You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
173 lines
5.6 KiB
173 lines
5.6 KiB
From b276c85200786add6c86b6c1fedc888c71ffe5db Mon Sep 17 00:00:00 2001
|
|
From: Evgeny Vereshchagin <evvers@ya.ru>
|
|
Date: Sat, 17 Nov 2018 13:01:09 +0100
|
|
Subject: [PATCH] tests: introduce dummy_server_init and use it in all journald
|
|
fuzzers
|
|
|
|
(cherry picked from commit ed62712dc6fb236845c489a7f386c7aff0ec31d6)
|
|
|
|
Resolves: #1764560
|
|
---
|
|
src/fuzz/fuzz-journald-audit.c | 18 +++---------------
|
|
src/fuzz/fuzz-journald-kmsg.c | 20 ++++----------------
|
|
src/fuzz/fuzz-journald.c | 26 +++++++++++++++++++-------
|
|
src/fuzz/fuzz-journald.h | 2 ++
|
|
src/fuzz/meson.build | 6 ++++--
|
|
5 files changed, 32 insertions(+), 40 deletions(-)
|
|
|
|
diff --git a/src/fuzz/fuzz-journald-audit.c b/src/fuzz/fuzz-journald-audit.c
|
|
index fe401c0d98..3f3ce7e8ee 100644
|
|
--- a/src/fuzz/fuzz-journald-audit.c
|
|
+++ b/src/fuzz/fuzz-journald-audit.c
|
|
@@ -1,26 +1,14 @@
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
|
#include "fuzz.h"
|
|
+#include "fuzz-journald.h"
|
|
#include "journald-audit.h"
|
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
Server s;
|
|
- _cleanup_free_ char *buffer = NULL;
|
|
|
|
- s = (Server) {
|
|
- .syslog_fd = -1,
|
|
- .native_fd = -1,
|
|
- .stdout_fd = -1,
|
|
- .dev_kmsg_fd = -1,
|
|
- .audit_fd = -1,
|
|
- .hostname_fd = -1,
|
|
- .notify_fd = -1,
|
|
- .storage = STORAGE_NONE,
|
|
- };
|
|
- assert_se(sd_event_default(&s.event) >= 0);
|
|
- buffer = memdup_suffix0(data, size);
|
|
- assert_se(buffer);
|
|
- process_audit_string(&s, 0, buffer, size);
|
|
+ dummy_server_init(&s, data, size);
|
|
+ process_audit_string(&s, 0, s.buffer, size);
|
|
server_done(&s);
|
|
|
|
return 0;
|
|
diff --git a/src/fuzz/fuzz-journald-kmsg.c b/src/fuzz/fuzz-journald-kmsg.c
|
|
index e2611c6d45..f7426c8400 100644
|
|
--- a/src/fuzz/fuzz-journald-kmsg.c
|
|
+++ b/src/fuzz/fuzz-journald-kmsg.c
|
|
@@ -1,29 +1,17 @@
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
|
#include "fuzz.h"
|
|
+#include "fuzz-journald.h"
|
|
#include "journald-kmsg.h"
|
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
- Server s = {};
|
|
- _cleanup_free_ char *buffer = NULL;
|
|
+ Server s;
|
|
|
|
if (size == 0)
|
|
return 0;
|
|
|
|
- s = (Server) {
|
|
- .syslog_fd = -1,
|
|
- .native_fd = -1,
|
|
- .stdout_fd = -1,
|
|
- .dev_kmsg_fd = -1,
|
|
- .audit_fd = -1,
|
|
- .hostname_fd = -1,
|
|
- .notify_fd = -1,
|
|
- .storage = STORAGE_NONE,
|
|
- };
|
|
- assert_se(sd_event_default(&s.event) >= 0);
|
|
- buffer = memdup(data, size);
|
|
- assert_se(buffer);
|
|
- dev_kmsg_record(&s, buffer, size);
|
|
+ dummy_server_init(&s, data, size);
|
|
+ dev_kmsg_record(&s, s.buffer, size);
|
|
server_done(&s);
|
|
|
|
return 0;
|
|
diff --git a/src/fuzz/fuzz-journald.c b/src/fuzz/fuzz-journald.c
|
|
index f271d7f2fe..0659b92ba3 100644
|
|
--- a/src/fuzz/fuzz-journald.c
|
|
+++ b/src/fuzz/fuzz-journald.c
|
|
@@ -5,12 +5,29 @@
|
|
#include "journald-server.h"
|
|
#include "sd-event.h"
|
|
|
|
+void dummy_server_init(Server *s, const uint8_t *buffer, size_t size) {
|
|
+ *s = (Server) {
|
|
+ .syslog_fd = -1,
|
|
+ .native_fd = -1,
|
|
+ .stdout_fd = -1,
|
|
+ .dev_kmsg_fd = -1,
|
|
+ .audit_fd = -1,
|
|
+ .hostname_fd = -1,
|
|
+ .notify_fd = -1,
|
|
+ .storage = STORAGE_NONE,
|
|
+ };
|
|
+ assert_se(sd_event_default(&s->event) >= 0);
|
|
+ s->buffer = memdup_suffix0(buffer, size);
|
|
+ assert_se(s->buffer);
|
|
+ s->buffer_size = size + 1;
|
|
+}
|
|
+
|
|
void fuzz_journald_processing_function(
|
|
const uint8_t *data,
|
|
size_t size,
|
|
void (*f)(Server *s, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len)
|
|
) {
|
|
- Server s = {};
|
|
+ Server s;
|
|
char *label = NULL;
|
|
size_t label_len = 0;
|
|
struct ucred *ucred = NULL;
|
|
@@ -19,12 +36,7 @@ void fuzz_journald_processing_function(
|
|
if (size == 0)
|
|
return;
|
|
|
|
- assert_se(sd_event_default(&s.event) >= 0);
|
|
- s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
|
|
- s.buffer = memdup_suffix0(data, size);
|
|
- assert_se(s.buffer);
|
|
- s.buffer_size = size + 1;
|
|
- s.storage = STORAGE_NONE;
|
|
+ dummy_server_init(&s, data, size);
|
|
(*f)(&s, s.buffer, size, ucred, tv, label, label_len);
|
|
server_done(&s);
|
|
}
|
|
diff --git a/src/fuzz/fuzz-journald.h b/src/fuzz/fuzz-journald.h
|
|
index e9d32a74aa..77e3b0c064 100644
|
|
--- a/src/fuzz/fuzz-journald.h
|
|
+++ b/src/fuzz/fuzz-journald.h
|
|
@@ -3,6 +3,8 @@
|
|
|
|
#include "journald-server.h"
|
|
|
|
+void dummy_server_init(Server *s, const uint8_t *buffer, size_t size);
|
|
+
|
|
void fuzz_journald_processing_function(
|
|
const uint8_t *data,
|
|
size_t size,
|
|
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
|
|
index 5548da3822..897c02e4ae 100644
|
|
--- a/src/fuzz/meson.build
|
|
+++ b/src/fuzz/meson.build
|
|
@@ -33,12 +33,14 @@ fuzzers += [
|
|
libshared],
|
|
[libmount]],
|
|
|
|
- [['src/fuzz/fuzz-journald-audit.c'],
|
|
+ [['src/fuzz/fuzz-journald-audit.c',
|
|
+ 'src/fuzz/fuzz-journald.c'],
|
|
[libjournal_core,
|
|
libshared],
|
|
[libselinux]],
|
|
|
|
- [['src/fuzz/fuzz-journald-kmsg.c'],
|
|
+ [['src/fuzz/fuzz-journald-kmsg.c',
|
|
+ 'src/fuzz/fuzz-journald.c'],
|
|
[libjournal_core,
|
|
libshared],
|
|
[libselinux]],
|