fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1().

We want to fuzz our parser, not the libc regular expression code.

2 files changed, 21 insertions, 2 deletions

diff --git a/logsrvd/Makefile.in b/logsrvd/Makefile.in
index e9ac8cbd6..3faa1587b 100644
--- a/logsrvd/Makefile.in
+++ b/logsrvd/Makefile.in
@@ -251,7 +251,7 @@ check-fuzzer: $(FUZZ_PROGS)
 	    unset LANG || LANG=; \
 	    MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \
 	    MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \
-	    echo "fuzz_logsrvd_conf: verifying corpus (expect 3 errors)"; \
+	    echo "fuzz_logsrvd_conf: verifying corpus"; \
 	    ./fuzz_logsrvd_conf $(FUZZ_LOGSRVD_CONF_CORPUS); \
 	fi
 
diff --git a/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c b/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
index a7956bf4a..f4b12f39b 100644
--- a/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
+++ b/logsrvd/regress/fuzz/fuzz_logsrvd_conf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -22,7 +22,9 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <fcntl.h>
+#include <regex.h>
 #include <time.h>
 #include <unistd.h>
 #if defined(HAVE_STDINT_H)
@@ -42,6 +44,23 @@
 
 #include "logsrvd.h"
 
+/*
+ * Stub version that always succeeds for small inputs and fails for large.
+ * We want to fuzz our parser, not libc's regular expression code.
+ */
+bool
+sudo_regex_compile_v1(void *v, const char *pattern, const char **errstr)
+{
+    regex_t *preg = v;
+
+    if (strlen(pattern) > 32)
+	return false;
+
+    /* hopefully avoid regfree() crashes */
+    memset(preg, 0, sizeof(*preg));
+    return true;
+}
+
 static int
 fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[],
     struct sudo_conv_reply replies[], struct sudo_conv_callback *callback)