tests: add a fuzzer for journald streams

author Evgeny Vereshchagin <evvers@ya.ru>

Tue, 20 Nov 2018 00:20:32 +0000 (01:20 +0100)

committer Evgeny Vereshchagin <evvers@ya.ru>

Tue, 20 Nov 2018 02:03:32 +0000 (03:03 +0100)
author Evgeny Vereshchagin <evvers@ya.ru>
Tue, 20 Nov 2018 00:20:32 +0000 (01:20 +0100)
committer Evgeny Vereshchagin <evvers@ya.ru>
Tue, 20 Nov 2018 02:03:32 +0000 (03:03 +0100)
diff --git a/src/fuzz/fuzz-journald-stream.c b/src/fuzz/fuzz-journald-stream.c

new file mode 100644 (file)

index 0000000..247c088
--- /dev/null
+++ b/src/fuzz/fuzz-journald-stream.c
@@ -0,0 +1,35 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include <linux/sockios.h>
+
+#include "fd-util.h"
+#include "fuzz.h"
+#include "fuzz-journald.h"
+#include "journald-stream.h"
+
+static int stream_fds[2] = { -1, -1 };
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        Server s;
+        StdoutStream *stream;
+        int v;
+
+        if (size == 0)
+                return 0;
+
+        if (!getenv("SYSTEMD_LOG_LEVEL"))
+                log_set_max_level(LOG_CRIT);
+
+        assert_se(socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0, stream_fds) >= 0);
+        dummy_server_init(&s, NULL, 0);
+        assert_se(stdout_stream_install(&s, stream_fds[0], &stream) >= 0);
+        assert_se(write(stream_fds[1], data, size) == (ssize_t) size);
+        while (ioctl(stream_fds[0], SIOCINQ, &v) == 0 && v)
+                sd_event_run(s.event, (uint64_t) -1);
+        if (s.n_stdout_streams)
+                stdout_stream_destroy(stream);
+        server_done(&s);
+        stream_fds[1] = safe_close(stream_fds[1]);
+
+        return 0;
+}
diff --git a/src/fuzz/fuzz-journald.c b/src/fuzz/fuzz-journald.c

index 0659b92ba3cf7a543c555829cd17c4638c14e93c..950e885cae3d8e679add48490732efea6029bce7 100644 (file)
--- a/src/fuzz/fuzz-journald.c
+++ b/src/fuzz/fuzz-journald.c
@@ -15,11 +15,15 @@ void dummy_server_init(Server *s, const uint8_t *buffer, size_t size) {
                  .hostname_fd = -1,
                  .notify_fd = -1,
                  .storage = STORAGE_NONE,
+                .line_max = 64,
          };
          assert_se(sd_event_default(&s->event) >= 0);
-        s->buffer = memdup_suffix0(buffer, size);
-        assert_se(s->buffer);
-        s->buffer_size = size + 1;
+
+        if (buffer) {
+                s->buffer = memdup_suffix0(buffer, size);
+                assert_se(s->buffer);
+                s->buffer_size = size + 1;
+        }
  }
  
  void fuzz_journald_processing_function(
diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build

index 89f312fee7c2f23b0eb0c34a9ebc80ec24fa4c09..1ae1c94f430eccf5349e51b03e0a2e9b09083cea 100644 (file)
--- a/src/fuzz/meson.build
+++ b/src/fuzz/meson.build
@@ -69,6 +69,12 @@ fuzzers += [
            libshared],
           [libselinux]],
  
+        [['src/fuzz/fuzz-journald-stream.c',
+          'src/fuzz/fuzz-journald.c'],
+         [libjournal_core,
+          libshared],
+         [libselinux]],
+
          [['src/fuzz/fuzz-journald-syslog.c',
            'src/fuzz/fuzz-journald.c'],
           [libjournal_core,
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c

index 81aa7bd99fe9be66c0655c98af0ab81af72c5216..e4df814cc7b70b5369bb382d0d0e56ed48018e3c 100644 (file)
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -125,7 +125,7 @@ void stdout_stream_free(StdoutStream *s) {
  
  DEFINE_TRIVIAL_CLEANUP_FUNC(StdoutStream*, stdout_stream_free);
  
-static void stdout_stream_destroy(StdoutStream *s) {
+void stdout_stream_destroy(StdoutStream *s) {
          if (!s)
                  return;
  
@@ -534,7 +534,7 @@ terminate:
          return 0;
  }
  
-static int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
+int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
          _cleanup_(stdout_stream_freep) StdoutStream *stream = NULL;
          sd_id128_t id;
          int r;
diff --git a/src/journal/journald-stream.h b/src/journal/journald-stream.h

index bc5622ab3b5ce784990255ec8df68133aeb4dffd..487376e76361221cdef167f549e7831799ee9810 100644 (file)
--- a/src/journal/journald-stream.h
+++ b/src/journal/journald-stream.h
@@ -10,4 +10,6 @@ int server_open_stdout_socket(Server *s);
  int server_restore_streams(Server *s, FDSet *fds);
  
  void stdout_stream_free(StdoutStream *s);
+int stdout_stream_install(Server *s, int fd, StdoutStream **ret);
+void stdout_stream_destroy(StdoutStream *s);
  void stdout_stream_send_notify(StdoutStream *s);
diff --git a/test/fuzz/fuzz-journald-stream/basic b/test/fuzz/fuzz-journald-stream/basic

new file mode 100644 (file)

index 0000000..a088f1a
--- /dev/null
+++ b/test/fuzz/fuzz-journald-stream/basic
@@ -0,0 +1,8 @@
+
+
+6
+1
+0
+0
+0
+hey
+\ No newline at end of file
author	Evgeny Vereshchagin <evvers@ya.ru>
	Tue, 20 Nov 2018 00:20:32 +0000 (01:20 +0100)
committer	Evgeny Vereshchagin <evvers@ya.ru>
	Tue, 20 Nov 2018 02:03:32 +0000 (03:03 +0100)
src/fuzz/fuzz-journald-stream.c	[new file with mode: 0644]	patch \| blob
src/fuzz/fuzz-journald.c		patch \| blob \| blame \| history
src/fuzz/meson.build		patch \| blob \| blame \| history
src/journal/journald-stream.c		patch \| blob \| blame \| history
src/journal/journald-stream.h		patch \| blob \| blame \| history
test/fuzz/fuzz-journald-stream/basic	[new file with mode: 0644]	patch \| blob