diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2020-04-20 19:10:58 +0200 |
|---|---|---|
| committer | Frediano Ziglio <freddy77@gmail.com> | 2020-04-26 21:35:24 +0100 |
| commit | 9690b9445d74f2809cd7dcbd10c09b8d2867929a (patch) | |
| tree | 0e2953bf93d938e7baafd3734c646b223e0cc80d /fuzz | |
| parent | e392f893c82e0112b5008eab39339bc6e9aaf77a (diff) | |
fuzz_options: Clean up allocated memory
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/fuzz_options.c | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/fuzz/fuzz_options.c b/fuzz/fuzz_options.c index af736e3..2ca3aed 100644 --- a/fuzz/fuzz_options.c +++ b/fuzz/fuzz_options.c @@ -7,9 +7,30 @@ */ #include <stdlib.h> +#include <string.h> #include <libcacard.h> #include "fuzzer.h" +#include "vcard_emul_type.h" + +/* Copied internal structures from vcard_emul_nss.c */ +struct VirtualReaderOptionsStruct { + char *name; + char *vname; + VCardEmulType card_type; + char *type_params; + char **cert_name; + int cert_count; +}; + +struct VCardEmulOptionsStruct { + char *nss_db; + struct VirtualReaderOptionsStruct *vreader; + int vreader_count; + VCardEmulType hw_card_type; + char *hw_type_params; + int use_hw; +}; /* We do not want to fuzz inputs longer than 1024 bytes to avoid need for * dynamic reallocation inside of the fuzzer. Anything longer should be @@ -19,7 +40,9 @@ size_t kMaxInputLength = 1024; int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + int i, j; VCardEmulOptions *options = NULL; + struct VCardEmulOptionsStruct *my_options = NULL; char args[1025]; if (Size > kMaxInputLength) { @@ -30,9 +53,26 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) memcpy(args, Data, Size); args[Size] = '\0'; options = vcard_emul_options(args); + if (options == NULL) { + /* Invalid input -- the function should have cleaned up for itself */ + return 0; + } - /* There is no sensible way to free options now */ - (void)options; + /* There is no sensible way to free options if they were valid */ + my_options = (struct VCardEmulOptionsStruct *)options; + for (i = 0; i < my_options->vreader_count; i++) { + g_free(my_options->vreader[i].name); + g_free(my_options->vreader[i].vname); + g_free(my_options->vreader[i].type_params); + for (j = 0; j < my_options->vreader[i].cert_count; j++) { + g_free(my_options->vreader[i].cert_name[j]); + } + g_free(my_options->vreader[i].cert_name); + } + g_free(my_options->vreader); + g_free(my_options->hw_type_params); + g_free(my_options->nss_db); + /* The invalid pointers will be overwritten on next call to parse the options */ return 0; } |