From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 13 Mar 2018 11:25:06 +0000 (+0100)
Subject: shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_devi... 
X-Git-Tag: v239~548^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=20d52ab60e7ba40f7cf23c148bcead8bd05bea3a;hp=0d032da9935b1511d46db7afdc95c139470fc9f0;p=thirdparty%2Fsystemd.git

shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow()

oss-fuzz #6885.
---

diff --git a/TODO b/TODO
index f171121f693..d5e37e49acd 100644
--- a/TODO
+++ b/TODO
@@ -528,6 +528,7 @@ Features:
 * maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases...
 
 * test/:
+  - add unit tests for config_parse_device_allow()
 
 * seems that when we follow symlinks to units we prefer the symlink
   destination path over /etc and /usr. We should not do that. Instead
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index f2f9267b920..7f56149ead9 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -410,7 +410,6 @@ int config_parse_socket_listen(const char *unit,
                 if (r < 0) {
                         if (r != -EAFNOSUPPORT)
                                 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value, ignoring: %s", rvalue);
-
                         return 0;
                 }
 
@@ -3511,6 +3510,7 @@ int config_parse_device_allow(
                 log_syntax(unit, LOG_WARNING, filename, line, r,
                            "Failed to resolve specifiers in %s, ignoring: %m",
                            rvalue);
+                return 0;
         }
 
         n = strcspn(t, WHITESPACE);
diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885
new file mode 100644
index 00000000000..1859136fdc5
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885
@@ -0,0 +1,3 @@
+service
+[Service]
+DeviceAllow=%D
\ No newline at end of file
diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build
index c1416f93cf3..9753c61882f 100644
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -30,4 +30,5 @@ fuzz_regression_tests = '''
         fuzz-dns-packet/oss-fuzz-5465
         fuzz-dns-packet/issue-7888
         fuzz-unit-file/oss-fuzz-6884
+        fuzz-unit-file/oss-fuzz-6885
 '''.split()