Giter Club home page Giter Club logo

systemd-dfuzzer's Introduction

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 9
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

systemd-dfuzzer's People

Contributors

evverx avatar matusmarhefka avatar mmiszczyk avatar mrc0mmand avatar thrix avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mrc0mmand isabella232

systemd-dfuzzer's Issues

`dfuzzer --lis` seems to crash :-) 

Program received signal SIGSEGV, Segmentation fault.
__strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115
115		vmovdqu	(%rdi), %ymm1
(gdb) bt
#0  __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115
#1  0x00007ffff7b213a1 in process_long_option
    (argc=argc@entry=2, argv=argv@entry=0x7fffffffe288, optstring=optstring@entry=0x40917d "n:o:i:m:b:t:e:L:sdvlhV", longopts=longopts@entry=0x40aa00 <options>, longind=longind@entry=0x0, long_only=0, d=0x7ffff7c2dc80 <getopt_data>, print_errors=1, prefix=0x7ffff7be996c "--") at getopt.c:212
#2  0x00007ffff7b21d87 in _getopt_internal_r
    (argc=argc@entry=2, argv=argv@entry=0x7fffffffe288, optstring=optstring@entry=0x40917d "n:o:i:m:b:t:e:L:sdvlhV", longopts=longopts@entry=0x40aa00 <options>, longind=longind@entry=0x0, long_only=long_only@entry=0, d=0x7ffff7c2dc80 <getopt_data>, posixly_correct=0) at getopt.c:650
#3  0x00007ffff7b21ff5 in _getopt_internal
    (argc=argc@entry=2, argv=argv@entry=0x7fffffffe288, optstring=optstring@entry=0x40917d "n:o:i:m:b:t:e:L:sdvlhV", longopts=longopts@entry=0x40aa00 <options>, longind=longind@entry=0x0, long_only=long_only@entry=0, posixly_correct=0) at getopt.c:711
#4  0x00007ffff7b22082 in getopt_long
    (argc=argc@entry=2, argv=argv@entry=0x7fffffffe288, options=options@entry=0x40917d "n:o:i:m:b:t:e:L:sdvlhV", long_options=long_options@entry=0x40aa00 <options>, opt_index=opt_index@entry=0x0)
    at getopt1.c:31
#5  0x0000000000404227 in df_parse_parameters (argc=2, argv=0x7fffffffe288) at dfuzzer.c:1098
#6  0x0000000000402512 in main (argc=<optimized out>, argv=<optimized out>) at dfuzzer.c:98

dfuzzer seems to fail under Valgrind

As far as I can tell it calls readlink (which doesn't append terminating null bytes) to get the names of processes and then passes those buffers to strcmp:

[SYSTEM  BUS]
[PROCESS: /usr/lib/systemd/systemd-resolved

Thread 1 "dfuzzer" hit Breakpoint 1, df_print_process_info (pid=<optimized out>) at dfuzzer.c:971
971	                if (strstr(name, "python") != NULL || strstr(name, "perl") != NULL) {
(gdb) p name
$1 = "/usr/lib/systemd/systemd-resolved [\000;36m[SYSTEM  BUS]\033[0m\n", '\000' <repeats 3438 times>...

Below is the backtrace produced by valgrind:

$ valgrind --track-origins=yes ./dfuzzer -n org.freedesktop.resolve1
==1394== Memcheck, a memory error detector
==1394== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1394== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==1394== Command: ./dfuzzer -n org.freedesktop.resolve1
==1394==
[SESSION BUS]
Error: The connection does not exist.
[SYSTEM  BUS]
[PROCESS: /usr/lib/systemd/systemd-resolved
==1394== Conditional jump or move depends on uninitialised value(s)
==1394==    at 0x484F369: strstr (vg_replace_strmem.c:1772)
==1394==    by 0x4031B9: df_print_process_info (dfuzzer.c:971)
==1394==    by 0x4027DE: main (dfuzzer.c:211)
==1394==  Uninitialised value was created by a stack allocation
==1394==    at 0x40305A: df_print_process_info (dfuzzer.c:926)
==1394==
==1394== Conditional jump or move depends on uninitialised value(s)
==1394==    at 0x484F372: strstr (vg_replace_strmem.c:1772)
==1394==    by 0x4031B9: df_print_process_info (dfuzzer.c:971)
==1394==    by 0x4027DE: main (dfuzzer.c:211)
==1394==  Uninitialised value was created by a stack allocation
==1394==    at 0x40305A: df_print_process_info (dfuzzer.c:926)
==1394==
==1394== Conditional jump or move depends on uninitialised value(s)
==1394==    at 0x484F369: strstr (vg_replace_strmem.c:1772)
==1394==    by 0x4031CD: df_print_process_info (dfuzzer.c:971)
==1394==    by 0x4027DE: main (dfuzzer.c:211)
==1394==  Uninitialised value was created by a stack allocation
==1394==    at 0x40305A: df_print_process_info (dfuzzer.c:926)
==1394==
==1394== Conditional jump or move depends on uninitialised value(s)
==1394==    at 0x484F372: strstr (vg_replace_strmem.c:1772)
==1394==    by 0x4031CD: df_print_process_info (dfuzzer.c:971)
==1394==    by 0x4027DE: main (dfuzzer.c:211)
==1394==  Uninitialised value was created by a stack allocation
==1394==    at 0x40305A: df_print_process_info (dfuzzer.c:926)
==1394==

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.