From d2901f4121e5490f9d1128458a8e229f4870b3cd Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 3 Feb 2021 07:41:20 -0700 Subject: [PATCH] Add fuzzer for legacy I/O log info file. --- MANIFEST | 1 + include/sudo_iolog.h | 1 + lib/iolog/iolog_util.c | 2 +- lib/iolog/regress/fuzz/fuzz_iolog_legacy.c | 58 ++++++++++++++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 lib/iolog/regress/fuzz/fuzz_iolog_legacy.c diff --git a/MANIFEST b/MANIFEST index d5bce7ca2..cf681a92d 100644 --- a/MANIFEST +++ b/MANIFEST @@ -117,6 +117,7 @@ lib/iolog/iolog_json.h lib/iolog/iolog_path.c lib/iolog/iolog_util.c lib/iolog/regress/fuzz/fuzz_iolog_json.c +lib/iolog/regress/fuzz/fuzz_iolog_legacy.c lib/iolog/regress/host_port/host_port_test.c lib/iolog/regress/iolog_json/check_iolog_json.c lib/iolog/regress/iolog_json/test1.in diff --git a/include/sudo_iolog.h b/include/sudo_iolog.h index cbcd227e9..1be82220f 100644 --- a/include/sudo_iolog.h +++ b/include/sudo_iolog.h @@ -101,6 +101,7 @@ char *iolog_parse_delay(const char *cp, struct timespec *delay, const char *deci int iolog_read_timing_record(struct iolog_file *iol, struct timing_closure *timing); struct eventlog *iolog_parse_loginfo(int dfd, const char *iolog_dir); bool iolog_parse_loginfo_json(FILE *fp, const char *iolog_dir, struct eventlog *evlog); +bool iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir, struct eventlog *evlog); void iolog_adjust_delay(struct timespec *delay, struct timespec *max_delay, double scale_factor); /* iolog_fileio.c */ diff --git a/lib/iolog/iolog_util.c b/lib/iolog/iolog_util.c index 7af33d9e6..30ccc9a3a 100644 --- a/lib/iolog/iolog_util.c +++ b/lib/iolog/iolog_util.c @@ -49,7 +49,7 @@ static int timing_event_adj; -static bool +bool iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir, struct eventlog *evlog) { diff --git a/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c b/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c new file mode 100644 index 000000000..827cc3144 --- /dev/null +++ b/lib/iolog/regress/fuzz/fuzz_iolog_legacy.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2021 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct eventlog *evlog = NULL; + FILE *fp; + + /* Operate in-memory. */ + fp = fmemopen((void *)data, size, "r"); + if (fp == NULL) + return 0; + + /* Parsed contents of an I/O log info file are stored in evlog. */ + evlog = calloc(1, sizeof(*evlog)); + if (evlog != NULL) { + evlog->runuid = (uid_t)-1; + evlog->rungid = (gid_t)-1; + + /* Try to parse buffer as a legacy-format I/O log info file. */ + iolog_parse_loginfo_legacy(fp, "fuzz.legacy", evlog); + eventlog_free(evlog); + } + fclose(fp); + + return 0; +}