diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ed861ccf..5f4fb439 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -85,7 +85,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb #v4.31.0 + uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee #v4.31.2 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -108,7 +108,7 @@ jobs: ./build.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb #v4.31.0 + uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee #v4.31.2 with: category: "/language:${{matrix.language}}" upload: failure-only # upload only in case of failure, otherwise upload later after filtering @@ -134,7 +134,7 @@ jobs: output: codeql-results/cpp.sarif - name: Upload SARIF - uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb #v4.31.0 + uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee #v4.31.2 with: sarif_file: codeql-results/cpp.sarif diff --git a/src/api/docs/content/specs/lists.yaml b/src/api/docs/content/specs/lists.yaml index fecfad3b..c5c7b654 100644 --- a/src/api/docs/content/specs/lists.yaml +++ b/src/api/docs/content/specs/lists.yaml @@ -46,7 +46,7 @@ components: - "List management" operationId: "replace_lists" description: | - Items may be updated by replacing them. `{list}` is required. + Items may be updated by replacing them. `{list}` and `{listtype}` are required. Ensure to send all the required parameters (such as `comment`) to ensure these properties are retained. The read-only fields `id` and `date_added` are preserved, `date_modified` is automatically updated on success. @@ -96,6 +96,7 @@ components: - "List management" operationId: "delete_lists" description: | + `{list}` and `{listtype}` are required. *Note:* There will be no content on success. responses: '204': diff --git a/src/config/config.c b/src/config/config.c index b99c5654..bb012c15 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -897,7 +897,7 @@ void initConfig(struct config *conf) conf->ntp.sync.server.a = cJSON_CreateStringReference("A valid NTP upstream server"); conf->ntp.sync.server.t = CONF_STRING; conf->ntp.sync.server.d.s = (char*)"pool.ntp.org"; - conf->ntp.sync.server.c = validate_stub; // Only type-based checking + conf->ntp.sync.server.c = validate_dns_domain_or_ip; conf->ntp.sync.interval.k = "ntp.sync.interval"; conf->ntp.sync.interval.h = "Interval in seconds between successive synchronization attempts with the NTP server"; diff --git a/src/config/validator.c b/src/config/validator.c index 92db0268..0af36ec5 100644 --- a/src/config/validator.c +++ b/src/config/validator.c @@ -676,3 +676,26 @@ void sanitize_dns_hosts(union conf_value *val) free(str); } } + +// Validate a single domain or IP address +bool validate_dns_domain_or_ip(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]) +{ + // Check if it's a valid domain + if(valid_domain(val->s, strlen(val->s), false)) + { + return true; + } + + // Check if IP is valid + struct in_addr addr; + struct in6_addr addr6; + int ip4 = 0, ip6 = 0; + if((ip4 = inet_pton(AF_INET, val->s, &addr) == 1) || (ip6 = inet_pton(AF_INET6, val->s, &addr6)) == 1) + { + return true; + } + + // If neither, return an error + snprintf(err, VALIDATOR_ERRBUF_LEN, "%s: neither a valid domain nor IP address", key); + return false; +} diff --git a/src/config/validator.h b/src/config/validator.h index e160a13a..dd3e7d49 100644 --- a/src/config/validator.h +++ b/src/config/validator.h @@ -28,5 +28,6 @@ bool validate_regex_array(union conf_value *val, const char *key, char err[VALID bool validate_dns_revServers(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]); bool validate_ui_min_7_or_0(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]); void sanitize_dns_hosts(union conf_value *val); +bool validate_dns_domain_or_ip(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]); #endif // CONFIG_VALIDATOR_H diff --git a/src/ntp/client.c b/src/ntp/client.c index 79b80ec4..81138eed 100644 --- a/src/ntp/client.c +++ b/src/ntp/client.c @@ -494,7 +494,8 @@ bool ntp_client(const char *server, const bool settime, const bool print) } errbuf[sizeof(errbuf) - 1] = '\0'; log_ntp_message(true, false, errbuf); - freeaddrinfo(saddr); + if(saddr != NULL) + freeaddrinfo(saddr); return false; } @@ -503,7 +504,8 @@ bool ntp_client(const char *server, const bool settime, const bool print) if(ntp == NULL) { log_err("Cannot allocate memory for NTP client"); - freeaddrinfo(saddr); + if(saddr != NULL) + freeaddrinfo(saddr); return false; } @@ -520,7 +522,8 @@ bool ntp_client(const char *server, const bool settime, const bool print) { close(s); free(ntp); - freeaddrinfo(saddr); + if(saddr != NULL) + freeaddrinfo(saddr); return false; } // Get reply @@ -543,7 +546,8 @@ bool ntp_client(const char *server, const bool settime, const bool print) printf("\n"); // Free allocated memory - freeaddrinfo(saddr); + if(saddr != NULL) + freeaddrinfo(saddr); saddr = NULL; // Compute average and standard deviation @@ -764,9 +768,15 @@ bool ntp_start_sync_thread(pthread_attr_t *attr) } // Return early if a clock disciplining NTP client is detected // Checks chrony, the ntp family (ntp, ntpsec and openntpd), and ntpd-rs - if(search_proc("chronyd") > 0 || search_proc("ntpd") > 0 || search_proc("ntp-daemon") > 0) + const int chronyd_found = search_proc("chronyd"); + const int ntpd_found = search_proc("ntpd"); + const int ntp_daemon_found = search_proc("ntp-daemon"); + if(chronyd_found > 0 || ntpd_found > 0 || ntp_daemon_found > 0) { - log_info("Clock disciplining NTP client detected, not starting embedded NTP client/server"); + log_info("Clock disciplining NTP client detected ( %s%s%s), not starting embedded NTP client/server", + chronyd_found > 0 ? "chronyd " : "", + ntpd_found > 0 ? "ntpd " : "", + ntp_daemon_found > 0 ? "ntp-daemon " : ""); return false; }