Skip to content

Commit

Permalink
Add libFuzzer support to the .sbat parser.
Browse files Browse the repository at this point in the history
shim takes several forms of input from several sources that are not
necessarily trustworthy.  As such, we need to take measures to validate
that we don't have unacceptable results from bad inputs.  One such
measure is "fuzzing" the inputs which parse untrusted data by running
them with randomized or partially randomized input.

This change adds such testing using clang's "libFuzzer" to our parser
for ".sbat" sections.  I've run it for about half an hour and so far it
found one memory leak, but no other errors.

Signed-off-by: Peter Jones <[email protected]>
  • Loading branch information
vathpela committed Jun 28, 2023
1 parent 028ed14 commit 2a2c41a
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 0 deletions.
46 changes: 46 additions & 0 deletions fuzz-sbat.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
// SPDX-License-Identifier: BSD-2-Clause-Patent
/*
* fuzz-sbat-section.c - fuzz our .sbat parsing code
* Copyright Peter Jones <[email protected]>
*/

#ifndef SHIM_UNIT_TEST
#define SHIM_UNIT_TEST
#endif
#include "shim.h"

#include <stdio.h>

list_t sbat_var;

BOOLEAN
secure_mode() {
return 1;
}

int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
uint8_t *data_copy;
EFI_STATUS status = 0;
size_t n = 0;
struct sbat_section_entry **entries = NULL;

if (size < 1)
return 0;

data_copy = malloc(size+1);
if (!data_copy)
return -1;

memcpy(data_copy, data, size);
data_copy[size] = 0;
status = parse_sbat_section(data_copy, size, &n, &entries);
cleanup_sbat_section_entries(n, entries);

free(data_copy);

return 0;
}

// vim:fenc=utf-8:tw=75:noet
2 changes: 2 additions & 0 deletions include/fuzz.mk
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ libefi-test.a :
-f $(TOPDIR)/gnu-efi/Makefile \
clean

fuzz-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c
fuzz-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID

fuzzers := $(patsubst %.c,%,$(wildcard fuzz-*.c))

Expand Down

0 comments on commit 2a2c41a

Please sign in to comment.