Merge pull request #2693 from pi-hole/development

Pi-hole FTL v6.3.3

Author: DL6ER

.github/workflows/codeql.yml

@@ -85,7 +85,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb #v4.31.0
+      uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee #v4.31.2
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -108,7 +108,7 @@ jobs:
         ./build.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb #v4.31.0
+      uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee #v4.31.2
       with:
         category: "/language:${{matrix.language}}"
         upload: failure-only # upload only in case of failure, otherwise upload later after filtering
@@ -134,7 +134,7 @@ jobs:
         output: codeql-results/cpp.sarif
 
     - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb #v4.31.0
+      uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee #v4.31.2
       with:
         sarif_file: codeql-results/cpp.sarif
 

src/api/docs/content/specs/lists.yaml

@@ -46,7 +46,7 @@ components:
           - "List management"
         operationId: "replace_lists"
         description: |
-          Items may be updated by replacing them. `{list}` is required.
+          Items may be updated by replacing them. `{list}` and `{listtype}` are required.
 
           Ensure to send all the required parameters (such as `comment`) to ensure these properties are retained.
           The read-only fields `id` and `date_added` are preserved, `date_modified` is automatically updated on success.
@@ -96,6 +96,7 @@ components:
           - "List management"
         operationId: "delete_lists"
         description: |
+          `{list}` and `{listtype}` are required.
           *Note:* There will be no content on success.
         responses:
           '204':

src/config/config.c

@@ -897,7 +897,7 @@ void initConfig(struct config *conf)
 	conf->ntp.sync.server.a = cJSON_CreateStringReference("A valid NTP upstream server");
 	conf->ntp.sync.server.t = CONF_STRING;
 	conf->ntp.sync.server.d.s = (char*)"pool.ntp.org";
-	conf->ntp.sync.server.c = validate_stub; // Only type-based checking
+	conf->ntp.sync.server.c = validate_dns_domain_or_ip;
 
 	conf->ntp.sync.interval.k = "ntp.sync.interval";
 	conf->ntp.sync.interval.h = "Interval in seconds between successive synchronization attempts with the NTP server";

src/config/validator.c

@@ -676,3 +676,26 @@ void sanitize_dns_hosts(union conf_value *val)
 		free(str);
 	}
 }
+
+// Validate a single domain or IP address
+bool validate_dns_domain_or_ip(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN])
+{
+	// Check if it's a valid domain
+	if(valid_domain(val->s, strlen(val->s), false))
+	{
+		return true;
+	}
+
+	// Check if IP is valid
+	struct in_addr addr;
+	struct in6_addr addr6;
+	int ip4 = 0, ip6 = 0;
+	if((ip4 = inet_pton(AF_INET, val->s, &addr) == 1) || (ip6 = inet_pton(AF_INET6, val->s, &addr6)) == 1)
+	{
+		return true;
+	}
+
+	// If neither, return an error
+	snprintf(err, VALIDATOR_ERRBUF_LEN, "%s: neither a valid domain nor IP address", key);
+	return false;
+}

src/config/validator.h

@@ -28,5 +28,6 @@ bool validate_regex_array(union conf_value *val, const char *key, char err[VALID
 bool validate_dns_revServers(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
 bool validate_ui_min_7_or_0(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
 void sanitize_dns_hosts(union conf_value *val);
+bool validate_dns_domain_or_ip(union conf_value *val, const char *key, char err[VALIDATOR_ERRBUF_LEN]);
 
 #endif // CONFIG_VALIDATOR_H

src/ntp/client.c

@@ -494,7 +494,8 @@ bool ntp_client(const char *server, const bool settime, const bool print)
 		}
 		errbuf[sizeof(errbuf) - 1] = '\0';
 		log_ntp_message(true, false, errbuf);
-		freeaddrinfo(saddr);
+		if(saddr != NULL)
+			freeaddrinfo(saddr);
 		return false;
 	}
 
@@ -503,7 +504,8 @@ bool ntp_client(const char *server, const bool settime, const bool print)
 	if(ntp == NULL)
 	{
 		log_err("Cannot allocate memory for NTP client");
-		freeaddrinfo(saddr);
+		if(saddr != NULL)
+			freeaddrinfo(saddr);
 		return false;
 	}
 
@@ -520,7 +522,8 @@ bool ntp_client(const char *server, const bool settime, const bool print)
 		{
 			close(s);
 			free(ntp);
-			freeaddrinfo(saddr);
+			if(saddr != NULL)
+				freeaddrinfo(saddr);
 			return false;
 		}
 		// Get reply
@@ -543,7 +546,8 @@ bool ntp_client(const char *server, const bool settime, const bool print)
 		printf("\n");
 
 	// Free allocated memory
-	freeaddrinfo(saddr);
+	if(saddr != NULL)
+		freeaddrinfo(saddr);
 	saddr = NULL;
 
 	// Compute average and standard deviation
@@ -764,9 +768,15 @@ bool ntp_start_sync_thread(pthread_attr_t *attr)
 	}
 	// Return early if a clock disciplining NTP client is detected
 	// Checks chrony, the ntp family (ntp, ntpsec and openntpd), and ntpd-rs
-	if(search_proc("chronyd") > 0 || search_proc("ntpd") > 0 || search_proc("ntp-daemon") > 0)
+	const int chronyd_found = search_proc("chronyd");
+	const int ntpd_found = search_proc("ntpd");
+	const int ntp_daemon_found = search_proc("ntp-daemon");
+	if(chronyd_found > 0 || ntpd_found > 0 || ntp_daemon_found > 0)
 	{
-		log_info("Clock disciplining NTP client detected, not starting embedded NTP client/server");
+		log_info("Clock disciplining NTP client detected ( %s%s%s), not starting embedded NTP client/server",
+		         chronyd_found > 0 ? "chronyd " : "",
+		         ntpd_found > 0 ? "ntpd " : "",
+		         ntp_daemon_found > 0 ? "ntp-daemon " : "");
 		return false;
 	}