diff --git a/src/core/fuzz-unit-file.c b/src/core/fuzz-unit-file.c index c12e874e2d..81cede2193 100644 --- a/src/core/fuzz-unit-file.c +++ b/src/core/fuzz-unit-file.c @@ -21,7 +21,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { const char *name; long offset; + if (size > 65536) + return 0; + f = data_to_file(data, size); + assert_se(f); if (read_line(f, LINE_MAX, &p) < 0) diff --git a/src/fuzz/fuzz-bootspec.c b/src/fuzz/fuzz-bootspec.c index fa9e3f06e0..0594a0dea5 100644 --- a/src/fuzz/fuzz-bootspec.c +++ b/src/fuzz/fuzz-bootspec.c @@ -84,7 +84,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(boot_config_free) BootConfig config = BOOT_CONFIG_NULL; int r; - if (size > 65535) + if (size > 65536) return 0; /* Disable most logging if not running standalone */ diff --git a/src/fuzz/fuzz-bootspec.options b/src/fuzz/fuzz-bootspec.options index 0824b19fab..678d526b1e 100644 --- a/src/fuzz/fuzz-bootspec.options +++ b/src/fuzz/fuzz-bootspec.options @@ -1,2 +1,2 @@ [libfuzzer] -max_len = 65535 +max_len = 65536 diff --git a/src/fuzz/fuzz-env-file.c b/src/fuzz/fuzz-env-file.c index 3b3e625608..431f172306 100644 --- a/src/fuzz/fuzz-env-file.c +++ b/src/fuzz/fuzz-env-file.c @@ -12,7 +12,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_strv_free_ char **rl = NULL, **rlp = NULL; - if (size > 65535) + if (size > 65536) return 0; f = data_to_file(data, size); diff --git a/src/fuzz/fuzz-env-file.options b/src/fuzz/fuzz-env-file.options index 0824b19fab..678d526b1e 100644 --- a/src/fuzz/fuzz-env-file.options +++ b/src/fuzz/fuzz-env-file.options @@ -1,2 +1,2 @@ [libfuzzer] -max_len = 65535 +max_len = 65536 diff --git a/src/journal-remote/fuzz-journal-remote.c b/src/journal-remote/fuzz-journal-remote.c index a8e56e21b2..dd7884ee9a 100644 --- a/src/journal-remote/fuzz-journal-remote.c +++ b/src/journal-remote/fuzz-journal-remote.c @@ -24,7 +24,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; int r; - if (size <= 2) + if (size <= 2 || size > 65536) return 0; if (!getenv("SYSTEMD_LOG_LEVEL")) diff --git a/src/libsystemd/sd-bus/fuzz-bus-match.c b/src/libsystemd/sd-bus/fuzz-bus-match.c index 0585338e28..39ab62196a 100644 --- a/src/libsystemd/sd-bus/fuzz-bus-match.c +++ b/src/libsystemd/sd-bus/fuzz-bus-match.c @@ -15,6 +15,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL; int r; + if (size > 65536) + return 0; + /* We don't want to fill the logs with messages about parse errors. * Disable most logging if not running standalone */ if (!getenv("SYSTEMD_LOG_LEVEL")) diff --git a/src/libsystemd/sd-bus/fuzz-bus-match.options b/src/libsystemd/sd-bus/fuzz-bus-match.options new file mode 100644 index 0000000000..678d526b1e --- /dev/null +++ b/src/libsystemd/sd-bus/fuzz-bus-match.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 65536 diff --git a/src/network/fuzz-netdev-parser.c b/src/network/fuzz-netdev-parser.c index bb4b487ab2..d8cbd2891c 100644 --- a/src/network/fuzz-netdev-parser.c +++ b/src/network/fuzz-netdev-parser.c @@ -11,6 +11,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_(unlink_tempfilep) char netdev_config[] = "/tmp/fuzz-networkd.XXXXXX"; + if (size > 65536) + return 0; + if (!getenv("SYSTEMD_LOG_LEVEL")) log_set_max_level(LOG_CRIT); diff --git a/src/network/fuzz-netdev-parser.options b/src/network/fuzz-netdev-parser.options new file mode 100644 index 0000000000..678d526b1e --- /dev/null +++ b/src/network/fuzz-netdev-parser.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 65536 diff --git a/src/network/fuzz-network-parser.c b/src/network/fuzz-network-parser.c index 9290aa58d6..630c86a98c 100644 --- a/src/network/fuzz-network-parser.c +++ b/src/network/fuzz-network-parser.c @@ -11,7 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_(unlink_tempfilep) char network_config[] = "/tmp/fuzz-networkd.XXXXXX"; - if (size > 65535) + if (size > 65536) return 0; if (!getenv("SYSTEMD_LOG_LEVEL")) diff --git a/src/network/fuzz-network-parser.options b/src/network/fuzz-network-parser.options index 0824b19fab..678d526b1e 100644 --- a/src/network/fuzz-network-parser.options +++ b/src/network/fuzz-network-parser.options @@ -1,2 +1,2 @@ [libfuzzer] -max_len = 65535 +max_len = 65536 diff --git a/src/nspawn/fuzz-nspawn-oci.c b/src/nspawn/fuzz-nspawn-oci.c index 91f2a81dfc..7110a66187 100644 --- a/src/nspawn/fuzz-nspawn-oci.c +++ b/src/nspawn/fuzz-nspawn-oci.c @@ -9,6 +9,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_(settings_freep) Settings *s = NULL; + if (size > 65536) + return 0; + f = data_to_file(data, size); assert_se(f); diff --git a/src/nspawn/fuzz-nspawn-settings.c b/src/nspawn/fuzz-nspawn-settings.c index 6b91e1506e..7683814659 100644 --- a/src/nspawn/fuzz-nspawn-settings.c +++ b/src/nspawn/fuzz-nspawn-settings.c @@ -9,6 +9,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_fclose_ FILE *f = NULL; _cleanup_(settings_freep) Settings *s = NULL; + if (size > 65536) + return 0; + f = data_to_file(data, size); assert_se(f); diff --git a/src/resolve/fuzz-dns-packet.options b/src/resolve/fuzz-dns-packet.options index 0824b19fab..678d526b1e 100644 --- a/src/resolve/fuzz-dns-packet.options +++ b/src/resolve/fuzz-dns-packet.options @@ -1,2 +1,2 @@ [libfuzzer] -max_len = 65535 +max_len = 65536 diff --git a/src/udev/fuzz-udev-rules.c b/src/udev/fuzz-udev-rules.c index 17f5ea121b..0208f8c2d8 100644 --- a/src/udev/fuzz-udev-rules.c +++ b/src/udev/fuzz-udev-rules.c @@ -15,6 +15,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(unlink_tempfilep) char filename[] = "/tmp/fuzz-udev-rules.XXXXXX"; int r; + if (size > 65536) + return 0; + if (!getenv("SYSTEMD_LOG_LEVEL")) log_set_max_level(LOG_CRIT); diff --git a/src/udev/net/fuzz-link-parser.c b/src/udev/net/fuzz-link-parser.c index b871a4e23c..5727897305 100644 --- a/src/udev/net/fuzz-link-parser.c +++ b/src/udev/net/fuzz-link-parser.c @@ -11,7 +11,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(unlink_tempfilep) char filename[] = "/tmp/fuzz-link-config.XXXXXX"; _cleanup_fclose_ FILE *f = NULL; - if (size > 65535) + if (size > 65536) return 0; if (!getenv("SYSTEMD_LOG_LEVEL")) diff --git a/src/udev/net/fuzz-link-parser.options b/src/udev/net/fuzz-link-parser.options index 0824b19fab..678d526b1e 100644 --- a/src/udev/net/fuzz-link-parser.options +++ b/src/udev/net/fuzz-link-parser.options @@ -1,2 +1,2 @@ [libfuzzer] -max_len = 65535 +max_len = 65536 diff --git a/src/xdg-autostart-generator/fuzz-xdg-desktop.c b/src/xdg-autostart-generator/fuzz-xdg-desktop.c index 52ba7ff0a4..0ae27fc39d 100644 --- a/src/xdg-autostart-generator/fuzz-xdg-desktop.c +++ b/src/xdg-autostart-generator/fuzz-xdg-desktop.c @@ -17,6 +17,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(xdg_autostart_service_freep) XdgAutostartService *service = NULL; _cleanup_(rm_rf_physical_and_freep) char *tmpdir = NULL; + if (size > 65536) + return 0; + /* We don't want to fill the logs with messages about parse errors. * Disable most logging if not running standalone */ if (!getenv("SYSTEMD_LOG_LEVEL")) diff --git a/src/xdg-autostart-generator/fuzz-xdg-desktop.options b/src/xdg-autostart-generator/fuzz-xdg-desktop.options new file mode 100644 index 0000000000..678d526b1e --- /dev/null +++ b/src/xdg-autostart-generator/fuzz-xdg-desktop.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 65536