diff options
author | Fabian Henneke <fabian@henneke.me> | 2019-08-21 11:17:59 +0200 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2019-09-07 02:23:58 +0900 |
commit | d45ee2f31a8358db0accde2e7c81777cedadc3c2 (patch) | |
tree | 244ca5d8ff1146aa03ab1029b8ba52983ec38be7 /src/fuzz | |
parent | 1e19f5ac0d680a63eccae7ef1fc6ce225dca0bbf (diff) | |
download | systemd-d45ee2f31a8358db0accde2e7c81777cedadc3c2.tar.gz |
udev: Add id program and rule for FIDO security tokens
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.
This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.
Fixes: #11996.
Diffstat (limited to 'src/fuzz')
-rw-r--r-- | src/fuzz/fuzz-fido-id-desc.c | 23 | ||||
-rw-r--r-- | src/fuzz/fuzz-fido-id-desc.dict | 6 | ||||
-rw-r--r-- | src/fuzz/meson.build | 5 |
3 files changed, 34 insertions, 0 deletions
diff --git a/src/fuzz/fuzz-fido-id-desc.c b/src/fuzz/fuzz-fido-id-desc.c new file mode 100644 index 0000000000..cf98dee044 --- /dev/null +++ b/src/fuzz/fuzz-fido-id-desc.c @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#include <linux/hid.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdlib.h> + +#include "fido_id/fido_id_desc.h" +#include "fuzz.h" +#include "log.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + /* We don't want to fill the logs with messages about parse errors. + * Disable most logging if not running standalone */ + if (!getenv("SYSTEMD_LOG_LEVEL")) + log_set_max_level(LOG_CRIT); + + if (size > HID_MAX_DESCRIPTOR_SIZE) + return 0; + (void) is_fido_security_token_desc(data, size); + + return 0; +} diff --git a/src/fuzz/fuzz-fido-id-desc.dict b/src/fuzz/fuzz-fido-id-desc.dict new file mode 100644 index 0000000000..d2d2679e18 --- /dev/null +++ b/src/fuzz/fuzz-fido-id-desc.dict @@ -0,0 +1,6 @@ +"\xfe" +"\x00" +"\x01" +"\xf1" +"\xd0" +"\xf1\xd0\x00\x01" diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build index c88812d1de..96496ff4ed 100644 --- a/src/fuzz/meson.build +++ b/src/fuzz/meson.build @@ -146,4 +146,9 @@ fuzzers += [ [['src/fuzz/fuzz-time-util.c'], [libshared], []], + + [['src/fuzz/fuzz-fido-id-desc.c', + 'src/udev/fido_id/fido_id_desc.c'], + [], + []] ] |