/* * Copyright (c) 2021 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif #include "sudoers.h" /* Required to link with parser. */ struct sudo_user sudo_user; struct passwd *list_pw; FILE * open_sudoers(const char *file, bool doedit, bool *keepopen) { /* * If we allow the fuzzer to choose include paths it will * include random files in the file system. * This leads to bug reports that cannot be reproduced. */ return NULL; } int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FILE *fp; /* Don't waste time fuzzing tiny inputs. */ if (size < 5) return 0; /* Operate in-memory. */ fp = fmemopen((void *)data, size, "r"); if (fp == NULL) return 0; /* Parser needs user_shost for the %h escape in @include expansion. */ user_host = user_shost = "localhost"; /* Initialize defaults and parse sudoers. */ init_defaults(); init_parser("sudoers", false, true); sudoersrestart(fp); sudoersparse(); /* Cleanup. */ init_parser(NULL, false, true); fclose(fp); return 0; } #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION int main(int argc, char *argv[]) { /* Nothing for now. */ return LLVMFuzzerTestOneInput(NULL, 0); } #endif