Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code cleanup & rest of the "systemd-dfuzzer" patches #24

Merged
merged 13 commits into from
Apr 24, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,22 @@ jobs:

- name: Test
run: |
set -ex
# Test as an unprivileged user (short options)
dfuzzer -v -n org.freedesktop.systemd1
# Test as root (long options + duplicate options)
sudo dfuzzer --verbose --bus this.should.be.ignored --bus org.freedesktop.systemd1
# Test logdir
mkdir dfuzzer-logs
dfuzzer --log-dir dfuzzer-logs -v -n org.freedesktop.systemd1
# Test a non-existent bus
if sudo dfuzzer --log-dir "" --bus this.should.not.exist; then false; fi
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW I'm not sure --log-dir should accept empty strings. When dfuzzer is run as root it seems to pollute the root directory for no apparent reason. It has always worked this way though as far as I understand so it can be addressed later.

I'll go ahead and merge the PR. Once it lands I'll send dfuzzer to coverity. Controversial patches can always be reverted/revisited I think.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once it lands I'll send dfuzzer to coverity

I've just opened https://github.com/matusmarhefka/dfuzzer/issues/27

# Test object & interface options
dfuzzer -v --bus org.freedesktop.systemd1 --object / --interface org.freedesktop.DBus.Peer
sudo dfuzzer -v --bus org.freedesktop.systemd1 --object / --interface org.freedesktop.DBus.Peer
# - duplicate object/interface paths
dfuzzer -v --bus org.freedesktop.systemd1 --object xxx --object yyy --object / --interface org.freedesktop.DBus.Peer
dfuzzer -v --bus org.freedesktop.systemd1 --object xxx --object yyy --object / --interface zzz --interface org.freedesktop.DBus.Peer
# - test error paths
if dfuzzer -v --bus org.freedesktop.systemd1 --object aaa; then false; fi
if dfuzzer -v --bus org.freedesktop.systemd1 --interface aaa; then false; fi
5 changes: 3 additions & 2 deletions src/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@
#==============================================================================

CC ?= gcc
CFLAGS += -Wall -w -O2 -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 `pkg-config --cflags --libs gio-2.0 libffi` -g
OBJ = dfuzzer.o introspection.o fuzz.o rand.o
# See: https://www.gnu.org/software/make/manual/make.html#Override-Directive
override CFLAGS += -Wall -Wno-unused-parameter -O2 -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 `pkg-config --cflags --libs gio-2.0 libffi` -g
OBJ = dfuzzer.o introspection.o fuzz.o rand.o util.o
TARGET = dfuzzer
all: dfuzzer
.PHONY: doc man clean install
Expand Down
789 changes: 309 additions & 480 deletions src/dfuzzer.c

Large diffs are not rendered by default.

64 changes: 16 additions & 48 deletions src/dfuzzer.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,19 +37,16 @@
/** Maximum length of strings containing D-Bus name, interface and object path */
#define MAXLEN 256

static inline int isempty(const char *s) {
return !s || s[0] == '\0';
}

/* Returns the number of chars needed to format variables of the
* specified type as a decimal string. Adds in extra space for a
* negative '-' prefix (hence works correctly on signed
* types). Includes space for the trailing NUL. */
#define DECIMAL_STR_MAX(type) \
(2U+(sizeof(type) <= 1 ? 3U : \
sizeof(type) <= 2 ? 5U : \
sizeof(type) <= 4 ? 10U : \
sizeof(type) <= 8 ? 20U : sizeof(int[-2*(sizeof(type) > 8)])))
#define DF_BUS_ROOT_NODE "/"

enum {
DF_BUS_OK = 0,
DF_BUS_SKIP,
DF_BUS_NO_PID,
DF_BUS_WARNING,
DF_BUS_FAIL,
DF_BUS_ERROR
};

/** Structure containing D-Bus name, object path and interface of process. */
struct fuzzing_target {
Expand All @@ -62,44 +59,15 @@ struct fuzzing_target {
char *interface;
};

#define ANSI_RED "\x1B[0;31m"
#define ANSI_GREEN "\x1B[0;32m"
#define ANSI_YELLOW "\x1B[0;33m"
#define ANSI_BLUE "\x1B[0;34m"
#define ANSI_MAGENTA "\x1B[0;35m"
#define ANSI_CYAN "\x1B[0;36m"

#define ANSI_NORMAL "\x1B[0m"
#define ANSI_BOLD "\x1B[1m"

#define ANSI_CR "\r"

static inline int df_isatty(void) {
return isatty(STDOUT_FILENO) && isatty(STDERR_FILENO);
}

#define DEFINE_ANSI_FUNC(name, NAME) \
static inline const char *ansi_##name(void) { \
return df_isatty() ? ANSI_##NAME : ""; \
}

DEFINE_ANSI_FUNC(red, RED);
DEFINE_ANSI_FUNC(green, GREEN);
DEFINE_ANSI_FUNC(yellow, YELLOW);
DEFINE_ANSI_FUNC(blue, BLUE);
DEFINE_ANSI_FUNC(magenta, MAGENTA);
DEFINE_ANSI_FUNC(cyan, CYAN);
DEFINE_ANSI_FUNC(normal, NORMAL);
DEFINE_ANSI_FUNC(bold, BOLD);
DEFINE_ANSI_FUNC(cr, CR);
int df_process_bus(GBusType bus_type);

/**
* @function Calls method ListNames to get all available connection names
* on the bus and prints them on the program output.
* @param dcon D-Bus connection structure
* @return 0 on success, -1 on error
*/
int df_list_bus_names(const GDBusConnection *dcon);
int df_list_bus_names(GDBusConnection *dcon);

/**
* @function Traverses through all objects of bus name target_proc.name
Expand All @@ -109,7 +77,7 @@ int df_list_bus_names(const GDBusConnection *dcon);
* will be traversed)
* @return 1 when obj. path target_proc.obj_path is found on bus, 0 otherwise
*/
int df_is_object_on_bus(const GDBusConnection *dcon, const char *root_node);
int df_is_object_on_bus(GDBusConnection *dcon, const char *root_node);

/**
* @function Traverses through all interfaces and objects of bus
Expand All @@ -121,7 +89,7 @@ int df_is_object_on_bus(const GDBusConnection *dcon, const char *root_node);
* @return 0 on success, 1 on error, 2 when testing detected any failures
* or warnings, 3 on warnings
*/
int df_traverse_node(const GDBusConnection *dcon, const char *root_node);
int df_traverse_node(GDBusConnection *dcon, const char *root_node);

/**
* @function Controls fuzz testing of all methods of specified interface (intf)
Expand All @@ -133,7 +101,7 @@ int df_traverse_node(const GDBusConnection *dcon, const char *root_node);
* @return 0 on success, 1 on error, 2 when testing detected any failures
* or warnings, 3 on warnings
*/
int df_fuzz(const GDBusConnection *dcon, const char *name, const char *obj, const char *intf);
int df_fuzz(GDBusConnection *dcon, const char *name, const char *obj, const char *intf);

/**
* @function Checks if name is valid D-Bus name, obj is valid
Expand All @@ -158,7 +126,7 @@ int df_open_proc_status_file(const int pid);
* @param dcon D-Bus connection structure
* @return Process PID on success, -1 on error
*/
int df_get_pid(const GDBusConnection *dcon);
int df_get_pid(GDBusConnection *dcon);

/**
* @function Prints process name and package to which process belongs.
Expand Down
Loading