varlink: don't panic on malformed method definition

author Frantisek Sumsal <frantisek@sumsal.cz>

Thu, 12 Oct 2023 13:55:12 +0000 (15:55 +0200)

committer Frantisek Sumsal <frantisek@sumsal.cz>

Sat, 14 Oct 2023 15:40:07 +0000 (17:40 +0200)
author Frantisek Sumsal <frantisek@sumsal.cz>
Thu, 12 Oct 2023 13:55:12 +0000 (15:55 +0200)
committer Frantisek Sumsal <frantisek@sumsal.cz>
Sat, 14 Oct 2023 15:40:07 +0000 (17:40 +0200)
diff --git a/src/shared/varlink-idl.c b/src/shared/varlink-idl.c

index 7d9d7874c1b1d55741ddec38b49198f121d119dc..65059d33c1ced297e590010d73a6c73193cabbf7 100644 (file)
--- a/src/shared/varlink-idl.c
+++ b/src/shared/varlink-idl.c
@@ -986,6 +986,9 @@ int varlink_idl_parse(
                          assert(!symbol);
                          n_fields = 0;
  
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                          r = varlink_symbol_realloc(&symbol, n_fields);
                          if (r < 0)
                                  return r;
@@ -1004,6 +1007,9 @@ int varlink_idl_parse(
                  case STATE_METHOD_ARROW:
                          assert(symbol);
  
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                          if (!streq(token, "->"))
                                  return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Unexpected token '%s'.", *line, *column, token);
  
@@ -1025,6 +1031,9 @@ int varlink_idl_parse(
                          assert(!symbol);
                          n_fields = 0;
  
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                          r = varlink_symbol_realloc(&symbol, n_fields);
                          if (r < 0)
                                  return r;
@@ -1050,6 +1059,9 @@ int varlink_idl_parse(
                          assert(!symbol);
                          n_fields = 0;
  
+                        if (!token)
+                                return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "%u:%u: Premature EOF.", *line, *column);
+
                          r = varlink_symbol_realloc(&symbol, n_fields);
                          if (r < 0)
                                  return r;
diff --git a/test/fuzz/fuzz-varlink-idl/crash-d1860f2b b/test/fuzz/fuzz-varlink-idl/crash-d1860f2b

new file mode 100644 (file)

index 0000000..db72088

Binary files /dev/null and b/test/fuzz/fuzz-varlink-idl/crash-d1860f2b differ
author	Frantisek Sumsal <frantisek@sumsal.cz>
	Thu, 12 Oct 2023 13:55:12 +0000 (15:55 +0200)
committer	Frantisek Sumsal <frantisek@sumsal.cz>
	Sat, 14 Oct 2023 15:40:07 +0000 (17:40 +0200)
src/shared/varlink-idl.c		patch \| blob \| blame \| history
test/fuzz/fuzz-varlink-idl/crash-d1860f2b	[new file with mode: 0644]	patch \| blob