1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <string.h>
#include "bootspec.h"
#include "env-util.h"
#include "escape.h"
#include "fuzz.h"
#include "fd-util.h"
#include "json.h"
static int json_dispatch_config(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
BootConfig *config = ASSERT_PTR(userdata);
const char *s = json_variant_string(variant);
if (!s)
return -EINVAL;
_cleanup_fclose_ FILE *f = NULL;
assert_se(f = data_to_file((const uint8_t*) s, strlen(s)));
(void) boot_loader_read_conf(config, f, "memstream");
return 0;
}
static int json_dispatch_entries(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
BootConfig *config = ASSERT_PTR(userdata);
JsonVariant *entry;
JSON_VARIANT_ARRAY_FOREACH(entry, variant) {
if (!json_variant_is_array(entry) ||
json_variant_elements(entry) < 1)
return -EINVAL;
JsonVariant *v;
const char *id = NULL, *raw = NULL;
_cleanup_free_ char *data = NULL;
ssize_t len = -ENODATA;
v = json_variant_by_index(entry, 0);
if (v)
id = json_variant_string(v);
if (!id)
continue;
v = json_variant_by_index(entry, 1);
if (v)
raw = json_variant_string(v);
if (raw)
len = cunescape(raw, UNESCAPE_RELAX | UNESCAPE_ACCEPT_NUL, &data);
if (len >= 0) {
_cleanup_fclose_ FILE *f = NULL;
assert_se(f = data_to_file((const uint8_t*) data, len));
assert_se(boot_config_load_type1(config, f, "/", "/entries", id) != -ENOMEM);
}
}
return 0;
}
static int json_dispatch_loader(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
BootConfig *config = ASSERT_PTR(userdata);
_cleanup_strv_free_ char **entries = NULL;
int r;
r = json_dispatch_strv(name, variant, flags, &entries);
if (r < 0)
return r;
(void) boot_config_augment_from_loader(config, entries, false);
return 0;
}
static const JsonDispatch data_dispatch[] = {
{ "config", JSON_VARIANT_STRING, json_dispatch_config, 0, 0 },
{ "entries", JSON_VARIANT_ARRAY, json_dispatch_entries, 0, 0 },
{ "loader", JSON_VARIANT_ARRAY, json_dispatch_loader, 0, 0 },
{}
};
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_free_ const char *datadup = NULL;
_cleanup_(boot_config_free) BootConfig config = BOOT_CONFIG_NULL;
int r;
if (outside_size_range(size, 0, 65536))
return 0;
fuzz_setup_logging();
assert_se(datadup = memdup_suffix0(data, size));
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
r = json_parse(datadup, 0, &v, NULL, NULL);
if (r < 0)
return 0;
r = json_dispatch(v, data_dispatch, 0, &config);
if (r < 0)
return 0;
assert_se(boot_config_finalize(&config) >= 0);
(void) boot_config_select_special_entries(&config, /* skip_efivars= */ false);
_cleanup_close_ int orig_stdout_fd = -EBADF;
if (getenv_bool("SYSTEMD_FUZZ_OUTPUT") <= 0) {
orig_stdout_fd = fcntl(fileno(stdout), F_DUPFD_CLOEXEC, 3);
if (orig_stdout_fd < 0)
log_warning_errno(orig_stdout_fd, "Failed to duplicate fd 1: %m");
else
assert_se(freopen("/dev/null", "w", stdout));
}
(void) show_boot_entries(&config, JSON_FORMAT_OFF);
(void) show_boot_entries(&config, JSON_FORMAT_PRETTY);
if (orig_stdout_fd >= 0)
assert_se(freopen(FORMAT_PROC_FD_PATH(orig_stdout_fd), "w", stdout));
return 0;
}
|
