varlink: don't panic on malformed method definition

author: Frantisek Sumsal <frantisek@sumsal.cz> 2023-10-12 15:55:12 +0200
committer: Frantisek Sumsal <frantisek@sumsal.cz> 2023-10-14 17:40:07 +0200
commit: 779e7b441076e41d3d96fce6aa751d60b91c09f5 (patch)
tree: 62c61094a76acb000b857f5fd89ada6d5848fe45
parent: test: add a fuzzer for the varlink IDL stuff (diff)
download: systemd-779e7b441076e41d3d96fce6aa751d60b91c09f5.tar.xz
systemd-779e7b441076e41d3d96fce6aa751d60b91c09f5.zip
2 files changed, 12 insertions, 0 deletions
diff --git a/src/shared/varlink-idl.c b/src/shared/varlink-idl.c
index 7d9d7874c1..65059d33c1 100644
--- a/src/shared/varlink-idl.c
+++ b/src/shared/varlink-idl.c
@@ -986,6 +986,9 @@ int varlink_idl_parse(
                         assert(!symbol);
                         n_fields = 0;
 
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                         r = varlink_symbol_realloc(&symbol, n_fields);
                         if (r < 0)
                                 return r;
@@ -1004,6 +1007,9 @@ int varlink_idl_parse(
                 case STATE_METHOD_ARROW:
                         assert(symbol);
 
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                         if (!streq(token, "->"))
                                 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Unexpected token '%s'.", *line, *column, token);
 
@@ -1025,6 +1031,9 @@ int varlink_idl_parse(
                         assert(!symbol);
                         n_fields = 0;
 
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                         r = varlink_symbol_realloc(&symbol, n_fields);
                         if (r < 0)
                                 return r;
@@ -1050,6 +1059,9 @@ int varlink_idl_parse(
                         assert(!symbol);
                         n_fields = 0;
 
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                         r = varlink_symbol_realloc(&symbol, n_fields);
                         if (r < 0)
                                 return r;
diff --git a/test/fuzz/fuzz-varlink-idl/crash-d1860f2b b/test/fuzz/fuzz-varlink-idl/crash-d1860f2b
new file mode 100644
index 0000000000..db720881dc
--- /dev/null
+++ b/test/fuzz/fuzz-varlink-idl/crash-d1860f2b
author	Frantisek Sumsal <frantisek@sumsal.cz>	2023-10-12 15:55:12 +0200
committer	Frantisek Sumsal <frantisek@sumsal.cz>	2023-10-14 17:40:07 +0200
commit	779e7b441076e41d3d96fce6aa751d60b91c09f5 (patch)
tree	62c61094a76acb000b857f5fd89ada6d5848fe45
parent	test: add a fuzzer for the varlink IDL stuff (diff)
download	systemd-779e7b441076e41d3d96fce6aa751d60b91c09f5.tar.xz systemd-779e7b441076e41d3d96fce6aa751d60b91c09f5.zip