diff --git a/.travis.yml b/.travis.yml index 1f09a78fa6..fc13586871 100644 --- a/.travis.yml +++ b/.travis.yml @@ -96,7 +96,7 @@ jobs: -v ${TOOL_BASE}:${TOOL_BASE}:ro \ --name travis_coverity_scan ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash # Make sure Coverity script is executable - - docker cp scripts/coverity.sh travis_coverity_scan:/usr/local/bin + - docker cp tools/coverity.sh travis_coverity_scan:/usr/local/bin # Preconfigure with meson to prevent Coverity from capturing meson metadata # Set compiler flag to prevent emit failure - docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double' meson cov-build -Dman=false" diff --git a/doc/HACKING b/doc/HACKING index 0682af27ba..b9c53dc56b 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -91,10 +91,10 @@ function and add it to the list in src/fuzz/meson.build. Whenever possible, a seed corpus and a dictionary should also be added with new fuzz targets. The dictionary should be named src/fuzz/fuzz-foo.dict and the seed corpus should be built and exported as $OUT/fuzz-foo_seed_corpus.zip in -scripts/oss-fuzz.sh. +tools/oss-fuzz.sh. The fuzzers can be built locally if you have libFuzzer installed by running -scripts/oss-fuzz.sh. You should also confirm that the fuzzer runs in the +tools/oss-fuzz.sh. You should also confirm that the fuzzer runs in the OSS-Fuzz environment by checking out the OSS-Fuzz repo, and then running commands like this: diff --git a/src/analyze/analyze-verify.c b/src/analyze/analyze-verify.c index f475b6598c..4cdf632552 100644 --- a/src/analyze/analyze-verify.c +++ b/src/analyze/analyze-verify.c @@ -254,7 +254,8 @@ int verify_units(char **filenames, UnitFileScope scope, bool check_man, bool run Unit *units[strv_length(filenames)]; int i, count = 0; - const uint8_t flags = MANAGER_TEST_RUN_ENV_GENERATORS | + const uint8_t flags = MANAGER_TEST_RUN_BASIC | + MANAGER_TEST_RUN_ENV_GENERATORS | run_generators * MANAGER_TEST_RUN_GENERATORS; if (strv_isempty(filenames)) diff --git a/src/core/manager.c b/src/core/manager.c index 84adb9c666..6140d06a7f 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -667,7 +667,7 @@ static int manager_setup_sigchld_event_source(Manager *m) { } int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) { - Manager *m; + _cleanup_(manager_freep) Manager *m = NULL; int r; assert(_m); @@ -729,62 +729,66 @@ int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) { r = manager_default_environment(m); if (r < 0) - goto fail; + return r; r = hashmap_ensure_allocated(&m->units, &string_hash_ops); if (r < 0) - goto fail; + return r; r = hashmap_ensure_allocated(&m->jobs, NULL); if (r < 0) - goto fail; + return r; r = hashmap_ensure_allocated(&m->cgroup_unit, &path_hash_ops); if (r < 0) - goto fail; + return r; r = hashmap_ensure_allocated(&m->watch_bus, &string_hash_ops); if (r < 0) - goto fail; - - r = sd_event_default(&m->event); - if (r < 0) - goto fail; - - r = manager_setup_run_queue(m); - if (r < 0) - goto fail; - - r = manager_setup_signals(m); - if (r < 0) - goto fail; - - r = manager_setup_cgroup(m); - if (r < 0) - goto fail; - - r = manager_setup_time_change(m); - if (r < 0) - goto fail; - - r = manager_setup_sigchld_event_source(m); - if (r < 0) - goto fail; - - m->udev = udev_new(); - if (!m->udev) { - r = -ENOMEM; - goto fail; - } + return r; r = manager_setup_prefix(m); if (r < 0) - goto fail; + return r; + + m->udev = udev_new(); + if (!m->udev) + return -ENOMEM; + + r = sd_event_default(&m->event); + if (r < 0) + return r; + + r = manager_setup_run_queue(m); + if (r < 0) + return r; + + if (test_run_flags == MANAGER_TEST_RUN_MINIMAL) { + m->cgroup_root = strdup(""); + if (!m->cgroup_root) + return -ENOMEM; + } else { + r = manager_setup_signals(m); + if (r < 0) + return r; + + r = manager_setup_cgroup(m); + if (r < 0) + return r; + + r = manager_setup_time_change(m); + if (r < 0) + return r; + + r = manager_setup_sigchld_event_source(m); + if (r < 0) + return r; + } if (MANAGER_IS_SYSTEM(m) && test_run_flags == 0) { r = mkdir_label("/run/systemd/units", 0755); if (r < 0 && r != -EEXIST) - goto fail; + return r; } m->taint_usr = @@ -795,11 +799,8 @@ int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **_m) { * since they might have gotten serialized across the reexec. */ *_m = m; + m = NULL; return 0; - -fail: - manager_free(m); - return r; } static int manager_setup_notify(Manager *m) { @@ -1701,6 +1702,7 @@ int manager_load_unit_prepare( sd_bus_error *e, Unit **_ret) { + _cleanup_(unit_freep) Unit *cleanup_ret = NULL; Unit *ret; UnitType t; int r; @@ -1733,29 +1735,26 @@ int manager_load_unit_prepare( return 1; } - ret = unit_new(m, unit_vtable[t]->object_size); + ret = cleanup_ret = unit_new(m, unit_vtable[t]->object_size); if (!ret) return -ENOMEM; if (path) { ret->fragment_path = strdup(path); - if (!ret->fragment_path) { - unit_free(ret); + if (!ret->fragment_path) return -ENOMEM; - } } r = unit_add_name(ret, name); - if (r < 0) { - unit_free(ret); + if (r < 0) return r; - } unit_add_to_load_queue(ret); unit_add_to_dbus_queue(ret); unit_add_to_gc_queue(ret); *_ret = ret; + cleanup_ret = NULL; return 0; } diff --git a/src/core/manager.h b/src/core/manager.h index d4eaaa1c4b..80304a4010 100644 --- a/src/core/manager.h +++ b/src/core/manager.h @@ -96,10 +96,11 @@ typedef enum ManagerTimestamp { enum { /* 0 = run normally */ - MANAGER_TEST_RUN_MINIMAL = 1, /* run test w/o generators */ - MANAGER_TEST_RUN_ENV_GENERATORS = 2, /* also run env generators */ - MANAGER_TEST_RUN_GENERATORS = 4, /* also run unit generators */ - MANAGER_TEST_FULL = MANAGER_TEST_RUN_ENV_GENERATORS | MANAGER_TEST_RUN_GENERATORS, + MANAGER_TEST_RUN_MINIMAL = 1 << 1, /* create basic data structures */ + MANAGER_TEST_RUN_BASIC = 1 << 2, /* interact with the environment */ + MANAGER_TEST_RUN_ENV_GENERATORS = 1 << 3, /* also run env generators */ + MANAGER_TEST_RUN_GENERATORS = 1 << 4, /* also run unit generators */ + MANAGER_TEST_FULL = MANAGER_TEST_RUN_BASIC | MANAGER_TEST_RUN_ENV_GENERATORS | MANAGER_TEST_RUN_GENERATORS, }; assert_cc((MANAGER_TEST_FULL & UINT8_MAX) == MANAGER_TEST_FULL); @@ -379,6 +380,7 @@ struct Manager { int manager_new(UnitFileScope scope, unsigned test_run_flags, Manager **m); Manager* manager_free(Manager *m); +DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); void manager_enumerate(Manager *m); int manager_startup(Manager *m, FILE *serialization, FDSet *fds); diff --git a/src/core/unit.c b/src/core/unit.c index c3056624ef..815701ad4e 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -128,7 +128,7 @@ Unit *unit_new(Manager *m, size_t size) { } int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) { - Unit *u; + _cleanup_(unit_freep) Unit *u = NULL; int r; u = unit_new(m, size); @@ -136,12 +136,11 @@ int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret) { return -ENOMEM; r = unit_add_name(u, name); - if (r < 0) { - unit_free(u); + if (r < 0) return r; - } *ret = u; + u = NULL; return r; } diff --git a/src/core/unit.h b/src/core/unit.h index e903bf8ad7..e9370a4b93 100644 --- a/src/core/unit.h +++ b/src/core/unit.h @@ -610,6 +610,7 @@ DEFINE_CAST(SCOPE, Scope); Unit *unit_new(Manager *m, size_t size); void unit_free(Unit *u); +DEFINE_TRIVIAL_CLEANUP_FUNC(Unit *, unit_free); int unit_new_for_name(Manager *m, size_t size, const char *name, Unit **ret); int unit_add_name(Unit *u, const char *name); diff --git a/src/fuzz/fuzz-dns-server.options b/src/fuzz/fuzz-dhcp-server.options similarity index 100% rename from src/fuzz/fuzz-dns-server.options rename to src/fuzz/fuzz-dhcp-server.options diff --git a/src/fuzz/fuzz-main.c b/src/fuzz/fuzz-main.c index 45e46907e2..cace47ba22 100644 --- a/src/fuzz/fuzz-main.c +++ b/src/fuzz/fuzz-main.c @@ -33,6 +33,9 @@ int main(int argc, char **argv) { char *name; log_set_max_level(LOG_DEBUG); + log_parse_environment(); + log_open(); + for (i = 1; i < argc; i++) { _cleanup_free_ char *buf = NULL; @@ -47,5 +50,6 @@ int main(int argc, char **argv) { (void) LLVMFuzzerTestOneInput((uint8_t*)buf, size); printf("ok\n"); } + return EXIT_SUCCESS; } diff --git a/src/fuzz/fuzz-unit-file.c b/src/fuzz/fuzz-unit-file.c new file mode 100644 index 0000000000..45f1a72db2 --- /dev/null +++ b/src/fuzz/fuzz-unit-file.c @@ -0,0 +1,59 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#include "conf-parser.h" +#include "fd-util.h" +#include "fileio.h" +#include "fuzz.h" +#include "install.h" +#include "load-fragment.h" +#include "string-util.h" +#include "unit.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + _cleanup_free_ char *out = NULL; /* out should be freed after g */ + size_t out_size; + _cleanup_fclose_ FILE *f = NULL, *g = NULL; + _cleanup_free_ char *p = NULL; + UnitType t; + _cleanup_(manager_freep) Manager *m = NULL; + Unit *u; + const char *name; + + if (size == 0) + return 0; + + f = fmemopen((char*) data, size, "re"); + assert_se(f); + + if (read_line(f, LINE_MAX, &p) < 0) + return 0; + + t = unit_type_from_string(p); + if (t < 0) + return 0; + + if (!unit_vtable[t]->load) + return 0; + + /* We don't want to fill the logs with messages about parse errors. + * Disable most logging if not running standalone */ + if (!getenv("SYSTEMD_LOG_LEVEL")) + log_set_max_level(LOG_CRIT); + + assert_se(manager_new(UNIT_FILE_SYSTEM, MANAGER_TEST_RUN_MINIMAL, &m) >= 0); + + name = strjoina("a.", unit_type_to_string(t)); + assert_se(unit_new_for_name(m, unit_vtable[t]->object_size, name, &u) >= 0); + + (void) config_parse(name, name, f, + UNIT_VTABLE(u)->sections, + config_item_perf_lookup, load_fragment_gperf_lookup, + CONFIG_PARSE_ALLOW_INCLUDE, u); + + g = open_memstream(&out, &out_size); + assert_se(g); + + unit_dump(u, g, ""); + + return 0; +} diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build index 09a8c8a11d..796c28e429 100644 --- a/src/fuzz/meson.build +++ b/src/fuzz/meson.build @@ -22,9 +22,14 @@ fuzzers += [ [libgcrypt, libgpg_error, libm]], - [['src/fuzz/fuzz-dhcp-server.c', - ], + + [['src/fuzz/fuzz-dhcp-server.c'], [libsystemd_network, libshared], - []] + []], + + [['src/fuzz/fuzz-unit-file.c'], + [libcore, + libshared], + [libmount]], ] diff --git a/src/libsystemd/sd-bus/bus-error.c b/src/libsystemd/sd-bus/bus-error.c index 3939d0a4ef..66a09a35f3 100644 --- a/src/libsystemd/sd-bus/bus-error.c +++ b/src/libsystemd/sd-bus/bus-error.c @@ -108,6 +108,7 @@ static int bus_error_name_to_errno(const char *name) { } m = __start_BUS_ERROR_MAP; +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION while (m < __stop_BUS_ERROR_MAP) { /* For magic ELF error maps, the end marker might * appear in the middle of things, since multiple maps @@ -125,6 +126,7 @@ static int bus_error_name_to_errno(const char *name) { m++; } +#endif return EIO; } diff --git a/src/libudev/libudev.c b/src/libudev/libudev.c index 64904c5ffa..4af0f1e1c6 100644 --- a/src/libudev/libudev.c +++ b/src/libudev/libudev.c @@ -85,8 +85,7 @@ _public_ void udev_set_userdata(struct udev *udev, void *userdata) { /** * udev_new: * - * Create udev library context. This reads the udev configuration - * file, and fills in the default values. + * Create udev library context. This only allocates the basic data structure. * * The initial refcount is 1, and needs to be decremented to * release the resources of the udev library context. diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c index 6ca2be41b0..afbc41cf43 100644 --- a/src/test/test-bpf.c +++ b/src/test/test-bpf.c @@ -41,7 +41,7 @@ int main(int argc, char *argv[]) { _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; CGroupContext *cc = NULL; _cleanup_(bpf_program_unrefp) BPFProgram *p = NULL; - Manager *m = NULL; + _cleanup_(manager_freep) Manager *m = NULL; Unit *u; char log_buf[65535]; int r; @@ -128,11 +128,9 @@ int main(int argc, char *argv[]) { unit_dump(u, stdout, NULL); r = bpf_firewall_compile(u); - if (IN_SET(r, -ENOTTY, -ENOSYS, -EPERM )) { + if (IN_SET(r, -ENOTTY, -ENOSYS, -EPERM )) /* Kernel doesn't support the necessary bpf bits, or masked out via seccomp? */ - manager_free(m); return EXIT_TEST_SKIP; - } assert_se(r >= 0); assert(u->ip_bpf_ingress); @@ -167,7 +165,5 @@ int main(int argc, char *argv[]) { assert_se(SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.code != CLD_EXITED || SERVICE(u)->exec_command[SERVICE_EXEC_START]->command_next->exec_status.status != EXIT_SUCCESS); - manager_free(m); - return 0; } diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c index 10ae523b52..907531b045 100644 --- a/src/test/test-cgroup-mask.c +++ b/src/test/test-cgroup-mask.c @@ -30,7 +30,7 @@ static int test_cgroup_mask(void) { _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; - Manager *m = NULL; + _cleanup_(manager_freep) Manager *m = NULL; Unit *son, *daughter, *parent, *root, *grandchild, *parent_deep; FILE *serial = NULL; FDSet *fdset = NULL; @@ -45,7 +45,7 @@ static int test_cgroup_mask(void) { /* Prepare the manager. */ assert_se(set_unit_path(get_testdata_dir("")) >= 0); assert_se(runtime_dir = setup_fake_runtime_dir()); - r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m); + r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_BASIC, &m); if (IN_SET(r, -EPERM, -EACCES)) { puts("manager_new: Permission denied. Skipping test."); return EXIT_TEST_SKIP; @@ -114,8 +114,6 @@ static int test_cgroup_mask(void) { assert_se(unit_get_target_mask(parent) == ((CGROUP_MASK_CPU | CGROUP_MASK_CPUACCT | CGROUP_MASK_IO | CGROUP_MASK_BLKIO | CGROUP_MASK_MEMORY) & m->cgroup_supported)); assert_se(unit_get_target_mask(root) == ((CGROUP_MASK_CPU | CGROUP_MASK_CPUACCT | CGROUP_MASK_IO | CGROUP_MASK_BLKIO | CGROUP_MASK_MEMORY) & m->cgroup_supported)); - manager_free(m); - return 0; } diff --git a/src/test/test-engine.c b/src/test/test-engine.c index a7cdbb6018..5d7cd8cfd5 100644 --- a/src/test/test-engine.c +++ b/src/test/test-engine.c @@ -31,7 +31,7 @@ int main(int argc, char *argv[]) { _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; - Manager *m = NULL; + _cleanup_(manager_freep) Manager *m = NULL; Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, *h = NULL; FILE *serial = NULL; FDSet *fdset = NULL; @@ -47,7 +47,7 @@ int main(int argc, char *argv[]) { /* prepare the test */ assert_se(set_unit_path(get_testdata_dir("")) >= 0); assert_se(runtime_dir = setup_fake_runtime_dir()); - r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m); + r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_BASIC, &m); if (MANAGER_SKIP_TEST(r)) { log_notice_errno(r, "Skipping test: manager_new: %m"); return EXIT_TEST_SKIP; @@ -143,7 +143,5 @@ int main(int argc, char *argv[]) { assert_se(!hashmap_get(a->dependencies[UNIT_PROPAGATES_RELOAD_TO], c)); assert_se(!hashmap_get(c->dependencies[UNIT_RELOAD_PROPAGATED_FROM], a)); - manager_free(m); - return 0; } diff --git a/src/test/test-execute.c b/src/test/test-execute.c index 645e0b3d47..954080df36 100644 --- a/src/test/test-execute.c +++ b/src/test/test-execute.c @@ -623,12 +623,12 @@ static void test_exec_standardinput(Manager *m) { static int run_tests(UnitFileScope scope, const test_function_t *tests) { const test_function_t *test = NULL; - Manager *m = NULL; + _cleanup_(manager_freep) Manager *m = NULL; int r; assert_se(tests); - r = manager_new(scope, MANAGER_TEST_RUN_MINIMAL, &m); + r = manager_new(scope, MANAGER_TEST_RUN_BASIC, &m); if (MANAGER_SKIP_TEST(r)) { log_notice_errno(r, "Skipping test: manager_new: %m"); return EXIT_TEST_SKIP; @@ -639,8 +639,6 @@ static int run_tests(UnitFileScope scope, const test_function_t *tests) { for (test = tests; test && *test; test++) (*test)(m); - manager_free(m); - return 0; } diff --git a/src/test/test-path.c b/src/test/test-path.c index 3f579b064d..880e54d81c 100644 --- a/src/test/test-path.c +++ b/src/test/test-path.c @@ -52,7 +52,7 @@ static int setup_test(Manager **m) { return -EXIT_TEST_SKIP; } - r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &tmp); + r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_BASIC, &tmp); if (MANAGER_SKIP_TEST(r)) { log_notice_errno(r, "Skipping test: manager_new: %m"); return -EXIT_TEST_SKIP; diff --git a/src/test/test-sched-prio.c b/src/test/test-sched-prio.c index 804cee34e9..abcda4dab5 100644 --- a/src/test/test-sched-prio.c +++ b/src/test/test-sched-prio.c @@ -28,7 +28,7 @@ int main(int argc, char *argv[]) { _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; - Manager *m = NULL; + _cleanup_(manager_freep) Manager *m = NULL; Unit *idle_ok, *idle_bad, *rr_ok, *rr_bad, *rr_sched; Service *ser; FILE *serial = NULL; @@ -44,7 +44,7 @@ int main(int argc, char *argv[]) { /* prepare the test */ assert_se(set_unit_path(get_testdata_dir("")) >= 0); assert_se(runtime_dir = setup_fake_runtime_dir()); - r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m); + r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_BASIC, &m); if (MANAGER_SKIP_TEST(r)) { log_notice_errno(r, "Skipping test: manager_new: %m"); return EXIT_TEST_SKIP; @@ -98,7 +98,5 @@ int main(int argc, char *argv[]) { assert_se(ser->exec_context.cpu_sched_policy == SCHED_RR); assert_se(ser->exec_context.cpu_sched_priority == 99); - manager_free(m); - return EXIT_SUCCESS; } diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c index 40eeba6af5..beb41e97bd 100644 --- a/src/test/test-unit-file.c +++ b/src/test/test-unit-file.c @@ -113,8 +113,8 @@ static void test_config_parse_exec(void) { ExecCommand *c = NULL, *c1; const char *ccc; - Manager *m = NULL; - Unit *u = NULL; + _cleanup_(manager_freep) Manager *m = NULL; + _cleanup_(unit_freep) Unit *u = NULL; r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m); if (MANAGER_SKIP_TEST(r)) { @@ -441,9 +441,6 @@ static void test_config_parse_exec(void) { assert_se(c == NULL); exec_command_free_list(c); - - unit_free(u); - manager_free(m); } static void test_config_parse_log_extra_fields(void) { @@ -461,8 +458,8 @@ static void test_config_parse_log_extra_fields(void) { int r; - Manager *m = NULL; - Unit *u = NULL; + _cleanup_(manager_freep) Manager *m = NULL; + _cleanup_(unit_freep) Unit *u = NULL; ExecContext c = {}; r = manager_new(UNIT_FILE_USER, MANAGER_TEST_RUN_MINIMAL, &m); @@ -507,9 +504,6 @@ static void test_config_parse_log_extra_fields(void) { exec_context_free_log_extra_fields(&c); - unit_free(u); - manager_free(m); - log_info("/* %s – bye */", __func__); } diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c index 416542c83f..f7598d2284 100644 --- a/src/test/test-unit-name.c +++ b/src/test/test-unit-name.c @@ -199,12 +199,11 @@ static void test_unit_name_mangle(void) { } static int test_unit_printf(void) { - Manager *m = NULL; + _cleanup_free_ char *mid = NULL, *bid = NULL, *host = NULL, *uid = NULL, *user = NULL, *shell = NULL, *home = NULL; + _cleanup_(manager_freep) Manager *m = NULL; Unit *u, *u2; int r; - _cleanup_free_ char *mid = NULL, *bid = NULL, *host = NULL, *uid = NULL, *user = NULL, *shell = NULL, *home = NULL; - assert_se(specifier_machine_id('m', NULL, NULL, &mid) >= 0 && mid); assert_se(specifier_boot_id('b', NULL, NULL, &bid) >= 0 && bid); assert_se(host = gethostname_malloc()); @@ -276,8 +275,6 @@ static int test_unit_printf(void) { expect(u2, "%b", bid); expect(u2, "%H", host); expect(u2, "%t", "/run/user/*"); - - manager_free(m); #undef expect return 0; diff --git a/src/test/test-watch-pid.c b/src/test/test-watch-pid.c index ed6c3d05cc..c280374582 100644 --- a/src/test/test-watch-pid.c +++ b/src/test/test-watch-pid.c @@ -8,8 +8,8 @@ int main(int argc, char *argv[]) { _cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL; + _cleanup_(manager_freep) Manager *m = NULL; Unit *a, *b, *c, *u; - Manager *m; int r; log_set_max_level(LOG_DEBUG); @@ -90,7 +90,5 @@ int main(int argc, char *argv[]) { unit_unwatch_pid(c, 4711); assert_se(manager_get_unit_by_pid(m, 4711) == NULL); - manager_free(m); - return 0; } diff --git "a/test/fuzz-corpus/unit-file/dev-mapper-fedora_krowka\\x2dswap.swap" "b/test/fuzz-corpus/unit-file/dev-mapper-fedora_krowka\\x2dswap.swap" new file mode 100644 index 0000000000..2886021b1a --- /dev/null +++ "b/test/fuzz-corpus/unit-file/dev-mapper-fedora_krowka\\x2dswap.swap" @@ -0,0 +1,10 @@ +swap +[Unit] +SourcePath=/etc/fstab +Documentation=man:fstab(5) man:systemd-fstab-generator(8) + +[Swap] +What=/dev/mapper/fedora_krowka-swap +Options=defaults,x-systemd.device-timeout=0 +Priority=11 +TimeoutSec=123h 5min 2y diff --git a/test/fuzz-corpus/unit-file/directives.service b/test/fuzz-corpus/unit-file/directives.service new file mode 100644 index 0000000000..f01c0ed172 --- /dev/null +++ b/test/fuzz-corpus/unit-file/directives.service @@ -0,0 +1,909 @@ +service +Accept= +AccuracySec= +After= +Alias= +AllowIsolate= +Also= +AmbientCapabilities= +AssertACPower= +AssertArchitecture= +AssertCapability= +AssertControlGroupController= +AssertDirectoryNotEmpty= +AssertFileIsExecutable= +AssertFileNotEmpty= +AssertFirstBoot= +AssertGroup= +AssertHost= +AssertKernelCommandLine= +AssertKernelVersion= +AssertNeedsUpdate= +AssertPathExists= +AssertPathExistsGlob= +AssertPathIsDirectory= +AssertPathIsMountPoint= +AssertPathIsReadWrite= +AssertPathIsSymbolicLink= +AssertSecurity= +AssertUser= +AssertVirtualization= +Backlog= +Before= +BindIPv6Only= +BindPaths= +BindReadOnlyPaths= +BindToDevice= +BindsTo= +BlockIOAccounting= +BlockIODeviceWeight= +BlockIOReadBandwidth= +BlockIOWeight= +BlockIOWriteBandwidth= +Broadcast= +BusName= +CPUAccounting= +CPUQuota= +CPUShares= +CPUWeight= +CapabilityBoundingSet= +CollectMode= +ConditionACPower= +ConditionArchitecture= +ConditionCapability= +ConditionControlGroupController= +ConditionDirectoryNotEmpty= +ConditionFileIsExecutable= +ConditionFileNotEmpty= +ConditionFirstBoot= +ConditionGroup= +ConditionHost= +ConditionKernelCommandLine= +ConditionKernelVersion= +ConditionNeedsUpdate= +ConditionPathExists= +ConditionPathExistsGlob= +ConditionPathIsDirectory= +ConditionPathIsMountPoint= +ConditionPathIsReadWrite= +ConditionPathIsSymbolicLink= +ConditionSecurity= +ConditionUser= +ConditionVirtualization= +Conflicts= +DefaultDependencies= +DefaultInstance= +DeferAcceptSec= +Delegate= +Description= +DeviceAllow= +DevicePolicy= +DirectoryMode= +DirectoryNotEmpty= +Documentation= +DynamicUser= +ExecReload= +ExecStart= +ExecStartPost= +ExecStartPre= +ExecStop= +ExecStopPost= +ExecStopPre= +FailureAction= +FileDescriptorName= +FileDescriptorStoreMax= +ForceUnmount= +FreeBind= +Group= +GuessMainPID= +IOAccounting= +IODeviceWeight= +IOReadBandwidthMax= +IOReadIOPSMax= +IOWeight= +IOWriteBandwidthMax= +IOWriteIOPSMax= +IPAccounting= +IPAddressAllow= +IPAddressDeny= +IPTOS= +IPTTL= +IgnoreOnIsolate= +JobRunningTimeoutSec= +JobTimeoutAction= +JobTimeoutRebootArgument= +JobTimeoutSec= +JoinsNamespaceOf= +KeepAlive= +KeepAliveIntervalSec= +KeepAliveProbes= +KeepAliveTimeSec= +KillMode= +KillSignal= +LazyUnmount= +ListenDatagram= +ListenFIFO= +ListenMessageQueue= +ListenNetlink= +ListenSequentialPacket= +ListenSpecial= +ListenStream= +ListenUSBFunction= +MakeDirectory= +Mark= +MaxConnections= +MaxConnectionsPerSource= +MemoryAccounting= +MemoryHigh= +MemoryLimit= +MemoryLow= +MemoryMax= +MemorySwapMax= +MessageQueueMaxMessages= +MessageQueueMessageSize= +MountAPIVFS= +NoDelay= +NoNewPrivileges= +NonBlocking= +NotifyAccess= +OnActiveSec= +OnBootSec= +OnCalendar= +OnFailure= +OnFailureJobMode= +OnStartupSec= +OnUnitActiveSec= +OnUnitInactiveSec= +Options= +PAMName= +PIDFile= +PartOf= +PassCredentials= +PassSecurity= +PathChanged= +PathExists= +PathExistsGlob= +PathModified= +PermissionsStartOnly= +Persistent= +PipeSize= +Priority= +PropagatesReloadTo= +RandomizedDelaySec= +RebootArgument= +ReceiveBuffer= +RefuseManualStart= +RefuseManualStop= +ReloadPropagatedFrom= +RemainAfterElapse= +RemainAfterExit= +RemoveOnStop= +RequiredBy= +Requires= +RequiresMountsFor= +Requisite= +Restart= +RestartForceExitStatus= +RestartPreventExitStatus= +RestartSec= +ReusePort= +RootDirectory= +RootDirectoryStartOnly= +RootImage= +RuntimeMaxSec= +SELinuxContextFromNet= +SecureBits= +SendBuffer= +SendSIGHUP= +SendSIGKILL= +Service= +Slice= +SloppyOptions= +SmackLabel= +SmackLabelIPIn= +SmackLabelIPOut= +SocketGroup= +SocketMode= +SocketProtocol= +SocketUser= +Sockets= +SourcePath= +StartLimitAction= +StartLimitBurst= +StartLimitIntervalSec= +StartupBlockIOWeight= +StartupCPUShares= +StartupCPUWeight= +StartupIOWeight= +StopWhenUnneeded= +SuccessAction= +SuccessExitStatus= +SupplementaryGroups= +Symlinks= +TCPCongestion= +TasksAccounting= +TasksMax= +TimeoutIdleSec= +TimeoutSec= +TimeoutStartSec= +TimeoutStopSec= +Transparent= +TriggerLimitBurst= +TriggerLimitIntervalSec= +Type= +USBFunctionDescriptors= +USBFunctionStrings= +Unit= +User= +WakeSystem= +WantedBy= +Wants= +WatchdogSec= +What= +Where= +WorkingDirectory= +Writable= +fsck.mode= +fsck.repair= +fstab= +locale.LANG= +locale.LANGUAGE= +locale.LC_ADDRESS= +locale.LC_COLLATE= +locale.LC_CTYPE= +locale.LC_IDENTIFICATION= +locale.LC_MEASUREMENT= +locale.LC_MESSAGES= +locale.LC_MONETARY= +locale.LC_NAME= +locale.LC_NUMERIC= +locale.LC_PAPER= +locale.LC_TELEPHONE= +locale.LC_TIME= +luks.crypttab= +luks.key= +luks.name= +luks.options= +luks.uuid= +luks= +modules_load= +mount.usr= +mount.usrflags= +mount.usrfstype= +net.ifnames= +plymouth.enable= +quotacheck.mode= +rd.fstab= +rd.luks.crypttab= +rd.luks.key= +rd.luks.name= +rd.luks.options= +rd.luks.uuid= +rd.luks= +rd.modules_load= +rd.systemd.gpt_auto= +rd.systemd.unit= +rd.systemd.verity= +rd.udev.children_max= +rd.udev.event_timeout= +rd.udev.exec_delay= +rd.udev.log_priority= +resume= +root= +rootflags= +rootfstype= +roothash= +systemd.default_standard_error= +systemd.default_standard_output= +systemd.default_timeout_start_sec= +systemd.firstboot= +systemd.gpt_auto= +systemd.journald.forward_to_console= +systemd.journald.forward_to_kmsg= +systemd.journald.forward_to_syslog= +systemd.journald.forward_to_wall= +systemd.log_level= +systemd.log_location= +systemd.log_target= +systemd.machine_id= +systemd.mask= +systemd.restore_state= +systemd.service_watchdogs= +systemd.setenv= +systemd.unit= +systemd.verity= +systemd.verity_root_data= +systemd.verity_root_hash= +systemd.volatile= +systemd.wants= +systemd.watchdog_device= +udev.children_max= +udev.event_timeout= +udev.exec_delay= +udev.log_priority= +vconsole.font= +vconsole.font_map= +vconsole.font_unimap= +vconsole.keymap= +vconsole.keymap_toggle= +ID_MODEL= +ID_MODEL_FROM_DATABASE= +SYSTEMD_ALIAS= +SYSTEMD_MOUNT_OPTIONS= +SYSTEMD_MOUNT_WHERE= +SYSTEMD_READY= +SYSTEMD_USER_WANTS= +SYSTEMD_WANTS= +link_priority= +static_node= +string_escape= +ARP= +ARPAllTargets= +ARPIPTargets= +ARPIntervalSec= +ARPValidate= +ActiveSlave= +AdSelect= +Address= +AddressAutoconfiguration= +AgeingTimeSec= +Alias= +AllSlavesActive= +AllowLocalRemote= +AllowPortToBeRoot= +AllowedIPs= +Anonymize= +Architecture= +AutoJoin= +AutoNegotiation= +BindCarrier= +BitsPerSecond= +Bond= +Bridge= +Broadcast= +Cache= +ClientIdentifier= +ConfigureWithoutCarrier= +CopyDSCP= +Cost= +CriticalConnection= +DHCP= +DHCPServer= +DNS= +DNSLifetimeSec= +DNSSEC= +DNSSECNegativeTrustAnchors= +DNSStubListener= +DUIDRawData= +DUIDType= +DefaultLeaseTimeSec= +DefaultPVID= +Description= +Destination= +DestinationPort= +DiscoverPathMTU= +Domains= +DownDelaySec= +Driver= +Duplex= +DuplicateAddressDetection= +EgressUntagged= +EmitDNS= +EmitDomains= +EmitLLDP= +EmitNTP= +EmitRouter= +EmitTimezone= +EncapsulationLimit= +Endpoint= +FDBAgeingSec= +FailOverMACPolicy= +FallbackDNS= +FallbackNTP= +FastLeave= +FirewallMark= +Flags= +FlowLabel= +ForwardDelaySec= +From= +FwMark= +GVRP= +Gateway= +GatewayOnlink= +GenericReceiveOffload= +GenericSegmentationOffload= +GratuitousARP= +Group= +GroupForwardMask= +GroupPolicyExtension= +HairPin= +HelloTimeSec= +HomeAddress= +Host= +Hostname= +IAID= +IPForward= +IPMasquerade= +IPv4LLRoute= +IPv4ProxyARP= +IPv6AcceptRA= +IPv6DuplicateAddressDetection= +IPv6FlowLabel= +IPv6HopLimit= +IPv6Preference= +IPv6PrefixDelegation= +IPv6PrivacyExtensions= +IPv6ProxyNDP= +IPv6ProxyNDPAddress= +IPv6Token= +Id= +IncomingInterface= +Independent= +InitialAdvertisedReceiveWindow= +InitialCongestionWindow= +InputKey= +KernelCommandLine= +KernelVersion= +Key= +Kind= +L2MissNotification= +L3MissNotification= +LACPTransmitRate= +LLDP= +LLMNR= +Label= +LargeReceiveOffload= +LearnPacketIntervalSec= +LinkLocalAddressing= +ListenPort= +Local= +LooseBinding= +MACAddress= +MACAddressPolicy= +MACVLAN= +MIIMonitorSec= +MTUBytes= +MVRP= +MacLearning= +ManageTemporaryAddress= +Managed= +MaxAgeSec= +MaxLeaseTimeSec= +MaximumFDBEntries= +Metric= +MinLinks= +Mode= +MultiQueue= +MulticastDNS= +MulticastQuerier= +MulticastSnooping= +NTP= +Name= +NamePolicy= +OnLink= +OneQueue= +OriginalName= +OtherInformation= +OutgoingInterface= +OutputKey= +PVID= +PacketInfo= +PacketsPerSlave= +Path= +Peer= +PersistentKeepalive= +PollIntervalMaxSec= +PollIntervalMinSec= +PoolOffset= +PoolSize= +Port= +PortRange= +PreferredLifetime= +PreferredLifetimeSec= +PreferredSource= +Prefix= +PrefixRoute= +PresharedKey= +PrimaryReselectPolicy= +PrimarySlave= +Priority= +PrivateKey= +Protocol= +PublicKey= +QuickAck= +RapidCommit= +ReduceARPProxy= +Remote= +RemoteChecksumRx= +RemoteChecksumTx= +ReorderHeader= +RequestBroadcast= +RequiredForOnline= +ResendIGMP= +RootDistanceMaxSec= +RouteMetric= +RouteShortCircuit= +RouteTable= +RouterLifetimeSec= +RouterPreference= +STP= +Scope= +SendHostname= +Source= +TCP6SegmentationOffload= +TCPSegmentationOffload= +TOS= +TTL= +Table= +Timezone= +To= +TransmitHashPolicy= +Tunnel= +TxtData= +TxtText= +Type= +TypeOfService= +UDP6ZeroChecksumRx= +UDP6ZeroChecksumTx= +UDPChecksum= +UDPSegmentationOffload= +UnicastFlood= +Unmanaged= +UpDelaySec= +UseBPDU= +UseDNS= +UseDomains= +UseHostname= +UseMTU= +UseNTP= +UseRoutes= +UseTimezone= +User= +VLAN= +VLANFiltering= +VLANId= +VNetHeader= +VRF= +VXLAN= +ValidLifetimeSec= +VendorClassIdentifier= +Virtualization= +WakeOnLan= +Weight= +CODE_FILE= +CODE_FUNC= +CODE_LINE= +COREDUMP_UNIT= +COREDUMP_USER_UNIT= +ERRNO= +MESSAGE= +MESSAGE_ID= +OBJECT_AUDIT_LOGINUID= +OBJECT_AUDIT_SESSION= +OBJECT_CMDLINE= +OBJECT_COMM= +OBJECT_EXE= +OBJECT_GID= +OBJECT_PID= +OBJECT_SYSTEMD_CGROUP= +OBJECT_SYSTEMD_OWNER_UID= +OBJECT_SYSTEMD_SESSION= +OBJECT_SYSTEMD_UNIT= +OBJECT_SYSTEMD_USER_UNIT= +OBJECT_UID= +PRIORITY= +SYSLOG_FACILITY= +SYSLOG_IDENTIFIER= +SYSLOG_PID= +_AUDIT_LOGINUID= +_AUDIT_SESSION= +_BOOT_ID= +_CAP_EFFECTIVE= +_CMDLINE= +_COMM= +_EXE= +_GID= +_HOSTNAME= +_KERNEL_DEVICE= +_KERNEL_SUBSYSTEM= +_LINE_BREAK= +_MACHINE_ID= +_PID= +_SELINUX_CONTEXT= +_SOURCE_REALTIME_TIMESTAMP= +_STREAM_ID= +_SYSTEMD_CGROUP= +_SYSTEMD_INVOCATION_ID= +_SYSTEMD_OWNER_UID= +_SYSTEMD_SESSION= +_SYSTEMD_SLICE= +_SYSTEMD_UNIT= +_SYSTEMD_USER_UNIT= +_TRANSPORT= +_UDEV_DEVLINK= +_UDEV_DEVNODE= +_UDEV_SYSNAME= +_UID= +__CURSOR= +__MONOTONIC_TIMESTAMP= +__REALTIME_TIMESTAMP= +class= +type= +cipher= +hash= +header= +key-slot= +keyfile-offset= +keyfile-size= +offset= +size= +skip= +tcrypt-keyfile= +timeout= +tries= +x-systemd.after= +x-systemd.before= +x-systemd.device-timeout= +x-systemd.idle-timeout= +x-systemd.mount-timeout= +x-systemd.requires-mounts-for= +x-systemd.requires= +CPUAffinity= +CapabilityBoundingSet= +CrashChangeVT= +CrashReboot= +CrashShell= +CtrlAltDelBurstAction= +DefaultBlockIOAccounting= +DefaultCPUAccounting= +DefaultEnvironment= +DefaultIPAccounting= +DefaultLimitAS= +DefaultLimitCORE= +DefaultLimitCPU= +DefaultLimitDATA= +DefaultLimitFSIZE= +DefaultLimitLOCKS= +DefaultLimitMEMLOCK= +DefaultLimitMSGQUEUE= +DefaultLimitNICE= +DefaultLimitNOFILE= +DefaultLimitNPROC= +DefaultLimitRSS= +DefaultLimitRTPRIO= +DefaultLimitRTTIME= +DefaultLimitSIGPENDING= +DefaultLimitSTACK= +DefaultMemoryAccounting= +DefaultRestartSec= +DefaultStandardError= +DefaultStandardOutput= +DefaultStartLimitBurst= +DefaultStartLimitIntervalSec= +DefaultTasksAccounting= +DefaultTasksMax= +DefaultTimeoutStartSec= +DefaultTimeoutStopSec= +DefaultTimerAccuracySec= +DumpCore= +HibernateMode= +HibernateState= +HybridSleepMode= +HybridSleepState= +JoinControllers= +LogColor= +LogLevel= +LogLocation= +LogTarget= +RuntimeWatchdogSec= +ShowStatus= +ShutdownWatchdogSec= +SuspendMode= +SuspendState= +SystemCallArchitectures= +TimerSlackNSec= +WatchdogDevice= +-N= +-c= +-e= +-t= +ANSI_COLOR= +AppArmorProfile= +BUG_REPORT_URL= +BUILD_ID= +Bind= +BindReadOnly= +Boot= +Bridge= +CHASSIS= +CPE_NAME= +CPUAffinity= +CPUSchedulingPolicy= +CPUSchedulingPriority= +CPUSchedulingResetOnFork= +CacheDirectory= +CacheDirectoryMode= +Capability= +Compress= +ConfigurationDirectory= +ConfigurationDirectoryMode= +DEPLOYMENT= +DropCapability= +Environment= +EnvironmentFile= +ExternalSizeMax= +FONT= +FONT_MAP= +FONT_UNIMAP= +ForwardToConsole= +ForwardToKMsg= +ForwardToSyslog= +ForwardToWall= +HOME_URL= +HandleHibernateKey= +HandleLidSwitch= +HandleLidSwitchDocked= +HandleLidSwitchExternalPower= +HandlePowerKey= +HandleSuspendKey= +HibernateKeyIgnoreInhibited= +HoldoffTimeoutSec= +ICON_NAME= +ID= +ID_LIKE= +IOSchedulingClass= +IOSchedulingPriority= +IPVLAN= +IdleAction= +IdleActionSec= +IgnoreSIGPIPE= +InaccessiblePaths= +InhibitDelayMaxSec= +InhibitorsMax= +Interface= +JournalSizeMax= +KEYMAP= +KEYMAP_TOGGLE= +KeepFree= +KeyringMode= +KillExcludeUsers= +KillOnlyUsers= +KillSignal= +KillUserProcesses= +LOCATION= +LidSwitchIgnoreInhibited= +LimitAS= +LimitCORE= +LimitCPU= +LimitDATA= +LimitFSIZE= +LimitLOCKS= +LimitMEMLOCK= +LimitMSGQUEUE= +LimitNICE= +LimitNOFILE= +LimitNPROC= +LimitRSS= +LimitRTPRIO= +LimitRTTIME= +LimitSIGPENDING= +LimitSTACK= +LineMax= +LockPersonality= +LogExtraFields= +LogLevelMax= +LogsDirectory= +LogsDirectoryMode= +MACVLAN= +MachineID= +MaxFileSec= +MaxLevelConsole= +MaxLevelKMsg= +MaxLevelStore= +MaxLevelSyslog= +MaxLevelWall= +MaxRetentionSec= +MaxUse= +MemoryDenyWriteExecute= +MountFlags= +NAME= +NAutoVTs= +Nice= +NotifyReady= +OOMScoreAdjust= +Overlay= +OverlayReadOnly= +PRETTY_HOSTNAME= +PRETTY_NAME= +PRIVACY_POLICY_URL= +Parameters= +PassEnvironment= +Personality= +PivotRoot= +Port= +PowerKeyIgnoreInhibited= +Private= +PrivateDevices= +PrivateNetwork= +PrivateTmp= +PrivateUsers= +PrivateUsersChown= +ProcessSizeMax= +ProcessTwo= +ProtectControlGroups= +ProtectHome= +ProtectKernelModules= +ProtectKernelTunables= +ProtectSystem= +RateLimitBurst= +RateLimitIntervalSec= +ReadKMsg= +ReadOnly= +ReadOnlyPaths= +ReadWritePaths= +RemoveIPC= +ReserveVT= +RestrictAddressFamilies= +RestrictNamespaces= +RestrictRealtime= +RuntimeDirectory= +RuntimeDirectoryMode= +RuntimeDirectoryPreserve= +RuntimeDirectorySize= +RuntimeKeepFree= +RuntimeMaxFileSize= +RuntimeMaxFiles= +RuntimeMaxUse= +SELinuxContext= +SUPPORT_URL= +Seal= +ServerCertificateFile= +ServerKeyFile= +SessionsMax= +SmackProcessLabel= +SplitMode= +StandardError= +StandardInput= +StandardInputData= +StandardInputText= +StandardOutput= +StateDirectory= +StateDirectoryMode= +Storage= +SuspendKeyIgnoreInhibited= +SyncIntervalSec= +SyslogFacility= +SyslogIdentifier= +SyslogLevel= +SyslogLevelPrefix= +SystemCallArchitectures= +SystemCallErrorNumber= +SystemCallFilter= +SystemKeepFree= +SystemMaxFileSize= +SystemMaxFiles= +SystemMaxUse= +TTYPath= +TTYReset= +TTYVHangup= +TTYVTDisallocate= +TemporaryFileSystem= +TimerSlackNSec= +TrustedCertificateFile= +UMask= +URL= +UnsetEnvironment= +User= +UserTasksMax= +UtmpIdentifier= +UtmpMode= +VARIANT= +VARIANT_ID= +VERSION= +VERSION_CODENAME= +VERSION_ID= +VirtualEthernet= +VirtualEthernetExtra= +Volatile= +WorkingDirectory= +Zone= diff --git a/test/fuzz-corpus/unit-file/empty.scope b/test/fuzz-corpus/unit-file/empty.scope new file mode 100644 index 0000000000..8df7245f62 --- /dev/null +++ b/test/fuzz-corpus/unit-file/empty.scope @@ -0,0 +1,2 @@ +scope +[Scope] diff --git a/test/fuzz-corpus/unit-file/machine.slice b/test/fuzz-corpus/unit-file/machine.slice new file mode 100644 index 0000000000..bf8c6bfc3e --- /dev/null +++ b/test/fuzz-corpus/unit-file/machine.slice @@ -0,0 +1,14 @@ +slice +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Slice +Documentation=man:systemd.special(7) +Before=slices.target diff --git a/test/fuzz-corpus/unit-file/proc-sys-fs-binfmt_misc.automount b/test/fuzz-corpus/unit-file/proc-sys-fs-binfmt_misc.automount new file mode 100644 index 0000000000..777a123ef4 --- /dev/null +++ b/test/fuzz-corpus/unit-file/proc-sys-fs-binfmt_misc.automount @@ -0,0 +1,21 @@ +automount +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Arbitrary Executable File Formats File System Automount Point +Documentation=https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +DefaultDependencies=no +Before=sysinit.target +ConditionPathExists=/proc/sys/fs/binfmt_misc/ +ConditionPathIsReadWrite=/proc/sys/ + +[Automount] +Where=/proc/sys/fs/binfmt_misc diff --git a/test/fuzz-corpus/unit-file/syslog.socket b/test/fuzz-corpus/unit-file/syslog.socket new file mode 100644 index 0000000000..3d28a261f5 --- /dev/null +++ b/test/fuzz-corpus/unit-file/syslog.socket @@ -0,0 +1,117 @@ +socket +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Syslog Socket +Documentation=man:systemd.special(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/syslog +DefaultDependencies=no +Before=sockets.target + +# Don't allow logging until the very end +Conflicts=shutdown.target +Before=shutdown.target + +# Don't try to activate syslog.service if sysinit.target has failed. +Conflicts=emergency.service +Before=emergency.service + +[Socket] +ListenDatagram=/run/systemd/journal/syslog +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M + +# The default syslog implementation should make syslog.service a +# symlink to itself, so that this socket activates the right actual +# syslog service. +# +# Examples: +# +# /etc/systemd/system/syslog.service -> /lib/systemd/system/rsyslog.service +# /etc/systemd/system/syslog.service -> /lib/systemd/system/syslog-ng.service +# +# Best way to achieve that is by adding this to your unit file +# (i.e. to rsyslog.service or syslog-ng.service): +# +# [Install] +# Alias=syslog.service +# +# See https://www.freedesktop.org/wiki/Software/systemd/syslog for details. + +[Socket] +ListenStream=1.2.3.4:1234 +ListenDatagram=1.2.3.4:1234 +ListenSequentialPacket=1.2.3.4:1234 +ListenFIFO= +ListenSpecial= +ListenNetlink= +ListenMessageQueue= +ListenUSBFunction= +SocketProtocol=udplite +SocketProtocol=sctp +SocketProtocol= +BindIPv6Only=false +Backlog=33 +BindToDevice=eth0 +SocketUser=daemon +SocketGroup=nobody +SocketMode=0111 +DirectoryMode=0555 +Accept=true +Accept=false +Writable=true +MaxConnections=11 +MaxConnectionsPerSource=12 +KeepAlive=yes +KeepAliveTimeSec=12345 +KeepAliveIntervalSec=12345 +KeepAliveProbes=12345 +NoDelay=true +Priority=0 +DeferAcceptSec=1 +ReceiveBuffer=1G +SendBuffer=1G +IPTOS=low-delay +IPTOS=throughput +IPTOS=reliability +IPTOS=low-cost +IPTOS= +IPTTL=7 +Mark=123 +ReusePort=true +SmackLabel=smack-label +SmackLabelIPIn=smack-label +SmackLabelIPOut=no idea what to put here +SELinuxContextFromNet=true +PipeSize=11111 +MessageQueueMaxMessages=200 +MessageQueueMessageSize=200 +FreeBind=false +Transparent=true +Broadcast=true +PassCredentials=true +PassSecurity=true +TCPCongestion=westwood +TCPCongestion=veno +TCPCongestion=cubic +TCPCongestion=lp +ExecStartPre=/bin/true "arg ' ' " +ExecStartPost=-!!/bin/false +ExecStopPre=/bin/true +ExecStopPost=-!!/bin/false +TimeoutSec=2343 +Symlinks=a b c d e +Symlinks= +Symlinks=/a /b /c /d /e +FileDescriptorName=name +TriggerLimitIntervalSec=2343 +TriggerLimitBurst=234 diff --git a/test/fuzz-corpus/unit-file/systemd-ask-password-console.path b/test/fuzz-corpus/unit-file/systemd-ask-password-console.path new file mode 100644 index 0000000000..3e12c752de --- /dev/null +++ b/test/fuzz-corpus/unit-file/systemd-ask-password-console.path @@ -0,0 +1,22 @@ +path +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Dispatch Password Requests to Console Directory Watch +Documentation=man:systemd-ask-password-console.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=plymouth-start.service +Before=paths.target shutdown.target cryptsetup.target +ConditionPathExists=!/run/plymouth/pid + +[Path] +DirectoryNotEmpty=/run/systemd/ask-password +MakeDirectory=yes diff --git a/test/fuzz-corpus/unit-file/systemd-machined.service b/test/fuzz-corpus/unit-file/systemd-machined.service new file mode 100644 index 0000000000..448f062ecf --- /dev/null +++ b/test/fuzz-corpus/unit-file/systemd-machined.service @@ -0,0 +1,34 @@ +service +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Registration Service +Documentation=man:systemd-machined.service(8) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/machined +Wants=machine.slice +After=machine.slice +RequiresMountsFor=/var/lib/machines + +[Service] +ExecStart=/usr/lib/systemd/systemd-machined +BusName=org.freedesktop.machine1 +WatchdogSec=3min +CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @obsolete @raw-io @reboot @swap +SystemCallArchitectures=native +LockPersonality=yes +IPAddressDeny=any + +# Note that machined cannot be placed in a mount namespace, since it +# needs access to the host's mount namespace in order to implement the +# "machinectl bind" operation. diff --git a/test/fuzz-corpus/unit-file/systemd-resolved.service b/test/fuzz-corpus/unit-file/systemd-resolved.service new file mode 100644 index 0000000000..0854c5f841 --- /dev/null +++ b/test/fuzz-corpus/unit-file/systemd-resolved.service @@ -0,0 +1,50 @@ +service +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Name Resolution +Documentation=man:systemd-resolved.service(8) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers +Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients +DefaultDependencies=no +After=systemd-sysusers.service systemd-networkd.service +Before=network.target nss-lookup.target shutdown.target +Conflicts=shutdown.target +Wants=nss-lookup.target + +[Service] +Type=notify +Restart=always +RestartSec=0 +ExecStart=!!/usr/lib/systemd/systemd-resolved +WatchdogSec=3min +User=systemd-resolve +CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap +SystemCallArchitectures=native +LockPersonality=yes +RuntimeDirectory=systemd/resolve +RuntimeDirectoryPreserve=yes + +[Install] +WantedBy=multi-user.target +Alias=dbus-org.freedesktop.resolve1.service diff --git a/test/fuzz-corpus/unit-file/systemd-tmpfiles-clean.timer b/test/fuzz-corpus/unit-file/systemd-tmpfiles-clean.timer new file mode 100644 index 0000000000..7db361cd69 --- /dev/null +++ b/test/fuzz-corpus/unit-file/systemd-tmpfiles-clean.timer @@ -0,0 +1,40 @@ +timer +# SPDX-License-Identifier: LGPL-2.1+ +[Unit] +Description=Daily Cleanup of Temporary Directories +Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8) + +[Timer] +OnBootSec=15min +OnUnitActiveSec=1d +OnBootSec=1s +OnStartupSec=234 +OnUnitActiveSec=2y +OnUnitInactiveSec=23434 +OnCalendar=minutely +OnCalendar=*-*-* *:*:00 +OnCalendar=hourly +OnCalendar=*-*-* *:00:00 +OnCalendar=daily +OnCalendar=*-*-* 00:00:00 +OnCalendar=monthly +OnCalendar=*-*-01 00:00:00 +OnCalendar=weekly +OnCalendar=Mon *-*-* 00:00:00 +OnCalendar=yearly +OnCalendar=*-01-01 00:00:00 +OnCalendar=quarterly +OnCalendar=*-01,04,07,10-01 00:00:00 +OnCalendar=semiannually +OnCalendar=*-01,07-01 00:00:00 +OnCalendar=Fri 2012-11-23 11:12:13 + +Persistent=true +AccuracySec=24h +RandomizedDelaySec=234234234 + +Persistent=no +Unit=foo.service + +WakeSystem=false +RemainAfterElapse=true diff --git a/test/fuzz-corpus/unit-file/timers.target b/test/fuzz-corpus/unit-file/timers.target new file mode 100644 index 0000000000..171226c680 --- /dev/null +++ b/test/fuzz-corpus/unit-file/timers.target @@ -0,0 +1,16 @@ +target +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Timers +Documentation=man:systemd.special(7) + +DefaultDependencies=no +Conflicts=shutdown.target diff --git a/test/fuzz-corpus/unit-file/var-lib-machines.mount b/test/fuzz-corpus/unit-file/var-lib-machines.mount new file mode 100644 index 0000000000..9c257d1191 --- /dev/null +++ b/test/fuzz-corpus/unit-file/var-lib-machines.mount @@ -0,0 +1,19 @@ +mount +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Virtual Machine and Container Storage +ConditionPathExists=/var/lib/machines.raw + +[Mount] +What=/var/lib/machines.raw +Where=/var/lib/machines +Type=btrfs +Options=loop diff --git a/scripts/coverity.sh b/tools/coverity.sh similarity index 100% rename from scripts/coverity.sh rename to tools/coverity.sh diff --git a/scripts/oss-fuzz.sh b/tools/oss-fuzz.sh similarity index 87% rename from scripts/oss-fuzz.sh rename to tools/oss-fuzz.sh index 2c4e58e29d..117b3d1aa4 100755 --- a/scripts/oss-fuzz.sh +++ b/tools/oss-fuzz.sh @@ -20,13 +20,20 @@ set -ex export LC_CTYPE=C.UTF-8 +export CC=${CC:-clang} +export CXX=${CXX:-clang++} +clang_version="$($CC --version | sed -nr 's/.*version ([^ ]+?) .*/\1/p' | sed -r 's/-$//')" + SANITIZER=${SANITIZER:-address -fsanitize-address-use-after-scope} flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize-coverage=trace-pc-guard,trace-cmp" +clang_lib="/usr/lib64/clang/${clang_version}/lib/linux" +[ -d "$clang_lib" ] || clang_lib="/usr/lib/clang/${clang_version}/lib/linux" + export CFLAGS=${CFLAGS:-$flags} export CXXFLAGS=${CXXFLAGS:-$flags} -export CC=${CC:-clang} -export CXX=${CXX:-clang++} +export LDFLAGS=${LDFLAGS:--L${clang_lib}} + export WORK=${WORK:-$(pwd)} export OUT=${OUT:-$(pwd)/out} mkdir -p $OUT