Merge pull request #8441 from keszybz/oss-fuzz-fixes

Fixes for bugs found by oss-fuzz

TODO

@@ -528,8 +528,7 @@ Features:
 * maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases...
 
 * test/:
-  - add 'set -e' to scripts in test/
-  - make stuff in test/ work with separate output dir
+  - add unit tests for config_parse_device_allow()
 
 * seems that when we follow symlinks to units we prefer the symlink
   destination path over /etc and /usr. We should not do that. Instead
@@ -774,8 +773,6 @@ Features:
 * hw watchdog: optionally try to use the preset watchdog timeout instead of always overriding it
   https://bugs.freedesktop.org/show_bug.cgi?id=54712
 
-* create /sbin/init symlinks from the build system
-
 * add a dependency on standard-conf.xml and other included files to man pages
 
 * MountFlags=shared acts as MountFlags=slave right now.

meson.build

@@ -412,20 +412,6 @@ foreach arg : ['-Wl,-z,relro',
         endif
 endforeach
 
-# Check if various sanitizers are supported
-sanitizers = []
-foreach arg : ['address']
-
-        have = run_command(check_compilation_sh,
-                           cc.cmd_array(), '-x', 'c',
-                           '-fsanitize=@0@'.format(arg),
-                           '-include', link_test_c).returncode() == 0
-        message('@0@ sanitizer supported: @1@'.format(arg, have ? 'yes' : 'no'))
-        if have
-                sanitizers += arg
-        endif
-endforeach
-
 if get_option('buildtype') != 'debug'
         foreach arg : ['-ffunction-sections',
                        '-fdata-sections']
@@ -2657,48 +2643,56 @@ endforeach
 
 ############################################################
 
-prev = ''
-foreach p : fuzz_regression_tests
-        a = p.split('/')[-3]
-        b = p.split('/')[-2]
-        c = p.split('/')[-1]
+# Enable tests for all supported sanitizers
+foreach tuple : sanitizers
+        sanitizer = tuple[0]
+        build = tuple[1]
 
-        if a == 'address'
-                build = sanitize_address
-        else
-                error('unknown sanitizer @0@'.format(a))
-        endif
+        have = run_command(check_compilation_sh,
+                           cc.cmd_array(), '-x', 'c',
+                           '-fsanitize=@0@'.format(sanitizer),
+                           '-include', link_test_c).returncode() == 0
+        message('@0@ sanitizer supported: @1@'.format(sanitizer, have ? 'yes' : 'no'))
 
-        name = '@1@:@0@'.format(a, b)
+        if have
+                prev = ''
+                foreach p : fuzz_regression_tests
+                        b = p.split('/')[-2]
+                        c = p.split('/')[-1]
 
-        if name != prev
-                if want_tests == 'false'
-                        message('Not compiling @0@ because tests is set to false'.format(name))
-                elif not sanitizers.contains(a)
-                        message('Not compiling @0@ because @1@ sanitizer is not available'.format(name, a))
-                elif slow_tests
-                        exe = custom_target(
-                                name,
-                                output : name,
-                                depends : build,
-                                command : [env, 'ln', '-fs',
-                                           join_paths(build.full_path(), b),
-                                           '@OUTPUT@'],
-                                build_by_default : true)
-                else
-                        message('Not compiling @0@ because slow-tests is set to false'.format(name))
-                endif
-        endif
-        prev = name
+                        name = '@0@:@1@'.format(b, sanitizer)
 
-        if want_tests != 'false' and slow_tests
-                test(c, env, args : [exe.full_path(),
-                                     join_paths(meson.source_root(),
-                                                'test/fuzz-regressions',
-                                                p)])
+                        if name != prev
+                                if want_tests == 'false'
+                                        message('Not compiling @0@ because tests is set to false'.format(name))
+                                elif slow_tests
+                                        exe = custom_target(
+                                                name,
+                                                output : name,
+                                                depends : build,
+                                                command : [env, 'ln', '-fs',
+                                                           join_paths(build.full_path(), b),
+                                                           '@OUTPUT@'],
+                                                build_by_default : true)
+                                else
+                                        message('Not compiling @0@ because slow-tests is set to false'.format(name))
+                                endif
+                        endif
+                        prev = name
+
+                        if want_tests != 'false' and slow_tests
+                                test('@0@:@1@:@2@'.format(b, c, sanitizer),
+                                     env,
+                                     args : [exe.full_path(),
+                                             join_paths(meson.source_root(),
+                                                        'test/fuzz-regressions',
+                                                        p)])
+                        endif
+                endforeach
         endif
 endforeach
 
+
 ############################################################
 
 if git.found()

src/basic/calendarspec.c

@@ -581,7 +581,8 @@ static int calendarspec_from_time_t(CalendarSpec *c, time_t time) {
         CalendarComponent *year = NULL, *month = NULL, *day = NULL, *hour = NULL, *minute = NULL, *us = NULL;
         int r;
 
-        assert_se(gmtime_r(&time, &tm));
+        if (!gmtime_r(&time, &tm))
+                return -ERANGE;
 
         r = const_chain(tm.tm_year + 1900, &year);
         if (r < 0)

src/core/load-fragment.c

@@ -410,7 +410,6 @@ int config_parse_socket_listen(const char *unit,
                 if (r < 0) {
                         if (r != -EAFNOSUPPORT)
                                 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value, ignoring: %s", rvalue);
-
                         return 0;
                 }
 
@@ -3511,6 +3510,7 @@ int config_parse_device_allow(
                 log_syntax(unit, LOG_WARNING, filename, line, r,
                            "Failed to resolve specifiers in %s, ignoring: %m",
                            rvalue);
+                return 0;
         }
 
         n = strcspn(t, WHITESPACE);

src/test/test-socket-util.c

@@ -118,6 +118,9 @@ static void test_socket_address_parse_netlink(void) {
         assert_se(socket_address_parse_netlink(&a, "route 10") >= 0);
         assert_se(a.sockaddr.sa.sa_family == AF_NETLINK);
         assert_se(a.protocol == NETLINK_ROUTE);
+
+        /* oss-fuzz #6884 */
+        assert_se(socket_address_parse_netlink(&a, "\xff") < 0);
 }
 
 static void test_socket_address_equal(void) {

test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884

@@ -0,0 +1,3 @@
+socket
+[Socket]
+ListenNetlink=ÿ

test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885

@@ -0,0 +1,3 @@
+service
+[Service]
+DeviceAllow=%D

test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6886

@@ -0,0 +1,3 @@
+timer
+[Timer]
+OnCalendar=@88588582097858858

test/fuzz-regressions/meson.build

@@ -24,7 +24,12 @@ sanitize_address = custom_target(
                    'fuzzers',
                    '-Db_lundef=false -Db_sanitize=address'])
 
+sanitizers = [['address', sanitize_address]]
+
 fuzz_regression_tests = '''
-        address/fuzz-dns-packet/oss-fuzz-5465
-        address/fuzz-dns-packet/issue-7888
+        fuzz-dns-packet/oss-fuzz-5465
+        fuzz-dns-packet/issue-7888
+        fuzz-unit-file/oss-fuzz-6884
+        fuzz-unit-file/oss-fuzz-6885
+        fuzz-unit-file/oss-fuzz-6886
 '''.split()