diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-02-25 10:13:34 -0700 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-02-25 10:13:34 -0700 |
commit | 70760429b2ca25d2b42d58669e9baacefd44529b (patch) | |
tree | 70880d65a6ad1d59267c8585b46537563b737316 /logsrvd | |
parent | e85edf39a217bb2e272081a80b0914d10196c323 (diff) | |
download | sudo-70760429b2ca25d2b42d58669e9baacefd44529b.tar.gz |
fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1().
We want to fuzz our parser, not the libc regular expression code.
Diffstat (limited to 'logsrvd')
-rw-r--r-- | logsrvd/Makefile.in | 2 | ||||
-rw-r--r-- | logsrvd/regress/fuzz/fuzz_logsrvd_conf.c | 21 |
2 files changed, 21 insertions, 2 deletions
diff --git a/logsrvd/Makefile.in b/logsrvd/Makefile.in index e9ac8cbd6..3faa1587b 100644 --- a/logsrvd/Makefile.in +++ b/logsrvd/Makefile.in @@ -251,7 +251,7 @@ check-fuzzer: $(FUZZ_PROGS) unset LANG || LANG=; \ MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \ MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \ - echo "fuzz_logsrvd_conf: verifying corpus (expect 3 errors)"; \ + echo "fuzz_logsrvd_conf: verifying corpus"; \ ./fuzz_logsrvd_conf $(FUZZ_LOGSRVD_CONF_CORPUS); \ fi diff --git a/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c b/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c index a7956bf4a..f4b12f39b 100644 --- a/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c +++ b/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws> + * Copyright (c) 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -22,7 +22,9 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <fcntl.h> +#include <regex.h> #include <time.h> #include <unistd.h> #if defined(HAVE_STDINT_H) @@ -42,6 +44,23 @@ #include "logsrvd.h" +/* + * Stub version that always succeeds for small inputs and fails for large. + * We want to fuzz our parser, not libc's regular expression code. + */ +bool +sudo_regex_compile_v1(void *v, const char *pattern, const char **errstr) +{ + regex_t *preg = v; + + if (strlen(pattern) > 32) + return false; + + /* hopefully avoid regfree() crashes */ + memset(preg, 0, sizeof(*preg)); + return true; +} + static int fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback) |