]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6fde9fb)
oss-fuzz: fuzz lxc_config_define_add and lxc_config_define_load
authorEvgeny Vereshchagin <evvers@ya.ru>
Wed, 31 Mar 2021 07:12:51 +0000 (07:12 +0000)
committerEvgeny Vereshchagin <evvers@ya.ru>
Thu, 1 Apr 2021 01:25:09 +0000 (01:25 +0000)
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
src/lxc/confile.c patch | blob | blame | history
src/tests/fuzz-lxc-define-load.c [new file with mode: 0644] patch | blob
src/tests/oss-fuzz.sh patch | blob | blame | history

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a679d235d224d8f90f3abe0ffeb587b6dad4bd14..2fba09a4ef279c599ba000e24553e828280f2b26 100644 (file)
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -3111,7 +3111,9 @@ bool lxc_config_define_load(struct lxc_list *defines, struct lxc_container *c)
                        break;
        }
 
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
        lxc_config_define_free(defines);
+#endif /* !FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 
        return bret;
 }
diff --git a/src/tests/fuzz-lxc-define-load.c b/src/tests/fuzz-lxc-define-load.c
new file mode 100644 (file)
index 0000000..3f05b15
--- /dev/null
+++ b/src/tests/fuzz-lxc-define-load.c
@@ -0,0 +1,64 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "conf.h"
+#include "confile.h"
+#include "lxctest.h"
+#include "utils.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+       __do_free char *new_str = NULL;
+       struct lxc_container *c = NULL;
+       struct lxc_list defines;
+       struct lxc_list *it;
+       __do_close int devnull_fd = -EBADF;
+
+       if (size > 102400)
+               return 0;
+
+       c = lxc_container_new("FUZZ", NULL);
+       lxc_test_assert_abort(c);
+
+       new_str = (char *)malloc(size+1);
+       lxc_test_assert_abort(new_str);
+       memcpy(new_str, data, size);
+       new_str[size] = '\0';
+
+       lxc_list_init(&defines);
+
+       if (lxc_config_define_add(&defines, new_str) < 0)
+               goto out;
+
+       if (!lxc_config_define_load(&defines, c))
+               goto out;
+
+       devnull_fd = open_devnull();
+       lxc_test_assert_abort(devnull_fd >= 0);
+
+       lxc_list_for_each(it, &defines) {
+               __do_free char *val = NULL;
+               struct new_config_item *config_item = it->elem;
+               int len;
+
+               len = c->get_config_item(c, config_item->key, NULL, 0);
+               if (len < 0)
+                       continue;
+
+               val = (char *)malloc(len + 1);
+               lxc_test_assert_abort(val);
+
+               if (c->get_config_item(c, config_item->key, val, len + 1) != len)
+                       continue;
+
+               if (len > 0)
+                       dprintf(devnull_fd, "[%s/%s]\n", config_item->key, val);
+       }
+
+out:
+       lxc_container_put(c);
+       lxc_config_define_free(&defines);
+
+       return 0;
+}
diff --git a/src/tests/oss-fuzz.sh b/src/tests/oss-fuzz.sh
index 21e0c5af6cf9c5f75f456cee1ee7bc7338b9c960..266d25357d9f8ce7e4fe093ebc6030252361011f 100755 (executable)
--- a/src/tests/oss-fuzz.sh
+++ b/src/tests/oss-fuzz.sh
@@ -43,8 +43,11 @@ sed -i 's/^AC_CHECK_LIB(util/#/' configure.ac
 
 make -j$(nproc)
 
-$CC -c -o fuzz-lxc-config-read.o $CFLAGS -Isrc -Isrc/lxc src/tests/fuzz-lxc-config-read.c
-$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz-lxc-config-read.o src/lxc/.libs/liblxc.a -o $OUT/fuzz-lxc-config-read
+for fuzz_target_source in src/tests/fuzz-lxc*.c; do
+    fuzz_target_name=$(basename "$fuzz_target_source" ".c")
+    $CC -c -o "$fuzz_target_name.o" $CFLAGS -Isrc -Isrc/lxc "$fuzz_target_source"
+    $CXX $CXXFLAGS $LIB_FUZZING_ENGINE "$fuzz_target_name.o" src/lxc/.libs/liblxc.a -o "$OUT/$fuzz_target_name"
+done
 
 perl -lne 'if (/config_jump_table\[\]\s*=/../^}/) { /"([^"]+)"/ && print "$1=" }' src/lxc/confile.c >doc/examples/keys.conf
 [[ -s doc/examples/keys.conf ]]
@@ -53,3 +56,7 @@ perl -lne 'if (/config_jump_table_net\[\]\s*=/../^}/) { /"([^"]+)"/ && print "lx
 [[ -s doc/examples/lxc-net-keys.conf ]]
 
 zip -r $OUT/fuzz-lxc-config-read_seed_corpus.zip doc/examples
+
+mkdir fuzz-lxc-define-load_seed_corpus
+perl -lne '/([^=]+)/ && print "printf $1= >fuzz-lxc-define-load_seed_corpus/$1"' doc/examples/{keys,lxc-net-keys}.conf | bash
+zip -r $OUT/fuzz-lxc-define-load_seed_corpus.zip fuzz-lxc-define-load_seed_corpus
Mirror of https://github.com/lxc/lxc.git