fuzz-journal-remote: a fuzzer for journal-remote over-the-wire input

diff --git a/meson.build b/meson.build
index ac1db5319da8c5cb206be55361c7d622911220bb..484271ff1c0c236a515317c048cb7f39272fa268 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -1258,6 +1258,7 @@ includes = include_directories('src/basic',
                                'src/shared',
                                'src/systemd',
                                'src/journal',
+                               'src/journal-remote',
                                'src/nspawn',
                                'src/resolve',
                                'src/timesync',

diff --git a/src/fuzz/fuzz-journal-remote.c b/src/fuzz/fuzz-journal-remote.c
new file mode 100644 (file)
index 0000000..3f6ed33
--- /dev/null
+++ b/src/fuzz/fuzz-journal-remote.c
@@ -0,0 +1,62 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "fuzz.h"
+
+#include <sys/mman.h>
+
+#include "sd-journal.h"
+
+#include "fd-util.h"
+#include "fileio.h"
+#include "fs-util.h"
+#include "journal-remote.h"
+#include "logs-show.h"
+#include "memfd-util.h"
+#include "strv.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        RemoteServer s = {};
+        char name[] = "/tmp/fuzz-journal-remote.XXXXXX.journal";
+        void *mem;
+        int fdin; /* will be closed by journal_remote handler after EOF */
+        _cleanup_close_ int fdout = -1;
+        sd_journal *j;
+        int r;
+
+        if (size <= 2)
+                return 0;
+
+        assert_se((fdin = memfd_new_and_map("fuzz-journal-remote", size, &mem)) >= 0);
+        memcpy(mem, data, size);
+        assert_se(munmap(mem, size) == 0);
+
+        fdout = mkostemps(name, STRLEN(".journal"), O_CLOEXEC);
+        assert_se(fdout >= 0);
+
+        /* In */
+
+        assert_se(journal_remote_server_init(&s, name, JOURNAL_WRITE_SPLIT_NONE, false, false) >= 0);
+
+        assert_se(journal_remote_add_source(&s, fdin, (char*) "fuzz-data", false) > 0);
+
+        while (s.active) {
+                r = journal_remote_handle_raw_source(NULL, fdin, 0, &s);
+                assert_se(r >= 0);
+        }
+
+        journal_remote_server_destroy(&s);
+        assert_se(close(fdin) < 0 && errno == EBADF); /* Check that the fd is closed already */
+
+        /* Out */
+
+        r = sd_journal_open_files(&j, (const char**) STRV_MAKE(name), 0);
+        assert_se(r >= 0);
+
+        r = show_journal(stdout, j, OUTPUT_VERBOSE, 0, 0, -1, 0, NULL);
+        assert_se(r >= 0);
+
+        sd_journal_close(j);
+        unlink(name);
+
+        return 0;
+}

diff --git a/src/fuzz/fuzz-journal-remote.options b/src/fuzz/fuzz-journal-remote.options
new file mode 100644 (file)
index 0000000..678d526
--- /dev/null
+++ b/src/fuzz/fuzz-journal-remote.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65536

diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 7fcc8240691dbf29574474e72bb81f9a8f361cda..90cd539162ad6d19f9ff891668aae1e7d4260928 100644 (file)
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -19,4 +19,9 @@ fuzzers += [
          [libcore,
           libshared],
          [libmount]],
+
+        [['src/fuzz/fuzz-journal-remote.c'],
+         [libsystemd_journal_remote,
+          libshared],
+         []],
 ]

diff --git a/test/fuzz-corpus/.gitattributes b/test/fuzz-corpus/.gitattributes
new file mode 100644 (file)
index 0000000..7b1b3e1
--- /dev/null
+++ b/test/fuzz-corpus/.gitattributes
@@ -0,0 +1 @@
+/*/*       -whitespace

diff --git a/test/fuzz-corpus/journal-remote/sample.txt b/test/fuzz-corpus/journal-remote/sample.txt
new file mode 100644 (file)
index 0000000..891c000
--- /dev/null
+++ b/test/fuzz-corpus/journal-remote/sample.txt
@@ -0,0 +1,180 @@
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12d7;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501873
+__MONOTONIC_TIMESTAMP=1753961140951
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\x1b\r"\x9a\xea]\x90rU\xb0SX5\nY\xebi\xdac\x1f\xde\xb4\xf6\x0e\x8d/!\xd0\x9a\xe8\x8b\xc3#hN\xf4\x9c\x8e\xc5\x92>\xaa\xf8Ih\x13\xd2\xbbOa\xedK\x04\xa449\xf3f\x9e\xfc=\xc9\xc1\x0fe\xb4\xf96\xd5z\xcfQ\xcb\xb1\xb4\xe48\xb3\x9f\x1b
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483516
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12d8;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501874
+__MONOTONIC_TIMESTAMP=1753961140952
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=l\x1a\xf4^\xb1\x14\xfb@\r\xa1\x11\xda0\xe0]3Ms$\x7f06\xde\xd9\x02y\xf9@\n\xe8\x01\x83\xcb\xe0)\xed\x98*>\xa1\xc2Y\xe8IR\x95h\xa1\xbb\x16\xba\xedK\x11\xfcj\x04\xfb\x0b\x9b)p\x10\xecH\x1f\x0b\x89{\xeb'\x0e\x1d\xaa\xcbZ\x86\xe0k1
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483517
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000001
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12d9;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501875
+__MONOTONIC_TIMESTAMP=1753961140953
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=MzV_\xbb\xc1\x14f\x84\x15\xf5\xe0\xe6\xd2\x0e6#N\xf1\x1b\xe9Z*\x8f\x8a\x13\xad\xa4%r\x02\xd1\xc4^U\xc0u!\xdfjl\x15\xb6\xcc\x93\x1dRi<\x1a\xa9/\x9c\xcb\xe8\x99\xe3\x1cN\x06\xf0\xb41a\xa7L\x99\xda\x83Q: ]\x1c\xb9Hiz\n\x94
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483518
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000002
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12da;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501876
+__MONOTONIC_TIMESTAMP=1753961140954
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\x8aF\xfcG\xd7\xeeZ\x86\xcb.O\xb1!,2\xbf\x86\\&\x15\xa7\xe6\xe7-\x81\xed\xf8\x7f=\xf7\x90YF\xe1\xe6\x99\x83\x84\r\xe48\x93\xc7\xdd\tJy\x86\\\xb4\xf9\xefT\r\x04\xae\x1d\x99\xfe'\x99m\xc4#\x8d\x89w\xb1\xecC\xaf\xe6\x1b\xfd\xc5\xbc\xfd\xe3w2
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483519
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000003
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12db;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501877
+__MONOTONIC_TIMESTAMP=1753961140955
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=`\xc7\r\xb6\xc3NPjc\xa129L\xe1\x17\xa2\x96\xa8w\x0c\x07\x8f\x98\x1eS-N\xb7lt\xc5=\xd1\x93\x10_1\xdc\xa9x\xd1\x8a\n\xb1\x90\xdca\xc4\x94\x98\x92\x00\x90)d{\x96\x9e\xc2A\xbf\x81s\xf82_\xe0;\xc3\x06\x8eO\xe4\x8a5GX\xe1\xff\xea
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483520
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000004
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12dc;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501878
+__MONOTONIC_TIMESTAMP=1753961140956
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\r\t \xdf-\xed\xd5\xde\xa1/\xa5T\x1a\xdd\xf9a\xe2\x8b()\xd5\xf2\x1b\xbcu~\xaa\x97\xc7~\x0e~2\x11\xa0\xb5\xd3\xd7^ \xea\x16\x02{\xd1\xbe\xa02\xad\x00\xba$\xf2\xd5\x7f\x9a\xf0\xf9\xf2\x14\xf0/\xb5\xd3"`\xd8\x8e\xb6w\x1bP\x96\xf1\x0c\xf0#\xd2\x12\x88
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483521
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000005
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12dd;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501879
+__MONOTONIC_TIMESTAMP=1753961140957
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\x1a\x15\xd3\x8d\x98\x83m\xe2\x02\xfa\x81\x98\xef\xa2\x8a\xcc\x10\xc5=q=\xd0\xd7_\x0e\x92D\xb1\xc7 \xaa\xae-\x18\xff\xb0<l5\xf1\x91-\xe8g! \xd8\xac\xadi"\xf8 \xebL\xe6-\xbf=i_@\x9b)B\xac\xa50\xf9\xf1~\xb1c^pTD\x15\xee}
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483522
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000006
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12de;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501880
+__MONOTONIC_TIMESTAMP=1753961140958
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\xe4L \xb4\t\xf3\xfbQ\xb8\x95f{C\x1b\x91\x81\xd2!\xc0f\xa41=\xff\x84W\xf3\x0f=\x9e\x87\xd1\x9f\x86;F\x12\xd6\x1c6B\x07\x08\xdb*\xeem\x9f\xe7\xda\x81n_\x00^\xcf!\x19\x19\xe0\x9cM\x05\xf0\xe9\xe9=\xbc\xba=`inw\xc4Qq\x9cW\xe6
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483523
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000007
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12df;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501881
+__MONOTONIC_TIMESTAMP=1753961140959
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\xda\x80\xe0\xe5@\xa4\x94\xecL\xbd\xe4\xe5\xbd\xc8\xae\x8e\xa9k\xa4\rt\xf2\x17\xe3n!.\xe3\xab*\xe3f{H\x98\x86\xa1=U-\x8cNd+\x90\xbd\x970d\xf7\xee\xd7g\x08c\x12\xf4\x9f3\xd0&\x95\xb0\xac\x1a\xe9k\xda,}\x97`:u\xad\x9e\xfaLj\x11
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483524
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000008
+
+__CURSOR=s=6863c726210b4560b7048889d8ada5c5;i=3e931;b=f446871715504074bf7049ef0718fa93;m=198603b12e0;t=4fd05c
+__REALTIME_TIMESTAMP=1404101101501882
+__MONOTONIC_TIMESTAMP=1753961140960
+_BOOT_ID=f446871715504074bf7049ef0718fa93
+_TRANSPORT=syslog
+PRIORITY=3
+SYSLOG_FACILITY=6
+SYSLOG_IDENTIFIER=/USR/SBIN/CRON
+MESSAGE=\xc0\xb4\xefIe\xc9\xd0\xaf!y\x13\xfdT(k\x9b\xc7\x7fm;\xc2\xbb"\x81\x87\\(-\x9a\x8b\xdd\x17\xf7\x8a\x92\xbd\xdd;\x9f\x99\x87\xf2\xb7\xcf\xf6XtRC\xad\xebT\xa1\xe5\xd9p\xd70\xc1\xb0^\x88g@=\xeb\xd8\xcf\xb7bK"6 \xda\x08\x1bp\xbc\r
+_UID=0
+_GID=0
+_MACHINE_ID=69121ca41d12c1b69a7960174c27b618
+_HOSTNAME=hostname
+SYSLOG_PID=25721
+_PID=25721
+_SOURCE_REALTIME_TIMESTAMP=1404101101483525
+DATA=00000000000000000000000000000000000000000000000000000000000000000000000000000009
+