search

dbus-fuzzer / dfuzzer

D-Bus fuzzer
GNU General Public License v3.0
37 stars 10 forks source link

fuzz: check if the connection is not closed #120

Closed mrc0mmand closed 2 years ago

mrc0mmand commented 2 years ago

since that means we didn't reach the server and most likely generated data which the D-Bus broker didn't like.

Prompted by https://github.com/dbus-fuzzer/dfuzzer/pull/114#issuecomment-1173146578

Closes: #114

mrc0mmand commented 2 years ago

When applied on top of #114 it seems to be doing its thing:

$ build/dfuzzer --log-dir logs -svd -n org.freedesktop.systemd1 -o /org/freedesktop/systemd1 -i org.freedesktop.systemd1.Manager -t StartTransientUnit --iteration 3
[SESSION BUS]
[PROCESS: /usr/lib/systemd/systemd]
[CONNECTED TO PID: 1578]
Object: /org/freedesktop/systemd1
 Interface: org.freedesktop.systemd1.Manager
  Method: StartTransientUnit (ssa(sv)a(sa(sv))) => 3 iterations
  EXCE StartTransientUnit - D-Bus exception thrown: Job mode AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA is invalid.
   -- Signature: (ssa(sv)a(sa(sv)))
   -- Value: ('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', @a(sv) [], @a(sa(sv)) [])
  EXCE StartTransientUnit - D-Bus exception thrown: Job mode %s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s is invalid.
   -- Signature: (ssa(sv)a(sa(sv)))
   -- Value: ('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', '%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', [('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', <(byte 0xff,)>), ('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', <(int16 32767,)>), ('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', <('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s',)>), ('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', <(uint16 65535,)>), ('%s%s%s%s%s%s%s%s%s%n%s%n%n%n%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s', <(int16 32767,)>)], @a(sa(sv)) [])
  FAIL [M] StartTransientUnit - the connection is closed (this is a bug, please report it)
$ journalctl -e -n 2 -o short-monotonic --no-hostname
[94327.828835] dbus-broker[1630]: Peer :1.340 is being disconnected as it sent a message with an invalid body.
[94327.833021] dbus-broker[1198]: Peer :1.638 is being disconnected as it sent a message with an invalid body.

(I'm not completely sure how accurate the "this is a bug, please report it" statement is and if I should even keep it there)

evverx commented 2 years ago

I'm not completely sure how accurate the "this is a bug, please report it" statement is and if I should even keep it there

I think it would make sense to keep it. I'd change it to something like "this is most likely a bug in dfuzzer, please report it at https://github.com/dbus-fuzzer/dfuzzer and attach the logs of dbus-daemon/dbus-broker.

mrc0mmand commented 2 years ago

I'm not completely sure how accurate the "this is a bug, please report it" statement is and if I should even keep it there

I think it would make sense to keep it. I'd change it to something like "this is most likely a bug in dfuzzer, please report it at https://github.com/dbus-fuzzer/dfuzzer and attach the logs of dbus-daemon/dbus-broker.

Good idea, updated.