diff options
author | Tim Rühsen <tim.ruehsen@gmx.de> | 2019-02-19 15:50:31 +0100 |
---|---|---|
committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2019-02-19 15:50:34 +0100 |
commit | 07f9fbd0b3ee903b7779688948a534db43ca28a2 (patch) | |
tree | 1c09045fdce0e4838cdb03aa4130135367e38161 /fuzz | |
parent | 74866d9ea06bb0a5103f20b1238907445983a930 (diff) | |
download | wget-07f9fbd0b3ee903b7779688948a534db43ca28a2.tar.gz |
Fix STDERR closing/restoring in fuzzers
* fuzz/fuzzer.h: Add CLOSE_STDERR and RESTORE_STDERR
* fuzz/wget_*_fuzzer.c: Use CLOSE_STDERR and RESTORE_STDERR
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/fuzzer.h | 10 | ||||
-rw-r--r-- | fuzz/wget_cookie_fuzzer.c | 11 | ||||
-rw-r--r-- | fuzz/wget_css_fuzzer.c | 6 | ||||
-rw-r--r-- | fuzz/wget_ftpls_fuzzer.c | 8 | ||||
-rw-r--r-- | fuzz/wget_html_fuzzer.c | 7 | ||||
-rw-r--r-- | fuzz/wget_netrc_fuzzer.c | 10 | ||||
-rw-r--r-- | fuzz/wget_options_fuzzer.c | 6 | ||||
-rw-r--r-- | fuzz/wget_robots_fuzzer.c | 7 | ||||
-rw-r--r-- | fuzz/wget_url_fuzzer.c | 9 |
9 files changed, 35 insertions, 39 deletions
diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h index fd5e3b1a..e09668b1 100644 --- a/fuzz/fuzzer.h +++ b/fuzz/fuzzer.h @@ -20,6 +20,16 @@ #include <stddef.h> // size_t #include <stdint.h> // uint8_t +#define CLOSE_STDERR \ + int bak = dup(STDERR_FILENO); \ + int fd = open("/dev/null", O_WRONLY); \ + dup2(fd, STDERR_FILENO); \ + close(fd); + +#define RESTORE_STDERR \ + dup2(bak, STDERR_FILENO); \ + close(bak); + #ifdef __cplusplus extern "C" #endif diff --git a/fuzz/wget_cookie_fuzzer.c b/fuzz/wget_cookie_fuzzer.c index bd6e3b2b..9ff691b6 100644 --- a/fuzz/wget_cookie_fuzzer.c +++ b/fuzz/wget_cookie_fuzzer.c @@ -25,6 +25,8 @@ #include <stdio.h> // fmemopen #include <string.h> // strncmp #include <stdlib.h> // free +#include <fcntl.h> // open flags +#include <unistd.h> // close #include "wget.h" #undef fopen_wgetrc @@ -68,7 +70,6 @@ void exit(int status) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FILE *bak; struct cookie_jar *cookie_jar; char *set_cookie; @@ -79,8 +80,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) memcpy(set_cookie, data, size); set_cookie[size] = 0; - bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR cookie_jar = cookie_jar_new(); cookie_handle_set_cookie(cookie_jar, "x", 81, "p", set_cookie); @@ -88,10 +88,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) cookie_handle_set_cookie(cookie_jar, "x", 80, "p/d/", set_cookie); cookie_jar_delete(cookie_jar); - fclose(stderr); - stderr = bak; + RESTORE_STDERR - free(set_cookie); + free(set_cookie); return 0; } diff --git a/fuzz/wget_css_fuzzer.c b/fuzz/wget_css_fuzzer.c index 7ad2cf16..794e0135 100644 --- a/fuzz/wget_css_fuzzer.c +++ b/fuzz/wget_css_fuzzer.c @@ -91,8 +91,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) .document_file = NULL, }; - FILE *bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR if (setjmp(jmpbuf)) goto done; @@ -102,8 +101,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) free((void *) ctx.parent_base); done: - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } diff --git a/fuzz/wget_ftpls_fuzzer.c b/fuzz/wget_ftpls_fuzzer.c index cbdce5f5..bdc0d274 100644 --- a/fuzz/wget_ftpls_fuzzer.c +++ b/fuzz/wget_ftpls_fuzzer.c @@ -71,14 +71,13 @@ void exit(int status) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FILE *fp, *bak; + FILE *fp; struct fileinfo *fi; if (size > 4096) // same as max_len = ... in .options file return 0; - bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR fp = fmemopen((void *) data, size, "r"); if (!fp) return 0; @@ -100,8 +99,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) fclose(fp); - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } diff --git a/fuzz/wget_html_fuzzer.c b/fuzz/wget_html_fuzzer.c index 7ce34a25..70162b1b 100644 --- a/fuzz/wget_html_fuzzer.c +++ b/fuzz/wget_html_fuzzer.c @@ -82,13 +82,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct urlpos *urls; struct file_memory fm; - FILE *bak; if (size > 4096) // same as max_len = ... in .options file return 0; - bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR fm.content = (char *) data; fm.length = size; @@ -97,8 +95,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) urls = get_urls_html_fm("xxx", &fm, "https://x.y", NULL, NULL); free_urlpos(urls); - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } diff --git a/fuzz/wget_netrc_fuzzer.c b/fuzz/wget_netrc_fuzzer.c index 35d627f5..20f6c32f 100644 --- a/fuzz/wget_netrc_fuzzer.c +++ b/fuzz/wget_netrc_fuzzer.c @@ -25,6 +25,8 @@ #include <string.h> // strncmp #include <stdlib.h> // free #include <setjmp.h> // longjmp, setjmp +#include <fcntl.h> // open flags +#include <unistd.h> // close #include "wget.h" #undef fopen_wgetrc @@ -68,15 +70,14 @@ void exit(int status) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FILE *fp, *bak; + FILE *fp; struct fileinfo *fi; const char *user = NULL, *pw = NULL; if (size > 4096) // same as max_len = ... in .options file return 0; - bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR fp = fmemopen((void *) data, size, "r"); if (!fp) return 0; @@ -93,8 +94,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) fclose(fp); - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } diff --git a/fuzz/wget_options_fuzzer.c b/fuzz/wget_options_fuzzer.c index 586f1308..d3063701 100644 --- a/fuzz/wget_options_fuzzer.c +++ b/fuzz/wget_options_fuzzer.c @@ -83,8 +83,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) g_data = data; g_size = size; - FILE *bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR if (setjmp(jmpbuf)) goto done; @@ -94,8 +93,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) done: cleanup(); - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } diff --git a/fuzz/wget_robots_fuzzer.c b/fuzz/wget_robots_fuzzer.c index f3e4c27c..bd8100a9 100644 --- a/fuzz/wget_robots_fuzzer.c +++ b/fuzz/wget_robots_fuzzer.c @@ -71,14 +71,12 @@ void exit(int status) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FILE *fp, *bak; struct robot_specs *specs; if (size > 4096) // same as max_len = ... in .options file return 0; - bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR specs = res_parse((char *) data, (int) size); if (!specs) @@ -90,8 +88,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) res_cleanup(); - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } diff --git a/fuzz/wget_url_fuzzer.c b/fuzz/wget_url_fuzzer.c index d6df7495..1163f21a 100644 --- a/fuzz/wget_url_fuzzer.c +++ b/fuzz/wget_url_fuzzer.c @@ -25,6 +25,8 @@ #include <string.h> // strncmp #include <stdlib.h> // free #include <unistd.h> // close +#include <fcntl.h> // open flags +#include <unistd.h> // close #include "wget.h" #undef fopen_wgetrc @@ -68,7 +70,6 @@ void exit(int status) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FILE *bak; struct url *url; struct iri iri; char *in; @@ -76,8 +77,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (size > 4096) // same as max_len = ... in .options file return 0; - bak = stderr; - stderr = fopen("/dev/null", "w"); + CLOSE_STDERR in = (char *) malloc(size + 1); memcpy(in, data, size); @@ -103,8 +103,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) free(iri.orig_url); free(in); - fclose(stderr); - stderr = bak; + RESTORE_STDERR return 0; } |