From b1bd453f36b9428b6bf9feba31fa0a2b36143e9c Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 3 Sep 2018 06:46:24 +0000
Subject: [PATCH 1/3] tests: rework the code fuzzing journald

This should make it easier to add a new fuzzer without a lot of
duplication.
---
 src/fuzz/fuzz-journald-syslog.c | 23 ++---------------------
 src/fuzz/fuzz-journald.h        | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 21 deletions(-)
 create mode 100644 src/fuzz/fuzz-journald.h

diff --git a/src/fuzz/fuzz-journald-syslog.c b/src/fuzz/fuzz-journald-syslog.c
index 7730f60875..100f0ce691 100644
--- a/src/fuzz/fuzz-journald-syslog.c
+++ b/src/fuzz/fuzz-journald-syslog.c
@@ -1,29 +1,10 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "alloc-util.h"
 #include "fuzz.h"
-#include "journald-server.h"
+#include "fuzz-journald.h"
 #include "journald-syslog.h"
-#include "sd-event.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-        Server s = {};
-        char *label = NULL;
-        size_t label_len = 0;
-        struct ucred *ucred = NULL;
-        struct timeval *tv = NULL;
-
-        if (size == 0)
-                return 0;
-
-        assert_se(sd_event_default(&s.event) >= 0);
-        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
-        s.buffer = memdup_suffix0(data, size);
-        assert_se(s.buffer);
-        s.buffer_size = size + 1;
-        s.storage = STORAGE_NONE;
-        server_process_syslog_message(&s, s.buffer, size, ucred, tv, label, label_len);
-        server_done(&s);
-
+        fuzz_journald_processing_function(data, size, server_process_syslog_message);
         return 0;
 }
diff --git a/src/fuzz/fuzz-journald.h b/src/fuzz/fuzz-journald.h
new file mode 100644
index 0000000000..e66ef54c9b
--- /dev/null
+++ b/src/fuzz/fuzz-journald.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include "alloc-util.h"
+#include "journald-server.h"
+#include "sd-event.h"
+
+static void fuzz_journald_processing_function(
+                const uint8_t *data,
+                size_t size,
+                void (*f)(Server *s, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len)
+        ) {
+        Server s = {};
+        char *label = NULL;
+        size_t label_len = 0;
+        struct ucred *ucred = NULL;
+        struct timeval *tv = NULL;
+
+        if (size == 0)
+                return;
+
+        assert_se(sd_event_default(&s.event) >= 0);
+        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
+        s.buffer = memdup_suffix0(data, size);
+        assert_se(s.buffer);
+        s.buffer_size = size + 1;
+        s.storage = STORAGE_NONE;
+        (*f)(&s, s.buffer, size, ucred, tv, label, label_len);
+        server_done(&s);
+}

From 21acb27b71f6284a57e4e9f3ac5f0d38721ef4eb Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 3 Sep 2018 07:03:10 +0000
Subject: [PATCH 2/3] journald: make server_process_native_message compatible
 with fuzz_journald_processing_function

---
 src/journal/journald-native.c | 2 +-
 src/journal/journald-native.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index 5ff22a10af..b2f6e11dba 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -277,7 +277,7 @@ finish:
 
 void server_process_native_message(
                 Server *s,
-                const void *buffer, size_t buffer_size,
+                const char *buffer, size_t buffer_size,
                 const struct ucred *ucred,
                 const struct timeval *tv,
                 const char *label, size_t label_len) {
diff --git a/src/journal/journald-native.h b/src/journal/journald-native.h
index 7211d4fab4..2a33ef74c5 100644
--- a/src/journal/journald-native.h
+++ b/src/journal/journald-native.h
@@ -5,7 +5,7 @@
 
 void server_process_native_message(
                 Server *s,
-                const void *buffer,
+                const char *buffer,
                 size_t buffer_size,
                 const struct ucred *ucred,
                 const struct timeval *tv,

From 9cdea02db57a36442ad9e9afcd67760ca319173a Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 3 Sep 2018 07:05:48 +0000
Subject: [PATCH 3/3] tests: add a fuzzer for server_process_native_message

---
 src/fuzz/fuzz-journald-native.c | 10 ++++++++++
 src/fuzz/meson.build            |  5 +++++
 2 files changed, 15 insertions(+)
 create mode 100644 src/fuzz/fuzz-journald-native.c

diff --git a/src/fuzz/fuzz-journald-native.c b/src/fuzz/fuzz-journald-native.c
new file mode 100644
index 0000000000..f4de5fd8eb
--- /dev/null
+++ b/src/fuzz/fuzz-journald-native.c
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "fuzz.h"
+#include "fuzz-journald.h"
+#include "journald-native.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        fuzz_journald_processing_function(data, size, server_process_native_message);
+        return 0;
+}
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 28770b68b8..5a97ef5091 100644
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -19,6 +19,11 @@ fuzzers += [
           libshared],
          [libmount]],
 
+        [['src/fuzz/fuzz-journald-native.c'],
+         [libjournal_core,
+          libshared],
+         [libselinux]],
+
         [['src/fuzz/fuzz-journald-syslog.c'],
          [libjournal_core,
           libshared],