Merge pull request #8487 from keszybz/oss-fuzz-fixes

Oss fuzz fixes, another batch
2018-03-21 11:50:57 +01:00 · 2018-03-21 11:50:57 +01:00 · ed1738a24a
parent 2062ada74c cb6870f67a
commit ed1738a24a
6 changed files with 28 additions and 6 deletions
--- a/src/basic/calendarspec.c
+++ b/src/basic/calendarspec.c
@ -187,6 +187,8 @@ int calendar_spec_normalize(CalendarSpec *c) {
 }

 _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_of_month) {
+        assert(to >= from);
+
        if (!c)
                return true;

@ -197,6 +199,10 @@ _pure_ static bool chain_valid(CalendarComponent *c, int from, int to, bool end_
        if (c->start < from || c->start > to)
                return false;

+        /* Avoid overly large values that could cause overflow */
+        if (c->repeat > to - from)
+                return false;
+
        /*
         * c->repeat must be short enough so at least one repetition may
         * occur before the end of the interval.  For dates scheduled
--- a/src/basic/ioprio.h
+++ b/src/basic/ioprio.h
@ -13,10 +13,10 @@
 #define IOPRIO_BITS             16
 #define IOPRIO_N_CLASSES        8
 #define IOPRIO_CLASS_SHIFT      13
-#define IOPRIO_PRIO_DATA_MASK   ((1UL << IOPRIO_CLASS_SHIFT) - 1)
+#define IOPRIO_PRIO_MASK        ((1UL << IOPRIO_CLASS_SHIFT) - 1)

 #define IOPRIO_PRIO_CLASS(mask) ((mask) >> IOPRIO_CLASS_SHIFT)
-#define IOPRIO_PRIO_DATA(mask)  ((mask) & IOPRIO_PRIO_DATA_MASK)
+#define IOPRIO_PRIO_DATA(mask)  ((mask) & IOPRIO_PRIO_MASK)
 #define IOPRIO_PRIO_VALUE(class, data)  (((class) << IOPRIO_CLASS_SHIFT) | data)

 #define ioprio_valid(mask)      (IOPRIO_PRIO_CLASS((mask)) != IOPRIO_CLASS_NONE)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@ -226,11 +226,19 @@ int config_parse_unit_path_printf(
        assert(rvalue);
        assert(u);

+        /* Let's not bother with anything that is too long */
+        if (strlen(rvalue) >= PATH_MAX) {
+                log_syntax(unit, LOG_ERR, filename, line, 0,
+                           "%s value too long%s.",
+                           lvalue, fatal ? "" : ", ignoring");
+                return fatal ? -ENAMETOOLONG : 0;
+        }
+
        r = unit_full_printf(u, rvalue, &k);
        if (r < 0) {
                log_syntax(unit, LOG_ERR, filename, line, r,
-                           "Failed to resolve unit specifiers on %s%s: %m",
-                           fatal ? "" : ", ignoring", rvalue);
+                           "Failed to resolve unit specifiers in \"%s\"%s: %m",
+                           rvalue, fatal ? "" : ", ignoring");
                return fatal ? -ENOEXEC : 0;
        }

--- a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6977
--- a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-7004
@ -0,0 +1,3 @@
+timer
+[Timer]
+OnCalendar=*-31/2147483640
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@ -32,9 +32,11 @@ fuzz_regression_tests = '''
        fuzz-unit-file/oss-fuzz-6884
        fuzz-unit-file/oss-fuzz-6885
        fuzz-unit-file/oss-fuzz-6886
-        fuzz-unit-file/oss-fuzz-6917
        fuzz-unit-file/oss-fuzz-6892
-        fuzz-unit-file/oss-fuzz-6908
        fuzz-unit-file/oss-fuzz-6897
        fuzz-unit-file/oss-fuzz-6897-evverx
+        fuzz-unit-file/oss-fuzz-6908
+        fuzz-unit-file/oss-fuzz-6917
+        fuzz-unit-file/oss-fuzz-6977
+        fuzz-unit-file/oss-fuzz-7004
 '''.split()