From 892eb4d7958c97f1a0678535c95f1ca84d9ebe9e Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Wed, 18 Oct 2023 19:57:06 +0200 Subject: [PATCH] core: don't assert when serializing malformed state --- src/core/execute-serialize.c | 30 +++++++++++---------- src/shared/serialize.c | 8 ++++-- test/fuzz/fuzz-execute-serialize/crash-395e | 3 +++ test/fuzz/fuzz-execute-serialize/crash-622a | 3 +++ 4 files changed, 28 insertions(+), 16 deletions(-) create mode 100644 test/fuzz/fuzz-execute-serialize/crash-395e create mode 100644 test/fuzz/fuzz-execute-serialize/crash-622a diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c index 55f5bdc8c97..63ed6a6afcf 100644 --- a/src/core/execute-serialize.c +++ b/src/core/execute-serialize.c @@ -1261,22 +1261,24 @@ static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fd if (r < 0) return r; - if (p->n_socket_fds > 0) { - r = serialize_item_format(f, "exec-parameters-n-socket-fds", "%zu", p->n_socket_fds); - if (r < 0) - return r; - } + if (p->fds) { + if (p->n_socket_fds > 0) { + r = serialize_item_format(f, "exec-parameters-n-socket-fds", "%zu", p->n_socket_fds); + if (r < 0) + return r; + } - if (p->n_storage_fds > 0) { - r = serialize_item_format(f, "exec-parameters-n-storage-fds", "%zu", p->n_storage_fds); - if (r < 0) - return r; - } + if (p->n_storage_fds > 0) { + r = serialize_item_format(f, "exec-parameters-n-storage-fds", "%zu", p->n_storage_fds); + if (r < 0) + return r; + } - if (p->n_socket_fds + p->n_storage_fds > 0) { - r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); - if (r < 0) - return r; + if (p->n_socket_fds + p->n_storage_fds > 0) { + r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds); + if (r < 0) + return r; + } } r = serialize_strv(f, "exec-parameters-fd-names", p->fd_names); diff --git a/src/shared/serialize.c b/src/shared/serialize.c index cb1255932bb..5019dbf1815 100644 --- a/src/shared/serialize.c +++ b/src/shared/serialize.c @@ -207,7 +207,9 @@ int serialize_item_hexmem(FILE *f, const char *key, const void *p, size_t l) { assert(f); assert(key); - assert(p || l == 0); + + if (!p && l > 0) + return -EINVAL; if (l == 0) return 0; @@ -230,7 +232,9 @@ int serialize_item_base64mem(FILE *f, const char *key, const void *p, size_t l) assert(f); assert(key); - assert(p || l == 0); + + if (!p && l > 0) + return -EINVAL; if (l == 0) return 0; diff --git a/test/fuzz/fuzz-execute-serialize/crash-395e b/test/fuzz/fuzz-execute-serialize/crash-395e new file mode 100644 index 00000000000..943e6733a01 --- /dev/null +++ b/test/fuzz/fuzz-execute-serialize/crash-395e @@ -0,0 +1,3 @@ + + +exec-parameters-n-storage-fds=1782 diff --git a/test/fuzz/fuzz-execute-serialize/crash-622a b/test/fuzz/fuzz-execute-serialize/crash-622a new file mode 100644 index 00000000000..20b000f3b10 --- /dev/null +++ b/test/fuzz/fuzz-execute-serialize/crash-622a @@ -0,0 +1,3 @@ +exec-context-root-hash=0B12 +exec-context-root-hash=0B1eÿÿÿÿÿexeec-unx-euucmask=10 +exec-context-root-hash=0Be-22