From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 29 Oct 2018 15:24:16 +0000 (+0000)
Subject: tests: add an lldp fuzzer
X-Git-Tag: v240~448^2
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=commitdiff_plain;h=28ffcec2cb2e32ceee1f181a3df3cf94bf19c70c

tests: add an lldp fuzzer

I went through my antique collection of fuzzers the other day
to see which ones I hadn't sent upstream yet. This one
seems to be nice to have and ready to be merged. As far as I can
tell, it hasn't managed to find anything useful yet,
but it's better to be safe than sorry especially when it comes to networking
code :-)
---

diff --git a/src/fuzz/fuzz-lldp.c b/src/fuzz/fuzz-lldp.c
new file mode 100644
index 00000000000..e88632cfe62
--- /dev/null
+++ b/src/fuzz/fuzz-lldp.c
@@ -0,0 +1,40 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <errno.h>
+#include <unistd.h>
+
+#include "sd-event.h"
+#include "sd-lldp.h"
+
+#include "fd-util.h"
+#include "fuzz.h"
+#include "lldp-network.h"
+
+static int test_fd[2] = { -1, -1 };
+
+int lldp_network_bind_raw_socket(int ifindex) {
+        if (socketpair(AF_UNIX, SOCK_DGRAM | SOCK_NONBLOCK, 0, test_fd) < 0)
+                return -errno;
+
+        return test_fd[0];
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+        _cleanup_(sd_lldp_unrefp) sd_lldp *lldp = NULL;
+
+        assert_se(sd_event_new(&e) == 0);
+        assert_se(sd_lldp_new(&lldp) >= 0);
+        assert_se(sd_lldp_set_ifindex(lldp, 42) >= 0);
+        assert_se(sd_lldp_attach_event(lldp, e, 0) >= 0);
+        assert_se(sd_lldp_start(lldp) >= 0);
+
+        assert_se(write(test_fd[1], data, size) == (ssize_t) size);
+        assert_se(sd_event_run(e, 0) >= 0);
+
+        assert_se(sd_lldp_stop(lldp) >= 0);
+        assert_se(sd_lldp_detach_event(lldp) >= 0);
+        test_fd[1] = safe_close(test_fd[1]);
+
+        return 0;
+}
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build
index 4c238493529..ab92fe25480 100644
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -27,6 +27,11 @@ fuzzers += [
           libshared],
          []],
 
+        [['src/fuzz/fuzz-lldp.c'],
+         [libshared,
+          libsystemd_network],
+         []],
+
         [['src/fuzz/fuzz-ndisc-rs.c',
           'src/libsystemd-network/dhcp-identifier.h',
           'src/libsystemd-network/dhcp-identifier.c',
diff --git a/test/fuzz/fuzz-lldp/basic b/test/fuzz/fuzz-lldp/basic
new file mode 100644
index 00000000000..43debea6e4c
Binary files /dev/null and b/test/fuzz/fuzz-lldp/basic differ
diff --git a/test/fuzz/fuzz-lldp/incomplete b/test/fuzz/fuzz-lldp/incomplete
new file mode 100644
index 00000000000..53dce6001b3
Binary files /dev/null and b/test/fuzz/fuzz-lldp/incomplete differ
diff --git a/test/fuzz/fuzz-lldp/oui b/test/fuzz/fuzz-lldp/oui
new file mode 100644
index 00000000000..9c76c400cb5
Binary files /dev/null and b/test/fuzz/fuzz-lldp/oui differ