From 20d52ab60e7ba40f7cf23c148bcead8bd05bea3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 13 Mar 2018 12:25:06 +0100 Subject: [PATCH] shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow() oss-fuzz #6885. --- TODO | 1 + src/core/load-fragment.c | 2 +- test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 | 3 +++ test/fuzz-regressions/meson.build | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 diff --git a/TODO b/TODO index f171121f69..d5e37e49ac 100644 --- a/TODO +++ b/TODO @@ -528,6 +528,7 @@ Features: * maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases... * test/: + - add unit tests for config_parse_device_allow() * seems that when we follow symlinks to units we prefer the symlink destination path over /etc and /usr. We should not do that. Instead diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index f2f9267b92..7f56149ead 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -410,7 +410,6 @@ int config_parse_socket_listen(const char *unit, if (r < 0) { if (r != -EAFNOSUPPORT) log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value, ignoring: %s", rvalue); - return 0; } @@ -3511,6 +3510,7 @@ int config_parse_device_allow( log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve specifiers in %s, ignoring: %m", rvalue); + return 0; } n = strcspn(t, WHITESPACE); diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 new file mode 100644 index 0000000000..1859136fdc --- /dev/null +++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 @@ -0,0 +1,3 @@ +service +[Service] +DeviceAllow=%D \ No newline at end of file diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build index c1416f93cf..9753c61882 100644 --- a/test/fuzz-regressions/meson.build +++ b/test/fuzz-regressions/meson.build @@ -30,4 +30,5 @@ fuzz_regression_tests = ''' fuzz-dns-packet/oss-fuzz-5465 fuzz-dns-packet/issue-7888 fuzz-unit-file/oss-fuzz-6884 + fuzz-unit-file/oss-fuzz-6885 '''.split()