[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-4-0' - 2 commits - fuzzer/admin-data fuzzer/data wsd/Admin.cpp wsd/ClientSession.cpp
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Fri Apr 10 16:20:25 UTC 2020
fuzzer/admin-data/crash-6ba2f7189a6447cd0cce37cfa1c41ded6244dc2f |binary
fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3 |binary
wsd/Admin.cpp | 6 +++++-
wsd/ClientSession.cpp | 2 +-
4 files changed, 6 insertions(+), 2 deletions(-)
New commits:
commit 538265a7447b6ee6167d21a47d9dad05afa3f818
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Tue Apr 7 09:05:07 2020 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Fri Apr 10 18:20:19 2020 +0200
admin console: fix handling of out of range kill parameter
Catch that, similar to when handling an invalid argument.
(cherry picked from commit 946fa38a22e2e90965392446a559c78c87d92219)
Change-Id: I7405355f0b962673069dbd33dbab8c9e3042c4bf
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91973
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Andras Timar <andras.timar at collabora.com>
diff --git a/fuzzer/admin-data/crash-6ba2f7189a6447cd0cce37cfa1c41ded6244dc2f b/fuzzer/admin-data/crash-6ba2f7189a6447cd0cce37cfa1c41ded6244dc2f
new file mode 100644
index 000000000..1468abd9e
Binary files /dev/null and b/fuzzer/admin-data/crash-6ba2f7189a6447cd0cce37cfa1c41ded6244dc2f differ
diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp
index 915c9d073..c8d497e0a 100644
--- a/wsd/Admin.cpp
+++ b/wsd/Admin.cpp
@@ -170,7 +170,11 @@ void AdminSocketHandler::handleMessage(bool /* fin */, WSOpCode /* code */,
}
catch (std::invalid_argument& exc)
{
- LOG_WRN("Invalid PID to kill: " << tokens[1]);
+ LOG_WRN("Invalid PID to kill (invalid argument): " << tokens[1]);
+ }
+ catch (std::out_of_range& exc)
+ {
+ LOG_WRN("Invalid PID to kill (out of range): " << tokens[1]);
}
}
else if (tokens[0] == "settings")
commit 54aed2d189efe3f4006821a58ae269777dda17d0
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Thu Feb 27 15:34:52 2020 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Fri Apr 10 18:20:07 2020 +0200
wsd: fix crash with read-only documents + uno command without param
==15956==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007cd2f7 bp 0x7ffe96c7cd70 sp 0x7ffe96c7c4e8 T0)
...
#7 0x11a9d31 in ClientSession::filterMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const wsd/ClientSession.cpp:977:27
#8 0x11925d6 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:741:14
#9 0x19395d0 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13
This seems to be a recurring pattern, I'll consider reworking
LOOLProtocol::tokenize() in a follow-up commit to have a return value
that is safer than std::vector<std::string>.
(cherry picked from commit d129979822212f739279de89c9f6ad5d48f338f4)
Change-Id: I0e71214a55af2e71e4787cb0dba0ddf7825bf9d9
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91972
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Andras Timar <andras.timar at collabora.com>
diff --git a/fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3 b/fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3
new file mode 100644
index 000000000..39175f20c
Binary files /dev/null and b/fuzzer/data/crash-2dc9a83fb2861cecefd31e65064639d1ce118bd3 differ
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index a2548c62e..87c118231 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -721,7 +721,7 @@ bool ClientSession::filterMessage(const std::string& message) const
}
else if (tokens[0] == "uno")
{
- if (tokens[1] == ".uno:ExecuteSearch")
+ if (tokens.count() > 1 && tokens[1] == ".uno:ExecuteSearch")
{
allowed = true;
}
More information about the Libreoffice-commits
mailing list