shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-07 02:39:48 +09:00
Code Issues Packages Projects Releases Wiki Activity

Allow building without the exec() supported ...

Browse Source 
.. to satisfy restricted environment or fuzzers

We are encountering weird issues in the oss-fuzz that the file disappears during
coverage build so I assume some corpus sneaked in, that contains some commands
that end up being executed as part of the coverage run causing it randomly
failing.

The solution I propose is to build fuzzers without ability to call arbitrary
commands on the filesystem (such as `rm -rf /`) as this is not the point the
fuzzers should be testing.

This is controlled by the WITH_EXEC CMake option (enabled by default).

https://github.com/google/oss-fuzz/issues/10136

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
This commit is contained in:
Jakub Jelen
2024-07-04 18:28:43 +02:00
committed by Sahana Prasad
parent 2fe9ed1764
commit bed4438695
12 changed files with 81 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/client/torture_proxycommand.c
View File

@@ -69,7 +69,9 @@ static void torture_options_set_proxycommand(void **state)
char command[255] = {0};
struct stat sb;
int rc;
#ifdef WITH_EXEC
socket_t fd;
#endif
rc = stat(NCAT_EXECUTABLE, &sb);
if (rc != 0 || (sb.st_mode & S_IXOTH) == 0) {
@@ -88,11 +90,15 @@ static void torture_options_set_proxycommand(void **state)
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
assert_int_equal(rc, 0);
rc = ssh_connect(session);
#ifdef WITH_EXEC
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_true(fd != SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
#else
assert_int_equal(rc, SSH_ERROR);
#endif /* WITH_EXEC */
}
#else /* NCAT_EXECUTABLE */
@@ -124,7 +130,9 @@ static void torture_options_set_proxycommand_ssh(void **state)
const char *address = torture_server_address(AF_INET);
char command[255] = {0};
int rc;
#ifdef WITH_EXEC
socket_t fd;
#endif
rc = snprintf(command, sizeof(command),
"ssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -W [%%h]:%%p alice@%s",
@@ -134,11 +142,15 @@ static void torture_options_set_proxycommand_ssh(void **state)
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
assert_int_equal(rc, 0);
rc = ssh_connect(session);
#ifdef WITH_EXEC
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_true(fd != SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
#else
assert_int_equal(rc, SSH_ERROR);
#endif /* WITH_EXEC */
}
static void torture_options_set_proxycommand_ssh_stderr(void **state)
@@ -148,7 +160,9 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
const char *address = torture_server_address(AF_INET);
char command[255] = {0};
int rc;
#ifdef WITH_EXEC
socket_t fd;
#endif
/* The -vvv switches produce the desired output on the standard error */
rc = snprintf(command, sizeof(command),
@@ -159,11 +173,15 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, command);
assert_int_equal(rc, 0);
rc = ssh_connect(session);
#ifdef WITH_EXEC
assert_ssh_return_code(session, rc);
fd = ssh_get_fd(session);
assert_true(fd != SSH_INVALID_SOCKET);
rc = fcntl(fd, F_GETFL);
assert_int_equal(rc & O_RDWR, O_RDWR);
#else
assert_int_equal(rc, SSH_ERROR);
#endif /* WITH_EXEC */
}
static void torture_options_proxycommand_injection(void **state)