Skip to content

Commit

Permalink
DO NOT MERGE [WIP]
Browse files Browse the repository at this point in the history
[ci skip]

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
  • Loading branch information
cgzones committed Nov 8, 2023
1 parent b6fa45f commit 3a27142
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,8 @@ cscope.*
.*.swp
# Failsafes
!.gitignore

/corpus_dir/
/out/
/DESTDIR/
/fuzz-*.log
15 changes: 15 additions & 0 deletions checkpolicy/fuzz/checkpolicy-fuzzer.c
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,19 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size)
return 0;
}

static int check_level(hashtab_key_t key, hashtab_datum_t datum, void *arg __attribute__ ((unused)))
{
const level_datum_t *levdatum = (level_datum_t *) datum;

if (!levdatum->isalias && !levdatum->defined) {
fprintf(stderr,
"Error: sensitivity %s was not used in a level definition!\n",
key);
abort();
}
return 0;
}

static int write_binary_policy(policydb_t *p, FILE *outfp)
{
struct policy_file pf;
Expand Down Expand Up @@ -170,6 +183,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if (read_source_policy(&parsepolicydb, data, size))
goto exit;

(void) hashtab_map(parsepolicydb.p_levels.table, check_level, NULL);

if (hierarchy_check_constraints(NULL, &parsepolicydb))
goto exit;

Expand Down
4 changes: 2 additions & 2 deletions scripts/oss-fuzz.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,10 @@ SANITIZER=${SANITIZER:-address}
flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"

export CC=${CC:-clang}
export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -Wextra -Wfloat-equal -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wnull-dereference -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings"

export CXX=${CXX:-clang++}
export CXXFLAGS=${CXXFLAGS:-$flags}
export CXXFLAGS="${CXXFLAGS:-$flags} -Wall -Wextra"

export OUT=${OUT:-$(pwd)/out}
mkdir -p "$OUT"
Expand Down

0 comments on commit 3a27142

Please sign in to comment.