DGNum/libubox
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tests: prefer dynamically allocated buffers

Browse source 
Help detecting Valgrind OOB reads and other issues.

 Conditional jump or move depends on uninitialised value(s)
   at 0x5452886: blobmsg_parse (blobmsg.c:203)
   by 0x400A8E: test_blobmsg (tests/test-blobmsg-parse.c:66)
   by 0x400A8E: main (tests/test-blobmsg-parse.c:82)

 Conditional jump or move depends on uninitialised value(s)
   at 0x545247F: blobmsg_check_name (blobmsg.c:39)
   by 0x545247F: blobmsg_check_attr_len (blobmsg.c:79)
   by 0x5452710: blobmsg_parse_array (blobmsg.c:159)
   by 0x400AB8: test_blobmsg (tests/test-blobmsg-parse.c:69)
   by 0x400AB8: main (tests/test-blobmsg-parse.c:82)

 Conditional jump or move depends on uninitialised value(s)
   at 0x54524A0: blobmsg_check_name (blobmsg.c:42)
   by 0x54524A0: blobmsg_check_attr_len (blobmsg.c:79)
   by 0x5452710: blobmsg_parse_array (blobmsg.c:159)
   by 0x400AB8: test_blobmsg (tests/test-blobmsg-parse.c:69)
   by 0x400AB8: main (tests/test-blobmsg-parse.c:82)

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021204.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
Petr Štetiar 2020-01-18 18:32:55 +01:00
parent 1ffa415353
commit 5c0faaf4f5
5 changed files with 55 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
tests/fuzz/test-fuzz.c
View file

@ -91,10 +91,18 @@ static void fuzz_blob_parse(const uint8_t *data, size_t size)
blob_parse_untrusted(buf, size, foo, foo_policy, __FOO_ATTR_MAX); blob_parse_untrusted(buf, size, foo, foo_policy, __FOO_ATTR_MAX);
} }
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) int LLVMFuzzerTestOneInput(const uint8_t *input, size_t size)
{ {
uint8_t *data;
data = malloc(size);
if (!data)
return -1;
memcpy(data, input, size);
fuzz_blob_parse(data, size); fuzz_blob_parse(data, size);
fuzz_blobmsg_parse(data, size); fuzz_blobmsg_parse(data, size);
free(data);
return 0; return 0;
} }

13
tests/test-b64.c
View file

@ -1,20 +1,25 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <stdlib.h>
#include "utils.h" #include "utils.h"
#define BUF_LEN 255
static void test_b64_encode(const char *src) static void test_b64_encode(const char *src)
{ {
char dst[255] = {0}; char *dst = malloc(BUF_LEN+1);
int r = b64_encode(src, strlen(src), dst, sizeof(dst)); int r = b64_encode(src, strlen(src), dst, BUF_LEN);
fprintf(stdout, "%d %s\n", r, dst); fprintf(stdout, "%d %s\n", r, dst);
free(dst);
} }
static void test_b64_decode(const char *src) static void test_b64_decode(const char *src)
{ {
char dst[255] = {0}; char *dst = malloc(BUF_LEN+1);
int r = b64_decode(src, dst, sizeof(dst)); int r = b64_decode(src, dst, BUF_LEN);
fprintf(stdout, "%d %s\n", r, dst); fprintf(stdout, "%d %s\n", r, dst);
free(dst);
} }
int main() int main()

17
tests/test-blob-parse.c
View file

@ -68,7 +68,7 @@ static int cert_load(const char *certfile, struct list_head *chain)
struct blob_attr *certtb[CERT_ATTR_MAX]; struct blob_attr *certtb[CERT_ATTR_MAX];
struct blob_attr *bufpt; struct blob_attr *bufpt;
struct cert_object *cobj; struct cert_object *cobj;
char filebuf[CERT_BUF_LEN]; char *filebuf = NULL;
int ret = 0, pret = 0; int ret = 0, pret = 0;
size_t len, pos = 0; size_t len, pos = 0;
@ -76,14 +76,22 @@ static int cert_load(const char *certfile, struct list_head *chain)
if (!f) if (!f)
return 1; return 1;
len = fread(&filebuf, 1, CERT_BUF_LEN - 1, f); filebuf = malloc(CERT_BUF_LEN+1);
if (len < 64) if (!filebuf)
return 1; return 1;
len = fread(filebuf, 1, CERT_BUF_LEN, f);
if (len < 64) {
free(filebuf);
return 1;
}
ret = ferror(f) || !feof(f); ret = ferror(f) || !feof(f);
fclose(f); fclose(f);
if (ret) if (ret) {
free(filebuf);
return 1; return 1;
}
bufpt = (struct blob_attr *)filebuf; bufpt = (struct blob_attr *)filebuf;
do { do {
@ -112,6 +120,7 @@ static int cert_load(const char *certfile, struct list_head *chain)
/* repeat parsing while there is still enough remaining data in buffer */ /* repeat parsing while there is still enough remaining data in buffer */
} while(len > pos + sizeof(struct blob_attr) && (bufpt = blob_next(bufpt))); } while(len > pos + sizeof(struct blob_attr) && (bufpt = blob_next(bufpt)));
free(filebuf);
return (ret <= 0); return (ret <= 0);
} }

14
tests/test-blobmsg-parse.c
View file

@ -40,18 +40,22 @@ static void test_blobmsg(const char *filename)
{ {
#define BUF_LEN 256 #define BUF_LEN 256
int r = 0; int r = 0;
FILE *fd = NULL;
size_t len = 0; size_t len = 0;
char buf[BUF_LEN+1] = { 0 }; FILE *fd = NULL;
char *buf = NULL;
struct blob_attr *tb[__FOO_MAX]; struct blob_attr *tb[__FOO_MAX];
fd = fopen(filename, "r"); fd = fopen(filename, "r");
if (!fd) { if (!fd) {
fprintf(stderr, "unable to open %s", filename); fprintf(stderr, "unable to open %s\n", filename);
return; return;
} }
len = fread(&buf, 1, BUF_LEN, fd); buf = malloc(BUF_LEN+1);
if (!buf)
return;
len = fread(buf, 1, BUF_LEN, fd);
fclose(fd); fclose(fd);
r = blobmsg_parse(foo_policy, ARRAY_SIZE(foo_policy), tb, buf, len); r = blobmsg_parse(foo_policy, ARRAY_SIZE(foo_policy), tb, buf, len);
@ -59,6 +63,8 @@ static void test_blobmsg(const char *filename)
r = blobmsg_parse_array(foo_policy, ARRAY_SIZE(foo_policy), tb, buf, len); r = blobmsg_parse_array(foo_policy, ARRAY_SIZE(foo_policy), tb, buf, len);
dump_result("blobmsg_parse_array", r, filename, tb); dump_result("blobmsg_parse_array", r, filename, tb);
free(buf);
} }
int main(int argc, char *argv[]) int main(int argc, char *argv[])

22
tests/test-blobmsg-procd-instance.c
View file

@ -63,9 +63,9 @@ static void test_blobmsg_procd_instance(const char *filename)
{ {
#define BUF_LEN 2048 #define BUF_LEN 2048
int r = 0; int r = 0;
FILE *fd = NULL;
size_t len = 0; size_t len = 0;
char buf[BUF_LEN+1] = { 0 }; FILE *fd = NULL;
char *buf = NULL;
struct blob_attr *tb[__INSTANCE_ATTR_MAX]; struct blob_attr *tb[__INSTANCE_ATTR_MAX];
const char *fname = basename((char *) filename); const char *fname = basename((char *) filename);
@ -75,26 +75,32 @@ static void test_blobmsg_procd_instance(const char *filename)
return; return;
} }
len = fread(&buf, 1, BUF_LEN, fd); buf = malloc(BUF_LEN+1);
if (!buf)
return;
len = fread(buf, 1, BUF_LEN, fd);
fclose(fd); fclose(fd);
r = blobmsg_parse(instance_attr, __INSTANCE_ATTR_MAX, tb, buf, len); r = blobmsg_parse(instance_attr, __INSTANCE_ATTR_MAX, tb, buf, len);
if (r) if (r)
return; goto out;
if (!tb[INSTANCE_ATTR_COMMAND] || !tb[INSTANCE_ATTR_NICE] || !tb[INSTANCE_ATTR_STDERR]) if (!tb[INSTANCE_ATTR_COMMAND] || !tb[INSTANCE_ATTR_NICE] || !tb[INSTANCE_ATTR_STDERR])
return; goto out;
if (!blobmsg_check_attr_list(tb[INSTANCE_ATTR_COMMAND], BLOBMSG_TYPE_STRING)) if (!blobmsg_check_attr_list(tb[INSTANCE_ATTR_COMMAND], BLOBMSG_TYPE_STRING))
return; goto out;
if (blobmsg_get_u32(tb[INSTANCE_ATTR_NICE]) != 19) if (blobmsg_get_u32(tb[INSTANCE_ATTR_NICE]) != 19)
return; goto out;
if (!blobmsg_get_bool(tb[INSTANCE_ATTR_STDERR])) if (!blobmsg_get_bool(tb[INSTANCE_ATTR_STDERR]))
return; goto out;
fprintf(stderr, "%s: OK\n", fname); fprintf(stderr, "%s: OK\n", fname);
out:
free(buf);
} }
int main(int argc, char *argv[]) int main(int argc, char *argv[])