summaryrefslogtreecommitdiffstats
path: root/tests/lib/fuzz_zlog.c
blob: d308f8eb2f7e3b561dc895031eb123bddb75be83 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * zlog fuzzer target.
 */

#include <zebra.h>

#include "log.h"
#include "zlog_5424.h"
#include "command.h"

struct input_opts {
	uint16_t out1_debug;
	uint16_t out2_debug;
	uint16_t out3_warn;
	uint8_t fmt;
	uint8_t dst;
};

static char buffer[65536];

int main(int argc, char **argv)
{
	struct input_opts io;
	int fd;
	int pair[2] = {-1, -1};

	if (read(0, &io, sizeof(io)) != sizeof(io))
		return 1;
	if (io.fmt > ZLOG_FMT_LAST)
		return 1;

	switch (io.dst) {
	case 0:
		fd = 1;
		break;
	case 1:
		socketpair(AF_UNIX, SOCK_STREAM, 0, pair);
		fd = pair[0];
		break;
	case 2:
		socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair);
		fd = pair[0];
		break;
	case 3:
		socketpair(AF_UNIX, SOCK_DGRAM, 0, pair);
		fd = pair[0];
		break;
	default:
		return 1;
	}

	pid_t child = -1;

	if (pair[1] != -1) {
		child = fork();

		if (child == 0) {
			char buf[4096];

			close(pair[0]);

			while (read(pair[1], buf, sizeof(buf)) > 0)
				;
			exit(0);
		} else if (child == -1) {
			perror("fork");
			return 1;
		}
		close(pair[1]);
	}

	for (size_t i = 0; i < sizeof(buffer); i++)
		buffer[i] = (i | 0x20) & 0x7f;

	zlog_aux_init("FUZZBALL: ", LOG_DEBUG);
	zlog_tls_buffer_init();

	struct zlog_cfg_5424 cfg[1] = {};

	zlog_5424_init(cfg);

	cfg->facility = LOG_DAEMON;
	cfg->prio_min = LOG_DEBUG;
	cfg->kw_version = true;
	cfg->kw_location = true;
	cfg->kw_uid = true;
	cfg->kw_ec = true;
	cfg->kw_args = true;

	cfg->ts_flags = 9;
	cfg->fmt = io.fmt;
	cfg->dst = ZLOG_5424_DST_FD;
	cfg->fd = fd;

	cmd_hostname_set("TEST");
	cfg->master = event_master_create("TEST");

	zlog_5424_apply_dst(cfg);

	zlog_debug("test #1 %.*s", (int)io.out1_debug, buffer);
	zlog_debug("test #2 %.*s", (int)io.out2_debug, buffer);
	zlog_warn("test #1 %.*s", (int)io.out3_warn, buffer);

	zlog_tls_buffer_flush();
	zlog_tls_buffer_fini();

	/* AFL++ seems to do some weird stuff with its fuzzing target, make
	 * sure the fork() child is zapped here rather than creating hordes
	 * of it.
	 */
	close(fd);
	if (child != -1)
		kill(child, SIGTERM);

	return 0;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 20:40:20 +0000