[Fuzzing] oss-fuzz cifuzz (#587)

* [Fuzzing] oss-fuzz cifuzz

Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644 (file)
index 0000000..bde0e12
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,32 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory]
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'lldpd'
+        dry-run: false
+        language: c
+        sanitizer: ${{ matrix.sanitizer }}
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'lldpd'
+        dry-run: false
+        language: c
+        fuzz-seconds: 300
+        sanitizer: ${{ matrix.sanitizer }}
+    - name: Upload Crash
+      uses: actions/upload-artifact@v1
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: ${{ matrix.sanitizer }}-artifacts
+        path: ./out/artifacts

diff --git a/src/daemon/protocols/edp.c b/src/daemon/protocols/edp.c
index 79b6c51044803c7af2790c31558abdaf6d7c585f..02375668bffce12346f3a53c67504c8ead698a41 100644 (file)
--- a/src/daemon/protocols/edp.c
+++ b/src/daemon/protocols/edp.c
@@ -348,14 +348,14 @@ edp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardwar
                        edp_slot = PEEK_UINT16;
                        edp_port = PEEK_UINT16;
                        free(port->p_id);
-                       if (asprintf(&port->p_id, "%d/%d", edp_slot + 1,
-                               edp_port + 1) == -1) {
+                       port->p_id_len =
+                           asprintf(&port->p_id, "%d/%d", edp_slot + 1, edp_port + 1);
+                       if (port->p_id_len == -1) {
                                log_warn("edp",
                                    "unable to allocate memory for "
                                    "port ID");
                                goto malformed;
                        }
-                       port->p_id_len = strlen(port->p_id);
                        free(port->p_descr);
                        if (asprintf(&port->p_descr, "Slot %d / Port %d", edp_slot + 1,
                                edp_port + 1) == -1) {

diff --git a/src/daemon/protocols/sonmp.c b/src/daemon/protocols/sonmp.c
index 9f4c4909f3d3ff0405dbafbcfabccd502ff7f42a..34ebcd7e3110b6a74ff7b254510cda3cfa9c5339 100644 (file)
--- a/src/daemon/protocols/sonmp.c
+++ b/src/daemon/protocols/sonmp.c
@@ -366,12 +366,14 @@ sonmp_decode(struct lldpd *cfg, char *frame, int s, struct lldpd_hardware *hardw
        port->p_ttl = (port->p_ttl + 999) / 1000;
 
        port->p_id_subtype = LLDP_PORTID_SUBTYPE_LOCAL;
-       if (asprintf(&port->p_id, "%02x-%02x-%02x", seg[0], seg[1], seg[2]) == -1) {
+
+       port->p_id_len =
+           asprintf(&port->p_id, "%02x-%02x-%02x", seg[0], seg[1], seg[2]);
+       if (port->p_id_len == -1) {
                log_warn("sonmp", "unable to allocate memory for port id on %s",
                    hardware->h_ifname);
                goto malformed;
        }
-       port->p_id_len = strlen(port->p_id);
 
        /* Port description depend on the number of segments */
        if ((seg[0] == 0) && (seg[1] == 0)) {

diff --git a/src/log.c b/src/log.c
index 3fd6d1003931e009056990c3a41efa44b9e1e05e..0f3835e824e40cf1ec3fcbb68ed09e6ec41b61a4 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -152,7 +152,7 @@ static void
 vlog(int pri, const char *token, const char *fmt, va_list ap)
 {
        if (logh) {
-               char *result;
+               char *result = NULL;
                if (vasprintf(&result, fmt, ap) != -1) {
                        logh(pri, result);
                        free(result);