From 7b60f72cdd01a7b1812e9b1cbd3d1198084d26e3 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 18 Mar 2023 20:25:41 +0900 Subject: [PATCH 1/2] fuzz-journal-remote: remove temporary files on exit --- src/journal-remote/fuzz-journal-remote.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/journal-remote/fuzz-journal-remote.c b/src/journal-remote/fuzz-journal-remote.c index da0d83ec9a9..ac71a33f7bc 100644 --- a/src/journal-remote/fuzz-journal-remote.c +++ b/src/journal-remote/fuzz-journal-remote.c @@ -13,13 +13,17 @@ #include "journal-remote.h" #include "logs-show.h" #include "memfd-util.h" +#include "path-util.h" +#include "rm-rf.h" #include "strv.h" +#include "tmpfile-util.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int fdin; void *mem; - _cleanup_(unlink_tempfilep) char name[] = "/tmp/fuzz-journal-remote.XXXXXX.journal"; _cleanup_close_ int fdout = -EBADF; + _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL; + _cleanup_(unlink_and_freep) char *name = NULL; _cleanup_(sd_journal_closep) sd_journal *j = NULL; _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; int r; @@ -30,6 +34,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (!getenv("SYSTEMD_LOG_LEVEL")) log_set_max_level(LOG_ERR); + assert_se(mkdtemp_malloc("/tmp/fuzz-journal-remote-XXXXXX", &tmp) >= 0); + assert_se(name = path_join(tmp, "fuzz-journal-remote.XXXXXX.journal")); + fdin = memfd_new_and_map("fuzz-journal-remote", size, &mem); if (fdin < 0) return log_error_errno(fdin, "memfd_new_and_map() failed: %m"); From 9b72eacad2e23b5916f37c62f20a56b91b257344 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 18 Mar 2023 20:29:27 +0900 Subject: [PATCH 2/2] fuzz-journal-remote: fix potential fd-leak --- src/journal-remote/fuzz-journal-remote.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/journal-remote/fuzz-journal-remote.c b/src/journal-remote/fuzz-journal-remote.c index ac71a33f7bc..ab4e731000c 100644 --- a/src/journal-remote/fuzz-journal-remote.c +++ b/src/journal-remote/fuzz-journal-remote.c @@ -19,14 +19,13 @@ #include "tmpfile-util.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - int fdin; - void *mem; - _cleanup_close_ int fdout = -EBADF; + _cleanup_close_ int fdin_close = -EBADF, fdout = -EBADF; _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL; _cleanup_(unlink_and_freep) char *name = NULL; _cleanup_(sd_journal_closep) sd_journal *j = NULL; _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; - int r; + void *mem; + int fdin, r; if (outside_size_range(size, 3, 65536)) return 0; @@ -37,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { assert_se(mkdtemp_malloc("/tmp/fuzz-journal-remote-XXXXXX", &tmp) >= 0); assert_se(name = path_join(tmp, "fuzz-journal-remote.XXXXXX.journal")); - fdin = memfd_new_and_map("fuzz-journal-remote", size, &mem); + fdin = fdin_close = memfd_new_and_map("fuzz-journal-remote", size, &mem); if (fdin < 0) return log_error_errno(fdin, "memfd_new_and_map() failed: %m"); @@ -57,10 +56,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } r = journal_remote_add_source(&s, fdin, (char*) "fuzz-data", false); - if (r < 0) { - safe_close(fdin); + if (r < 0) return r; - } + TAKE_FD(fdin_close); assert(r > 0); while (s.active)