Merge pull request #10009 from evverx/rework-journald-fuzzers

yuwata · web-flow · commit 3457a7a939e3 · 2018-09-05T11:46:17.000+09:00
Add a fuzzer for server_process_native_message
diff --git a/src/fuzz/fuzz-journald-native.c b/src/fuzz/fuzz-journald-native.c
@@ -0,0 +1,10 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "fuzz.h"
+#include "fuzz-journald.h"
+#include "journald-native.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        fuzz_journald_processing_function(data, size, server_process_native_message);
+        return 0;
+}
diff --git a/src/fuzz/fuzz-journald-syslog.c b/src/fuzz/fuzz-journald-syslog.c
@@ -1,29 +1,10 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
-#include "alloc-util.h"
 #include "fuzz.h"
-#include "journald-server.h"
+#include "fuzz-journald.h"
 #include "journald-syslog.h"
-#include "sd-event.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-        Server s = {};
-        char *label = NULL;
-        size_t label_len = 0;
-        struct ucred *ucred = NULL;
-        struct timeval *tv = NULL;
-
-        if (size == 0)
-                return 0;
-
-        assert_se(sd_event_default(&s.event) >= 0);
-        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
-        s.buffer = memdup_suffix0(data, size);
-        assert_se(s.buffer);
-        s.buffer_size = size + 1;
-        s.storage = STORAGE_NONE;
-        server_process_syslog_message(&s, s.buffer, size, ucred, tv, label, label_len);
-        server_done(&s);
-
+        fuzz_journald_processing_function(data, size, server_process_syslog_message);
         return 0;
 }
diff --git a/src/fuzz/fuzz-journald.h b/src/fuzz/fuzz-journald.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+#include "alloc-util.h"
+#include "journald-server.h"
+#include "sd-event.h"
+
+static void fuzz_journald_processing_function(
+                const uint8_t *data,
+                size_t size,
+                void (*f)(Server *s, const char *buf, size_t raw_len, const struct ucred *ucred, const struct timeval *tv, const char *label, size_t label_len)
+        ) {
+        Server s = {};
+        char *label = NULL;
+        size_t label_len = 0;
+        struct ucred *ucred = NULL;
+        struct timeval *tv = NULL;
+
+        if (size == 0)
+                return;
+
+        assert_se(sd_event_default(&s.event) >= 0);
+        s.syslog_fd = s.native_fd = s.stdout_fd = s.dev_kmsg_fd = s.audit_fd = s.hostname_fd = s.notify_fd = -1;
+        s.buffer = memdup_suffix0(data, size);
+        assert_se(s.buffer);
+        s.buffer_size = size + 1;
+        s.storage = STORAGE_NONE;
+        (*f)(&s, s.buffer, size, ucred, tv, label, label_len);
+        server_done(&s);
+}
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
@@ -19,6 +19,11 @@ fuzzers += [
           libshared],
          [libmount]],
 
+        [['src/fuzz/fuzz-journald-native.c'],
+         [libjournal_core,
+          libshared],
+         [libselinux]],
+
         [['src/fuzz/fuzz-journald-syslog.c'],
          [libjournal_core,
           libshared],
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
@@ -277,7 +277,7 @@ static int server_process_entry(
 
 void server_process_native_message(
                 Server *s,
-                const void *buffer, size_t buffer_size,
+                const char *buffer, size_t buffer_size,
                 const struct ucred *ucred,
                 const struct timeval *tv,
                 const char *label, size_t label_len) {
diff --git a/src/journal/journald-native.h b/src/journal/journald-native.h
@@ -5,7 +5,7 @@
 
 void server_process_native_message(
                 Server *s,
-                const void *buffer,
+                const char *buffer,
                 size_t buffer_size,
                 const struct ucred *ucred,
                 const struct timeval *tv,
