From patchwork Mon Oct 12 12:37:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380884 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=XS72bXlq; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytL30zbz9sS8 for ; Mon, 12 Oct 2020 23:39:38 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=2wAHWLvBX7LB8ane8b3GpIlgz+hlNEObMo1iDF5srUE=; b=XS72bXlqr3pcW2BVbyGG9dAQj MAns1iTaIoOisGlk4J/ef8e/xB/Js2TpmoFtuw2mjb33uomffKSKe8uP1TEXzcMcYal/p51RUthDT wGWh1S+dV/oZXycpHi3wyrLfEjmWzBYzwJymO4vYhOL8omrbAokqQP488yUdyRiAFEgypkULbXoMD Vk2iaQyX1ivSeUzJybGmIolDEPL6EhG/ioqbkDJcMuxLGJWcW1Po+wPap5V5YltiFkQRr75TgW6P4 I7CeA4ATumajmN6y4UpVI20yV3HRWpIjXNiv+IlRGEcf2iE1jvaOggazQcO8h2MYYZdfBUpAkagn2 hWvUXjl/A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx55-0002ps-89; Mon, 12 Oct 2020 12:37:35 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx4z-0002lz-B6 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:30 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 8095035DB; Mon, 12 Oct 2020 14:37:25 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 26a7938b; Mon, 12 Oct 2020 14:37:08 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 01/12] Fix warnings reported by clang-10 static analyzer Date: Mon, 12 Oct 2020 14:37:07 +0200 Message-Id: <20201012123718.25623-2-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083729_517430_C2BEDD44 X-CRM114-Status: GOOD ( 17.81 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Fixes following warnings: testing/include/libubox/blobmsg.h:222:67: warning: Null pointer passed to 1st parameter expecting 'nonnull' return blobmsg_add_field(buf, BLOBMSG_TYPE_STRING, name, string, strlen(string) + 1); ^~~~~~~~~~~~~~ cgi-io/main.c:407:4: warning: Null pointer passed to 1st parameter expecting 'nonnull' unlink(st.filename); ^~~~~~~~~~~~~~~~~~~ cgi-io/main.c:876:26: warning: Null pointer passed to 1st parameter expecting 'nonnull' size_t plen = 0, clen = strlen(cmd) + 1; ^~~~~~~~~~~ Signed-off-by: Petr Štetiar --- main.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/main.c b/main.c index 549121f94488..64f474f9283d 100644 --- a/main.c +++ b/main.c @@ -109,7 +109,7 @@ session_access(const char *sid, const char *scope, const char *obj, const char * ctx = ubus_connect(NULL); - if (!ctx || ubus_lookup_id(ctx, "session", &id)) + if (!ctx || !obj || ubus_lookup_id(ctx, "session", &id)) goto out; blob_buf_init(&req, 0); @@ -403,7 +403,7 @@ response(bool success, const char *message) printf("\t\"failure\": [ %u, \"%s\" ]\n", errno, strerror(errno)); - if (st.filefd > -1) + if (st.filefd > -1 && st.filename) unlink(st.filename); } @@ -873,11 +873,16 @@ main_backup(int argc, char **argv) static const char * lookup_executable(const char *cmd) { - size_t plen = 0, clen = strlen(cmd) + 1; + size_t plen = 0, clen; static char path[PATH_MAX]; char *search, *p; struct stat s; + if (!cmd) + return NULL; + + clen = strlen(cmd) + 1; + if (!stat(cmd, &s) && S_ISREG(s.st_mode)) return cmd; From patchwork Mon Oct 12 12:37:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380886 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=rchXUCgp; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytH2yJzz9sTv for ; Mon, 12 Oct 2020 23:39:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=R96rwJhYSPaSdST3kknpPP2jRLcje6srH/r68ifHDQE=; b=rchXUCgpvI3lVvy+u/Fth8x6m FPHt9ga/gmeupuNrpuOTgHFXXiex+8hOfytXk2ekrZWObPMx43nR+jk6Ne9BZ1IiSWEhRsrpV2Bbg 9u7DWELn+SYZJCv2sDvk1y2odtaXXp3Ikik57DV4MHW5+ADrH/HgZRL3dgRoGhII20nxHXrCMimv+ hYdYpgXoldSW1yrpR+PT4pONwdPsbHtb8QoxILfqYNWCEINFM46BrC5cMWdKLZ+cG9j6XZJMpn5P1 RpNVzZ2xmrgwCd0j8yQo3dwjAulyFjIEE4k0/SCVnRmMKnN2dib4fdCbFkvYlgn9yMZ0MevGSYlQ8 DhEtSE2Aw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx59-0002qz-Mx; Mon, 12 Oct 2020 12:37:39 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx4z-0002lx-B5 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:31 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 9D87E35DC; Mon, 12 Oct 2020 14:37:25 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id c44aff45; Mon, 12 Oct 2020 14:37:08 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 02/12] Fix possible NULL dereference Date: Mon, 12 Oct 2020 14:37:08 +0200 Message-Id: <20201012123718.25623-3-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083729_571117_CEF06D44 X-CRM114-Status: GOOD ( 17.67 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Fixes following issue as reported by GCC-10 static analyzer: multipart_parser.c: In function ‘multipart_parser_init’: multipart_parser.c:88:22: error: dereference of possibly-NULL ‘p’ [CWE-690] [-Werror=analyzer-possible-null-dereference] 88 | p->boundary_length = strlen(boundary); | ~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~ ‘multipart_parser_init’: events 1-2 | | 83 | multipart_parser* p = malloc(sizeof(multipart_parser) + | | ^~~~~~~~~~~~~~~~ | | | | | (1) this call could return NULL |...... | 88 | p->boundary_length = strlen(boundary); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) ‘p’ could be NULL: unchecked value from (1) Signed-off-by: Petr Štetiar --- multipart_parser.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/multipart_parser.c b/multipart_parser.c index ee82c82c8bfa..f1e1f38e1d71 100644 --- a/multipart_parser.c +++ b/multipart_parser.c @@ -84,6 +84,9 @@ multipart_parser* multipart_parser_init strlen(boundary) + strlen(boundary) + 9); + if (!p) + return NULL; + strcpy(p->multipart_boundary, boundary); p->boundary_length = strlen(boundary); From patchwork Mon Oct 12 12:37:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380887 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=tvo/SaMt; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytG1Hn3z9sTs for ; Mon, 12 Oct 2020 23:39:34 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=h5UFKg/5uUbMEN1QIFDJhzGM9ofrMLtH5tHHgZ65g3g=; b=tvo/SaMtyGVh6M6fBNiYk+JeX YRUnXaRmMOsUprOco2G6bP08Neut6mxubjVJS5krClVYQmMjxGGcFn1KoG7XMRYjhuxs2NOs9R452 lSWBb1gVkQ+5PG+dhAG5FrEXgNNQ3SDpB2nBYGAqI0gNqwFyyGcgtdfLE/+AEWRODvvFjqY4ITF0A ACYvHSIFLBQycyIjHFKiAN4JrLNMrcP4pyWCBeOSmxyYrglOCGEKCaBxf76NyhHcSsP8/WnX6E1sn qXHtbmY1xtXlwzYhkgq3UdomIB6g8ElKjEKrsdnSBPlS7zvvCHVzZqdpuc1tSUDKNx+Nsu/xFwlx+ k1+h71x9Q==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx52-0002oQ-NZ; Mon, 12 Oct 2020 12:37:32 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx4z-0002ly-B8 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:30 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id BAB8A35DD; Mon, 12 Oct 2020 14:37:25 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 78d21945; Mon, 12 Oct 2020 14:37:09 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 03/12] Fix clang compiler errors Date: Mon, 12 Oct 2020 14:37:09 +0200 Message-Id: <20201012123718.25623-4-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083729_568736_D35BD46D X-CRM114-Status: GOOD ( 16.25 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Fixes following errors as reported by clang compilers: cgi-io/src/main.c:723:12: error: unused variable 'post' [-Werror,-Wunused-variable] autochar *post = postdecode(fields, 4); ^ cgi-io/src/main.c:814:12: error: unused variable 'post' [-Werror,-Wunused-variable] autochar *post = postdecode(fields, 1); ^ cgi-io/src/main.c:996:12: error: unused variable 'post' [-Werror,-Wunused-variable] autochar *post = postdecode(fields, 4); Signed-off-by: Petr Štetiar --- main.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/main.c b/main.c index 64f474f9283d..53c672836294 100644 --- a/main.c +++ b/main.c @@ -721,6 +721,7 @@ main_download(int argc, char **argv) int rfd; autochar *post = postdecode(fields, 4); + (void) post; if (!fields[1] || !session_access(fields[1], "cgi-io", "download", "read")) return failure(403, 0, "Download permission denied"); @@ -812,6 +813,7 @@ main_backup(int argc, char **argv) char *fields[] = { "sessionid", NULL }; autochar *post = postdecode(fields, 1); + (void) post; if (!fields[1] || !session_access(fields[1], "cgi-io", "backup", "read")) return failure(403, 0, "Backup permission denied"); @@ -999,6 +1001,7 @@ main_exec(int argc, char **argv) pid_t pid; autochar *post = postdecode(fields, 4); + (void) post; if (!fields[1] || !session_access(fields[1], "cgi-io", "exec", "read")) return failure(403, 0, "Exec permission denied"); From patchwork Mon Oct 12 12:37:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380881 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=TqMQy+zi; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytF2Z6Cz9sTf for ; Mon, 12 Oct 2020 23:39:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=psHqAYqPTjfi8LcWAfoJpvFv+tE7GFNneVzlueSeYe4=; b=TqMQy+ziKBa3z/7JIIQ1qRLd4 nmBDKmjyy6yvsOqyJjwt3O1OZvsPZ6aYT2LBCuUfn3wsH7IgYNMR1LCP1a9+0MmNNrvET0DmMqxi6 tSfj1NPJk08t2bbgGqxqQstHzvJLMD8inf3l8x6w7IuiFooxSBsyqvhPS5hbiA7rEP783V4noBjN6 cGSk4cVdNXwScytT5TRKdA4Di/Ef+0uK5/Pv56MGgqCB2oZY9feLATY+BHgsI3yp97NePBcYxq2pg pEzzZ52qr/h9Hbv771sCjEF0BJDKawRq8mrYqDUQWztV10y/nvhNb8n//9Gp+kXRDVn70jqYpJ9fB 7TGClHa5A==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5C-0002rY-Rw; Mon, 12 Oct 2020 12:37:42 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx4z-0002m1-B7 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:32 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id D7BE935DE; Mon, 12 Oct 2020 14:37:25 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id ff1de196; Mon, 12 Oct 2020 14:37:09 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 04/12] Refactor utility functions into static library Date: Mon, 12 Oct 2020 14:37:10 +0200 Message-Id: <20201012123718.25623-5-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083729_570550_1F034A3B X-CRM114-Status: GOOD ( 30.55 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org For reusability during testing. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 7 +- main.c | 270 +---------------------------------------------- util.c | 276 +++++++++++++++++++++++++++++++++++++++++++++++++ util.h | 11 ++ 4 files changed, 293 insertions(+), 271 deletions(-) create mode 100644 util.c create mode 100644 util.h diff --git a/CMakeLists.txt b/CMakeLists.txt index c7c9d40caa07..693830a85274 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,7 +19,10 @@ IF(APPLE) LINK_DIRECTORIES(/opt/local/lib) ENDIF() -ADD_EXECUTABLE(cgi-io main.c multipart_parser.c) -TARGET_LINK_LIBRARIES(cgi-io ${ubox} ${ubus}) +ADD_LIBRARY(cgi-lib STATIC multipart_parser.c util.c) + +ADD_EXECUTABLE(cgi-io main.c) +TARGET_LINK_LIBRARIES(cgi-io cgi-lib ${ubox} ${ubus}) + INSTALL(TARGETS cgi-io RUNTIME DESTINATION sbin) diff --git a/main.c b/main.c index 53c672836294..ff9bb63f5cd8 100644 --- a/main.c +++ b/main.c @@ -35,6 +35,7 @@ #include #include +#include "util.h" #include "multipart_parser.h" #ifndef O_TMPFILE @@ -42,7 +43,6 @@ #endif #define READ_BLOCK 4096 -#define POST_LIMIT 131072 enum part { PART_UNKNOWN, @@ -173,201 +173,6 @@ checksum(const char *applet, size_t sumlen, const char *file) return chksum; } -static char * -datadup(const void *in, size_t len) -{ - char *out = malloc(len + 1); - - if (!out) - return NULL; - - memcpy(out, in, len); - - *(out + len) = 0; - - return out; -} - -static bool -urldecode(char *buf) -{ - char *c, *p; - - if (!buf || !*buf) - return true; - -#define hex(x) \ - (((x) <= '9') ? ((x) - '0') : \ - (((x) <= 'F') ? ((x) - 'A' + 10) : \ - ((x) - 'a' + 10))) - - for (c = p = buf; *p; c++) - { - if (*p == '%') - { - if (!isxdigit(*(p + 1)) || !isxdigit(*(p + 2))) - return false; - - *c = (char)(16 * hex(*(p + 1)) + hex(*(p + 2))); - - p += 3; - } - else if (*p == '+') - { - *c = ' '; - p++; - } - else - { - *c = *p++; - } - } - - *c = 0; - - return true; -} - -static char * -postdecode(char **fields, int n_fields) -{ - const char *var; - char *p, *postbuf; - int i, field, found = 0; - ssize_t len = 0, rlen = 0, content_length = 0; - - var = getenv("CONTENT_TYPE"); - - if (!var || strncmp(var, "application/x-www-form-urlencoded", 33)) - return NULL; - - var = getenv("CONTENT_LENGTH"); - - if (!var) - return NULL; - - content_length = strtol(var, &p, 10); - - if (p == var || content_length <= 0 || content_length >= POST_LIMIT) - return NULL; - - postbuf = calloc(1, content_length + 1); - - if (postbuf == NULL) - return NULL; - - for (len = 0; len < content_length; ) - { - rlen = read(0, postbuf + len, content_length - len); - - if (rlen <= 0) - break; - - len += rlen; - } - - if (len < content_length) - { - free(postbuf); - return NULL; - } - - for (p = postbuf, i = 0; i <= len; i++) - { - if (postbuf[i] == '=') - { - postbuf[i] = 0; - - for (field = 0; field < (n_fields * 2); field += 2) - { - if (!strcmp(p, fields[field])) - { - fields[field + 1] = postbuf + i + 1; - found++; - } - } - } - else if (postbuf[i] == '&' || postbuf[i] == '\0') - { - postbuf[i] = 0; - - if (found >= n_fields) - break; - - p = postbuf + i + 1; - } - } - - for (field = 0; field < (n_fields * 2); field += 2) - { - if (!urldecode(fields[field + 1])) - { - free(postbuf); - return NULL; - } - } - - return postbuf; -} - -static char * -canonicalize_path(const char *path, size_t len) -{ - char *canonpath, *cp; - const char *p, *e; - - if (path == NULL || *path == '\0') - return NULL; - - canonpath = datadup(path, len); - - if (canonpath == NULL) - return NULL; - - /* normalize */ - for (cp = canonpath, p = path, e = path + len; p < e; ) { - if (*p != '/') - goto next; - - /* skip repeating / */ - if ((p + 1 < e) && (p[1] == '/')) { - p++; - continue; - } - - /* /./ or /../ */ - if ((p + 1 < e) && (p[1] == '.')) { - /* skip /./ */ - if ((p + 2 >= e) || (p[2] == '/')) { - p += 2; - continue; - } - - /* collapse /x/../ */ - if ((p + 2 < e) && (p[2] == '.') && ((p + 3 >= e) || (p[3] == '/'))) { - while ((cp > canonpath) && (*--cp != '/')) - ; - - p += 3; - continue; - } - } - -next: - *cp++ = *p++; - } - - /* remove trailing slash if not root / */ - if ((cp > canonpath + 1) && (cp[-1] == '/')) - cp--; - else if (cp == canonpath) - *cp++ = '/'; - - *cp = '\0'; - - return canonpath; -} - static int response(bool success, const char *message) { @@ -916,79 +721,6 @@ lookup_executable(const char *cmd) return NULL; } -static char ** -parse_command(const char *cmdline) -{ - const char *p = cmdline, *s; - char **argv = NULL, *out; - size_t arglen = 0; - int argnum = 0; - bool esc; - - while (isspace(*cmdline)) - cmdline++; - - for (p = cmdline, s = p, esc = false; p; p++) { - if (esc) { - esc = false; - } - else if (*p == '\\' && p[1] != 0) { - esc = true; - } - else if (isspace(*p) || *p == 0) { - if (p > s) { - argnum += 1; - arglen += sizeof(char *) + (p - s) + 1; - } - - s = p + 1; - } - - if (*p == 0) - break; - } - - if (arglen == 0) - return NULL; - - argv = calloc(1, arglen + sizeof(char *)); - - if (!argv) - return NULL; - - out = (char *)argv + sizeof(char *) * (argnum + 1); - argv[0] = out; - - for (p = cmdline, s = p, esc = false, argnum = 0; p; p++) { - if (esc) { - esc = false; - *out++ = *p; - } - else if (*p == '\\' && p[1] != 0) { - esc = true; - } - else if (isspace(*p) || *p == 0) { - if (p > s) { - *out++ = ' '; - argv[++argnum] = out; - } - - s = p + 1; - } - else { - *out++ = *p; - } - - if (*p == 0) - break; - } - - argv[argnum] = NULL; - out[-1] = 0; - - return argv; -} - static int main_exec(int argc, char **argv) { diff --git a/util.c b/util.c new file mode 100644 index 000000000000..9eb7b485e5fa --- /dev/null +++ b/util.c @@ -0,0 +1,276 @@ +#include +#include +#include +#include +#include +#include + +#include "util.h" + +char ** +parse_command(const char *cmdline) +{ + const char *p = cmdline, *s; + char **argv = NULL, *out; + size_t arglen = 0; + int argnum = 0; + bool esc; + + while (isspace(*cmdline)) + cmdline++; + + for (p = cmdline, s = p, esc = false; p; p++) { + if (esc) { + esc = false; + } + else if (*p == '\\' && p[1] != 0) { + esc = true; + } + else if (isspace(*p) || *p == 0) { + if (p > s) { + argnum += 1; + arglen += sizeof(char *) + (p - s) + 1; + } + + s = p + 1; + } + + if (*p == 0) + break; + } + + if (arglen == 0) + return NULL; + + argv = calloc(1, arglen + sizeof(char *)); + + if (!argv) + return NULL; + + out = (char *)argv + sizeof(char *) * (argnum + 1); + argv[0] = out; + + for (p = cmdline, s = p, esc = false, argnum = 0; p; p++) { + if (esc) { + esc = false; + *out++ = *p; + } + else if (*p == '\\' && p[1] != 0) { + esc = true; + } + else if (isspace(*p) || *p == 0) { + if (p > s) { + *out++ = ' '; + argv[++argnum] = out; + } + + s = p + 1; + } + else { + *out++ = *p; + } + + if (*p == 0) + break; + } + + argv[argnum] = NULL; + out[-1] = 0; + + return argv; +} + +char * +postdecode(char **fields, int n_fields) +{ + const char *var; + char *p, *postbuf; + int i, field, found = 0; + ssize_t len = 0, rlen = 0, content_length = 0; + + var = getenv("CONTENT_TYPE"); + + if (!var || strncmp(var, "application/x-www-form-urlencoded", 33)) + return NULL; + + var = getenv("CONTENT_LENGTH"); + + if (!var) + return NULL; + + content_length = strtol(var, &p, 10); + + if (p == var || content_length <= 0 || content_length >= POST_LIMIT) + return NULL; + + postbuf = calloc(1, content_length + 1); + + if (postbuf == NULL) + return NULL; + + for (len = 0; len < content_length; ) + { + rlen = read(0, postbuf + len, content_length - len); + + if (rlen <= 0) + break; + + len += rlen; + } + + if (len < content_length) + { + free(postbuf); + return NULL; + } + + for (p = postbuf, i = 0; i <= len; i++) + { + if (postbuf[i] == '=') + { + postbuf[i] = 0; + + for (field = 0; field < (n_fields * 2); field += 2) + { + if (!strcmp(p, fields[field])) + { + fields[field + 1] = postbuf + i + 1; + found++; + } + } + } + else if (postbuf[i] == '&' || postbuf[i] == '\0') + { + postbuf[i] = 0; + + if (found >= n_fields) + break; + + p = postbuf + i + 1; + } + } + + for (field = 0; field < (n_fields * 2); field += 2) + { + if (!urldecode(fields[field + 1])) + { + free(postbuf); + return NULL; + } + } + + return postbuf; +} + +char * +datadup(const void *in, size_t len) +{ + char *out = malloc(len + 1); + + if (!out) + return NULL; + + memcpy(out, in, len); + + *(out + len) = 0; + + return out; +} + +char * +canonicalize_path(const char *path, size_t len) +{ + char *canonpath, *cp; + const char *p, *e; + + if (path == NULL || *path == '\0') + return NULL; + + canonpath = datadup(path, len); + + if (canonpath == NULL) + return NULL; + + /* normalize */ + for (cp = canonpath, p = path, e = path + len; p < e; ) { + if (*p != '/') + goto next; + + /* skip repeating / */ + if ((p + 1 < e) && (p[1] == '/')) { + p++; + continue; + } + + /* /./ or /../ */ + if ((p + 1 < e) && (p[1] == '.')) { + /* skip /./ */ + if ((p + 2 >= e) || (p[2] == '/')) { + p += 2; + continue; + } + + /* collapse /x/../ */ + if ((p + 2 < e) && (p[2] == '.') && ((p + 3 >= e) || (p[3] == '/'))) { + while ((cp > canonpath) && (*--cp != '/')) + ; + + p += 3; + continue; + } + } + +next: + *cp++ = *p++; + } + + /* remove trailing slash if not root / */ + if ((cp > canonpath + 1) && (cp[-1] == '/')) + cp--; + else if (cp == canonpath) + *cp++ = '/'; + + *cp = '\0'; + + return canonpath; +} + +bool +urldecode(char *buf) +{ + char *c, *p; + + if (!buf || !*buf) + return true; + +#define hex(x) \ + (((x) <= '9') ? ((x) - '0') : \ + (((x) <= 'F') ? ((x) - 'A' + 10) : \ + ((x) - 'a' + 10))) + + for (c = p = buf; *p; c++) + { + if (*p == '%') + { + if (!isxdigit(*(p + 1)) || !isxdigit(*(p + 2))) + return false; + + *c = (char)(16 * hex(*(p + 1)) + hex(*(p + 2))); + + p += 3; + } + else if (*p == '+') + { + *c = ' '; + p++; + } + else + { + *c = *p++; + } + } + + *c = 0; + + return true; +} diff --git a/util.h b/util.h new file mode 100644 index 000000000000..0001195df38a --- /dev/null +++ b/util.h @@ -0,0 +1,11 @@ +#pragma once + +#include + +#define POST_LIMIT 131072 + +char** parse_command(const char *cmdline); +char* postdecode(char **fields, int n_fields); +char* canonicalize_path(const char *path, size_t len); +bool urldecode(char *buf); +char* datadup(const void *in, size_t len); From patchwork Mon Oct 12 12:37:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380885 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=i0sh/ynB; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytF41g3z9sTr for ; Mon, 12 Oct 2020 23:39:32 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=U8DENWs2nGKd61U8wynNjLS7/P8utwfyj6iWUc4Kg2I=; b=i0sh/ynBbVsFB4cGmaf3z+AQU PW+QCDwKb3fS6Mzl6bmCVw3AqaOSf+04rxkD01SE7halrRLia4pKtizMJRB0JAeQPmBszkzxTIZf2 BgerWyOIcouChyvt+v4D6i1GaCiSDIgW3WtOISIYjptmKsam7PNnEfrzPli71kONy+rbV6SGR1RJV tbjVN4QLpui3Lv8CIUwQ4VHqyM9uT+Me6JgJdcYkGgU5kXpYH+R8SYQyDhodlO2RdEn4l8gMM+6YC ThdKsZlbKJZm7q6cWgdwLWj4yLTutdUG4J+ZCfCjMg+n0XZRy/c2K3hoohTzDnfsgxUf3NBaDdZ/U tb1YjuNng==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5M-0002tM-L7; Mon, 12 Oct 2020 12:37:52 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx51-0002nN-AW for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:35 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 018FA35DF; Mon, 12 Oct 2020 14:37:26 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 1cf93ac9; Mon, 12 Oct 2020 14:37:10 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 05/12] Add fuzzing of multipart_parser Date: Mon, 12 Oct 2020 14:37:11 +0200 Message-Id: <20201012123718.25623-6-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083731_554975_4843016C X-CRM114-Status: GOOD ( 25.62 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entrypoint (aka "target function"); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. Lets use libFuzzer to fuzz multipart_parser for the start. Ref: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Petr Štetiar --- CMakeLists.txt | 4 ++ tests/CMakeLists.txt | 3 ++ tests/fuzz-multipart-parser/CMakeLists.txt | 18 ++++++++ tests/fuzz-multipart-parser/corpus/.keep | 0 tests/fuzz-multipart-parser/dict/parser.dict | 10 +++++ tests/fuzz-multipart-parser/inputs/input1.txt | 6 +++ tests/fuzz-multipart-parser/inputs/input2.txt | 10 +++++ .../test-fuzz-multipart-parser.c | 43 +++++++++++++++++++ 8 files changed, 94 insertions(+) create mode 100644 tests/CMakeLists.txt create mode 100644 tests/fuzz-multipart-parser/CMakeLists.txt create mode 100644 tests/fuzz-multipart-parser/corpus/.keep create mode 100644 tests/fuzz-multipart-parser/dict/parser.dict create mode 100644 tests/fuzz-multipart-parser/inputs/input1.txt create mode 100644 tests/fuzz-multipart-parser/inputs/input2.txt create mode 100644 tests/fuzz-multipart-parser/test-fuzz-multipart-parser.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 693830a85274..b60d08e96e3c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,5 +24,9 @@ ADD_LIBRARY(cgi-lib STATIC multipart_parser.c util.c) ADD_EXECUTABLE(cgi-io main.c) TARGET_LINK_LIBRARIES(cgi-io cgi-lib ${ubox} ${ubus}) +IF(UNIT_TESTING) + ENABLE_TESTING() + ADD_SUBDIRECTORY(tests) +ENDIF() INSTALL(TARGETS cgi-io RUNTIME DESTINATION sbin) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100644 index 000000000000..8bb2a59412da --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,3 @@ +IF(CMAKE_C_COMPILER_ID STREQUAL "Clang") + ADD_SUBDIRECTORY(fuzz-multipart-parser) +ENDIF() diff --git a/tests/fuzz-multipart-parser/CMakeLists.txt b/tests/fuzz-multipart-parser/CMakeLists.txt new file mode 100644 index 000000000000..0a3a9893fc70 --- /dev/null +++ b/tests/fuzz-multipart-parser/CMakeLists.txt @@ -0,0 +1,18 @@ +FILE(GLOB test_cases "test-*.c") + +MACRO(ADD_FUZZER_TEST name) + ADD_EXECUTABLE(${name} ${name}.c) + TARGET_COMPILE_OPTIONS(${name} PRIVATE -g -O1 -fno-omit-frame-pointer -fsanitize=fuzzer,address,leak,undefined) + TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR}) + TARGET_LINK_OPTIONS(${name} PRIVATE -stdlib=libc++ -fsanitize=fuzzer,address,leak,undefined) + TARGET_LINK_LIBRARIES(${name} cgi-lib) + ADD_TEST( + NAME ${name} + COMMAND ${name} -max_len=256 -timeout=10 -max_total_time=300 -dict=${CMAKE_CURRENT_SOURCE_DIR}/dict/parser.dict ${CMAKE_CURRENT_SOURCE_DIR}/corpus + ) +ENDMACRO(ADD_FUZZER_TEST) + +FOREACH(test_case ${test_cases}) + GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE) + ADD_FUZZER_TEST(${test_case}) +ENDFOREACH(test_case) diff --git a/tests/fuzz-multipart-parser/corpus/.keep b/tests/fuzz-multipart-parser/corpus/.keep new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tests/fuzz-multipart-parser/dict/parser.dict b/tests/fuzz-multipart-parser/dict/parser.dict new file mode 100644 index 000000000000..72a5bdd3d8e6 --- /dev/null +++ b/tests/fuzz-multipart-parser/dict/parser.dict @@ -0,0 +1,10 @@ +"Content-Disposition: form-data; name=" +"\x0D\x0A" +"\x0D" +"x0A" +"=" +";" +"--" +"Content-Type:" +"filename=" +"--12--34--56" diff --git a/tests/fuzz-multipart-parser/inputs/input1.txt b/tests/fuzz-multipart-parser/inputs/input1.txt new file mode 100644 index 000000000000..849873e3905e --- /dev/null +++ b/tests/fuzz-multipart-parser/inputs/input1.txt @@ -0,0 +1,6 @@ +--AaB03x +Content-Disposition: form-data; name="files"; filename="fi;le1.txt" +Content-Type: text/plain + +contents +--AaB03x-- \ No newline at end of file diff --git a/tests/fuzz-multipart-parser/inputs/input2.txt b/tests/fuzz-multipart-parser/inputs/input2.txt new file mode 100644 index 000000000000..7ba009902eee --- /dev/null +++ b/tests/fuzz-multipart-parser/inputs/input2.txt @@ -0,0 +1,10 @@ +--AaB03x +Content-Disposition: form-data; name="submit-name" + +Larry +--AaB03x +Content-Disposition: form-data; name="files"; filename="file1.txt" +Content-Type: text/plain + + +--AaB03x-- diff --git a/tests/fuzz-multipart-parser/test-fuzz-multipart-parser.c b/tests/fuzz-multipart-parser/test-fuzz-multipart-parser.c new file mode 100644 index 000000000000..ca952d9af9db --- /dev/null +++ b/tests/fuzz-multipart-parser/test-fuzz-multipart-parser.c @@ -0,0 +1,43 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "multipart_parser.h" + +int LLVMFuzzerTestOneInput(const uint8_t *input, size_t size) +{ + char *buf = NULL; + multipart_parser *p; + static multipart_parser_settings s = { + .on_part_data = NULL, + .on_headers_complete = NULL, + .on_part_data_end = NULL, + .on_header_field = NULL, + .on_header_value = NULL, + }; + buf = calloc(1, size + 1); + if (!buf) + return 0; + + memcpy(buf, input, size); + p = multipart_parser_init(buf, &s); + if (!p) { + free(buf); + return 0; + } + + multipart_parser_execute(p, buf, size + 1); + multipart_parser_free(p); + free(buf); + + return 0; +} From patchwork Mon Oct 12 12:37:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380880 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=CRmk9YT1; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytK1N2Yz9sVJ for ; Mon, 12 Oct 2020 23:39:36 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KLcs2Dx3a+PtnguXO4KpKWhOBBwzcvny3A1y0TNlkC8=; b=CRmk9YT1tyLwsNkGz8nQYpA9k jM/88haZdm5EJu+WX7L89eiBLXBaknUCYnuLy9T4RXro4IJfPdpp92PUngQtphDKrVflYOiEjTrgI nNunhto/WYYu4GroJ3KqgP5kjBBJ6qoIevZAwy38glIlQa+ylI5v65JxqkPkBWcFjTtE2X45ph9Ml qXcwoyQrPT8lkbvKi/7O/irxG1Nh0PJR2MPBBRkjalBsu/E9KJxcePhxfmembC0obohMJRZyrzib1 2IflJBGjN6z/u97MBg67IVPYXRrXxcYP9Wk6F0oI0JJc/Q2MqdtT7usp+YJpi7cbdvG9YhsqeoZMN dXFuXSsFw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5L-0002t6-7p; Mon, 12 Oct 2020 12:37:51 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx51-0002nO-H2 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:35 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 1E9EB35E1; Mon, 12 Oct 2020 14:37:27 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 0bf32bfc; Mon, 12 Oct 2020 14:37:10 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 06/12] Add fuzzing of utility functions Date: Mon, 12 Oct 2020 14:37:12 +0200 Message-Id: <20201012123718.25623-7-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083731_730812_71742CC3 X-CRM114-Status: GOOD ( 27.26 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Thus increase fuzzing coverage. Signed-off-by: Petr Štetiar --- tests/CMakeLists.txt | 1 + tests/fuzz/CMakeLists.txt | 18 ++++ .../58668e7669fd564d99db5d581fcdb6a5618440b5 | 1 + .../5ba93c9db0cff93f52b521d7420e43f6eda2784f | Bin 0 -> 1 bytes .../adc83b19e793491b1c6ea0fd8b46cd9f32e592fc | 1 + tests/fuzz/test-fuzz.c | 43 +++++++++ util.c | 84 ++++++++++-------- util.h | 1 + 8 files changed, 112 insertions(+), 37 deletions(-) create mode 100644 tests/fuzz/CMakeLists.txt create mode 100644 tests/fuzz/corpus/58668e7669fd564d99db5d581fcdb6a5618440b5 create mode 100644 tests/fuzz/corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f create mode 100644 tests/fuzz/corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc create mode 100644 tests/fuzz/test-fuzz.c diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 8bb2a59412da..efad20642dd6 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,3 +1,4 @@ IF(CMAKE_C_COMPILER_ID STREQUAL "Clang") + ADD_SUBDIRECTORY(fuzz) ADD_SUBDIRECTORY(fuzz-multipart-parser) ENDIF() diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt new file mode 100644 index 000000000000..b4df45ca7b9b --- /dev/null +++ b/tests/fuzz/CMakeLists.txt @@ -0,0 +1,18 @@ +FILE(GLOB test_cases "test-*.c") + +MACRO(ADD_FUZZER_TEST name) + ADD_EXECUTABLE(${name} ${name}.c) + TARGET_COMPILE_OPTIONS(${name} PRIVATE -g -O1 -fno-omit-frame-pointer -fsanitize=fuzzer,address,leak,undefined) + TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR}) + TARGET_LINK_OPTIONS(${name} PRIVATE -stdlib=libc++ -fsanitize=fuzzer,address,leak,undefined) + TARGET_LINK_LIBRARIES(${name} cgi-lib) + ADD_TEST( + NAME ${name} + COMMAND ${name} -max_len=256 -timeout=10 -max_total_time=300 ${CMAKE_CURRENT_SOURCE_DIR}/corpus + ) +ENDMACRO(ADD_FUZZER_TEST) + +FOREACH(test_case ${test_cases}) + GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE) + ADD_FUZZER_TEST(${test_case}) +ENDFOREACH(test_case) diff --git a/tests/fuzz/corpus/58668e7669fd564d99db5d581fcdb6a5618440b5 b/tests/fuzz/corpus/58668e7669fd564d99db5d581fcdb6a5618440b5 new file mode 100644 index 000000000000..22aac29bb31b --- /dev/null +++ b/tests/fuzz/corpus/58668e7669fd564d99db5d581fcdb6a5618440b5 @@ -0,0 +1 @@ +J \ No newline at end of file diff --git a/tests/fuzz/corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f b/tests/fuzz/corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f new file mode 100644 index 0000000000000000000000000000000000000000..f76dd238ade08917e6712764a16a22005a50573d GIT binary patch literal 1 IcmZPo000310RR91 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc b/tests/fuzz/corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc new file mode 100644 index 000000000000..8b137891791f --- /dev/null +++ b/tests/fuzz/corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc @@ -0,0 +1 @@ + diff --git a/tests/fuzz/test-fuzz.c b/tests/fuzz/test-fuzz.c new file mode 100644 index 000000000000..a62c32609979 --- /dev/null +++ b/tests/fuzz/test-fuzz.c @@ -0,0 +1,43 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "util.h" + +static void fuzz_parse_command(const char *buf) +{ + char **p = parse_command(buf); + if (p) + free(p); +} + +int LLVMFuzzerTestOneInput(const uint8_t *input, size_t size) +{ + char *p = NULL; + char *fields[] = { "sessionid", NULL, "path", NULL, "filename", NULL, "mimetype", NULL }; + char *buf = calloc(1, size+1); + memcpy(buf, input, size); + + urldecode(buf); + fuzz_parse_command(buf); + p = canonicalize_path(buf, size+1); + if (p) + free(p); + + p = postdecode_fields(buf, size+1, fields, 4); + if (!p) + return 0; + + free(buf); + + return 0; +} diff --git a/util.c b/util.c index 9eb7b485e5fa..e8627589b49a 100644 --- a/util.c +++ b/util.c @@ -5,6 +5,8 @@ #include #include +#include + #include "util.h" char ** @@ -80,12 +82,55 @@ parse_command(const char *cmdline) return argv; } +char * +postdecode_fields(char *postbuf, ssize_t len, char **fields, int n_fields) +{ + char *p; + int i, field, found = 0; + + for (p = postbuf, i = 0; i <= len; i++) + { + if (postbuf[i] == '=') + { + postbuf[i] = 0; + + for (field = 0; field < (n_fields * 2); field += 2) + { + if (!strcmp(p, fields[field])) + { + fields[field + 1] = postbuf + i + 1; + found++; + } + } + } + else if (postbuf[i] == '&' || postbuf[i] == '\0') + { + postbuf[i] = 0; + + if (found >= n_fields) + break; + + p = postbuf + i + 1; + } + } + + for (field = 0; field < (n_fields * 2); field += 2) + { + if (!urldecode(fields[field + 1])) + { + free(postbuf); + return NULL; + } + } + + return postbuf; +} + char * postdecode(char **fields, int n_fields) { const char *var; char *p, *postbuf; - int i, field, found = 0; ssize_t len = 0, rlen = 0, content_length = 0; var = getenv("CONTENT_TYPE"); @@ -124,42 +169,7 @@ postdecode(char **fields, int n_fields) return NULL; } - for (p = postbuf, i = 0; i <= len; i++) - { - if (postbuf[i] == '=') - { - postbuf[i] = 0; - - for (field = 0; field < (n_fields * 2); field += 2) - { - if (!strcmp(p, fields[field])) - { - fields[field + 1] = postbuf + i + 1; - found++; - } - } - } - else if (postbuf[i] == '&' || postbuf[i] == '\0') - { - postbuf[i] = 0; - - if (found >= n_fields) - break; - - p = postbuf + i + 1; - } - } - - for (field = 0; field < (n_fields * 2); field += 2) - { - if (!urldecode(fields[field + 1])) - { - free(postbuf); - return NULL; - } - } - - return postbuf; + return postdecode_fields(postbuf, len, fields, n_fields); } char * diff --git a/util.h b/util.h index 0001195df38a..ecffe6c2bd73 100644 --- a/util.h +++ b/util.h @@ -6,6 +6,7 @@ char** parse_command(const char *cmdline); char* postdecode(char **fields, int n_fields); +char* postdecode_fields(char *postbuf, ssize_t len, char **fields, int n_fields); char* canonicalize_path(const char *path, size_t len); bool urldecode(char *buf); char* datadup(const void *in, size_t len); From patchwork Mon Oct 12 12:37:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380882 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=Eig990Eq; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytH2JFKz9sTt for ; Mon, 12 Oct 2020 23:39:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=H2fo4rYlGSm31ogNXIDaLmCJmw15Swz7mep3Ffa1Jos=; b=Eig990EqgwEefZrZJUs+tO+uL YFQOcFVvNdvA8eR24MIXngr2fXBiV1pDpaeIQ9kGzoowZuzhO1am7VGsBMWRbYCGNFaWHS65i0sZQ bBlQBEf/sQsl/gRrJIgrNgUruBdgxXWeQmUXPGlSGW3kVIyhhUX4c7NtgrNjZOMIATbMrFysnGCxz SPlMsd5DP2j5zY/Hi/Nza4SEx8R5TTCKmC77Csm8d1PNT6UdDIepvtIbIOXzkBa65+/pGYNf2+oVC acw4ao3eGz/Wzxp9Li67KaAGMjJ2pUqfDOz5FQZ99xjwpjcgSWUdBBs5i8ODwxc4OMPsuqShbbubi e8Sv51Nww==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5E-0002rq-Vk; Mon, 12 Oct 2020 12:37:45 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx51-0002nQ-Gf for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:34 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id 726A435E3; Mon, 12 Oct 2020 14:37:27 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id aa5382d0; Mon, 12 Oct 2020 14:37:11 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 08/12] Add .gitignore Date: Mon, 12 Oct 2020 14:37:14 +0200 Message-Id: <20201012123718.25623-9-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083731_709345_04577CA4 X-CRM114-Status: GOOD ( 17.91 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org And ignore the `build` dir used by CMake. Signed-off-by: Petr Štetiar --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..567609b1234a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +build/ From patchwork Mon Oct 12 12:37:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380883 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=12s2ejPV; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytJ2D3Zz9sSs for ; Mon, 12 Oct 2020 23:39:36 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=1mUw5BdaQg5jkjQbkPdfCQqrMqn0eFIKuhfwof7jQM8=; b=12s2ejPVwLr2L6fQaOmGCRyeh zourzIiO1ggMHhb0ZWQNK+1FmsAMEdH1BYCNIwCkihtR0i+iJIpXo5yATSz64n3g9T7h/6Kxnz9kf 4kanSFwh7t+zDeKDxWT1KTYCC3aNfHdAtIcogcIizvwIS7QVz7Qn1IQ1OKIBefFnqCr4l3r+vvKy8 EvBiodKFMYbtCIoZt5LdRHUfDHPllvsuLJdPZnBbD4sR8JzcJ2J6zgYv+YTUnqq4SAGSx+QYDJaEF +rBHmw7JDljryTqO9S4GAAuInlXW8o55vN3j4ItT/i2CquO9kDSqLaxEnLMCFeIVzkjSS2KL82UjQ Rg01YS6CA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5Q-0002ud-LB; Mon, 12 Oct 2020 12:37:56 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx52-0002oO-J3 for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:36 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id A735A35E6; Mon, 12 Oct 2020 14:37:28 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 2224844e; Mon, 12 Oct 2020 14:37:11 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 09/12] Add initial GitLab CI support Date: Mon, 12 Oct 2020 14:37:15 +0200 Message-Id: <20201012123718.25623-10-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083732_907183_E7878738 X-CRM114-Status: GOOD ( 19.34 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Uses currently proof-of-concept openwrt-ci[1] in order to: * improve the quality of the codebase in various areas * decrease code review time and help merging contributions faster * get automagic feedback loop on various platforms and tools - out of tree build with OpenWrt SDK on following targets: * ath79-generic * imx6-generic * malta-be * mvebu-cortexa53 - out of tree native build on x86/64 with GCC (versions 8, 9, 10) and Clang 10 - out of tree native x86/64 static code analysis with cppcheck and scan-build from Clang 10 1. https://gitlab.com/ynezz/openwrt-ci/ Signed-off-by: Petr Štetiar --- .gitlab-ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 000000000000..c736893fd610 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,7 @@ +variables: + CI_ENABLE_UNIT_TESTING: 1 + CI_TARGET_BUILD_DEPENDS: ubus + +include: + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/main.yml + - remote: https://gitlab.com/ynezz/openwrt-ci/raw/master/openwrt-ci/gitlab/pipeline.yml From patchwork Mon Oct 12 12:37:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380888 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=rUewTNp2; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytL5w51z9sVK for ; Mon, 12 Oct 2020 23:39:38 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=tiGDuNY/VjWZNn5en1MZp20orc7XSS6AXq2yBH/7lCk=; b=rUewTNp2HqrH/ZWYN5W9lttjM nePTGANH6kdr4YKraOsqoFI1IermACKB0lATtuUptBPAyp1H1K7cw/O5J7VwCGEZXJCeC23T6SijM RS8jCmwSw4KclTPplIiZAAsCBFvwAFSskDJ65V0S7IplsiPht2HPp04G7OFLSiMkQH5mGGrEX6i9i 0DIuouoZ7cbk1eB5zUaftfWOh/w2p9sslwQLFf2BrulUrljpeygbmjPxHWRD/9Dvr4jjxFcrP4VA8 SqMuVllfpqZZim1X5xyIuTCe7HUcRbk22TId2zVe86XekKcMCQKxjUwSqWmkOASl0g33yV5F7ihXX rwCJtmBSQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5I-0002sQ-Ln; Mon, 12 Oct 2020 12:37:48 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx52-0002oM-It for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:34 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id AACF135E7; Mon, 12 Oct 2020 14:37:28 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 94e401d8; Mon, 12 Oct 2020 14:37:12 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 10/12] Disable session ACLs during unit testing Date: Mon, 12 Oct 2020 14:37:16 +0200 Message-Id: <20201012123718.25623-11-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083732_830547_05EE8080 X-CRM114-Status: GOOD ( 19.43 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Otherwise we would need to setup ubus infrastructure etc. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 1 + main.c | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b60d08e96e3c..ae37f1f68cfa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,6 +25,7 @@ ADD_EXECUTABLE(cgi-io main.c) TARGET_LINK_LIBRARIES(cgi-io cgi-lib ${ubox} ${ubus}) IF(UNIT_TESTING) + ADD_DEFINITIONS(-DUNIT_TESTING) ENABLE_TESTING() ADD_SUBDIRECTORY(tests) ENDIF() diff --git a/main.c b/main.c index ff9bb63f5cd8..95a62b827011 100644 --- a/main.c +++ b/main.c @@ -72,6 +72,10 @@ struct state int tempfd; }; +static struct state st; + +#ifndef UNIT_TESTING + enum { SES_ACCESS, __SES_MAX, @@ -81,9 +85,6 @@ static const struct blobmsg_policy ses_policy[__SES_MAX] = { [SES_ACCESS] = { .name = "access", .type = BLOBMSG_TYPE_BOOL }, }; - -static struct state st; - static void session_access_cb(struct ubus_request *req, int type, struct blob_attr *msg) { @@ -98,10 +99,14 @@ session_access_cb(struct ubus_request *req, int type, struct blob_attr *msg) if (tb[SES_ACCESS]) *allow = blobmsg_get_bool(tb[SES_ACCESS]); } +#endif static bool session_access(const char *sid, const char *scope, const char *obj, const char *func) { +#ifdef UNIT_TESTING + return true; +#else uint32_t id; bool allow = false; struct ubus_context *ctx; @@ -125,6 +130,7 @@ out: ubus_free(ctx); return allow; +#endif } static char * From patchwork Mon Oct 12 12:37:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380890 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=spEh6pHL; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytH3bmmz9sVH for ; Mon, 12 Oct 2020 23:39:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=D+s1dk3ks4DMYuO/wHSC6hwavl8RYcNSZY1bPNC3ZbI=; b=spEh6pHLYfzvcYUiQTLKgAte0 taIdUMxTYRo/csj6luIhtig3PgX0EU6IuPls6/PhKphBXaqHvTxbS+md5nbMdBkiQmOkmOllJynrZ tKJarazl5ZfgyTbG5Fpf5Wk6suWtZkroN+3uW3LknYVqkZFgYMuGhM9ZuSSeDeFeuaTgzthIlnknq js1aP4YSfpXOaKoyxEHodZ2/8cJfjpMNVHvJ5HnQXMi9gc9Cz7SzLPK0Sz+58U1ndxEnItauO0Tyh NamXJIH/GEmuLkKX8Snq1+dFPb5/uzEReVXHzkKyH6Q4FG/SPk8TNRMtAYUteZ5BQeAiUF6njEupY xORty/BhQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5X-0002wv-CH; Mon, 12 Oct 2020 12:38:03 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx52-0002oY-Sy for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:36 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id C3DFD35EA; Mon, 12 Oct 2020 14:37:28 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id 77a4ac95; Mon, 12 Oct 2020 14:37:12 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 11/12] tests: add cgi-io built with clang sanitizers Date: Mon, 12 Oct 2020 14:37:17 +0200 Message-Id: <20201012123718.25623-12-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083733_218239_BC99AAC5 X-CRM114-Status: GOOD ( 15.54 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Will be used later for testing. Signed-off-by: Petr Štetiar --- CMakeLists.txt | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ae37f1f68cfa..acf68086a801 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,7 +19,8 @@ IF(APPLE) LINK_DIRECTORIES(/opt/local/lib) ENDIF() -ADD_LIBRARY(cgi-lib STATIC multipart_parser.c util.c) +SET(LIB_SOURCES multipart_parser.c util.c) +ADD_LIBRARY(cgi-lib STATIC ${LIB_SOURCES}) ADD_EXECUTABLE(cgi-io main.c) TARGET_LINK_LIBRARIES(cgi-io cgi-lib ${ubox} ${ubus}) @@ -28,6 +29,18 @@ IF(UNIT_TESTING) ADD_DEFINITIONS(-DUNIT_TESTING) ENABLE_TESTING() ADD_SUBDIRECTORY(tests) + + IF(CMAKE_C_COMPILER_ID STREQUAL "Clang") + ADD_LIBRARY(cgi-lib-san SHARED ${LIB_SOURCES}) + TARGET_COMPILE_OPTIONS(cgi-lib-san PRIVATE -g -fno-omit-frame-pointer -fsanitize=undefined,address,leak -fno-sanitize-recover=all) + TARGET_LINK_OPTIONS(cgi-lib-san PRIVATE -fsanitize=undefined,address,leak) + TARGET_LINK_LIBRARIES(cgi-lib-san ${ubox} ${ubus}) + + ADD_EXECUTABLE(cgi-io-san main.c) + TARGET_COMPILE_OPTIONS(cgi-io-san PRIVATE -g -fno-omit-frame-pointer -fsanitize=undefined,address,leak -fno-sanitize-recover=all) + TARGET_LINK_OPTIONS(cgi-io-san PRIVATE -fsanitize=undefined,address,leak) + TARGET_LINK_LIBRARIES(cgi-io-san cgi-lib-san ${ubox}) + ENDIF() ENDIF() INSTALL(TARGETS cgi-io RUNTIME DESTINATION sbin) From patchwork Mon Oct 12 12:37:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Petr_=C5=A0tetiar?= X-Patchwork-Id: 1380889 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=true.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=itYfxYwr; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C8ytM329lz9sTf for ; Mon, 12 Oct 2020 23:39:39 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=3pMQumgJaxB3zUTpkwV4g4lmBGstbB0hgICYjc6dTwk=; b=itYfxYwroyKJwWxtwf+pMJsGj u35N0twGhECx2poURTnI/1RH0gqOUZgp1keYa0mRAPbVVv1GN8QTxdXBpz7J/TRMXa3f0fl8A0+pc bauFZl+Y7ShM3gVTLtXDUA+tNMy7rpGSNviNiMwwswf+h8n3H4U2sWns3MfEGiW0vSV3nRRennmSK e+NrHBcwYSh4xjmHa2yR3BNSuI4OHaUVgKBYwpp3KLug6FnniQGE54ZtvcQOrkbGc+pheyNVpmxZJ BDajc0c/HHACJWe7iDJTh/hX3tqSXm4GdCZFrSqLnwu6v62uNEnGefm6i7Ul24RDojAiQAIZ1fBYo vIwrJYM3g==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx5U-0002vr-58; Mon, 12 Oct 2020 12:38:00 +0000 Received: from smtp-out.xnet.cz ([178.217.244.18]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kRx52-0002oX-Ss for openwrt-devel@lists.openwrt.org; Mon, 12 Oct 2020 12:37:37 +0000 Received: from meh.true.cz (meh.true.cz [108.61.167.218]) (Authenticated sender: petr@true.cz) by smtp-out.xnet.cz (Postfix) with ESMTPSA id E67AC35EC; Mon, 12 Oct 2020 14:37:29 +0200 (CEST) Received: by meh.true.cz (OpenSMTPD) with ESMTP id fd155949; Mon, 12 Oct 2020 14:37:12 +0200 (CEST) From: =?utf-8?q?Petr_=C5=A0tetiar?= To: openwrt-devel@lists.openwrt.org Subject: [PATCH cgi-io 12/12] tests: add cram based unit tests Date: Mon, 12 Oct 2020 14:37:18 +0200 Message-Id: <20201012123718.25623-13-ynezz@true.cz> In-Reply-To: <20201012123718.25623-1-ynezz@true.cz> References: <20201012123718.25623-1-ynezz@true.cz> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201012_083733_184636_F811E012 X-CRM114-Status: GOOD ( 20.87 ) X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Petr_=C5=A0tetiar?= Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org For the start with cgi-exec testing. Signed-off-by: Petr Štetiar --- tests/CMakeLists.txt | 2 ++ tests/cram/CMakeLists.txt | 25 ++++++++++++++++++++++ tests/cram/test-cases/cgi-exec-01.txt | 1 + tests/cram/test-cases/cgi-exec-02.txt | 1 + tests/cram/test-cases/cgi-exec-03.txt | 1 + tests/cram/test-san_cgi-exec.t | 30 +++++++++++++++++++++++++++ tests/cram/test_cgi-exec.t | 30 +++++++++++++++++++++++++++ 7 files changed, 90 insertions(+) create mode 100644 tests/cram/CMakeLists.txt create mode 100644 tests/cram/test-cases/cgi-exec-01.txt create mode 100644 tests/cram/test-cases/cgi-exec-02.txt create mode 100644 tests/cram/test-cases/cgi-exec-03.txt create mode 100644 tests/cram/test-san_cgi-exec.t create mode 100644 tests/cram/test_cgi-exec.t diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index efad20642dd6..5306b913c0d9 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,3 +1,5 @@ +ADD_SUBDIRECTORY(cram) + IF(CMAKE_C_COMPILER_ID STREQUAL "Clang") ADD_SUBDIRECTORY(fuzz) ADD_SUBDIRECTORY(fuzz-multipart-parser) diff --git a/tests/cram/CMakeLists.txt b/tests/cram/CMakeLists.txt new file mode 100644 index 000000000000..d8b317c40b47 --- /dev/null +++ b/tests/cram/CMakeLists.txt @@ -0,0 +1,25 @@ +FIND_PACKAGE(PythonInterp 3 REQUIRED) +FILE(GLOB test_cases "test_*.t") + +IF(CMAKE_C_COMPILER_ID STREQUAL "Clang") + FILE(GLOB test_cases_san "test-san_*.t") +ENDIF() + +SET(PYTHON_VENV_DIR "${CMAKE_CURRENT_BINARY_DIR}/.venv") +SET(PYTHON_VENV_PIP "${PYTHON_VENV_DIR}/bin/pip") +SET(PYTHON_VENV_CRAM "${PYTHON_VENV_DIR}/bin/cram") + +ADD_CUSTOM_COMMAND( + OUTPUT ${PYTHON_VENV_CRAM} + COMMAND ${PYTHON_EXECUTABLE} -m venv ${PYTHON_VENV_DIR} + COMMAND ${PYTHON_VENV_PIP} install cram +) +ADD_CUSTOM_TARGET(prepare-cram-venv ALL DEPENDS ${PYTHON_VENV_CRAM}) + +ADD_TEST( + NAME cram + COMMAND ${PYTHON_VENV_CRAM} ${test_cases} ${test_cases_san} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} +) + +SET_PROPERTY(TEST cram APPEND PROPERTY ENVIRONMENT "BUILD_BIN_DIR=$") diff --git a/tests/cram/test-cases/cgi-exec-01.txt b/tests/cram/test-cases/cgi-exec-01.txt new file mode 100644 index 000000000000..0b03e8b008a1 --- /dev/null +++ b/tests/cram/test-cases/cgi-exec-01.txt @@ -0,0 +1 @@ +sessionid=0& diff --git a/tests/cram/test-cases/cgi-exec-02.txt b/tests/cram/test-cases/cgi-exec-02.txt new file mode 100644 index 000000000000..a4969b8148e0 --- /dev/null +++ b/tests/cram/test-cases/cgi-exec-02.txt @@ -0,0 +1 @@ +sessionid=0&command=basename /tmp/foo& diff --git a/tests/cram/test-cases/cgi-exec-03.txt b/tests/cram/test-cases/cgi-exec-03.txt new file mode 100644 index 000000000000..3561f1099a45 --- /dev/null +++ b/tests/cram/test-cases/cgi-exec-03.txt @@ -0,0 +1 @@ +sessionid=0&command=basename /king/banik/1922&filename=output.txt&mimetype=0& diff --git a/tests/cram/test-san_cgi-exec.t b/tests/cram/test-san_cgi-exec.t new file mode 100644 index 000000000000..e4a33565f84a --- /dev/null +++ b/tests/cram/test-san_cgi-exec.t @@ -0,0 +1,30 @@ +check that cgi-exec is producing expected results: + + $ [ -n "$BUILD_BIN_DIR" ] && export PATH="$BUILD_BIN_DIR:$PATH" + $ ln -sf $BUILD_BIN_DIR/cgi-io-san $BUILD_BIN_DIR/cgi-exec + + $ for file in $(LC_ALL=C find "$TESTDIR/test-cases" -type f | sort); do + > export CONTENT_TYPE="application/x-www-form-urlencoded"; \ + > export CONTENT_LENGTH="$(wc -c < $file)"; \ + > printf "\n[-] testing: $(basename $file)\n"; \ + > cgi-exec < $file; \ + > done + + [-] testing: cgi-exec-01.txt + Status: 400 Invalid command parameter\r (esc) + Content-Type: text/plain\r (esc) + \r (esc) + Invalid command parameter + + [-] testing: cgi-exec-02.txt + Status: 200 OK\r (esc) + Content-Type: application/octet-stream\r (esc) + \r (esc) + foo + + [-] testing: cgi-exec-03.txt + Status: 200 OK\r (esc) + Content-Type: 0\r (esc) + Content-Disposition: attachment; filename="output.txt"\r (esc) + \r (esc) + 1922 diff --git a/tests/cram/test_cgi-exec.t b/tests/cram/test_cgi-exec.t new file mode 100644 index 000000000000..d5cffb45e871 --- /dev/null +++ b/tests/cram/test_cgi-exec.t @@ -0,0 +1,30 @@ +check that cgi-exec is producing expected results: + + $ [ -n "$BUILD_BIN_DIR" ] && export PATH="$BUILD_BIN_DIR:$PATH" + $ ln -sf $BUILD_BIN_DIR/cgi-io $BUILD_BIN_DIR/cgi-exec + + $ for file in $(LC_ALL=C find "$TESTDIR/test-cases" -type f | sort); do + > export CONTENT_TYPE="application/x-www-form-urlencoded"; \ + > export CONTENT_LENGTH="$(wc -c < $file)"; \ + > printf "\n[-] testing: $(basename $file)\n"; \ + > valgrind --quiet --leak-check=full cgi-exec < $file; \ + > done + + [-] testing: cgi-exec-01.txt + Status: 400 Invalid command parameter\r (esc) + Content-Type: text/plain\r (esc) + \r (esc) + Invalid command parameter + + [-] testing: cgi-exec-02.txt + Status: 200 OK\r (esc) + Content-Type: application/octet-stream\r (esc) + \r (esc) + foo + + [-] testing: cgi-exec-03.txt + Status: 200 OK\r (esc) + Content-Type: 0\r (esc) + Content-Disposition: attachment; filename="output.txt"\r (esc) + \r (esc) + 1922