core: don't assert when serializing malformed state

author Frantisek Sumsal <frantisek@sumsal.cz>

Wed, 18 Oct 2023 17:57:06 +0000 (19:57 +0200)

committer Frantisek Sumsal <frantisek@sumsal.cz>

Wed, 18 Oct 2023 20:44:16 +0000 (22:44 +0200)
author Frantisek Sumsal <frantisek@sumsal.cz>
Wed, 18 Oct 2023 17:57:06 +0000 (19:57 +0200)
committer Frantisek Sumsal <frantisek@sumsal.cz>
Wed, 18 Oct 2023 20:44:16 +0000 (22:44 +0200)
diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c

index 55f5bdc8c97f2af31e1507157aa5e22dcbd3192d..63ed6a6afcfe09b1ee033a6ed2bbaa39d6417370 100644 (file)
--- a/src/core/execute-serialize.c
+++ b/src/core/execute-serialize.c
@@ -1261,22 +1261,24 @@ static int exec_parameters_serialize(const ExecParameters *p, FILE *f, FDSet *fd
          if (r < 0)
                  return r;
  
-        if (p->n_socket_fds > 0) {
-                r = serialize_item_format(f, "exec-parameters-n-socket-fds", "%zu", p->n_socket_fds);
-                if (r < 0)
-                        return r;
-        }
+        if (p->fds) {
+                if (p->n_socket_fds > 0) {
+                        r = serialize_item_format(f, "exec-parameters-n-socket-fds", "%zu", p->n_socket_fds);
+                        if (r < 0)
+                                return r;
+                }
  
-        if (p->n_storage_fds > 0) {
-                r = serialize_item_format(f, "exec-parameters-n-storage-fds", "%zu", p->n_storage_fds);
-                if (r < 0)
-                        return r;
-        }
+                if (p->n_storage_fds > 0) {
+                        r = serialize_item_format(f, "exec-parameters-n-storage-fds", "%zu", p->n_storage_fds);
+                        if (r < 0)
+                                return r;
+                }
  
-        if (p->n_socket_fds + p->n_storage_fds > 0) {
-                r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds);
-                if (r < 0)
-                        return r;
+                if (p->n_socket_fds + p->n_storage_fds > 0) {
+                        r = serialize_fd_many(f, fds, "exec-parameters-fds", p->fds, p->n_socket_fds + p->n_storage_fds);
+                        if (r < 0)
+                                return r;
+                }
          }
  
          r = serialize_strv(f, "exec-parameters-fd-names", p->fd_names);
diff --git a/src/shared/serialize.c b/src/shared/serialize.c

index cb1255932bb5adf8f3d3d71bffbf280120db9a5c..5019dbf181537f07882e7fdf061569cac6694ec4 100644 (file)
--- a/src/shared/serialize.c
+++ b/src/shared/serialize.c
@@ -207,7 +207,9 @@ int serialize_item_hexmem(FILE *f, const char *key, const void *p, size_t l) {
  
          assert(f);
          assert(key);
-        assert(p || l == 0);
+
+        if (!p && l > 0)
+                return -EINVAL;
  
          if (l == 0)
                  return 0;
@@ -230,7 +232,9 @@ int serialize_item_base64mem(FILE *f, const char *key, const void *p, size_t l)
  
          assert(f);
          assert(key);
-        assert(p || l == 0);
+
+        if (!p && l > 0)
+                return -EINVAL;
  
          if (l == 0)
                  return 0;
diff --git a/test/fuzz/fuzz-execute-serialize/crash-395e b/test/fuzz/fuzz-execute-serialize/crash-395e

new file mode 100644 (file)

index 0000000..943e673
--- /dev/null
+++ b/test/fuzz/fuzz-execute-serialize/crash-395e
@@ -0,0 +1,3 @@
+
+
+exec-parameters-n-storage-fds=1782
diff --git a/test/fuzz/fuzz-execute-serialize/crash-622a b/test/fuzz/fuzz-execute-serialize/crash-622a

new file mode 100644 (file)

index 0000000..20b000f
--- /dev/null
+++ b/test/fuzz/fuzz-execute-serialize/crash-622a
@@ -0,0 +1,3 @@
+exec-context-root-hash=0B12
+exec-context-root-hash=0B1eÿÿÿÿÿexeec-unx-euucmask=10
+exec-context-root-hash=0Be-22
author	Frantisek Sumsal <frantisek@sumsal.cz>
	Wed, 18 Oct 2023 17:57:06 +0000 (19:57 +0200)
committer	Frantisek Sumsal <frantisek@sumsal.cz>
	Wed, 18 Oct 2023 20:44:16 +0000 (22:44 +0200)
src/core/execute-serialize.c		patch \| blob \| blame \| history
src/shared/serialize.c		patch \| blob \| blame \| history
test/fuzz/fuzz-execute-serialize/crash-395e	[new file with mode: 0644]	patch \| blob
test/fuzz/fuzz-execute-serialize/crash-622a	[new file with mode: 0644]	patch \| blob