[ovs-git] [openvswitch/ovs] 937cdd: ossfuzz: Bug fix in odp and expr parse targets

GitHub noreply at github.com
Wed Oct 10 18:36:36 UTC 2018 

  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 937cdd85c8280c17dbf61bf80bb5588ac24d53a1
      https://github.com/openvswitch/ovs/commit/937cdd85c8280c17dbf61bf80bb5588ac24d53a1
  Author: Bhargava Shastry <bshastry at sect.tu-berlin.de>
  Date:   2018-10-10 (Wed, 10 Oct 2018)

  Changed paths:
    M tests/oss-fuzz/expr_parse_target.c
    M tests/oss-fuzz/odp_target.c

  Log Message:
  -----------
  ossfuzz: Bug fix in odp and expr parse targets

This patch fixes a bug in the following test harnesses
 - odp_target.c
 - expr_parse_target.c

The bug is as follows:

We expect the fuzzed input to be a C string that does not contain a new
line character. This is because, the test code in OvS is built on
expecting string to not have a newline character (see for instance,
calls to ds_get_line() in test-odp.c etc.).

The way we ensure fuzzed data is such a C string is as follows:
  - Check size > 1 AND
  - Check data[size - 1] is '\0' (NUL termination) AND
  - Check that there is no '\n' in the C string that starts at data

The third check is implemented using strchr. Our earlier logic was that,
were the C string to contain '\n', strchr would have a non-zero return
that can then be used to bail out early.

The problem with this logic is that it does not consider the corner case
when data actually points to two or more C strings, like so:
\x01\x00\x0a\0x00

For this data sequence, strchr correctly returns "there is no newline
character" (in the first C string that is part of the sequence).

But the data that is eventually passed to the fuzzed API
is the entire sequence of strings that may contain a new line in
between.

This patch fixes the bug by adding an additional check:
  - Check length of C string pointed to by data is actually equal to one
less than (due to NUL termination) size.

This ensures that we are passing one and only one C string not
containing new line character to the fuzzed APIs.

Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>
Signed-off-by: Ben Pfaff <blp at ovn.org>



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the git mailing list