From 1e3cecc60831ed9b2c817c6f96bbf653f1a91dd5 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 1 Feb 2021 15:17:57 -0700 Subject: [PATCH] Add initial fuzzers to be used by oss-fuzz. These are not yet hooked up to the sudo build. --- MANIFEST | 5 +- lib/iolog/regress/fuzz/fuzz_iolog_json.c | 58 ++++++++++++++++++ plugins/sudoers/regress/fuzz/fuzz_sudoers.c | 58 ++++++++++++++++++ .../sudoers/regress/fuzz/fuzz_sudoers_ldif.c | 59 +++++++++++++++++++ 4 files changed, 179 insertions(+), 1 deletion(-) create mode 100644 lib/iolog/regress/fuzz/fuzz_iolog_json.c create mode 100644 plugins/sudoers/regress/fuzz/fuzz_sudoers.c create mode 100644 plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c diff --git a/MANIFEST b/MANIFEST index e3563c303..1386ced13 100644 --- a/MANIFEST +++ b/MANIFEST @@ -116,6 +116,7 @@ lib/iolog/iolog_json.c lib/iolog/iolog_json.h lib/iolog/iolog_path.c lib/iolog/iolog_util.c +lib/iolog/regress/fuzz/fuzz_iolog_json.c lib/iolog/regress/host_port/host_port_test.c lib/iolog/regress/iolog_json/check_iolog_json.c lib/iolog/regress/iolog_json/test1.in @@ -677,6 +678,8 @@ plugins/sudoers/regress/cvtsudoers/test9.sh plugins/sudoers/regress/env_match/check_env_pattern.c plugins/sudoers/regress/env_match/data plugins/sudoers/regress/exptilde/check_exptilde.c +plugins/sudoers/regress/fuzz/fuzz_sudoers.c +plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c plugins/sudoers/regress/parser/check_addr.c plugins/sudoers/regress/parser/check_addr.in @@ -687,7 +690,6 @@ plugins/sudoers/regress/parser/check_fill.c plugins/sudoers/regress/parser/check_gentime.c plugins/sudoers/regress/parser/check_hexchar.c plugins/sudoers/regress/starttime/check_starttime.c -plugins/sudoers/regress/unescape/check_unesc.c plugins/sudoers/regress/sudoers/test1.in plugins/sudoers/regress/sudoers/test1.json.ok plugins/sudoers/regress/sudoers/test1.ldif.ok @@ -857,6 +859,7 @@ plugins/sudoers/regress/testsudoers/test8.out.ok plugins/sudoers/regress/testsudoers/test8.sh plugins/sudoers/regress/testsudoers/test9.out.ok plugins/sudoers/regress/testsudoers/test9.sh +plugins/sudoers/regress/unescape/check_unesc.c plugins/sudoers/regress/visudo/test1.out.ok plugins/sudoers/regress/visudo/test1.sh plugins/sudoers/regress/visudo/test10.out.ok diff --git a/lib/iolog/regress/fuzz/fuzz_iolog_json.c b/lib/iolog/regress/fuzz/fuzz_iolog_json.c new file mode 100644 index 000000000..c6824d5ac --- /dev/null +++ b/lib/iolog/regress/fuzz/fuzz_iolog_json.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +#include "iolog_json.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct eventlog *evlog = NULL; + FILE *fp; + + /* Operate in-memory, do not fclose or it will free() data. */ + fp = fmemopen((void *)data, size, "r"); + if (fp == NULL) + return 0; + + /* Parsed contents of an log.json file are stored in evlog. */ + if ((evlog = calloc(1, sizeof(*evlog))) == NULL) + return 0; + evlog->runuid = (uid_t)-1; + evlog->rungid = (gid_t)-1; + + /* Try to parse buffer as a JSON-format I/O log info file. */ + iolog_parse_loginfo_json(fp, "fuzz.json", evlog); + eventlog_free(evlog); + + return 0; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c new file mode 100644 index 000000000..82096d45b --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudoers.h" + +/* Required to link with parser. */ +struct sudo_user sudo_user; +struct passwd *list_pw; + +FILE * +open_sudoers(const char *file, bool doedit, bool *keepopen) +{ + return fopen(file, "r"); +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Don't waste time fuzzing tiny inputs. */ + if (size < 5) + return 0; + + /* Operate in-memory, do not fclose or it will free() data. */ + sudoersin = fmemopen((void *)data, size, "r"); + if (sudoersin == NULL) + return 0; + + /* Initialize defaults and parse sudoers. */ + init_defaults(); + init_parser("sudoers", false, true); + sudoersparse(); + + return 0; +} diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c new file mode 100644 index 000000000..7cbfc47a0 --- /dev/null +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudoers.h" + +/* Required to link with parser. */ +struct sudo_user sudo_user; +struct passwd *list_pw; + +FILE * +open_sudoers(const char *file, bool doedit, bool *keepopen) +{ + return fopen(file, "r"); +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + FILE *fp; + + /* Don't waste time fuzzing tiny inputs. */ + if (size < 5) + return 0; + + /* Operate in-memory, do not fclose or it will free() data. */ + fp = fmemopen((void *)data, size, "r"); + if (fp == NULL) + return 0; + + /* Initialize defaults and parse LDIF-format sudoers. */ + init_defaults(); + sudoers_parse_ldif(&parsed_policy, fp, NULL, true); + + return 0; +}