afl-fuzz: Fix crash with policy line without ':'

This crash was found by running afl-fuzz. Policy lines without a ':' were causing strsep(3) to place a NULL in |policy_line|, which was then being dereferenced. Bug: None Test: make tests Change-Id: I6228a3e4688d4e8641714ec9d10f8cd144dcb5c1
author: lhchavez <lhchavez@lhchavez.com> 2017-09-01 04:17:41 +0000
committer: Treehugger Robot <treehugger-gerrit@google.com> 2017-09-01 21:28:49 +0000
commit: d0b40703c240612db7648a971af72dc67b3ae78e (patch)
tree: 4b60f2b3e01c61276b55337102172d3fc33bb42f /syscall_filter_unittest.cc
parent: 6c8d820e761cb17e189eb7b33b9497ca2ff5aaa3 (diff)
download: minijail-d0b40703c240612db7648a971af72dc67b3ae78e.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc
index 12389f8..776f7db 100644
--- a/syscall_filter_unittest.cc
+++ b/syscall_filter_unittest.cc
@@ -947,6 +947,22 @@ class FileTest : public ::testing::Test {
   struct filter_block *arg_blocks_;
 };
 
+TEST_F(FileTest, malformed_policy) {
+  const char *policy =
+      "malformed";
+
+  FILE *policy_file = write_policy_to_pipe(policy, strlen(policy));
+  ASSERT_NE(policy_file, nullptr);
+  int res = compile_file(
+      policy_file, head_, &arg_blocks_, &labels_, USE_RET_KILL, NO_LOGGING, 0);
+  fclose(policy_file);
+
+  /*
+   * Policy is malformed, but process should not crash.
+   */
+  ASSERT_EQ(res, -1);
+}
+
 TEST_F(FileTest, seccomp_mode1) {
   const char *policy =
       "read: 1\n"
author	lhchavez <lhchavez@lhchavez.com>	2017-09-01 04:17:41 +0000
committer	Treehugger Robot <treehugger-gerrit@google.com>	2017-09-01 21:28:49 +0000
commit	d0b40703c240612db7648a971af72dc67b3ae78e (patch)
tree	4b60f2b3e01c61276b55337102172d3fc33bb42f /syscall_filter_unittest.cc
parent	6c8d820e761cb17e189eb7b33b9497ca2ff5aaa3 (diff)
download	minijail-d0b40703c240612db7648a971af72dc67b3ae78e.tar.gz