tests: add a fuzzer for process_audit_string

diff --git a/src/fuzz/fuzz-journald-audit.c b/src/fuzz/fuzz-journald-audit.c
new file mode 100644 (file)
index 0000000..fe401c0
--- /dev/null
+++ b/src/fuzz/fuzz-journald-audit.c
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "fuzz.h"
+#include "journald-audit.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        Server s;
+        _cleanup_free_ char *buffer = NULL;
+
+        s = (Server) {
+                .syslog_fd = -1,
+                .native_fd = -1,
+                .stdout_fd = -1,
+                .dev_kmsg_fd = -1,
+                .audit_fd = -1,
+                .hostname_fd = -1,
+                .notify_fd = -1,
+                .storage = STORAGE_NONE,
+        };
+        assert_se(sd_event_default(&s.event) >= 0);
+        buffer = memdup_suffix0(data, size);
+        assert_se(buffer);
+        process_audit_string(&s, 0, buffer, size);
+        server_done(&s);
+
+        return 0;
+}

diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 5fd3093f077a84019d0bd36b93d0384118a7fc2c..0cda081f761cad9cf20186d46d0d847d15e4d23f 100644 (file)
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -51,6 +51,11 @@ fuzzers += [
           libshared],
          [libmount]],
 
+        [['src/fuzz/fuzz-journald-audit.c'],
+         [libjournal_core,
+          libshared],
+         [libselinux]],
+
         [['src/fuzz/fuzz-journald-kmsg.c'],
          [libjournal_core,
           libshared],

diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
index f591e53d78bb0e6cd77142f2f2c3b811fb97f685..94484f5d01c68244cf456c9930b5bf60cd2f7dc9 100644 (file)
--- a/src/journal/journald-audit.c
+++ b/src/journal/journald-audit.c
@@ -313,7 +313,7 @@ static int map_all_fields(
         }
 }
 
-static void process_audit_string(Server *s, int type, const char *data, size_t size) {
+void process_audit_string(Server *s, int type, const char *data, size_t size) {
         size_t n_iov_allocated = 0, n_iov = 0, z;
         _cleanup_free_ struct iovec *iov = NULL;
         uint64_t seconds, msec, id;

diff --git a/src/journal/journald-audit.h b/src/journal/journald-audit.h
index 57bb1711c96c24a3d85e72d04cb5bbc850a1e966..7766618c986cd317f491876fe5f7c6e9fa760331 100644 (file)
--- a/src/journal/journald-audit.h
+++ b/src/journal/journald-audit.h
@@ -6,4 +6,6 @@
 
 void server_process_audit_message(Server *s, const void *buffer, size_t buffer_size, const struct ucred *ucred, const union sockaddr_union *sa, socklen_t salen);
 
+void process_audit_string(Server *s, int type, const char *data, size_t size);
+
 int server_open_audit(Server*s);

diff --git a/test/fuzz/fuzz-journald-audit/basic b/test/fuzz/fuzz-journald-audit/basic
new file mode 100644 (file)
index 0000000..d1ce8cc
--- /dev/null
+++ b/test/fuzz/fuzz-journald-audit/basic
@@ -0,0 +1 @@
+audit(1542398162.211:744): pid=7376 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="vagrant" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
\ No newline at end of file