dcavalca / rpms / systemd

Forked from rpms/systemd 3 months ago
Clone
b9a53a
From b276c85200786add6c86b6c1fedc888c71ffe5db Mon Sep 17 00:00:00 2001
b9a53a
From: Evgeny Vereshchagin <evvers@ya.ru>
b9a53a
Date: Sat, 17 Nov 2018 13:01:09 +0100
b9a53a
Subject: [PATCH] tests: introduce dummy_server_init and use it in all journald
b9a53a
 fuzzers
b9a53a
b9a53a
(cherry picked from commit ed62712dc6fb236845c489a7f386c7aff0ec31d6)
b9a53a
b9a53a
Resolves: #1764560
b9a53a
---
b9a53a
 src/fuzz/fuzz-journald-audit.c | 18 +++---------------
b9a53a
 src/fuzz/fuzz-journald-kmsg.c  | 20 ++++----------------
b9a53a
 src/fuzz/fuzz-journald.c       | 26 +++++++++++++++++++-------
b9a53a
 src/fuzz/fuzz-journald.h       |  2 ++
b9a53a
 src/fuzz/meson.build           |  6 ++++--
b9a53a
 5 files changed, 32 insertions(+), 40 deletions(-)
b9a53a
b9a53a
diff --git a/src/fuzz/fuzz-journald-audit.c b/src/fuzz/fuzz-journald-audit.c
b9a53a
index fe401c0d98..3f3ce7e8ee 100644
b9a53a
--- a/src/fuzz/fuzz-journald-audit.c
b9a53a
+++ b/src/fuzz/fuzz-journald-audit.c
b9a53a
@@ -1,26 +1,14 @@
b9a53a
 /* SPDX-License-Identifier: LGPL-2.1+ */
b9a53a
 
b9a53a
 #include "fuzz.h"
b9a53a
+#include "fuzz-journald.h"
b9a53a
 #include "journald-audit.h"
b9a53a
 
b9a53a
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
b9a53a
         Server s;
b9a53a
-        _cleanup_free_ char *buffer = NULL;
b9a53a
 
b9a53a
-        s = (Server) {
b9a53a
-                .syslog_fd = -1,
b9a53a
-                .native_fd = -1,
b9a53a
-                .stdout_fd = -1,
b9a53a
-                .dev_kmsg_fd = -1,
b9a53a
-                .audit_fd = -1,
b9a53a
-                .hostname_fd = -1,
b9a53a
-                .notify_fd = -1,
b9a53a
-                .storage = STORAGE_NONE,
b9a53a
-        };
b9a53a
-        assert_se(sd_event_default(&s.event) >= 0);
b9a53a
-        buffer = memdup_suffix0(data, size);
b9a53a
-        assert_se(buffer);
b9a53a
-        process_audit_string(&s, 0, buffer, size);
b9a53a
+        dummy_server_init(&s, data, size);
b9a53a
+        process_audit_string(&s, 0, s.buffer, size);
b9a53a
         server_done(&s);
b9a53a
 
b9a53a
         return 0;
b9a53a
diff --git a/src/fuzz/fuzz-journald-kmsg.c b/src/fuzz/fuzz-journald-kmsg.c
b9a53a
index e2611c6d45..f7426c8400 100644
b9a53a
--- a/src/fuzz/fuzz-journald-kmsg.c
b9a53a
+++ b/src/fuzz/fuzz-journald-kmsg.c
b9a53a
@@ -1,29 +1,17 @@
b9a53a
 /* SPDX-License-Identifier: LGPL-2.1+ */
b9a53a
 
b9a53a
 #include "fuzz.h"
b9a53a
+#include "fuzz-journald.h"
b9a53a
 #include "journald-kmsg.h"
b9a53a
 
b9a53a
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
b9a53a
-        Server s = {};
b9a53a
-        _cleanup_free_ char *buffer = NULL;
b9a53a
+        Server s;
b9a53a
 
b9a53a
         if (size == 0)
b9a53a
                 return 0;
b9a53a
 
b9a53a
-        s = (Server) {
b9a53a
-                .syslog_fd = -1,
b9a53a
-                .native_fd = -1,
b9a53a
-                .stdout_fd = -1,
b9a53a
-                .dev_kmsg_fd = -1,
b9a53a
-                .audit_fd = -1,
b9a53a
-                .hostname_fd = -1,
b9a53a
-                .notify_fd = -1,
b9a53a
-                .storage = STORAGE_NONE,
b9a53a
-        };
b9a53a
-        assert_se(sd_event_default(&s.event) >= 0);
b9a53a
-        buffer = memdup(data, size);
b9a53a
-        assert_se(buffer);
b9a53a
-        dev_kmsg_record(&s, buffer, size);
b9a53a
+        dummy_server_init(&s, data, size);
b9a53a
+        dev_kmsg_record(&s, s.buffer, size);
b9a53a
         server_done(&s);
b9a53a
 
b9a53a
         return 0;
b9a53a
diff --git a/src/fuzz/fuzz-journald.c b/src/fuzz/fuzz-journald.c
b9a53a
index f271d7f2fe..0659b92ba3 100644
b9a53a
--- a/src/fuzz/fuzz-journald.c
b9a53a
+++ b/src/fuzz/fuzz-journald.c
b9a53a
@@ -5,12 +5,29 @@
b9a53a
 #include "journald-server.h"
b9a53a
 #include "sd-event.h"
b9a53a
 
b9a53a
+void dummy_server_init(Server *s, const uint8_t *buffer, size_t size) {
b9a53a
+        *s = (Server) {
b9a53a
+                .syslog_fd = -1,
b9a53a
+                .native_fd = -1,
b9a53a
+                .stdout_fd = -1,
b9a53a
+                .dev_kmsg_fd = -1,
b9a53a
+                .audit_fd = -1,
b9a53a
+                .hostname_fd = -1,
b9a53a
+                .notify_fd = -1,
b9a53a
+                .storage = STORAGE_NONE,
b9a53a
+        };
b9a53a
+        assert_se(sd_event_default(&s->event) >= 0);
b9a53a
+        s->buffer = memdup_suffix0(buffer, size);
b9a53a
+        assert_se(s->buffer);
b9a53a
+        s->buffer_size = size + 1;
b9a53a
+}
b9a53a
+
b9a53a
 void fuzz_journald_processing_function(
b9a53a
                 const uint8_t *data,
b9a53a
                 size_t size,
b9a53a
                 void (*f)(Server *s, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len)
b9a53a
         ) {
b9a53a
-        Server s = {};
b9a53a
+        Server s;
b9a53a
         char *label = NULL;
b9a53a
         size_t label_len = 0;
b9a53a
         struct ucred *ucred = NULL;
b9a53a
@@ -19,12 +36,7 @@ void fuzz_journald_processing_function(
b9a53a
         if (size == 0)
b9a53a
                 return;
b9a53a
 
b9a53a
-        assert_se(sd_event_default(&s.event) >= 0);
b9a53a
-        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
b9a53a
-        s.buffer = memdup_suffix0(data, size);
b9a53a
-        assert_se(s.buffer);
b9a53a
-        s.buffer_size = size + 1;
b9a53a
-        s.storage = STORAGE_NONE;
b9a53a
+        dummy_server_init(&s, data, size);
b9a53a
         (*f)(&s, s.buffer, size, ucred, tv, label, label_len);
b9a53a
         server_done(&s);
b9a53a
 }
b9a53a
diff --git a/src/fuzz/fuzz-journald.h b/src/fuzz/fuzz-journald.h
b9a53a
index e9d32a74aa..77e3b0c064 100644
b9a53a
--- a/src/fuzz/fuzz-journald.h
b9a53a
+++ b/src/fuzz/fuzz-journald.h
b9a53a
@@ -3,6 +3,8 @@
b9a53a
 
b9a53a
 #include "journald-server.h"
b9a53a
 
b9a53a
+void dummy_server_init(Server *s, const uint8_t *buffer, size_t size);
b9a53a
+
b9a53a
 void fuzz_journald_processing_function(
b9a53a
                 const uint8_t *data,
b9a53a
                 size_t size,
b9a53a
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
b9a53a
index 5548da3822..897c02e4ae 100644
b9a53a
--- a/src/fuzz/meson.build
b9a53a
+++ b/src/fuzz/meson.build
b9a53a
@@ -33,12 +33,14 @@ fuzzers += [
b9a53a
           libshared],
b9a53a
          [libmount]],
b9a53a
 
b9a53a
-        [['src/fuzz/fuzz-journald-audit.c'],
b9a53a
+        [['src/fuzz/fuzz-journald-audit.c',
b9a53a
+          'src/fuzz/fuzz-journald.c'],
b9a53a
          [libjournal_core,
b9a53a
           libshared],
b9a53a
          [libselinux]],
b9a53a
 
b9a53a
-        [['src/fuzz/fuzz-journald-kmsg.c'],
b9a53a
+        [['src/fuzz/fuzz-journald-kmsg.c',
b9a53a
+          'src/fuzz/fuzz-journald.c'],
b9a53a
          [libjournal_core,
b9a53a
           libshared],
b9a53a
          [libselinux]],