]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
d7684675 LP |
2 | |
3 | #include <unistd.h> | |
4 | ||
5 | #include "errno-util.h" | |
6 | #include "fd-util.h" | |
7 | #include "fuzz.h" | |
8 | #include "hexdecoct.h" | |
9 | #include "io-util.h" | |
10 | #include "varlink.h" | |
11 | #include "log.h" | |
12 | ||
13 | static FILE *null = NULL; | |
14 | ||
15 | static int method_something(Varlink *v, JsonVariant *p, VarlinkMethodFlags flags, void *userdata) { | |
16 | json_variant_dump(p, JSON_FORMAT_NEWLINE|JSON_FORMAT_PRETTY, null, NULL); | |
17 | return 0; | |
18 | } | |
19 | ||
20 | static int reply_callback(Varlink *v, JsonVariant *p, const char *error_id, VarlinkReplyFlags flags, void *userdata) { | |
21 | json_variant_dump(p, JSON_FORMAT_NEWLINE|JSON_FORMAT_PRETTY, null, NULL); | |
22 | return 0; | |
23 | } | |
24 | ||
25 | static int io_callback(sd_event_source *s, int fd, uint32_t revents, void *userdata) { | |
99534007 | 26 | struct iovec *iov = ASSERT_PTR(userdata); |
d7684675 LP |
27 | bool write_eof = false, read_eof = false; |
28 | ||
29 | assert(s); | |
30 | assert(fd >= 0); | |
d7684675 LP |
31 | |
32 | if ((revents & (EPOLLOUT|EPOLLHUP|EPOLLERR)) && iov->iov_len > 0) { | |
33 | ssize_t n; | |
34 | ||
35 | /* never write more than 143 bytes a time, to make broken up recv()s on the other side more | |
36 | * likely, and thus test some additional code paths. */ | |
37 | n = send(fd, iov->iov_base, MIN(iov->iov_len, 143U), MSG_NOSIGNAL|MSG_DONTWAIT); | |
38 | if (n < 0) { | |
39 | if (ERRNO_IS_DISCONNECT(errno)) | |
40 | write_eof = true; | |
41 | else | |
42 | assert_se(errno == EAGAIN); | |
43 | } else | |
44 | IOVEC_INCREMENT(iov, 1, n); | |
45 | } | |
46 | ||
47 | if (revents & EPOLLIN) { | |
48 | char c[137]; | |
49 | ssize_t n; | |
50 | ||
51 | n = recv(fd, c, sizeof(c), MSG_DONTWAIT); | |
52 | if (n < 0) { | |
53 | if (ERRNO_IS_DISCONNECT(errno)) | |
54 | read_eof = true; | |
55 | else | |
56 | assert_se(errno == EAGAIN); | |
57 | } else if (n == 0) | |
58 | read_eof = true; | |
59 | else | |
60 | hexdump(null, c, (size_t) n); | |
61 | } | |
62 | ||
63 | /* After we wrote everything we could turn off EPOLLOUT. And if we reached read EOF too turn off the | |
64 | * whole thing. */ | |
65 | if (write_eof || iov->iov_len == 0) { | |
66 | ||
67 | if (read_eof) | |
68 | assert_se(sd_event_source_set_enabled(s, SD_EVENT_OFF) >= 0); | |
69 | else | |
70 | assert_se(sd_event_source_set_io_events(s, EPOLLIN) >= 0); | |
71 | } | |
72 | ||
73 | return 0; | |
74 | } | |
75 | ||
76 | static int idle_callback(sd_event_source *s, void *userdata) { | |
77 | assert(s); | |
78 | ||
79 | /* Called as idle callback when there's nothing else to do anymore */ | |
80 | sd_event_exit(sd_event_source_get_event(s), 0); | |
81 | return 0; | |
82 | } | |
83 | ||
84 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { | |
85 | struct iovec server_iov = IOVEC_MAKE((void*) data, size), client_iov = IOVEC_MAKE((void*) data, size); | |
86 | /* Important: the declaration order matters here! we want that the fds are closed on return after the | |
87 | * event sources, hence we declare the fds first, the event sources second */ | |
88 | _cleanup_close_pair_ int server_pair[2] = { -1, -1 }, client_pair[2] = { -1, -1 }; | |
89 | _cleanup_(sd_event_source_unrefp) sd_event_source *idle_event_source = NULL, | |
90 | *server_event_source = NULL, *client_event_source = NULL; | |
91 | _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL; | |
92 | _cleanup_(varlink_flush_close_unrefp) Varlink *c = NULL; | |
93 | _cleanup_(sd_event_unrefp) sd_event *e = NULL; | |
94 | ||
95 | log_set_max_level(LOG_CRIT); | |
96 | log_parse_environment(); | |
97 | ||
98 | assert_se(null = fopen("/dev/null", "we")); | |
99 | ||
100 | assert_se(sd_event_default(&e) >= 0); | |
101 | ||
102 | /* Test one: write the data as method call to a server */ | |
103 | assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, server_pair) >= 0); | |
104 | assert_se(varlink_server_new(&s, 0) >= 0); | |
105 | assert_se(varlink_server_set_description(s, "myserver") >= 0); | |
106 | assert_se(varlink_server_attach_event(s, e, 0) >= 0); | |
107 | assert_se(varlink_server_add_connection(s, server_pair[0], NULL) >= 0); | |
108 | TAKE_FD(server_pair[0]); | |
109 | assert_se(varlink_server_bind_method(s, "io.test.DoSomething", method_something) >= 0); | |
110 | assert_se(sd_event_add_io(e, &server_event_source, server_pair[1], EPOLLIN|EPOLLOUT, io_callback, &server_iov) >= 0); | |
111 | ||
112 | /* Test two: write the data as method response to a client */ | |
113 | assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, client_pair) >= 0); | |
114 | assert_se(varlink_connect_fd(&c, client_pair[0]) >= 0); | |
115 | TAKE_FD(client_pair[0]); | |
116 | assert_se(varlink_set_description(c, "myclient") >= 0); | |
117 | assert_se(varlink_attach_event(c, e, 0) >= 0); | |
118 | assert_se(varlink_bind_reply(c, reply_callback) >= 0); | |
119 | assert_se(varlink_invoke(c, "io.test.DoSomething", NULL) >= 0); | |
120 | assert_se(sd_event_add_io(e, &client_event_source, client_pair[1], EPOLLIN|EPOLLOUT, io_callback, &client_iov) >= 0); | |
121 | ||
122 | assert_se(sd_event_add_defer(e, &idle_event_source, idle_callback, NULL) >= 0); | |
123 | assert_se(sd_event_source_set_priority(idle_event_source, SD_EVENT_PRIORITY_IDLE) >= 0); | |
124 | ||
125 | assert_se(sd_event_loop(e) >= 0); | |
126 | ||
127 | null = safe_fclose(null); | |
128 | ||
129 | return 0; | |
130 | } |