemd-xdg-autostart-generator'
- 'timedatectl'
- 'udevadm'
- 'udev rule files'
- 'userdbctl'
- 'tests'
- 'other'
validations:
required: false
- type: textarea
id: description
attributes:
label: Is your feature request related to a problem? Please describe
description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
validations:
required: false
- type: textarea
id: solution
attributes:
label: Describe the solution you'd like
description: A clear and concise description of what you want to happen.
validations:
required: false
- type: textarea
id: alternatives
attributes:
label: Describe alternatives you've considered
description: A clear and concise description of any alternative solutions or features you've considered.
validations:
required: false
- type: input
id: version
attributes:
label: The systemd version you checked that didn't have the feature you are asking for
description: If this is not the most recently released upstream version, then please check first if it has that feature already.
placeholder: '256.x'
validations:
required: false
.github/advanced-issue-labeler.yml 0 → 100644
View file @ 368bca83
---
# syntax - https://github.com/redhat-plumbers-in-action/advanced-issue-labeler#policy
policy:
- template: [bug_report.yml, feature_request.yml]
section:
- id: [component]
block-list: [other]
label:
- name: analyze
keys: ['systemd-analyze']
- name: ask-password
keys: ['systemd-ask-password']
- name: binfmt
keys: ['systemd-binfmt']
- name: cgtop
keys: ['systemd-cgtop']
- name: coredump
keys: ['coredumpctl', 'systemd-coredump']
- name: cryptsetup
keys: ['systemd-cryptsetup']
- name: delta
keys: ['systemd-delta']
- name: dissect
keys: ['systemd-dissect']
- name: env-generator
keys: ['systemd-env-generator']
- name: fsck
keys: ['systemd-fsck']
- name: gpt-auto
keys: ['systemd-gpt-auto-generator']
- name: growfs
keys: ['systemd-growfs']
- name: homed
keys: ['systemd-homed', 'homectl', 'pam_systemd_home']
- name: hostname
keys: ['systemd-hostnamed', 'hostnamectl']
- name: hwdb
keys: ['systemd-hwdb', 'hardware database files']
- name: import
keys: ['systemd-import']
- name: journal
keys: ['systemd-journald', 'journalctl']
- name: journal-remote
keys: ['systemd-journal-remote', 'systemd-journal-upload', 'systemd-journal-gatewayd']
- name: kernel-install
keys: ['kernel-install']
- name: login
keys: ['systemd-logind', 'loginctl', 'pam_systemd']
- name: machine
keys: ['systemd-machined', 'machinectl']
- name: modules-load
keys: ['systemd-modules-load']
- name: network
keys: ['systemd-networkd', 'networkctl', 'systemd-networkd-wait-online', 'systemd-network-generator']
- name: nspawn
keys: ['systemd-nspawn']
- name: oomd
keys: ['systemd-oomd', 'oomctl']
- name: pid1
keys: ['systemd']
- name: portabled
keys: ['systemd-portabled', 'portablectl']
- name: pstore
keys: ['systemd-pstore']
- name: repart
keys: ['systemd-repart']
- name: resolve
keys: ['systemd-resolved', 'resolvectl', 'nss-resolve']
- name: rfkill
keys: ['systemd-rfkill']
- name: rpm
keys: ['rpm scriptlets']
- name: run
keys: ['systemd-run']
- name: sd-boot/sd-stub/bootctl
keys: ['bootctl', 'systemd-boot', 'systemd-stub']
- name: sysctl
keys: ['systemd-sysctl']
- name: sysext
keys: ['systemd-sysext']
- name: systemctl
keys: ['systemctl']
- name: sysusers
keys: ['systemd-sysusers']
- name: sysv
keys: ['systemd-sysv-generator']
- name: tests
keys: ['tests']
- name: timedate
keys: ['systemd-timedate', 'timedatectl']
- name: timesync
keys: ['systemd-timesync']
- name: tmpfiles
keys: ['systemd-tmpfiles']
- name: udev
keys: ['systemd-udevd', 'udevadm', 'udev rule files']
- name: userdb
keys: ['systemd-userdb', 'userdbctl']
- name: veritysetup
keys: ['systemd-veritysetup']
- name: vmspawn
keys: ['systemd-vmspawn']
- name: xdg-autostart
keys: ['systemd-xdg-autostart-generator']
.github/codeql-config.yml 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
name: "CodeQL config"
disable-default-queries: false
queries:
- name: Enable possibly useful queries which are disabled by default
uses: ./.github/codeql-custom.qls
- name: systemd-specific CodeQL queries
uses: ./.github/codeql-queries/
.github/codeql-custom.qls 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et syntax=yaml:
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Note: it is not recommended to directly reference the respective queries from
# the github/codeql repository, so we have to "dance" around it using
# a custom QL suite
# See:
# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#running-additional-queries
# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120
# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/
# Note: the codeql/<lang>-queries pack name can be found in the CodeQL repo[0]
# in <lang>/ql/src/qlpack.yml. The respective codeql-suites are then
# under <lang>/ql/src/codeql-suites/.
#
# [0] https://github.com/github/codeql
- import: codeql-suites/cpp-lgtm.qls
from: codeql/cpp-queries
- import: codeql-suites/python-lgtm.qls
from: codeql/python-queries
- include:
id:
- cpp/bad-strncpy-size
- cpp/declaration-hides-variable
- cpp/include-non-header
- cpp/inconsistent-null-check
- cpp/mistyped-function-arguments
- cpp/nested-loops-with-same-variable
- cpp/sizeof-side-effect
- cpp/suspicious-pointer-scaling
- cpp/suspicious-pointer-scaling-void
- cpp/suspicious-sizeof
- cpp/unsafe-strcat
- cpp/unsafe-strncat
- cpp/unsigned-difference-expression-compared-zero
- cpp/unused-local-variable
tags:
- "security"
- "correctness"
severity: "error"
- exclude:
id:
- cpp/fixme-comment
.github/codeql-queries/PotentiallyDangerousFunction.ql 0 → 100644
View file @ 368bca83
/**
* vi: sw=2 ts=2 et syntax=ql:
*
* Borrowed from
* https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
*
* @name Use of potentially dangerous function
* @description Certain standard library functions are dangerous to call.
* @id cpp/potentially-dangerous-function
* @kind problem
* @problem.severity error
* @precision high
* @tags reliability
* security
*/
import cpp
predicate potentiallyDangerousFunction(Function f, string message) {
(
f.getQualifiedName() = "fgets" and
message = "Call to fgets() is potentially dangerous. Use read_line() instead."
) or (
f.getQualifiedName() = "strtok" and
message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
) or (
f.getQualifiedName() = "strsep" and
message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
) or (
f.getQualifiedName() = "dup" and
message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
) or (
f.getQualifiedName() = "htonl" and
message = "Call to htonl() is confusing. Use htobe32() instead."
) or (
f.getQualifiedName() = "htons" and
message = "Call to htons() is confusing. Use htobe16() instead."
) or (
f.getQualifiedName() = "ntohl" and
message = "Call to ntohl() is confusing. Use be32toh() instead."
) or (
f.getQualifiedName() = "ntohs" and
message = "Call to ntohs() is confusing. Use be16toh() instead."
) or (
f.getQualifiedName() = "strerror" and
message = "Call to strerror() is not thread-safe. Use printf()'s %m format string or STRERROR() instead."
) or (
f.getQualifiedName() = "accept" and
message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
) or (
f.getQualifiedName() = "dirname" and
message = "Call dirname() is icky. Use path_extract_directory() instead."
)
}
from FunctionCall call, Function target, string message
where
call.getTarget() = target and
potentiallyDangerousFunction(target, message)
select call, message
.github/codeql-queries/UninitializedVariableWithCleanup.ql 0 → 100644
View file @ 368bca83
/**
* vi: sw=2 ts=2 et syntax=ql:
*
* Based on cpp/uninitialized-local.
*
* @name Potentially uninitialized local variable using the cleanup attribute
* @description Running the cleanup handler on a possibly uninitialized variable
* is generally a bad idea.
* @id cpp/uninitialized-local-with-cleanup
* @kind problem
* @problem.severity error
* @precision high
* @tags security
*/
import cpp
import semmle.code.cpp.controlflow.StackVariableReachability
/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
* since they don't do anything illegal even when the variable is uninitialized
*/
predicate cleanupFunctionDenyList(string fun) {
fun = "erase_char"
}
/**
* A declaration of a local variable using __attribute__((__cleanup__(x)))
* that leaves the variable uninitialized.
*/
DeclStmt declWithNoInit(LocalVariable v) {
result.getADeclaration() = v and
not v.hasInitializer() and
/* The variable has __attribute__((__cleanup__(...))) set */
v.getAnAttribute().hasName("cleanup") and
/* Check if the cleanup function is not on a deny list */
not cleanupFunctionDenyList(v.getAnAttribute().getAnArgument().getValueText())
}
class UninitialisedLocalReachability extends StackVariableReachability {
UninitialisedLocalReachability() { this = "UninitialisedLocal" }
override predicate isSource(ControlFlowNode node, StackVariable v) { node = declWithNoInit(v) }
/* Note: _don't_ use the `useOfVarActual()` predicate here (and a couple of lines
* below), as it assumes that the callee always modifies the variable if
* it's passed to the function.
*
* i.e.:
* _cleanup_free char *x;
* fun(&x);
* puts(x);
*
* `useOfVarActual()` won't treat this as an uninitialized read even if the callee
* doesn't modify the argument, however, `useOfVar()` will
*/
override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
/* only report the _first_ possibly uninitialized use */
useOfVar(v, node) or
(
/* If there's a return statement somewhere between the variable declaration
* and a possible definition, don't accept is as a valid initialization.
*
* E.g.:
* _cleanup_free_ char *x;
* ...
* if (...)
* return;
* ...
* x = malloc(...);
*
* is not a valid initialization, since we might return from the function
* _before_ the actual initialization (emphasis on _might_, since we
* don't know if the return statement might ever evaluate to true).
*/
definitionBarrier(v, node) and
not exists(ReturnStmt rs |
/* The attribute check is "just" a complexity optimization */
v.getFunction() = rs.getEnclosingFunction() and v.getAnAttribute().hasName("cleanup") |
rs.getLocation().isBefore(node.getLocation())
)
)
}
}
pragma[noinline]
predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosingFunction() = f) }
/**
* Auxiliary predicate: List common exceptions or false positives
* for this check to exclude them.
*/
VariableAccess commonException() {
/* If the uninitialized use we've found is in a macro expansion, it's
* typically something like va_start(), and we don't want to complain. */
result.getParent().isInMacroExpansion()
or
result.getParent() instanceof BuiltInOperation
or
/* Finally, exclude functions that contain assembly blocks. It's
* anyone's guess what happens in those. */
containsInlineAssembly(result.getEnclosingFunction())
}
from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
where
r.reaches(_, v, va) and
not va = commonException()
select va, "The variable $@ may not be initialized here, but has a cleanup handler.", v, v.getName()
.github/codeql-queries/qlpack.yml 0 → 100644
View file @ 368bca83
---
# vi: ts=2 sw=2 et syntax=yaml:
# SPDX-License-Identifier: LGPL-2.1-or-later
library: false
name: systemd/cpp-queries
version: 0.0.1
dependencies:
codeql/cpp-all: "*"
codeql/suite-helpers: "*"
extractor: cpp
.github/dependabot.yml 0 → 100644
View file @ 368bca83
# SPDX-License-Identifier: LGPL-2.1-or-later
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
- package-ecosystem: "pip"
directory: "/.github/workflows"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
- package-ecosystem: "docker"
directory: "/.clusterfuzzlite"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
.github/development-freeze.yml 0 → 100644
View file @ 368bca83
# syntax - https://github.com/redhat-plumbers-in-action/devel-freezer#policy
---
policy:
# tags like v253-rc1, v253-rc2, etc.
- tags: ['^\S*-rc\d+$']
labels:
allow: ['needs-stable-backport', 'dependencies', 'l10n 🌍']
feedback:
frozen-state: |
> [!IMPORTANT]
> An -rc1 tag has been created and a release is being prepared, so please note that PRs introducing new features and APIs will be held back until the new version has been released.
unfreeze-state: |
> [!NOTE]
> We had successfully released a new major release. We are no longer in a development freeze phase.
> We will try our best to get back to your PR as soon as possible. Thank you for your patience.
Apertis Website Terms of Use Privacy Policy