From 275874fbb014e0e3ab5a27c7d25c06b4112820b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Mon, 13 Jan 2025 11:29:43 +0100 Subject: [PATCH] Squashed 'src/deps/src/libmaxminddb/' changes from 0ff5a5bfb3..cba618d658 cba618d658 Bumped version to 1.12.2 c46273f571 Run clang-format df4592458d Set release date 8d84eda5f4 Merge pull request #368 from maxmind/horgh/null-entry-data-list bc0cbd5625 Set entry parameter to NULL or valid memory 01c6c0fb7a Merge pull request #365 from maxmind/nobeid/github-actions-zizmor 47076a6aa1 Merge pull request #366 from maxmind/greg/eng-574-release-of-libmaxminddb-is-done 8ac2738071 change zizmor output format to report warnings 5a64ef092c integrate zizmor in github actions git-subtree-dir: src/deps/src/libmaxminddb git-subtree-split: cba618d6581b7dbe83478c798d9e58faeaa6b582 --- .github/workflows/clang-addresssanitizer.yml | 1 + .github/workflows/clang-analyzer.yml | 2 ++ .github/workflows/codeql-analysis.yml | 1 + .github/workflows/test.yml | 2 ++ .github/workflows/zizmor.yml | 32 ++++++++++++++++++++ CMakeLists.txt | 2 +- Changes.md | 12 ++++++++ configure.ac | 2 +- src/data-pool.c | 8 +++-- src/maxminddb.c | 2 ++ t/bad_pointers_t.c | 5 +++ t/data-pool-t.c | 4 ++- t/fuzz_mmdb.c | 12 +++----- 13 files changed, 73 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/zizmor.yml diff --git a/.github/workflows/clang-addresssanitizer.yml b/.github/workflows/clang-addresssanitizer.yml index 2961e9aa0..8b101185d 100644 --- a/.github/workflows/clang-addresssanitizer.yml +++ b/.github/workflows/clang-addresssanitizer.yml @@ -19,6 +19,7 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - run: sudo apt install clang libipc-run3-perl - run: ./bootstrap - run: ./configure diff --git a/.github/workflows/clang-analyzer.yml b/.github/workflows/clang-analyzer.yml index 6c395c3b1..4bbc76f6c 100644 --- a/.github/workflows/clang-analyzer.yml +++ b/.github/workflows/clang-analyzer.yml @@ -10,6 +10,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - run: sudo apt install clang-tools libipc-run3-perl - run: ./bootstrap - run: scan-build ./configure diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3c4bf74c7..7a217d4fa 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,6 +24,7 @@ jobs: # a pull request then we can checkout the head. fetch-depth: 2 submodules: true + persist-credentials: false # If this run was triggered by a pull request event, then checkout # the head of the pull request instead of the merge commit. diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1371ac68e..307f5fb87 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,6 +20,7 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - run: sudo apt install libipc-run3-perl if: ${{ matrix.os == 'ubuntu-latest' }} - run: brew install autoconf automake libtool @@ -41,6 +42,7 @@ jobs: - uses: actions/checkout@v4 with: submodules: true + persist-credentials: false - run: cmake -DBUILD_TESTING=ON . - run: cmake --build . - run: ctest -V . -C Debug diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 000000000..c09cf1202 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,32 @@ +name: GitHub Actions Security Analysis with zizmor + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +jobs: + zizmor: + name: zizmor latest via PyPI + runs-on: ubuntu-latest + permissions: + security-events: write + # required for workflows in private repositories + contents: read + actions: read + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install the latest version of uv + uses: astral-sh/setup-uv@v5 + with: + enable-cache: false + + - name: Run zizmor + run: uvx zizmor --format plain . + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/CMakeLists.txt b/CMakeLists.txt index 0b47093c9..53955fb96 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required (VERSION 3.9...3.30) project(maxminddb LANGUAGES C - VERSION 1.12.1 + VERSION 1.12.2 ) set(MAXMINDDB_SOVERSION 0.0.7) set(CMAKE_C_STANDARD 99) diff --git a/Changes.md b/Changes.md index ace517bde..8502523cf 100644 --- a/Changes.md +++ b/Changes.md @@ -1,3 +1,15 @@ +## 1.12.2 - 2025-01-10 + +* `MMDB_get_entry_data_list()` now always sets the passed `entry_data_list` + parameter to either `NULL` or valid memory. This makes it safe for + callers to use `MMDB_free_entry_data_list()` on it even in case of error. + In 1.12.0 `MMDB_get_entry_data_list()` was changed to not set this + parameter to valid memory in additional error cases. That change caused + segfaults for certain libraries that assumed it was safe to free memory + on error. Doing so was never safe, but worked in some cases. This change + makes such calls safe. Reported by Petr Pisar. GitHub + maxmind/MaxMind-DB-Reader-XS#39. + ## 1.12.1 - 2025-01-08 * Added missing `cmake_uninstall.cmake.in` to the source distribution. This diff --git a/configure.ac b/configure.ac index 772391ae4..dd06df1ed 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ([2.63]) -AC_INIT([libmaxminddb], [1.12.1], [support@maxmind.com]) +AC_INIT([libmaxminddb], [1.12.2], [support@maxmind.com]) AC_CONFIG_SRCDIR([include/maxminddb.h]) AC_CONFIG_HEADERS([config.h include/maxminddb_config.h]) diff --git a/src/data-pool.c b/src/data-pool.c index 1a9f9d03f..fb91928b1 100644 --- a/src/data-pool.c +++ b/src/data-pool.c @@ -158,9 +158,13 @@ int main(void) { } static void test_can_multiply(void) { - { ok(can_multiply(SIZE_MAX, 1, SIZE_MAX), "1*SIZE_MAX is ok"); } + { + ok(can_multiply(SIZE_MAX, 1, SIZE_MAX), "1*SIZE_MAX is ok"); + } - { ok(!can_multiply(SIZE_MAX, 2, SIZE_MAX), "2*SIZE_MAX is not ok"); } + { + ok(!can_multiply(SIZE_MAX, 2, SIZE_MAX), "2*SIZE_MAX is not ok"); + } { ok(can_multiply(SIZE_MAX, 10240, sizeof(MMDB_entry_data_list_s)), diff --git a/src/maxminddb.c b/src/maxminddb.c index d458f7275..2ea2455e1 100644 --- a/src/maxminddb.c +++ b/src/maxminddb.c @@ -1636,6 +1636,8 @@ int MMDB_get_metadata_as_entry_data_list( int MMDB_get_entry_data_list(MMDB_entry_s *start, MMDB_entry_data_list_s **const entry_data_list) { + *entry_data_list = NULL; + MMDB_data_pool_s *const pool = data_pool_new(MMDB_POOL_INIT_SIZE); if (!pool) { return MMDB_OUT_OF_MEMORY_ERROR; diff --git a/t/bad_pointers_t.c b/t/bad_pointers_t.c index 9bf31fb13..6572ae943 100644 --- a/t/bad_pointers_t.c +++ b/t/bad_pointers_t.c @@ -28,6 +28,11 @@ void run_tests(int mode, const char *mode_desc) { MMDB_INVALID_DATA_ERROR, "MMDB_get_entry_data_list returns MMDB_INVALID_DATA_ERROR for " "bad pointer in data section"); + + // This is not necessary as on error we should not need to free + // anything. However test that it is safe to do so. See change in + // 1.12.2. + MMDB_free_entry_data_list(entry_data_list); } { diff --git a/t/data-pool-t.c b/t/data-pool-t.c index ff8907c01..6952c0357 100644 --- a/t/data-pool-t.c +++ b/t/data-pool-t.c @@ -43,7 +43,9 @@ static void test_data_pool_new(void) { } static void test_data_pool_destroy(void) { - { data_pool_destroy(NULL); } + { + data_pool_destroy(NULL); + } { MMDB_data_pool_s *const pool = data_pool_new(512); diff --git a/t/fuzz_mmdb.c b/t/fuzz_mmdb.c index 973326813..e9289431d 100644 --- a/t/fuzz_mmdb.c +++ b/t/fuzz_mmdb.c @@ -7,13 +7,11 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); -int -LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - int status; - FILE *fp; - MMDB_s mmdb; - char filename[256]; +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + int status; + FILE *fp; + MMDB_s mmdb; + char filename[256]; if (size < kMinInputLength || size > kMaxInputLength) return 0;