picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #10009 from evverx/rework-journald-fuzzers 

Add a fuzzer for server_process_native_message
This commit is contained in:
Yu Watanabe 2018-09-05 11:46:17 +09:00 committed by GitHub
parent 53253d9c54 9cdea02db5
commit 3457a7a939
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/fuzz/fuzz-journald-native.c Normal file
View File

@ -0,0 +1,10 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "fuzz.h"
#include "fuzz-journald.h"
#include "journald-native.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
fuzz_journald_processing_function(data, size, server_process_native_message);
return 0;
}

23
src/fuzz/fuzz-journald-syslog.c
View File

@ -1,29 +1,10 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "alloc-util.h"
#include "fuzz.h"
#include "journald-server.h"
#include "fuzz-journald.h"
#include "journald-syslog.h"
#include "sd-event.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
Server s = {};
char *label = NULL;
size_t label_len = 0;
struct ucred *ucred = NULL;
struct timeval *tv = NULL;
if (size == 0)
return 0;
assert_se(sd_event_default(&s.event) >= 0);
s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
s.buffer = memdup_suffix0(data, size);
assert_se(s.buffer);
s.buffer_size = size + 1;
s.storage = STORAGE_NONE;
server_process_syslog_message(&s, s.buffer, size, ucred, tv, label, label_len);
server_done(&s);
fuzz_journald_processing_function(data, size, server_process_syslog_message);
return 0;
}

30
src/fuzz/fuzz-journald.h Normal file
View File

@ -0,0 +1,30 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
#include "alloc-util.h"
#include "journald-server.h"
#include "sd-event.h"
static void fuzz_journald_processing_function(
const uint8_t *data,
size_t size,
void (*f)(Server *s, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len)
) {
Server s = {};
char *label = NULL;
size_t label_len = 0;
struct ucred *ucred = NULL;
struct timeval *tv = NULL;
if (size == 0)
return;
assert_se(sd_event_default(&s.event) >= 0);
s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
s.buffer = memdup_suffix0(data, size);
assert_se(s.buffer);
s.buffer_size = size + 1;
s.storage = STORAGE_NONE;
(*f)(&s, s.buffer, size, ucred, tv, label, label_len);
server_done(&s);
}

5
src/fuzz/meson.build
View File

@ -19,6 +19,11 @@ fuzzers += [
libshared],
[libmount]],
[['src/fuzz/fuzz-journald-native.c'],
[libjournal_core,
libshared],
[libselinux]],
[['src/fuzz/fuzz-journald-syslog.c'],
[libjournal_core,
libshared],

2
src/journal/journald-native.c
View File

@ -277,7 +277,7 @@ finish:
void server_process_native_message(
Server *s,
const void *buffer, size_t buffer_size,
const char *buffer, size_t buffer_size,
const struct ucred *ucred,
const struct timeval *tv,
const char *label, size_t label_len) {

2
src/journal/journald-native.h
View File

@ -5,7 +5,7 @@
void server_process_native_message(
Server *s,
const void *buffer,
const char *buffer,
size_t buffer_size,
const struct ucred *ucred,
const struct timeval *tv,