From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Tue, 13 Mar 2018 11:25:06 +0000 (+0100)
Subject: shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_devi... 
X-Git-Tag: v239~548^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=20d52ab60e7ba40f7cf23c148bcead8bd05bea3a;p=platform%2Fupstream%2Fsystemd.git

shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow()

oss-fuzz #6885.
---

diff --git a/TODO b/TODO
index f171121..d5e37e4 100644
--- a/TODO
+++ b/TODO
@@ -528,6 +528,7 @@ Features:
 * maybe add a generator that looks for "systemd.run=" on the kernel cmdline for container usercases...
 
 * test/:
+  - add unit tests for config_parse_device_allow()
 
 * seems that when we follow symlinks to units we prefer the symlink
   destination path over /etc and /usr. We should not do that. Instead
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index f2f9267..7f56149 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -410,7 +410,6 @@ int config_parse_socket_listen(const char *unit,
                 if (r < 0) {
                         if (r != -EAFNOSUPPORT)
                                 log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse address value, ignoring: %s", rvalue);
-
                         return 0;
                 }
 
@@ -3511,6 +3510,7 @@ int config_parse_device_allow(
                 log_syntax(unit, LOG_WARNING, filename, line, r,
                            "Failed to resolve specifiers in %s, ignoring: %m",
                            rvalue);
+                return 0;
         }
 
         n = strcspn(t, WHITESPACE);
diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885
new file mode 100644
index 0000000..1859136
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6885
@@ -0,0 +1,3 @@
+service
+[Service]
+DeviceAllow=%D
\ No newline at end of file
diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build
index c1416f9..9753c61 100644
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -30,4 +30,5 @@ fuzz_regression_tests = '''
         fuzz-dns-packet/oss-fuzz-5465
         fuzz-dns-packet/issue-7888
         fuzz-unit-file/oss-fuzz-6884
+        fuzz-unit-file/oss-fuzz-6885
 '''.split()