From d3ace6cf29778e26c97d0de138dcdd30afac07e5 Mon Sep 17 00:00:00 2001 From: David Garcia Quintas Date: Thu, 29 Mar 2018 10:13:14 -0700 Subject: [PATCH 1/2] Fix authority fuzzing failures --- .../filters/http/client_authority_filter.cc | 11 ++- src/core/lib/surface/channel.cc | 2 +- ...rfuzz-testcase-api_fuzzer-5406804084260864 | Bin 0 -> 44 bytes ...rfuzz-testcase-api_fuzzer-5471994809155584 | Bin 0 -> 287 bytes ...rfuzz-testcase-api_fuzzer-6609852341157888 | Bin 0 -> 1125 bytes tools/run_tests/generated/tests.json | 69 ++++++++++++++++++ 6 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-5406804084260864 create mode 100644 test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-5471994809155584 create mode 100644 test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-6609852341157888 diff --git a/src/core/ext/filters/http/client_authority_filter.cc b/src/core/ext/filters/http/client_authority_filter.cc index f2b3e0fe7be..6d68ffcd211 100644 --- a/src/core/ext/filters/http/client_authority_filter.cc +++ b/src/core/ext/filters/http/client_authority_filter.cc @@ -97,8 +97,15 @@ grpc_error* init_channel_elem(grpc_channel_element* elem, "channels must explicity specify a value for this argument."); abort(); } - chand->default_authority = grpc_slice_from_copied_string( - grpc_channel_arg_get_string(default_authority_arg)); + const char* default_authority_str = + grpc_channel_arg_get_string(default_authority_arg); + if (default_authority_str == nullptr) { + gpr_log(GPR_ERROR, + "GRPC_ARG_DEFAULT_AUTHORITY channel arg. must be a string."); + abort(); + } + chand->default_authority = + grpc_slice_from_copied_string(default_authority_str); GPR_ASSERT(!args->is_last); return GRPC_ERROR_NONE; } diff --git a/src/core/lib/surface/channel.cc b/src/core/lib/surface/channel.cc index 807e28eef1b..d740ebd4114 100644 --- a/src/core/lib/surface/channel.cc +++ b/src/core/lib/surface/channel.cc @@ -167,7 +167,7 @@ static grpc_core::UniquePtr get_default_authority( has_default_authority = true; } else if (0 == strcmp(input_args->args[i].key, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG)) { - ssl_override = input_args->args[i].value.string; + ssl_override = grpc_channel_arg_get_string(&input_args->args[i]); } } if (!has_default_authority && ssl_override != nullptr) { diff --git a/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-5406804084260864 b/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-5406804084260864 new file mode 100644 index 0000000000000000000000000000000000000000..121aac7ec874272905ceafcd9a27961ac69691a1 GIT binary patch literal 44 zcmZQ7PW@lpz`)OxUR02*S6rMEUy@jqo>~&0mzbLxpI??*RFs*L%D|wPn^*w=Zw3$} literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-5471994809155584 b/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-5471994809155584 new file mode 100644 index 0000000000000000000000000000000000000000..e5d3d38e96cd25161c6bc4b819167135a1ac848a GIT binary patch literal 287 zcmZQzWM*JsU@A^6DoZV5U}8!yDoEB#Nli;E%_)h`EU9E*W(3MJFfg(~Xa+_`MlMDW zd1@;oqYyFxih%(G10Ew2OG`5Hi@*k>+Jz*+2(gL-tBouST>lw?E@gPstpITuvV&l5 S02xtK0J903fygRxyBGituQ1#I literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-6609852341157888 b/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-api_fuzzer-6609852341157888 new file mode 100644 index 0000000000000000000000000000000000000000..b7debabf1907b9f5f9877fc666faebcaba768140 GIT binary patch literal 1125 zcmah}&2G~`5T1<+xGkcQC<1YU7YHgZ0MEcB;$&^@%@2*^u-;T{FR>6uB+lI7p|}zW zsUQ^*q#y`*n3=WX7%DM`)p~a3n{U3^bt^M=Y%Hi&-%g@VmW@KEZQrNa$Hv-W zY`_lPX&9vn%xMUKc(DM0KqQz6nQW+;;;ygMaJp7dN{^UN@R);Hh^3r~-GtQMf2mrAZX*!#&FE641&+xM(7{(td1u zdOC8Up1MKGax=t6y|X})sKy@EXw>!O_G%y1z3OMfOqw{=)GBVhrU7BU^0o`@VzC}u z@tK*|&Bp{lYIvcD!IEx8&7k;-pS&6yz88FR*b0E$^Y|fp5bR2nopUsOd6_t}s=q3w zz#YVMAyRBB-?(H-pub2=>0xIu(b3T}rw>Oa%!X&C^Tb4HY@Xv!FDs}k*XibZnd;U8 zcy#^`aV9Ze3(D2OGrR#9R}5uXcQz>30UVT_ Date: Thu, 29 Mar 2018 10:36:30 -0700 Subject: [PATCH 2/2] Return errors in lieu of aborting --- src/core/ext/filters/http/client_authority_filter.cc | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/core/ext/filters/http/client_authority_filter.cc b/src/core/ext/filters/http/client_authority_filter.cc index 6d68ffcd211..855007500a0 100644 --- a/src/core/ext/filters/http/client_authority_filter.cc +++ b/src/core/ext/filters/http/client_authority_filter.cc @@ -91,18 +91,15 @@ grpc_error* init_channel_elem(grpc_channel_element* elem, const grpc_arg* default_authority_arg = grpc_channel_args_find(args->channel_args, GRPC_ARG_DEFAULT_AUTHORITY); if (default_authority_arg == nullptr) { - gpr_log( - GPR_ERROR, + return GRPC_ERROR_CREATE_FROM_STATIC_STRING( "GRPC_ARG_DEFAULT_AUTHORITY channel arg. not found. Note that direct " "channels must explicity specify a value for this argument."); - abort(); } const char* default_authority_str = grpc_channel_arg_get_string(default_authority_arg); if (default_authority_str == nullptr) { - gpr_log(GPR_ERROR, - "GRPC_ARG_DEFAULT_AUTHORITY channel arg. must be a string."); - abort(); + return GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "GRPC_ARG_DEFAULT_AUTHORITY channel arg. must be a string"); } chand->default_authority = grpc_slice_from_copied_string(default_authority_str);