diff options
author | lhchavez <lhchavez@lhchavez.com> | 2017-09-01 04:17:41 +0000 |
---|---|---|
committer | Treehugger Robot <treehugger-gerrit@google.com> | 2017-09-01 21:28:49 +0000 |
commit | d0b40703c240612db7648a971af72dc67b3ae78e (patch) | |
tree | 4b60f2b3e01c61276b55337102172d3fc33bb42f /syscall_filter_unittest.cc | |
parent | 6c8d820e761cb17e189eb7b33b9497ca2ff5aaa3 (diff) | |
download | minijail-d0b40703c240612db7648a971af72dc67b3ae78e.tar.gz |
afl-fuzz: Fix crash with policy line without ':'
This crash was found by running afl-fuzz. Policy lines without a ':'
were causing strsep(3) to place a NULL in |policy_line|, which was then
being dereferenced.
Bug: None
Test: make tests
Change-Id: I6228a3e4688d4e8641714ec9d10f8cd144dcb5c1
Diffstat (limited to 'syscall_filter_unittest.cc')
-rw-r--r-- | syscall_filter_unittest.cc | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc index 12389f8..776f7db 100644 --- a/syscall_filter_unittest.cc +++ b/syscall_filter_unittest.cc @@ -947,6 +947,22 @@ class FileTest : public ::testing::Test { struct filter_block *arg_blocks_; }; +TEST_F(FileTest, malformed_policy) { + const char *policy = + "malformed"; + + FILE *policy_file = write_policy_to_pipe(policy, strlen(policy)); + ASSERT_NE(policy_file, nullptr); + int res = compile_file( + policy_file, head_, &arg_blocks_, &labels_, USE_RET_KILL, NO_LOGGING, 0); + fclose(policy_file); + + /* + * Policy is malformed, but process should not crash. + */ + ASSERT_EQ(res, -1); +} + TEST_F(FileTest, seccomp_mode1) { const char *policy = "read: 1\n" |