You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 lines
3.3 KiB
103 lines
3.3 KiB
From 9a6a36b44ad131036fef5c91edc86c842c9821ba Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
Date: Sat, 7 Jul 2018 19:30:25 +0200
|
|
Subject: [PATCH] fuzz-bus-message: add fuzzer for message parsing
|
|
|
|
As with other fuzzers, SYSTEMD_FUZZ_OUTPUT=1 and SYSTEMD_LOG_LEVEL=debug can be
|
|
used for debugging.
|
|
|
|
(cherry picked from commit 56b560c26339c4b282c06038316a91509eae75fd)
|
|
|
|
Resolves: #1696224
|
|
---
|
|
src/fuzz/fuzz-bus-message.c | 47 ++++++++++++++++++++++++++++
|
|
src/fuzz/meson.build | 4 +++
|
|
test/fuzz/fuzz-bus-message/message1 | Bin 0 -> 534 bytes
|
|
3 files changed, 51 insertions(+)
|
|
create mode 100644 src/fuzz/fuzz-bus-message.c
|
|
create mode 100644 test/fuzz/fuzz-bus-message/message1
|
|
|
|
diff --git a/src/fuzz/fuzz-bus-message.c b/src/fuzz/fuzz-bus-message.c
|
|
new file mode 100644
|
|
index 0000000000..9842c62a6f
|
|
--- /dev/null
|
|
+++ b/src/fuzz/fuzz-bus-message.c
|
|
@@ -0,0 +1,47 @@
|
|
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
+
|
|
+#include <errno.h>
|
|
+#include <stdio.h>
|
|
+
|
|
+#include "alloc-util.h"
|
|
+#include "bus-dump.h"
|
|
+#include "bus-message.h"
|
|
+#include "env-util.h"
|
|
+#include "fd-util.h"
|
|
+#include "fuzz.h"
|
|
+
|
|
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
+ _cleanup_free_ char *out = NULL; /* out should be freed after g */
|
|
+ size_t out_size;
|
|
+ _cleanup_fclose_ FILE *g = NULL;
|
|
+ _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
|
|
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
|
+ _cleanup_free_ void *buffer = NULL;
|
|
+ int r;
|
|
+
|
|
+ /* We don't want to fill the logs with messages about parse errors.
|
|
+ * Disable most logging if not running standalone */
|
|
+ if (!getenv("SYSTEMD_LOG_LEVEL"))
|
|
+ log_set_max_level(LOG_CRIT);
|
|
+
|
|
+ r = sd_bus_new(&bus);
|
|
+ assert_se(r >= 0);
|
|
+
|
|
+ assert_se(buffer = memdup(data, size));
|
|
+
|
|
+ r = bus_message_from_malloc(bus, buffer, size, NULL, 0, NULL, &m);
|
|
+ if (r == -EBADMSG)
|
|
+ return 0;
|
|
+ assert_se(r >= 0);
|
|
+ TAKE_PTR(buffer);
|
|
+
|
|
+ if (getenv_bool("SYSTEMD_FUZZ_OUTPUT") <= 0)
|
|
+ assert_se(g = open_memstream(&out, &out_size));
|
|
+
|
|
+ bus_message_dump(m, g ?: stdout, BUS_MESSAGE_DUMP_WITH_HEADER);
|
|
+
|
|
+ r = sd_bus_message_rewind(m, true);
|
|
+ assert_se(r >= 0);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
|
|
index 5c81ac0c5b..1dbe28e57e 100644
|
|
--- a/src/fuzz/meson.build
|
|
+++ b/src/fuzz/meson.build
|
|
@@ -1,6 +1,10 @@
|
|
# SPDX-License-Identifier: LGPL-2.1+
|
|
|
|
fuzzers += [
|
|
+ [['src/fuzz/fuzz-bus-message.c'],
|
|
+ [libshared],
|
|
+ []],
|
|
+
|
|
[['src/fuzz/fuzz-dns-packet.c',
|
|
dns_type_headers],
|
|
[libsystemd_resolve_core,
|
|
diff --git a/test/fuzz/fuzz-bus-message/message1 b/test/fuzz/fuzz-bus-message/message1
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..2df70fd7cb6f0e632c4d5c2358091309a5cd3edc
|
|
GIT binary patch
|
|
literal 534
|
|
zcmZ{h&q@P9490)c+S-aI5sy;vvU_Q@zJNDRg0GP6pLJnzm(8jyqImJO9m&jAO2J$*
|
|
zUouI)FDV`F(?Na)-+*%!4p<Ov=#(SivDnlW893z>*j800&HPQub!GAKKk<pnS*VKU
|
|
zDys6{y?%5_+ofI7wP}~6nIx*Ir3!hGMB8<hTE7V(Gi{sVIgd=DT>?`eW@cA62YAU;
|
|
zGfCPuRke!oA6K{rh7kv!Ny7-(i7=gYuhah3Qir^3+f4&uw(Vor!))Yqug8R`C4plj
|
|
z2|PrH7;)gF$F}2n&qqW8HZ4}3Wm&+>9<NrbfNz0|15Nw<?foQWX$Lt6y!Zacdv7Cc
|
|
U-k_gtRCXE`J>Oto_jmF3zffXT%>V!Z
|
|
|
|
literal 0
|
|
HcmV?d00001
|
|
|