From 118452ade6478d44039028cbf482e7d4af5ab320 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Wed, 17 Jan 2018 22:39:05 -0500 Subject: [PATCH 1/5] test: add regression test for #7888 --- .../address/fuzz-dns-packet/issue-7888 | Bin 0 -> 25 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test/fuzz-regressions/address/fuzz-dns-packet/issue-7888 diff --git a/test/fuzz-regressions/address/fuzz-dns-packet/issue-7888 b/test/fuzz-regressions/address/fuzz-dns-packet/issue-7888 new file mode 100644 index 0000000000000000000000000000000000000000..19e7eedf511c7a3d7aca84d5dd031a024048cf84 GIT binary patch literal 25 fcmXpsVqj)qVBj)kU_QXWpc8tCK~Vt6Z(slbCkX>x literal 0 HcmV?d00001 From 8137e92dbeb4afa8823dfd804871449f057ef3be Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Thu, 18 Jan 2018 09:40:37 -0500 Subject: [PATCH 2/5] test: add regression test for oss-fuzz issue 5465 Fixed in #7923 --- .../address/fuzz-dns-packet/oss-fuzz-5465 | Bin 0 -> 24 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test/fuzz-regressions/address/fuzz-dns-packet/oss-fuzz-5465 diff --git a/test/fuzz-regressions/address/fuzz-dns-packet/oss-fuzz-5465 b/test/fuzz-regressions/address/fuzz-dns-packet/oss-fuzz-5465 new file mode 100644 index 0000000000000000000000000000000000000000..ccd8a4fd6b3a73255f7fc7e9b360b1a66769f0d9 GIT binary patch literal 24 ZcmY#TP*7lC01`mJz#t1G{{tC}3IHNj10DbX literal 0 HcmV?d00001 From d385cd0cc21342aa41f06e0368207d06f21df121 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Wed, 17 Jan 2018 22:41:57 -0500 Subject: [PATCH 3/5] fuzz: add a note on reporting security bugs to HACKING --- HACKING | 3 +++ 1 file changed, 3 insertions(+) diff --git a/HACKING b/HACKING index 551216bb45b..8c72bdd3e2e 100644 --- a/HACKING +++ b/HACKING @@ -103,6 +103,9 @@ GitHub) and then running these commands: python infra/helper.py build_fuzzers --sanitizer memory systemd python infra/helper.py run_fuzzer systemd fuzz-foo +If you find a bug that impacts the security of systemd, please follow the +guidance in .github/CONTRIBUTING.md on how to report a security vulnerability. + For more details on building fuzzers and integrating with OSS-Fuzz, visit: https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md From b68dfb9e83dc2d12cf9d8ae5ef3ddaca537a8519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 19 Jan 2018 17:54:30 +1100 Subject: [PATCH 4/5] Hook up oss-fuzz test cases as tests This is a bit painful because a separate build of systemd is necessary. The tests are guarded by tests!=false and slow-tests==true. Running them is not slow, but compilation certainly is. If this proves unwieldy, we can add a separate option controlling those builds later. The build for each sanitizer has its own directory, and we build all fuzzer tests there, and then pull them out one-by-one by linking into the target position as necessary. It would be nicer to just build the desired fuzzer, but we need to build the whole nested build as one unit. [I also tried making systemd and nested meson subproject. This would work nicely, but meson does not allow that because the nested target names are the same as the outer project names. If that is ever fixed, that would be the way to go.] v2: - make sure things still work if memory sanitizer is not available v3: - switch to syntax which works with meson 0.42.1 found in Ubuntu --- meson.build | 63 ++++++++++++++++++++++++++++++- test/fuzz-regressions/meson.build | 30 +++++++++++++++ test/meson.build | 2 + tools/meson-build.sh | 10 +++++ 4 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 test/fuzz-regressions/meson.build create mode 100755 tools/meson-build.sh diff --git a/meson.build b/meson.build index 2e3898b3b14..4af9c7bf97d 100644 --- a/meson.build +++ b/meson.build @@ -259,6 +259,7 @@ substs.set('RC_LOCAL_SCRIPT_PATH_STOP', get_option('halt-l cc = meson.get_compiler('c') pkgconfig = import('pkgconfig') check_compilation_sh = find_program('tools/meson-check-compilation.sh') +meson_build_sh = find_program('tools/meson-build.sh') if get_option('tests') != 'false' cxx = find_program('c++', required : false) @@ -385,6 +386,20 @@ foreach arg : ['-Wl,-z,relro', endif endforeach +# Check if various sanitizers are supported +sanitizers = [] +foreach arg : ['address'] + + have = run_command(check_compilation_sh, + cc.cmd_array(), '-x', 'c', + '-fsanitize=@0@'.format(arg), + '-include', link_test_c).returncode() == 0 + message('@0@ sanitizer supported: @1@'.format(arg, have ? 'yes' : 'no')) + if have + sanitizers += arg + endif +endforeach + if get_option('buildtype') != 'debug' foreach arg : ['-ffunction-sections', '-fdata-sections'] @@ -517,6 +532,7 @@ awk = find_program('awk') m4 = find_program('m4') stat = find_program('stat') git = find_program('git', required : false) +env = find_program('env') meson_make_symlink = meson.source_root() + '/tools/meson-make-symlink.sh' mkdir_p = 'mkdir -p $DESTDIR/@0@' @@ -1201,10 +1217,11 @@ endforeach want_tests = get_option('tests') install_tests = get_option('install-tests') +slow_tests = get_option('slow-tests') tests = [] fuzzers = [] -conf.set10('SYSTEMD_SLOW_TESTS_DEFAULT', get_option('slow-tests')) +conf.set10('SYSTEMD_SLOW_TESTS_DEFAULT', slow_tests) ##################################################################### @@ -2572,6 +2589,50 @@ endforeach ############################################################ +prev = '' +foreach p : fuzz_regression_tests + a = p.split('/')[-3] + b = p.split('/')[-2] + c = p.split('/')[-1] + + if a == 'address' + build = sanitize_address + else + error('unknown sanitizer @0@'.format(a)) + endif + + name = '@1@:@0@'.format(a, b) + + if name != prev + if want_tests == 'false' + message('Not compiling @0@ because tests is set to false'.format(name)) + elif not sanitizers.contains(a) + message('Not compiling @0@ because @1@ sanitizer is not available'.format(name, a)) + elif slow_tests + exe = custom_target( + name, + output : name, + depends : build, + command : [env, 'ln', '-fs', + join_paths(build.full_path(), b), + '@OUTPUT@'], + build_by_default : true) + else + message('Not compiling @0@ because slow-tests is set to false'.format(name)) + endif + endif + prev = name + + if want_tests != 'false' and slow_tests + test(c, env, args : [exe.full_path(), + join_paths(meson.source_root(), + 'test/fuzz-regressions', + p)]) + endif +endforeach + +############################################################ + if git.found() all_files = run_command( git, diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build new file mode 100644 index 00000000000..de69c941ea9 --- /dev/null +++ b/test/fuzz-regressions/meson.build @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# Copyright 2018 Zbigniew Jędrzejewski-Szmek +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# systemd is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with systemd; If not, see . + +sanitize_address = custom_target( + 'sanitize-address-fuzzers', + output : 'sanitize-address-fuzzers', + command : [meson_build_sh, + meson.source_root(), + '@OUTPUT@', + 'fuzzers', + '-Db_lundef=false -Db_sanitize=address']) + +fuzz_regression_tests = ''' + address/fuzz-dns-packet/oss-fuzz-5465 + address/fuzz-dns-packet/issue-7888 +'''.split() diff --git a/test/meson.build b/test/meson.build index 5c533f4833a..4667628b24a 100644 --- a/test/meson.build +++ b/test/meson.build @@ -228,3 +228,5 @@ if conf.get('ENABLE_HWDB') == 1 hwdb_test_sh, timeout : 90) endif + +subdir('fuzz-regressions') diff --git a/tools/meson-build.sh b/tools/meson-build.sh new file mode 100755 index 00000000000..302749d8ed7 --- /dev/null +++ b/tools/meson-build.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eux + +src="$1" +dst="$2" +target="$3" +options="$4" + +[ -d "$dst" ] || meson "$src" "$dst" $options +ninja -C "$dst" "$target" From 25a82102345170539541c3a3d050932472fd21cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 26 Jan 2018 16:15:17 +0100 Subject: [PATCH 5/5] meson: use env object instead of string in tags targets I used 'tags' before because this way we avoided a unnecessary line about 'env' detection. But we cannot use 'env' in test(), so previous commit added 'env' detection. We might just as well use it in custom_target(). --- meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index 4af9c7bf97d..94653ae85b2 100644 --- a/meson.build +++ b/meson.build @@ -2644,11 +2644,11 @@ if git.found() custom_target( 'tags', output : 'tags', - command : ['env', 'etags', '-o', '@0@/TAGS'.format(meson.current_source_dir())] + all_files) + command : [env, 'etags', '-o', '@0@/TAGS'.format(meson.current_source_dir())] + all_files) custom_target( 'ctags', output : 'ctags', - command : ['env', 'ctags', '-o', '@0@/tags'.format(meson.current_source_dir())] + all_files) + command : [env, 'ctags', '-o', '@0@/tags'.format(meson.current_source_dir())] + all_files) endif if git.found()