Merge pull request #10009 from evverx/rework-journald-fuzzers

Add a fuzzer for server_process_native_message
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2018-09-05 04:46:17 +0200
committer: GitHub <noreply@github.com> 2018-09-05 04:46:17 +0200
commit: 3457a7a939e3722538363204fbed77179228068d (patch)
tree: 2903566206e1ae0fc6c98f6f9fa3b52c51d2dea6
parent: sd-dhcp6: set requested time for DUID-LLT (diff)
parent: tests: add a fuzzer for server_process_native_message (diff)
download: systemd-3457a7a939e3722538363204fbed77179228068d.tar.xz
systemd-3457a7a939e3722538363204fbed77179228068d.zip
6 files changed, 49 insertions, 23 deletions
diff --git a/src/fuzz/fuzz-journald-native.c b/src/fuzz/fuzz-journald-native.c
new file mode 100644
index 0000000000..f4de5fd8eb
--- /dev/null
+++ b/src/fuzz/fuzz-journald-native.c
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "fuzz.h"
+#include "fuzz-journald.h"
+#include "journald-native.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        fuzz_journald_processing_function(data, size, server_process_native_message);
+        return 0;
+}
diff --git a/src/fuzz/fuzz-journald-syslog.c b/src/fuzz/fuzz-journald-syslog.c
index 7730f60875..100f0ce691 100644
--- a/src/fuzz/fuzz-journald-syslog.c
+++ b/src/fuzz/fuzz-journald-syslog.c
@@ -1,29 +1,10 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "alloc-util.h"
 #include "fuzz.h"
-#include "journald-server.h"
+#include "fuzz-journald.h"
 #include "journald-syslog.h"
-#include "sd-event.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-        Server s = {};
-        char *label = NULL;
-        size_t label_len = 0;
-        struct ucred *ucred = NULL;
-        struct timeval *tv = NULL;
-
-        if (size == 0)
-                return 0;
-
-        assert_se(sd_event_default(&s.event) >= 0);
-        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
-        s.buffer = memdup_suffix0(data, size);
-        assert_se(s.buffer);
-        s.buffer_size = size + 1;
-        s.storage = STORAGE_NONE;
-        server_process_syslog_message(&s, s.buffer, size, ucred, tv, label, label_len);
-        server_done(&s);
-
+        fuzz_journald_processing_function(data, size, server_process_syslog_message);
         return 0;
 }
diff --git a/src/fuzz/fuzz-journald.h b/src/fuzz/fuzz-journald.h
new file mode 100644
index 0000000000..e66ef54c9b
--- /dev/null
+++ b/src/fuzz/fuzz-journald.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include "alloc-util.h"
+#include "journald-server.h"
+#include "sd-event.h"
+
+static void fuzz_journald_processing_function(
+                const uint8_t *data,
+                size_t size,
+                void (*f)(Server *s, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len)
+        ) {
+        Server s = {};
+        char *label = NULL;
+        size_t label_len = 0;
+        struct ucred *ucred = NULL;
+        struct timeval *tv = NULL;
+
+        if (size == 0)
+                return;
+
+        assert_se(sd_event_default(&s.event) >= 0);
+        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
+        s.buffer = memdup_suffix0(data, size);
+        assert_se(s.buffer);
+        s.buffer_size = size + 1;
+        s.storage = STORAGE_NONE;
+        (*f)(&s, s.buffer, size, ucred, tv, label, label_len);
+        server_done(&s);
+}
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 28770b68b8..5a97ef5091 100644
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -19,6 +19,11 @@ fuzzers += [
           libshared],
          [libmount]],
 
+        [['src/fuzz/fuzz-journald-native.c'],
+         [libjournal_core,
+          libshared],
+         [libselinux]],
+
         [['src/fuzz/fuzz-journald-syslog.c'],
          [libjournal_core,
           libshared],
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index 5ff22a10af..b2f6e11dba 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -277,7 +277,7 @@ finish:
 
 void server_process_native_message(
                 Server *s,
-                const void *buffer, size_t buffer_size,
+                const char *buffer, size_t buffer_size,
                 const struct ucred *ucred,
                 const struct timeval *tv,
                 const char *label, size_t label_len) {
diff --git a/src/journal/journald-native.h b/src/journal/journald-native.h
index 7211d4fab4..2a33ef74c5 100644
--- a/src/journal/journald-native.h
+++ b/src/journal/journald-native.h
@@ -5,7 +5,7 @@
 
 void server_process_native_message(
                 Server *s,
-                const void *buffer,
+                const char *buffer,
                 size_t buffer_size,
                 const struct ucred *ucred,
                 const struct timeval *tv,
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2018-09-05 04:46:17 +0200
committer	GitHub <noreply@github.com>	2018-09-05 04:46:17 +0200
commit	3457a7a939e3722538363204fbed77179228068d (patch)
tree	2903566206e1ae0fc6c98f6f9fa3b52c51d2dea6
parent	sd-dhcp6: set requested time for DUID-LLT (diff)
parent	tests: add a fuzzer for server_process_native_message (diff)
download	systemd-3457a7a939e3722538363204fbed77179228068d.tar.xz systemd-3457a7a939e3722538363204fbed77179228068d.zip