Merge branch 'master' into andreylzmw/security-update

VKCOM · Jul 21, 2023 · 859778f · 859778f
2 parents ac28b1d + a848651
commit 859778f
Show file tree

Hide file tree

Showing 34 changed files with 320 additions and 319 deletions.
diff --git a/.github/workflows/Dockerfile.buster b/.github/workflows/Dockerfile.buster
@@ -16,6 +16,7 @@ RUN apt-get update && \
     rm -f "$TEMP_DEB" && \
     echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
     wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29 && \
     apt-get update && \
     apt-get install -y --no-install-recommends \
       git cmake-data=3.18* cmake=3.18* make g++ gperf netcat \

diff --git a/builtin-functions/_functions.txt b/builtin-functions/_functions.txt
@@ -1085,7 +1085,7 @@ function curl_errno ($curl_handle ::: int) ::: int;
 function curl_close ($curl_handle ::: int) ::: void;
 
 /** @kphp-extern-func-info resumable */
-function curl_exec_concurrently($curl_handle ::: int, $timeout ::: float = 1.0): ?string;
+function curl_exec_concurrently($curl_handle ::: int, $timeout ::: float = 1.0): string|false;
 
 function curl_multi_init () ::: int;
 function curl_multi_add_handle ($multi_handle ::: int, $curl_handle ::: int) ::: int|false;

diff --git a/net/net-aes-keys.cpp b/net/net-aes-keys.cpp
@@ -22,6 +22,8 @@
 #include "common/server/signals.h"
 #include "common/wrappers/memory-utils.h"
 
+DEFINE_VERBOSITY(net_crypto_aes)
+
 static_assert(AES_KEY_MIN_LEN >= sizeof(((aes_key_t *) NULL)->id), "key_size");
 
 static aes_key_t **aes_loaded_keys;
@@ -47,15 +49,15 @@ bool aes_key_add(aes_key_t *aes_key) {
     aes_key_t *added_key = aes_loaded_keys[i];
 
     if (aes_key->id == added_key->id || !strcmp(aes_key->filename, added_key->filename)) {
-      vkprintf(2, "Cannot add AES key %d(\"%s\"): already added %d(\"%s\")\n", aes_key->id, aes_key->filename, added_key->id, added_key->filename);
+      tvkprintf(net_crypto_aes, 1, "Cannot add AES key %d(\"%s\"): already added %d(\"%s\")\n", aes_key->id, aes_key->filename, added_key->id, added_key->filename);
       return false;
     }
   }
 
   aes_loaded_keys = static_cast<aes_key_t**>(realloc(aes_loaded_keys, sizeof(aes_key) * (aes_loaded_keys_size + 1)));
   aes_loaded_keys[aes_loaded_keys_size++] = aes_key;
 
-  vkprintf(1, "Add AES key %u(\"%s\")\n", aes_key->id, aes_key->filename);
+  tvkprintf(net_crypto_aes, 1, "Add AES key %u(\"%s\")\n", aes_key->id, aes_key->filename);
 
   return true;
 }
@@ -65,7 +67,7 @@ static bool aes_key_set_default(const char *filename) {
     for (size_t i = 0; i < aes_loaded_keys_size; ++i) {
       aes_key_t *key = aes_loaded_keys[i];
       if (!strcmp(key->filename, filename)) {
-        vkprintf(1, "Setting default AES key to: %d(\"%s\")\n", key->id, key->filename);
+        tvkprintf(net_crypto_aes, 1, "Setting default AES key to: %d(\"%s\")\n", key->id, key->filename);
         default_aes_key = key;
         return true;
       }
@@ -91,23 +93,23 @@ aes_key_t *aes_key_load_memory(const char* filename, uint8_t *key, int32_t key_l
 static aes_key_t *aes_key_load_fd(int fd, const char *filename) {
   struct stat st;
   if (fstat(fd, &st) == -1) {
-    vkprintf(2, "Cannot fstat() AES key fd: %d(\"%s\"): %m\n", fd, filename);
+    tvkprintf(net_crypto_aes, 1, "Cannot fstat() AES key fd: %d(\"%s\"): %m\n", fd, filename);
     return NULL;
   }
 
   if (st.st_size < AES_KEY_MIN_LEN) {
-    vkprintf(2, "Ignoring too small AES key: %jd(min %d)\n", (intmax_t)(st.st_size), AES_KEY_MIN_LEN);
+    tvkprintf(net_crypto_aes, 1, "Ignoring too small AES key: %jd(min %d)\n", (intmax_t)(st.st_size), AES_KEY_MIN_LEN);
     return NULL;
   }
 
   if (st.st_size > AES_KEY_MAX_LEN) {
-    vkprintf(2, "Ignoring too large AES key: %jd(max %d)\n", (intmax_t)(st.st_size), AES_KEY_MAX_LEN);
+    tvkprintf(net_crypto_aes, 1, "Ignoring too large AES key: %jd(max %d)\n", (intmax_t)(st.st_size), AES_KEY_MAX_LEN);
     return NULL;
   }
 
   char buffer[AES_KEY_MAX_LEN];
   if (!read_exact(fd, buffer, st.st_size)) {
-    vkprintf(2, "Cannot read AES key fd: %d: %m\n", fd);
+    tvkprintf(net_crypto_aes, 1, "Cannot read AES key fd: %d: %m\n", fd);
     return NULL;
   }
 
@@ -125,7 +127,7 @@ static bool aes_key_load_file(int fd, const char *path) {
   close(fd);
   if (!key) {
     free(tmp_path);
-    vkprintf(1, "Cannot load AES key from fd: %d(\"%s\"): %m\n", fd, path);
+    tvkprintf(net_crypto_aes, 1, "Cannot load AES key from fd: %d(\"%s\"): %m\n", fd, path);
     return false;
   }
 
@@ -145,14 +147,14 @@ static bool aes_key_load_dir(int fd) {
     const int fd = openat(dir_fd, entry->d_name, O_NOFOLLOW);
     if (fd == -1) {
       if(errno != ELOOP) {
-        vkprintf(1, "Cannot openat() AES key dir entry: \"%s\": %m\n", entry->d_name);
+        tvkprintf(net_crypto_aes, 1, "Cannot openat() AES key dir entry: \"%s\": %m\n", entry->d_name);
       }
       continue;
     }
 
     struct stat st;
     if (fstat(fd, &st) == -1) {
-      vkprintf(1, "Cannot fstatat() AES key dir entry: \"%s\": %m\n", entry->d_name);
+      tvkprintf(net_crypto_aes, 1, "Cannot fstatat() AES key dir entry: \"%s\": %m\n", entry->d_name);
       continue;
     }
 
@@ -168,7 +170,7 @@ static bool aes_key_load_dir(int fd) {
   char buffer[NAME_MAX + 1];
   if (readlinkat(dir_fd, "default", buffer, sizeof(buffer)) == -1) {
     assert(!closedir(dir));
-    vkprintf(1, "Cannot readlinkat() \"default\" AES key symlink\n");
+    tvkprintf(net_crypto_aes, 1, "Cannot readlinkat() \"default\" AES key symlink\n");
     return false;
   }
   assert(!closedir(dir));
@@ -179,14 +181,14 @@ static bool aes_key_load_dir(int fd) {
 bool aes_key_load_path(const char *path) {
   const int fd = open(path, O_RDONLY);
   if (fd == -1) {
-    vkprintf(1, "Cannot open() AES key path: \"%s\": %m\n", path);
+    tvkprintf(net_crypto_aes, 1, "Cannot open() AES key path: \"%s\": %m\n", path);
     return false;
   }
 
   struct stat st;
   if (fstat(fd, &st) == -1) {
     close(fd);
-    vkprintf(1, "Cannot fstat() AES key path fd: %d: %m\n", fd);
+    tvkprintf(net_crypto_aes, 1, "Cannot fstat() AES key path fd: %d: %m\n", fd);
     return false;
   }
 
@@ -199,7 +201,7 @@ bool aes_key_load_path(const char *path) {
   }
 
   close(fd);
-  vkprintf(1, "Unexpected file type for AES key path: %u\n", S_IFMT & st.st_mode);
+  tvkprintf(net_crypto_aes, 1, "Unexpected file type for AES key path: %u\n", S_IFMT & st.st_mode);
 
   return false;
 }

diff --git a/net/net-aes-keys.h b/net/net-aes-keys.h
@@ -8,9 +8,13 @@
 #include <stdbool.h>
 #include <stdint.h>
 
+#include "common/kprintf.h"
+
 #define	AES_KEY_MIN_LEN 32
 #define AES_KEY_MAX_LEN 256
 
+DECLARE_VERBOSITY(net_crypto_aes);
+
 struct aes_key {
   const char *filename;
   int32_t id;