From 0590f1b58c3e78be23a366403ba2c571e4521d0a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 24 Jan 2022 19:35:14 +0900
Subject: [PATCH] fuzz-dhcp-server: duplicate input data

As `dhcp_server_handle_message()` -> `ensure_sane_request()` may modify
the input data, and that causes error in some fuzzing engine.
---
 src/libsystemd-network/fuzz-dhcp-server.c         |   5 ++++-
 ...se-minimized-fuzz-dhcp-server-4916534286352384 | Bin 0 -> 243 bytes
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 test/fuzz/fuzz-dhcp-server/clusterfuzz-testcase-minimized-fuzz-dhcp-server-4916534286352384

diff --git a/src/libsystemd-network/fuzz-dhcp-server.c b/src/libsystemd-network/fuzz-dhcp-server.c
index 87add43270b..15edec3efbe 100644
--- a/src/libsystemd-network/fuzz-dhcp-server.c
+++ b/src/libsystemd-network/fuzz-dhcp-server.c
@@ -21,12 +21,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_(sd_dhcp_server_unrefp) sd_dhcp_server *server = NULL;
         struct in_addr address = {.s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))};
         static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3};
+        _cleanup_free_ uint8_t *duped = NULL;
         uint8_t *client_id;
         DHCPLease *lease;
 
         if (size < sizeof(DHCPMessage))
                 return 0;
 
+        assert_se(duped = memdup(data, size));
+
         assert_se(sd_dhcp_server_new(&server, 1) >= 0);
         server->fd = open("/dev/null", O_RDWR|O_CLOEXEC|O_NOCTTY);
         assert_se(server->fd >= 0);
@@ -51,7 +54,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0);
         lease->server = server;
 
-        (void) dhcp_server_handle_message(server, (DHCPMessage*)data, size);
+        (void) dhcp_server_handle_message(server, (DHCPMessage*) duped, size);
 
         return 0;
 }
diff --git a/test/fuzz/fuzz-dhcp-server/clusterfuzz-testcase-minimized-fuzz-dhcp-server-4916534286352384 b/test/fuzz/fuzz-dhcp-server/clusterfuzz-testcase-minimized-fuzz-dhcp-server-4916534286352384
new file mode 100644
index 0000000000000000000000000000000000000000..3d1370599695747e36f58ea290d8e1265b2b6b68
GIT binary patch
literal 243
zc-muBU{k;a7{CBo;6J9K{|dwdCL|0rnB_l6GlMM?Be9wpz>o#v7#K8V#O130n9ej|
G{0{&YoFV%F

literal 0
Hc-jL100001

-- 
2.47.3