mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
Merge pull request #16257 from keszybz/two-fuzzer-issues
Two fuzzer issues
This commit is contained in:
Lennart Poettering
GitHub
commit
f49bead3b0
@ -1,106 +1,36 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
|
||||
#include <errno.h>
|
||||
#include <sched.h>
|
||||
#include <sys/mount.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "fd-util.h"
|
||||
#include "fs-util.h"
|
||||
#include "fuzz.h"
|
||||
#include "log.h"
|
||||
#include "mkdir.h"
|
||||
#include "rm-rf.h"
|
||||
#include "string-util.h"
|
||||
#include "tests.h"
|
||||
#include "tmpfile-util.h"
|
||||
#include "udev-rules.h"
|
||||
|
||||
static struct fakefs {
|
||||
const char *target;
|
||||
bool ignore_mount_error;
|
||||
bool is_mounted;
|
||||
} fakefss[] = {
|
||||
{ "/sys", false, false },
|
||||
{ "/dev", false, false },
|
||||
{ "/run", false, false },
|
||||
{ "/etc", false, false },
|
||||
{ UDEVLIBEXECDIR "/rules.d", true, false },
|
||||
};
|
||||
|
||||
static int setup_mount_namespace(void) {
|
||||
static thread_local bool is_namespaced = false;
|
||||
|
||||
if (is_namespaced)
|
||||
return 1;
|
||||
|
||||
if (unshare(CLONE_NEWNS) < 0)
|
||||
return log_error_errno(errno, "Failed to call unshare(): %m");
|
||||
|
||||
if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
|
||||
return log_error_errno(errno, "Failed to mount / as private: %m");
|
||||
|
||||
is_namespaced = true;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int setup_fake_filesystems(const char *runtime_dir) {
|
||||
for (unsigned i = 0; i < ELEMENTSOF(fakefss); i++) {
|
||||
if (mount(runtime_dir, fakefss[i].target, NULL, MS_BIND, NULL) < 0) {
|
||||
log_full_errno(fakefss[i].ignore_mount_error ? LOG_DEBUG : LOG_ERR, errno, "Failed to mount %s: %m", fakefss[i].target);
|
||||
if (!fakefss[i].ignore_mount_error)
|
||||
return -errno;
|
||||
} else
|
||||
fakefss[i].is_mounted = true;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int cleanup_fake_filesystems(const char *runtime_dir) {
|
||||
for (unsigned i = 0; i < ELEMENTSOF(fakefss); i++) {
|
||||
if (!fakefss[i].is_mounted)
|
||||
continue;
|
||||
|
||||
if (umount(fakefss[i].target) < 0) {
|
||||
log_full_errno(fakefss[i].ignore_mount_error ? LOG_DEBUG : LOG_ERR, errno, "Failed to umount %s: %m", fakefss[i].target);
|
||||
if (!fakefss[i].ignore_mount_error)
|
||||
return -errno;
|
||||
} else
|
||||
fakefss[i].is_mounted = false;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
_cleanup_(udev_rules_freep) UdevRules *rules = NULL;
|
||||
_cleanup_(rm_rf_physical_and_freep) char *runtime_dir = NULL;
|
||||
FILE *f = NULL;
|
||||
|
||||
(void) setup_mount_namespace();
|
||||
|
||||
assert_se(runtime_dir = setup_fake_runtime_dir());
|
||||
|
||||
if (setup_fake_filesystems(runtime_dir) < 0) {
|
||||
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
return EXIT_TEST_SKIP;
|
||||
#endif
|
||||
}
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
_cleanup_(unlink_tempfilep) char filename[] = "/tmp/fuzz-udev-rules.XXXXXX";
|
||||
int r;
|
||||
|
||||
if (!getenv("SYSTEMD_LOG_LEVEL")) {
|
||||
log_set_max_level_realm(LOG_REALM_UDEV, LOG_CRIT);
|
||||
log_set_max_level_realm(LOG_REALM_SYSTEMD, LOG_CRIT);
|
||||
}
|
||||
|
||||
assert_se(mkdir_p("/etc/udev/rules.d", 0755) >= 0);
|
||||
f = fopen("/etc/udev/rules.d/fuzz.rules", "we");
|
||||
assert_se(f);
|
||||
assert_se(fmkostemp_safe(filename, "r+", &f) == 0);
|
||||
if (size != 0)
|
||||
assert_se(fwrite(data, size, 1, f) == 1);
|
||||
assert_se(fclose(f) == 0);
|
||||
fflush(f);
|
||||
|
||||
assert_se(udev_rules_new(&rules, RESOLVE_NAME_EARLY) == 0);
|
||||
assert_se(rules = udev_rules_new(RESOLVE_NAME_EARLY));
|
||||
r = udev_rules_parse_file(rules, filename);
|
||||
log_info_errno(r, "Parsing %s: %m", filename);
|
||||
assert_se(IN_SET(r,
|
||||
0, /* OK */
|
||||
-ENOBUFS /* line length exceeded */));
|
||||
|
||||
assert_se(cleanup_fake_filesystems(runtime_dir) >= 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -573,19 +573,22 @@ static int output_short(
|
||||
if (config_file &&
|
||||
message_len >= config_file_len &&
|
||||
memcmp(message, config_file, config_file_len) == 0 &&
|
||||
IN_SET(message[config_file_len], ':', ' ', '\0') &&
|
||||
(message_len == config_file_len || IN_SET(message[config_file_len], ':', ' ')) &&
|
||||
(!highlight || highlight_shifted[0] == 0 || highlight_shifted[0] > config_file_len)) {
|
||||
|
||||
_cleanup_free_ char *t = NULL, *urlified = NULL;
|
||||
|
||||
t = strndup(config_file, config_file_len);
|
||||
if (t && terminal_urlify_path(t, NULL, &urlified) >= 0) {
|
||||
size_t shift = strlen(urlified) - config_file_len;
|
||||
size_t urlified_len = strlen(urlified);
|
||||
size_t shift = urlified_len - config_file_len;
|
||||
char *joined;
|
||||
|
||||
joined = strjoin(urlified, message + config_file_len);
|
||||
joined = realloc(urlified, message_len + shift);
|
||||
if (joined) {
|
||||
memcpy(joined + urlified_len, message + config_file_len, message_len - config_file_len);
|
||||
free_and_replace(message, joined);
|
||||
TAKE_PTR(urlified);
|
||||
message_len += shift;
|
||||
if (highlight) {
|
||||
highlight_shifted[0] += shift;
|
||||
|
||||
@ -87,7 +87,7 @@ static int run(int argc, char *argv[]) {
|
||||
action = argv[1];
|
||||
devpath = argv[2];
|
||||
|
||||
assert_se(udev_rules_new(&rules, RESOLVE_NAME_EARLY) == 0);
|
||||
assert_se(udev_rules_load(&rules, RESOLVE_NAME_EARLY) == 0);
|
||||
|
||||
const char *syspath = strjoina("/sys", devpath);
|
||||
r = device_new_from_synthetic_event(&dev, syspath, action);
|
||||
|
||||
@ -1175,7 +1175,7 @@ static void rule_resolve_goto(UdevRuleFile *rule_file) {
|
||||
}
|
||||
}
|
||||
|
||||
static int parse_file(UdevRules *rules, const char *filename) {
|
||||
int udev_rules_parse_file(UdevRules *rules, const char *filename) {
|
||||
_cleanup_free_ char *continuation = NULL, *name = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
UdevRuleFile *rule_file;
|
||||
@ -1278,30 +1278,41 @@ static int parse_file(UdevRules *rules, const char *filename) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int udev_rules_new(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing) {
|
||||
_cleanup_(udev_rules_freep) UdevRules *rules = NULL;
|
||||
_cleanup_strv_free_ char **files = NULL;
|
||||
char **f;
|
||||
int r;
|
||||
|
||||
UdevRules* udev_rules_new(ResolveNameTiming resolve_name_timing) {
|
||||
assert(resolve_name_timing >= 0 && resolve_name_timing < _RESOLVE_NAME_TIMING_MAX);
|
||||
|
||||
rules = new(UdevRules, 1);
|
||||
UdevRules *rules = new(UdevRules, 1);
|
||||
if (!rules)
|
||||
return -ENOMEM;
|
||||
return NULL;
|
||||
|
||||
*rules = (UdevRules) {
|
||||
.resolve_name_timing = resolve_name_timing,
|
||||
};
|
||||
|
||||
return rules;
|
||||
}
|
||||
|
||||
int udev_rules_load(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing) {
|
||||
_cleanup_(udev_rules_freep) UdevRules *rules = NULL;
|
||||
_cleanup_strv_free_ char **files = NULL;
|
||||
char **f;
|
||||
int r;
|
||||
|
||||
rules = udev_rules_new(resolve_name_timing);
|
||||
if (!rules)
|
||||
return -ENOMEM;
|
||||
|
||||
(void) udev_rules_check_timestamp(rules);
|
||||
|
||||
r = conf_files_list_strv(&files, ".rules", NULL, 0, RULES_DIRS);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to enumerate rules files: %m");
|
||||
return log_debug_errno(r, "Failed to enumerate rules files: %m");
|
||||
|
||||
STRV_FOREACH(f, files)
|
||||
(void) parse_file(rules, *f);
|
||||
STRV_FOREACH(f, files) {
|
||||
r = udev_rules_parse_file(rules, *f);
|
||||
if (r < 0)
|
||||
log_debug_errno(r, "Failed to read rules file %s, ignoring: %m", *f);
|
||||
}
|
||||
|
||||
*ret_rules = TAKE_PTR(rules);
|
||||
return 0;
|
||||
|
||||
@ -16,7 +16,9 @@ typedef enum {
|
||||
_ESCAPE_TYPE_INVALID = -1
|
||||
} UdevRuleEscapeType;
|
||||
|
||||
int udev_rules_new(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing);
|
||||
int udev_rules_parse_file(UdevRules *rules, const char *filename);
|
||||
UdevRules* udev_rules_new(ResolveNameTiming resolve_name_timing);
|
||||
int udev_rules_load(UdevRules **ret_rules, ResolveNameTiming resolve_name_timing);
|
||||
UdevRules *udev_rules_free(UdevRules *rules);
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(UdevRules*, udev_rules_free);
|
||||
|
||||
|
||||
@ -123,7 +123,7 @@ int test_main(int argc, char *argv[], void *userdata) {
|
||||
|
||||
udev_builtin_init();
|
||||
|
||||
r = udev_rules_new(&rules, arg_resolve_name_timing);
|
||||
r = udev_rules_load(&rules, arg_resolve_name_timing);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to read udev rules: %m");
|
||||
goto out;
|
||||
|
||||
@ -925,7 +925,7 @@ static void event_queue_start(Manager *manager) {
|
||||
udev_builtin_init();
|
||||
|
||||
if (!manager->rules) {
|
||||
r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
|
||||
r = udev_rules_load(&manager->rules, arg_resolve_name_timing);
|
||||
if (r < 0) {
|
||||
log_warning_errno(r, "Failed to read udev rules: %m");
|
||||
return;
|
||||
@ -1787,7 +1787,7 @@ static int main_loop(Manager *manager) {
|
||||
|
||||
udev_builtin_init();
|
||||
|
||||
r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
|
||||
r = udev_rules_load(&manager->rules, arg_resolve_name_timing);
|
||||
if (!manager->rules)
|
||||
return log_error_errno(r, "Failed to read udev rules: %m");
|
||||
|
||||
|
||||
BIN
test/fuzz/fuzz-journal-remote/oss-fuzz-21122
Normal file
BIN
test/fuzz/fuzz-journal-remote/oss-fuzz-21122
Normal file
Binary file not shown.
1
test/fuzz/fuzz-udev-rules/line-too-long
Normal file
1
test/fuzz/fuzz-udev-rules/line-too-long
Normal file
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user