Add fuzzing binary for tiniparser

The "tiniparser_load" function is made into a wrapper for the newly
added "tiniparser_load_stream" function which accepts a FILE pointer.
This way no actual files have to be opened for fuzzing (memfd_create(2)
isn't readily available on all systems yet).

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_tiniparser.c
new file mode 100644 (file)
index 0000000..a6e2ef7
--- /dev/null
+++ b/lib/fuzzing/fuzz_tiniparser.c
@@ -0,0 +1,39 @@
+/*
+   Fuzzing for trivial smb.conf parsing code.
+   Copyright (C) Michael Hanselmann 2019
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "fuzzing.h"
+#include "lib/util/tiniparser.h"
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+       return 0;
+}
+
+int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+{
+       FILE *fp;
+
+       fp = fmemopen(buf, len, "r");
+
+       tiniparser_load_stream(fp);
+
+       fclose(fp);
+
+       return 0;
+}

diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build
index f36bce5f4091041922eda5c426f4709f727f206f..3db2a8b825a5bdc32f7b0a51d400d498c8798977 100644 (file)
--- a/lib/fuzzing/wscript_build
+++ b/lib/fuzzing/wscript_build
@@ -5,3 +5,9 @@ bld.SAMBA_SUBSYSTEM('fuzzing',
     deps='talloc',
     enabled=bld.env.enable_libfuzzer,
     )
+
+bld.SAMBA_BINARY('fuzz_tiniparser',
+                 source='fuzz_tiniparser.c',
+                 deps='fuzzing tiniparser talloc',
+                 install=False,
+                 enabled=bld.env.enable_libfuzzer)

diff --git a/lib/util/tiniparser.c b/lib/util/tiniparser.c
index c3ab4e7f80664e3a9284d4cbeeb06c02e2f00748..dbd1c058b0d2faf898cbaba1aba2f018b78c1c5a 100644 (file)
--- a/lib/util/tiniparser.c
+++ b/lib/util/tiniparser.c
@@ -321,15 +321,10 @@ static bool section_parser(const char *section_name,
        return true;
 }
 
-struct tiniparser_dictionary *tiniparser_load(const char *filename)
+struct tiniparser_dictionary *tiniparser_load_stream(FILE *fp)
 {
        bool ret;
        struct tiniparser_dictionary *d = NULL;
-       FILE *fp = fopen(filename, "r");
-
-       if (fp == NULL) {
-               return NULL;
-       }
 
        d = malloc(sizeof(struct tiniparser_dictionary));
        if (d == NULL) {
@@ -343,7 +338,6 @@ struct tiniparser_dictionary *tiniparser_load(const char *filename)
                        section_parser,
                        value_parser,
                        d);
-       fclose(fp);
        if (ret == false) {
                tiniparser_freedict(d);
                d = NULL;
@@ -351,6 +345,22 @@ struct tiniparser_dictionary *tiniparser_load(const char *filename)
        return d;
 }
 
+struct tiniparser_dictionary *tiniparser_load(const char *filename)
+{
+       struct tiniparser_dictionary *d;
+       FILE *fp = fopen(filename, "r");
+
+       if (fp == NULL) {
+               return NULL;
+       }
+
+       d = tiniparser_load_stream(fp);
+
+       fclose(fp);
+
+       return d;
+}
+
 void tiniparser_freedict(struct tiniparser_dictionary *d)
 {
        struct tiniparser_section *curr_section, *next_section;

diff --git a/lib/util/tiniparser.h b/lib/util/tiniparser.h
index 4803ca6d6ecb26a1b06ecbcfd96203bd59bd1bba..5356b221fe14fb2675f48b862e44c56e2acc2b4a 100644 (file)
--- a/lib/util/tiniparser.h
+++ b/lib/util/tiniparser.h
@@ -49,6 +49,7 @@ const char *tiniparser_getstring(struct tiniparser_dictionary *d,
 int tiniparser_getint(struct tiniparser_dictionary *d,
                         const char *key,
                         int default_value);
+struct tiniparser_dictionary *tiniparser_load_stream(FILE *fp);
 struct tiniparser_dictionary *tiniparser_load(const char *filename);
 void tiniparser_freedict(struct tiniparser_dictionary *d);