From aec984020cd22ac8a199bcd067047fba50850889 Mon Sep 17 00:00:00 2001

From: Evgeny Vereshchagin <evvers@ya.ru>

Date: Wed, 26 Sep 2018 15:04:26 +0000

Subject: [PATCH] tests: add a fuzzer for sd-ndisc

(cherry picked from commit 0f0a1dad7d69802a7e6c7fc9aba350f0e87c1952)

Resolves: #1696224

---

 src/fuzz/fuzz-ndisc-rs.c | 57 ++++++++++++++++++++++++++++++++++++++++

 src/fuzz/meson.build     | 10 +++++++

 2 files changed, 67 insertions(+)

 create mode 100644 src/fuzz/fuzz-ndisc-rs.c

diff --git a/src/fuzz/fuzz-ndisc-rs.c b/src/fuzz/fuzz-ndisc-rs.c

new file mode 100644

index 0000000000..7f2d8f8649

--- /dev/null

+++ b/src/fuzz/fuzz-ndisc-rs.c

@@ -0,0 +1,57 @@

+/* SPDX-License-Identifier: LGPL-2.1+ */

+

+#include <netinet/icmp6.h>

+#include <arpa/inet.h>

+

+#include "alloc-util.h"

+#include "icmp6-util.h"

+#include "fuzz.h"

+#include "sd-ndisc.h"

+#include "socket-util.h"

+#include "ndisc-internal.h"

+

+static int test_fd[2];

+

+int icmp6_bind_router_solicitation(int index) {

+        assert_se(socketpair(AF_UNIX, SOCK_DGRAM, 0, test_fd) >= 0);

+        return test_fd[0];

+}

+

+int icmp6_bind_router_advertisement(int index) {

+        return -ENOSYS;

+}

+

+int icmp6_receive(int fd, void *iov_base, size_t iov_len,

+                  struct in6_addr *dst, triple_timestamp *timestamp) {

+        assert_se(read(fd, iov_base, iov_len) == (ssize_t) iov_len);

+

+        if (timestamp)

+                triple_timestamp_get(timestamp);

+

+        return 0;

+}

+

+int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr) {

+        return 0;

+}

+

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+        struct ether_addr mac_addr = {

+                .ether_addr_octet = {'A', 'B', 'C', '1', '2', '3'}

+        };

+        _cleanup_(sd_event_unrefp) sd_event *e = NULL;

+        _cleanup_(sd_ndisc_unrefp) sd_ndisc *nd = NULL;

+

+        assert_se(sd_event_new(&e) >= 0);

+        assert_se(sd_ndisc_new(&nd) >= 0);

+        assert_se(sd_ndisc_attach_event(nd, e, 0) >= 0);

+        assert_se(sd_ndisc_set_ifindex(nd, 42) >= 0);

+        assert_se(sd_ndisc_set_mac(nd, &mac_addr) >= 0);

+        assert_se(sd_ndisc_start(nd) >= 0);

+        assert_se(write(test_fd[1], data, size) == (ssize_t) size);

+        (void) sd_event_run(e, (uint64_t) -1);

+        assert_se(sd_ndisc_stop(nd) >= 0);

+        close(test_fd[1]);

+

+        return 0;

+}

diff --git a/src/fuzz/meson.build b/src/fuzz/meson.build

index 5a97ef5091..5c81ac0c5b 100644

--- a/src/fuzz/meson.build

+++ b/src/fuzz/meson.build

@@ -14,6 +14,16 @@ fuzzers += [

           libshared],

          []],

+        [['src/fuzz/fuzz-ndisc-rs.c',

+          'src/libsystemd-network/dhcp-identifier.h',

+          'src/libsystemd-network/dhcp-identifier.c',

+          'src/libsystemd-network/icmp6-util.h',

+          'src/systemd/sd-dhcp6-client.h',

+          'src/systemd/sd-ndisc.h'],

+         [libshared,

+          libsystemd_network],

+         []],

+

         [['src/fuzz/fuzz-unit-file.c'],

          [libcore,

           libshared],