From 30d4a1ad0f59e9ab4ac4a524cce4bcf470678290 Mon Sep 17 00:00:00 2001 From: cpq Date: Fri, 11 Dec 2020 13:16:51 +0000 Subject: [PATCH] Fix mg_sntp_parse() --- Makefile | 2 +- mongoose.c | 2 +- src/sntp.c | 2 +- test/fuzz.c | 7 +++++++ test/unit_test.c | 10 +++++++++- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index afd5446b..890df266 100644 --- a/Makefile +++ b/Makefile @@ -86,4 +86,4 @@ mongoose.h: $(HDRS) Makefile clean: EXAMPLE_TARGET = clean clean: ex - rm -rf $(PROG) *.o *.dSYM unit_test* ut fuzzer *.gcov *.gcno *.gcda *.obj *.exe *.ilk *.pdb slow-unit* _CL_* infer-out data.txt + rm -rf $(PROG) *.o *.dSYM unit_test* ut fuzzer *.gcov *.gcno *.gcda *.obj *.exe *.ilk *.pdb slow-unit* _CL_* infer-out data.txt crash-* diff --git a/mongoose.c b/mongoose.c index 79690134..a6a61893 100644 --- a/mongoose.c +++ b/mongoose.c @@ -2155,7 +2155,7 @@ void mg_hmac_sha1(const unsigned char *key, size_t keylen, static unsigned long s_sntmp_next; int mg_sntp_parse(const unsigned char *buf, size_t len, struct timeval *tv) { - int mode = buf[0] & 7, res = -1; + int mode = len > 0 ? buf[0] & 7 : 0, res = -1; if (len < 48) { LOG(LL_ERROR, ("%s", "corrupt packet")); } else if ((buf[0] & 0x38) >> 3 != 4) { diff --git a/src/sntp.c b/src/sntp.c index ba788f34..46b15c60 100644 --- a/src/sntp.c +++ b/src/sntp.c @@ -10,7 +10,7 @@ static unsigned long s_sntmp_next; int mg_sntp_parse(const unsigned char *buf, size_t len, struct timeval *tv) { - int mode = buf[0] & 7, res = -1; + int mode = len > 0 ? buf[0] & 7 : 0, res = -1; if (len < 48) { LOG(LL_ERROR, ("%s", "corrupt packet")); } else if ((buf[0] & 0x38) >> 3 != 4) { diff --git a/test/fuzz.c b/test/fuzz.c index c8dd9316..54dd98b2 100644 --- a/test/fuzz.c +++ b/test/fuzz.c @@ -4,25 +4,32 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct mg_dns_message dm; mg_dns_parse(data, size, &dm); + mg_dns_parse(NULL, 0, &dm); struct mg_http_message hm; mg_http_parse((const char *) data, size, &hm); + mg_http_parse(NULL, 0, &hm); struct mg_str body = mg_str_n((const char *) data, size); char tmp[256]; mg_http_get_var(&body, "key", tmp, sizeof(tmp)); mg_url_decode((char *) data, size, tmp, sizeof(tmp), 1); mg_url_decode((char *) data, size, tmp, 1, 1); + mg_url_decode(NULL, 0, tmp, 1, 1); struct mg_mqtt_message mm; mg_mqtt_parse(data, size, &mm); + mg_mqtt_parse(NULL, 0, &mm); struct timeval tv; mg_sntp_parse(data, size, &tv); + mg_sntp_parse(NULL, 0, &tv); char buf[size * 4 / 3 + 5]; // At least 4 chars and nul termination mg_base64_decode((char *) data, size, buf); + mg_base64_decode(NULL, 0, buf); mg_base64_encode(data, size, buf); + mg_base64_encode(NULL, 0, buf); return 0; } diff --git a/test/unit_test.c b/test/unit_test.c index ad1a0b7f..f933fad7 100644 --- a/test/unit_test.c +++ b/test/unit_test.c @@ -247,6 +247,8 @@ static void test_sntp(void) { ASSERT(tm->tm_sec == 21); ASSERT(mg_sntp_parse(bad_good, sizeof(bad_good), &tv) == -1); } + + ASSERT(mg_sntp_parse(NULL, 0, &tv) == -1); } static void mqtt_cb(struct mg_connection *c, int ev, void *evd, void *fnd) { @@ -860,6 +862,11 @@ static void test_str(void) { ASSERT(mg_strcmp(mg_str("hi"), mg_strstrip(mg_str(" \thi\r\n"))) == 0); } +static void test_dns(void) { + struct mg_dns_message dm; + ASSERT(mg_dns_parse(NULL, 0, &dm) == 0); +} + static void test_util(void) { char buf[100], *s = mg_hexdump("abc", 3); ASSERT(s != NULL); @@ -876,6 +883,8 @@ static void test_util(void) { int main(void) { mg_log_set("3"); test_util(); + test_sntp(); + test_dns(); test_mqtt(); test_str(); test_timer(); @@ -893,7 +902,6 @@ int main(void) { test_http_client(); test_http_no_content_length(); test_http_pipeline(); - test_sntp(); printf("SUCCESS. Total tests: %d\n", s_num_tests); return EXIT_SUCCESS; }