From 404278d9472c28fedc200d385667a0d2cc1c992d Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Thu, 4 Apr 2019 01:03:58 +0200 Subject: [PATCH] Add fuzzing binary for tiniparser The "tiniparser_load" function is made into a wrapper for the newly added "tiniparser_load_stream" function which accepts a FILE pointer. This way no actual files have to be opened for fuzzing (memfd_create(2) isn't readily available on all systems yet). Signed-off-by: Michael Hanselmann Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall --- lib/fuzzing/fuzz_tiniparser.c | 39 +++++++++++++++++++++++++++++++++++ lib/fuzzing/wscript_build | 6 ++++++ lib/util/tiniparser.c | 24 ++++++++++++++------- lib/util/tiniparser.h | 1 + 4 files changed, 63 insertions(+), 7 deletions(-) create mode 100644 lib/fuzzing/fuzz_tiniparser.c diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_tiniparser.c new file mode 100644 index 00000000000..a6e2ef7c2fe --- /dev/null +++ b/lib/fuzzing/fuzz_tiniparser.c @@ -0,0 +1,39 @@ +/* + Fuzzing for trivial smb.conf parsing code. + Copyright (C) Michael Hanselmann 2019 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "fuzzing.h" +#include "lib/util/tiniparser.h" + +int LLVMFuzzerInitialize(int *argc, char ***argv) +{ + return 0; +} + +int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) +{ + FILE *fp; + + fp = fmemopen(buf, len, "r"); + + tiniparser_load_stream(fp); + + fclose(fp); + + return 0; +} diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build index f36bce5f409..3db2a8b825a 100644 --- a/lib/fuzzing/wscript_build +++ b/lib/fuzzing/wscript_build @@ -5,3 +5,9 @@ bld.SAMBA_SUBSYSTEM('fuzzing', deps='talloc', enabled=bld.env.enable_libfuzzer, ) + +bld.SAMBA_BINARY('fuzz_tiniparser', + source='fuzz_tiniparser.c', + deps='fuzzing tiniparser talloc', + install=False, + enabled=bld.env.enable_libfuzzer) diff --git a/lib/util/tiniparser.c b/lib/util/tiniparser.c index c3ab4e7f806..dbd1c058b0d 100644 --- a/lib/util/tiniparser.c +++ b/lib/util/tiniparser.c @@ -321,15 +321,10 @@ static bool section_parser(const char *section_name, return true; } -struct tiniparser_dictionary *tiniparser_load(const char *filename) +struct tiniparser_dictionary *tiniparser_load_stream(FILE *fp) { bool ret; struct tiniparser_dictionary *d = NULL; - FILE *fp = fopen(filename, "r"); - - if (fp == NULL) { - return NULL; - } d = malloc(sizeof(struct tiniparser_dictionary)); if (d == NULL) { @@ -343,7 +338,6 @@ struct tiniparser_dictionary *tiniparser_load(const char *filename) section_parser, value_parser, d); - fclose(fp); if (ret == false) { tiniparser_freedict(d); d = NULL; @@ -351,6 +345,22 @@ struct tiniparser_dictionary *tiniparser_load(const char *filename) return d; } +struct tiniparser_dictionary *tiniparser_load(const char *filename) +{ + struct tiniparser_dictionary *d; + FILE *fp = fopen(filename, "r"); + + if (fp == NULL) { + return NULL; + } + + d = tiniparser_load_stream(fp); + + fclose(fp); + + return d; +} + void tiniparser_freedict(struct tiniparser_dictionary *d) { struct tiniparser_section *curr_section, *next_section; diff --git a/lib/util/tiniparser.h b/lib/util/tiniparser.h index 4803ca6d6ec..5356b221fe1 100644 --- a/lib/util/tiniparser.h +++ b/lib/util/tiniparser.h @@ -49,6 +49,7 @@ const char *tiniparser_getstring(struct tiniparser_dictionary *d, int tiniparser_getint(struct tiniparser_dictionary *d, const char *key, int default_value); +struct tiniparser_dictionary *tiniparser_load_stream(FILE *fp); struct tiniparser_dictionary *tiniparser_load(const char *filename); void tiniparser_freedict(struct tiniparser_dictionary *d); -- 2.47.3