• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <fuzzer/FuzzedDataProvider.h>
18 #include <import_parser.h>
19 #include <rlimit_parser.h>
20 
21 using namespace android;
22 using namespace android::init;
23 
24 const std::vector<std::string> kValidInputs[] = {
25         {"", "cpu", "10", "10"}, {"", "RLIM_CPU", "10", "10"},  {"", "12", "unlimited", "10"},
26         {"", "13", "-1", "10"},  {"", "14", "10", "unlimited"}, {"", "15", "10", "-1"},
27 };
28 
29 const std::string kValidPaths[] = {
30         "/system/etc/init/hw/init.rc",
31         "/system/etc/init",
32 };
33 
34 const int32_t kMaxBytes = 256;
35 
36 class InitParserFuzzer {
37   public:
InitParserFuzzer(const uint8_t * data,size_t size)38     InitParserFuzzer(const uint8_t* data, size_t size) : fdp_(data, size){};
39     void Process();
40 
41   private:
42     void InvokeParser();
43     void InvokeLimitParser();
44 
45     FuzzedDataProvider fdp_;
46 };
47 
InvokeLimitParser()48 void InitParserFuzzer::InvokeLimitParser() {
49     if (fdp_.ConsumeBool()) {
50         std::vector<std::string> input;
51         input.push_back("");
52         input.push_back(fdp_.ConsumeRandomLengthString(kMaxBytes));
53         input.push_back(fdp_.ConsumeRandomLengthString(kMaxBytes));
54         input.push_back(fdp_.ConsumeRandomLengthString(kMaxBytes));
55         ParseRlimit(input);
56     } else {
57         ParseRlimit(fdp_.PickValueInArray(kValidInputs));
58     }
59 }
60 
InvokeParser()61 void InitParserFuzzer::InvokeParser() {
62     Parser parser;
63     std::string name = fdp_.ConsumeBool() ? fdp_.ConsumeRandomLengthString(kMaxBytes) : "import";
64     parser.AddSectionParser(name, std::make_unique<ImportParser>(&parser));
65     std::string path = fdp_.ConsumeBool() ? fdp_.PickValueInArray(kValidPaths)
66                                           : fdp_.ConsumeRandomLengthString(kMaxBytes);
67     parser.ParseConfig(path);
68     parser.ParseConfigFileInsecure(path, false /* follow_symlinks */);
69 }
70 
Process()71 void InitParserFuzzer::Process() {
72     while (fdp_.remaining_bytes()) {
73         auto invoke_parser_fuzzer = fdp_.PickValueInArray<const std::function<void()>>({
74                 [&]() { InvokeParser(); },
75                 [&]() { InvokeLimitParser(); },
76         });
77         invoke_parser_fuzzer();
78     }
79 }
80 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)81 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
82     InitParserFuzzer init_parser_fuzzer(data, size);
83     init_parser_fuzzer.Process();
84     return 0;
85 }
86