/src/openvswitch/tests/oss-fuzz/ofctl_parse_target.c

Source
#include <config.h>
#include "fuzzer.h"
#include "openvswitch/ofp-flow.h"
#include "ofp-version-opt.h"
#include "ofproto/ofproto.h"
#include "openflow/openflow.h"
#include "openvswitch/ofpbuf.h"
#include "openvswitch/vlog.h"
#include "util.h"

static void
ofctl_parse_flows__(struct ofputil_flow_mod *fms, size_t n_fms,
                    enum ofputil_protocol usable_protocols)
{
    enum ofputil_protocol protocol = 0;
    char *usable_s;
    size_t i;

    usable_s = ofputil_protocols_to_string(usable_protocols);
    printf("usable protocols: %s\n", usable_s);
    free(usable_s);

    if (!(usable_protocols & OFPUTIL_P_ANY)) {
        printf("no usable protocol\n");
        goto free;
    }
    for (i = 0; i < sizeof(enum ofputil_protocol) * CHAR_BIT; i++) {
        protocol = 1u << i;
        if (protocol & usable_protocols & OFPUTIL_P_ANY) {
            break;
        }
    }
    ovs_assert(is_pow2(protocol));

    printf("chosen protocol: %s\n", ofputil_protocol_to_string(protocol));

    for (i = 0; i < n_fms; i++) {
        struct ofputil_flow_mod *fm = &fms[i];
        struct ofpbuf *msg;

        msg = ofputil_encode_flow_mod(fm, protocol);
        ofpbuf_delete(msg);
    }

free:
    for (i = 0; i < n_fms; i++) {
        struct ofputil_flow_mod *fm = &fms[i];
        free(CONST_CAST(struct ofpact *, fm->ofpacts));
        minimatch_destroy(&fm->match);
    }
}

/* "parse-flow FLOW": parses the argument as a flow (like add-flow) and prints
 * it back to stdout.  */
static void
ofctl_parse_flow(const char *input, int command)
{
    enum ofputil_protocol usable_protocols;
    struct ofputil_flow_mod fm;
    char *error;

    error = parse_ofp_flow_mod_str(&fm, input, NULL, NULL,
                                   command, &usable_protocols);
    if (error) {
        printf("Error encountered: %s\n", error);
        free(error);
    } else {
        ofctl_parse_flows__(&fm, 1, usable_protocols);
    }
}

int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    /* Bail out if we cannot construct at least a 1 char string.
     * Reserve 1 byte to decide flow mod command.
     *
     * Here's the structure of data we expect
     * |--Byte 1--|--Byte 2--|...|--Byte (size-1)--|
     *
     * where,
     *
     * Byte 1: Used to decide which ofp flow mod command to test
     * Bytes 2--(size-1): The C string that is actually passed to
     *                    ofctl_parse_flow() test API.
     *
     * This means that the fuzzed input is actually a C string of
     * length = (size -2) with the terminal byte being the NUL
     * character. Moreover, this string is expected to not contain
     * a new-line character.
     */
    const char *stream = (const char *) data;
    if (size < 3 || stream[size - 1] != '\0' || strchr(&stream[1], '\n') ||
        strlen(&stream[1]) != size - 2) {
        return 0;
    }

    /* Disable logging to avoid write to disk. */
    static bool isInit = false;
    if (!isInit) {
        vlog_set_verbosity("off");
        isInit = true;
    }

    /* Decide test parameters using first byte of fuzzed input. */
    int command = (stream[0] % OFPFC_DELETE_STRICT) + 1;

    /* Fuzz extended match parsing. */
    const char *input = &stream[1];
    ofctl_parse_flow(input, command);

    return 0;
}

Line	Count	Source
1		#include <config.h>
2		#include "fuzzer.h"
3		#include "openvswitch/ofp-flow.h"
4		#include "ofp-version-opt.h"
5		#include "ofproto/ofproto.h"
6		#include "openflow/openflow.h"
7		#include "openvswitch/ofpbuf.h"
8		#include "openvswitch/vlog.h"
9		#include "util.h"
10
11		static void
12		ofctl_parse_flows__(struct ofputil_flow_mod *fms, size_t n_fms,
13		enum ofputil_protocol usable_protocols)
14	9.11k	{
15	9.11k	enum ofputil_protocol protocol = 0;
16	9.11k	char *usable_s;
17	9.11k	size_t i;
18
19	9.11k	usable_s = ofputil_protocols_to_string(usable_protocols);
20	9.11k	printf("usable protocols: %s\n", usable_s);
21	9.11k	free(usable_s);
22
23	9.11k	if (!(usable_protocols & OFPUTIL_P_ANY)) {
24	178	printf("no usable protocol\n");
25	178	goto free;
26	178	}
27	20.2k	for (i = 0; i < sizeof(enum ofputil_protocol) * CHAR_BIT; i++) {
28	20.2k	protocol = 1u << i;
29	20.2k	if (protocol & usable_protocols & OFPUTIL_P_ANY) {
30	8.93k	break;
31	8.93k	}
32	20.2k	}
33	8.93k	ovs_assert(is_pow2(protocol));
34
35	8.93k	printf("chosen protocol: %s\n", ofputil_protocol_to_string(protocol));
36
37	17.8k	for (i = 0; i < n_fms; i++) {
38	8.93k	struct ofputil_flow_mod *fm = &fms[i];
39	8.93k	struct ofpbuf *msg;
40
41	8.93k	msg = ofputil_encode_flow_mod(fm, protocol);
42	8.93k	ofpbuf_delete(msg);
43	8.93k	}
44
45	9.11k	free:
46	18.2k	for (i = 0; i < n_fms; i++) {
47	9.11k	struct ofputil_flow_mod *fm = &fms[i];
48	9.11k	free(CONST_CAST(struct ofpact *, fm->ofpacts));
49	9.11k	minimatch_destroy(&fm->match);
50	9.11k	}
51	9.11k	}
52
53		/* "parse-flow FLOW": parses the argument as a flow (like add-flow) and prints
54		* it back to stdout. */
55		static void
56		ofctl_parse_flow(const char *input, int command)
57	23.0k	{
58	23.0k	enum ofputil_protocol usable_protocols;
59	23.0k	struct ofputil_flow_mod fm;
60	23.0k	char *error;
61
62	23.0k	error = parse_ofp_flow_mod_str(&fm, input, NULL, NULL,
63	23.0k	command, &usable_protocols);
64	23.0k	if (error) {
65	13.9k	printf("Error encountered: %s\n", error);
66	13.9k	free(error);
67	13.9k	} else {
68	9.11k	ofctl_parse_flows__(&fm, 1, usable_protocols);
69	9.11k	}
70	23.0k	}
71
72		int
73		LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
74	39.9k	{
75		/* Bail out if we cannot construct at least a 1 char string.
76		* Reserve 1 byte to decide flow mod command.
77		*
78		* Here's the structure of data we expect
79		* \|--Byte 1--\|--Byte 2--\|...\|--Byte (size-1)--\|
80		*
81		* where,
82		*
83		* Byte 1: Used to decide which ofp flow mod command to test
84		* Bytes 2--(size-1): The C string that is actually passed to
85		* ofctl_parse_flow() test API.
86		*
87		* This means that the fuzzed input is actually a C string of
88		* length = (size -2) with the terminal byte being the NUL
89		* character. Moreover, this string is expected to not contain
90		* a new-line character.
91		*/
92	39.9k	const char stream = (const char ) data;
93	39.9k	if (size < 3 \|\| stream[size - 1] != '\0' \|\| strchr(&stream[1], '\n') \|\|
94	39.9k	strlen(&stream[1]) != size - 2) {
95	33	return 0;
96	33	}
97
98		/* Disable logging to avoid write to disk. */
99	39.9k	static bool isInit = false;
100	39.9k	if (!isInit) {
101	2	vlog_set_verbosity("off");
102	2	isInit = true;
103	2	}
104
105		/* Decide test parameters using first byte of fuzzed input. */
106	39.9k	int command = (stream[0] % OFPFC_DELETE_STRICT) + 1;
107
108		/* Fuzz extended match parsing. */
109	39.9k	const char *input = &stream[1];
110	39.9k	ofctl_parse_flow(input, command);
111
112	39.9k	return 0;
113	39.9k	}

Coverage Report

Created: 2024-02-11 06:14