From d00582bd82db2f5cf5b021898ae683d22b03645e Mon Sep 17 00:00:00 2001 From: Craig Tiller Date: Thu, 14 Dec 2023 00:20:03 +0000 Subject: [PATCH] Fix fuzzer bug b/309756937 (#35279) Built on #35278, which should be landed first Always fail parsing when `grpclb_client_stats` is included in headers -- it's a meaningless value and the only reason to include it would be some sort of attack. Closes #35279 COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35279 from ctiller:fuzz-309756937 545448c4dec94596ad550ecd5d852d2e0de2f530 PiperOrigin-RevId: 590745978 --- src/core/lib/transport/metadata_batch.h | 3 ++- .../tests/Hosts/ios-host/AppDelegate.github.h | 2 +- .../tests/Hosts/ios-host/AppDelegate.github.m | 2 +- .../tests/Hosts/ios-host/Info.github.plist | 2 +- src/objective-c/tests/Hosts/ios-host/main.github.m | 2 +- .../frame_fuzzer_corpus/5691448031772672 | Bin 0 -> 51 bytes 6 files changed, 6 insertions(+), 5 deletions(-) create mode 100644 test/core/transport/chaotic_good/frame_fuzzer_corpus/5691448031772672 diff --git a/src/core/lib/transport/metadata_batch.h b/src/core/lib/transport/metadata_batch.h index 6bb12289d5a..ea833c8cbaa 100644 --- a/src/core/lib/transport/metadata_batch.h +++ b/src/core/lib/transport/metadata_batch.h @@ -410,7 +410,8 @@ struct GrpcLbClientStatsMetadata { static const char* DisplayMemento(MementoType) { return ""; } - static MementoType ParseMemento(Slice, bool, MetadataParseErrorFn) { + static MementoType ParseMemento(Slice, bool, MetadataParseErrorFn error) { + error("not a valid value for grpclb_client_stats", Slice()); return nullptr; } }; diff --git a/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.h b/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.h index daf5a5eb6d1..83b3bf59417 100644 --- a/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.h +++ b/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.h @@ -22,4 +22,4 @@ @property(strong, nonatomic) UIWindow* window; -@end \ No newline at end of file +@end diff --git a/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.m b/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.m index 2d7c5122c1e..4a76f4c488c 100644 --- a/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.m +++ b/src/objective-c/tests/Hosts/ios-host/AppDelegate.github.m @@ -24,4 +24,4 @@ @implementation AppDelegate -@end \ No newline at end of file +@end diff --git a/src/objective-c/tests/Hosts/ios-host/Info.github.plist b/src/objective-c/tests/Hosts/ios-host/Info.github.plist index 42c9f612977..e5baf19b85c 100644 --- a/src/objective-c/tests/Hosts/ios-host/Info.github.plist +++ b/src/objective-c/tests/Hosts/ios-host/Info.github.plist @@ -38,4 +38,4 @@ UIInterfaceOrientationLandscapeRight - \ No newline at end of file + diff --git a/src/objective-c/tests/Hosts/ios-host/main.github.m b/src/objective-c/tests/Hosts/ios-host/main.github.m index f1a3c9bab10..2797c6f17f2 100644 --- a/src/objective-c/tests/Hosts/ios-host/main.github.m +++ b/src/objective-c/tests/Hosts/ios-host/main.github.m @@ -23,4 +23,4 @@ int main(int argc, char* argv[]) { @autoreleasepool { return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); } -} \ No newline at end of file +} diff --git a/test/core/transport/chaotic_good/frame_fuzzer_corpus/5691448031772672 b/test/core/transport/chaotic_good/frame_fuzzer_corpus/5691448031772672 new file mode 100644 index 0000000000000000000000000000000000000000..98e8a28385d868b52dc0209da655bed0b3deb36d GIT binary patch literal 51 zcmY#rU}Rv(Q+)JKiUAB(8UiU*2B4sDdQm}gPEvewPG)LeNqlihVo5PjyqEz1DVhwJ literal 0 HcmV?d00001