picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #16257 from keszybz/two-fuzzer-issues 

Two fuzzer issues
This commit is contained in:
Lennart Poettering 2020-06-25 14:40:35 +02:00 committed by GitHub
parent b7d81d19cc f23810da20
commit f49bead3b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 50 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
src/fuzz/fuzz-udev-rules.c
View File

@ -1,106 +1,36 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <errno.h>
#include <sched.h>
#include <sys/mount.h>
#include <unistd.h>
#include <stdio.h>
#include "fd-util.h"
#include "fs-util.h"
#include "fuzz.h"
#include "log.h"
#include "mkdir.h"
#include "rm-rf.h"
#include "string-util.h"
#include "tests.h"
#include "tmpfile-util.h"
#include "udev-rules.h"
static struct fakefs {
const char *target;
bool ignore_mount_error;
bool is_mounted;
} fakefss[] = {
{ "/sys", false, false },
{ "/dev", false, false },
{ "/run", false, false },
{ "/etc", false, false },
{ UDEVLIBEXECDIR "/rules.d", true, false },
};
static int setup_mount_namespace(void) {
static thread_local bool is_namespaced = false;
if (is_namespaced)
return 1;
if (unshare(CLONE_NEWNS) < 0)
return log_error_errno(errno, "Failed to call unshare(): %m");
if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
return log_error_errno(errno, "Failed to mount / as private: %m");
is_namespaced = true;
return 1;
}
static int setup_fake_filesystems(const char *runtime_dir) {
for (unsigned i = 0; i < ELEMENTSOF(fakefss); i++) {
if (mount(runtime_dir, fakefss[i].target, NULL, MS_BIND, NULL) < 0) {
log_full_errno(fakefss[i].ignore_mount_error ? LOG_DEBUG : LOG_ERR, errno, "Failed to mount %s: %m", fakefss[i].target);
if (!fakefss[i].ignore_mount_error)
return -errno;
} else
fakefss[i].is_mounted = true;
}
return 0;
}
static int cleanup_fake_filesystems(const char *runtime_dir) {
for (unsigned i = 0; i < ELEMENTSOF(fakefss); i++) {
if (!fakefss[i].is_mounted)
continue;
if (umount(fakefss[i].target) < 0) {
log_full_errno(fakefss[i].ignore_mount_error ? LOG_DEBUG : LOG_ERR, errno, "Failed to umount %s: %m", fakefss[i].target);
if (!fakefss[i].ignore_mount_error)
return -errno;
} else
fakefss[i].is_mounted = false;
}
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_(udev_rules_freep) UdevRules *rules = NULL;
_cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
FILE *f = NULL;
(void) setup_mount_namespace();
assert_se(runtime_dir = setup_fake_runtime_dir());
if (setup_fake_filesystems(runtime_dir) < 0) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
return EXIT_TEST_SKIP;
#endif
}
_cleanup_fclose_ FILE *f = NULL;
_cleanup_(unlink_tempfilep) char filename[] = "/tmp/fuzz-udev-rules.XXXXXX";
int r;
if (!getenv("SYSTEMD_LOG_LEVEL")) {
log_set_max_level_realm(LOG_REALM_UDEV, LOG_CRIT);
log_set_max_level_realm(LOG_REALM_SYSTEMD, LOG_CRIT);
}
assert_se(mkdir_p("/etc/udev/rules.d", 0755) >= 0);
f = fopen("/etc/udev/rules.d/fuzz.rules", "we");
assert_se(f);
assert_se(fmkostemp_safe(filename, "r+", &f) == 0);
if (size != 0)
assert_se(fwrite(data, size, 1, f) == 1);
assert_se(fclose(f) == 0);
fflush(f);
assert_se(udev_rules_new(&rules, RESOLVE_NAME_EARLY) == 0);
assert_se(rules = udev_rules_new(RESOLVE_NAME_EARLY));
r = udev_rules_parse_file(rules, filename);
log_info_errno(r, "Parsing %s: %m", filename);
assert_se(IN_SET(r,
0, /* OK */
-ENOBUFS /* line length exceeded */));
assert_se(cleanup_fake_filesystems(runtime_dir) >= 0);
return 0;
}

9
src/shared/logs-show.c
View File

@ -573,19 +573,22 @@ static int output_short(
if (config_file &&
message_len >= config_file_len &&
memcmp(message, config_file, config_file_len) == 0 &&
IN_SET(message[config_file_len], ':', ' ', '\0') &&
(message_len == config_file_len || IN_SET(message[config_file_len], ':', ' ')) &&
(!highlight || highlight_shifted[0] == 0 || highlight_shifted[0] > config_file_len)) {
_cleanup_free_ char *t = NULL, *urlified = NULL;
t = strndup(config_file, config_file_len);
if (t && terminal_urlify_path(t, NULL, &urlified) >= 0) {
size_t shift = strlen(urlified) - config_file_len;
size_t urlified_len = strlen(urlified);
size_t shift = urlified_len - config_file_len;
char *joined;
joined = strjoin(urlified, message + config_file_len);
joined = realloc(urlified, message_len + shift);
if (joined) {
memcpy(joined + urlified_len, message + config_file_len, message_len - config_file_len);
free_and_replace(message, joined);
TAKE_PTR(urlified);
message_len += shift;
if (highlight) {
highlight_shifted[0] += shift;

2
src/test/test-udev.c
View File

@ -87,7 +87,7 @@ static int run(int argc, char *argv[]) {
action = argv[1];
devpath = argv[2];
assert_se(udev_rules_new(&rules, RESOLVE_NAME_EARLY) == 0);
assert_se(udev_rules_load(&rules, RESOLVE_NAME_EARLY) == 0);
const char *syspath = strjoina("/sys", devpath);
r = device_new_from_synthetic_event(&dev, syspath, action);

35
src/udev/udev-rules.c
View File

@ -1175,7 +1175,7 @@ static void rule_resolve_goto(UdevRuleFile *rule_file) {
}
}
static int parse_file(UdevRules *rules, const char *filename) {
int udev_rules_parse_file(UdevRules *rules, const char *filename) {
_cleanup_free_ char *continuation = NULL, *name = NULL;
_cleanup_fclose_ FILE *f = NULL;
UdevRuleFile *rule_file;
@ -1278,30 +1278,41 @@ static int parse_file(UdevRules *rules, const char *filename) {
return 0;
}
int udev_rules_new(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing) {
_cleanup_(udev_rules_freep) UdevRules *rules = NULL;
_cleanup_strv_free_ char **files = NULL;
char **f;
int r;
UdevRules* udev_rules_new(ResolveNameTiming resolve_name_timing) {
assert(resolve_name_timing >= 0 && resolve_name_timing < _RESOLVE_NAME_TIMING_MAX);
rules = new(UdevRules, 1);
UdevRules *rules = new(UdevRules, 1);
if (!rules)
return -ENOMEM;
return NULL;
*rules = (UdevRules) {
.resolve_name_timing = resolve_name_timing,
};
return rules;
}
int udev_rules_load(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing) {
_cleanup_(udev_rules_freep) UdevRules *rules = NULL;
_cleanup_strv_free_ char **files = NULL;
char **f;
int r;
rules = udev_rules_new(resolve_name_timing);
if (!rules)
return -ENOMEM;
(void) udev_rules_check_timestamp(rules);
r = conf_files_list_strv(&files, ".rules", NULL, 0, RULES_DIRS);
if (r < 0)
return log_error_errno(r, "Failed to enumerate rules files: %m");
return log_debug_errno(r, "Failed to enumerate rules files: %m");
STRV_FOREACH(f, files)
(void) parse_file(rules, *f);
STRV_FOREACH(f, files) {
r = udev_rules_parse_file(rules, *f);
if (r < 0)
log_debug_errno(r, "Failed to read rules file %s, ignoring: %m", *f);
}
*ret_rules = TAKE_PTR(rules);
return 0;

4
src/udev/udev-rules.h
View File

@ -16,7 +16,9 @@ typedef enum {
_ESCAPE_TYPE_INVALID = -1
} UdevRuleEscapeType;
int udev_rules_new(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing);
int udev_rules_parse_file(UdevRules *rules, const char *filename);
UdevRules* udev_rules_new(ResolveNameTiming resolve_name_timing);
int udev_rules_load(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing);
UdevRules *udev_rules_free(UdevRules *rules);
DEFINE_TRIVIAL_CLEANUP_FUNC(UdevRules*, udev_rules_free);

2
src/udev/udevadm-test.c
View File

@ -123,7 +123,7 @@ int test_main(int argc, char *argv[], void *userdata) {
udev_builtin_init();
r = udev_rules_new(&rules, arg_resolve_name_timing);
r = udev_rules_load(&rules, arg_resolve_name_timing);
if (r < 0) {
log_error_errno(r, "Failed to read udev rules: %m");
goto out;

4
src/udev/udevd.c
View File

@ -925,7 +925,7 @@ static void event_queue_start(Manager *manager) {
udev_builtin_init();
if (!manager->rules) {
r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
r = udev_rules_load(&manager->rules, arg_resolve_name_timing);
if (r < 0) {
log_warning_errno(r, "Failed to read udev rules: %m");
return;
@ -1787,7 +1787,7 @@ static int main_loop(Manager *manager) {
udev_builtin_init();
r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
r = udev_rules_load(&manager->rules, arg_resolve_name_timing);
if (!manager->rules)
return log_error_errno(r, "Failed to read udev rules: %m");

BIN
test/fuzz/fuzz-journal-remote/oss-fuzz-21122 Normal file
View File

Binary file not shown.

1
test/fuzz/fuzz-udev-rules/line-too-long Normal file
View File

File diff suppressed because one or more lines are too long