From e9fb3bfb854db0b2ca67d089992450bdc06cec82 Mon Sep 17 00:00:00 2001 From: "L. Pereira" Date: Fri, 19 Apr 2024 07:27:45 -0700 Subject: [PATCH] Disallow constants section anywhere other than the main scope Fixes an OOM scenario (reproducer in fuzz/regresion/...). Thanks to oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68129 --- ...e-minimized-config_fuzzer-5462763322277888 | 233 ++++++++++++++++++ src/lib/lwan-config.c | 3 +- 2 files changed, 235 insertions(+), 1 deletion(-) create mode 100644 fuzz/regression/clusterfuzz-testcase-minimized-config_fuzzer-5462763322277888 diff --git a/fuzz/regression/clusterfuzz-testcase-minimized-config_fuzzer-5462763322277888 b/fuzz/regression/clusterfuzz-testcase-minimized-config_fuzzer-5462763322277888 new file mode 100644 index 000000000..304fbd5fc --- /dev/null +++ b/fuzz/regression/clusterfuzz-testcase-minimized-config_fuzzer-5462763322277888 @@ -0,0 +1,233 @@ +$=$¯=$=$=$=$=$=$=$=$=$=$=$=$=$ÿõ=$=$=$$==$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$ =$=$=$=$=$=$=$=$=$=""$=$=$=$=$=$=$=$=$off +!=off +' ] +ÿ˜˜" := +"˜˜˜˜˜‚˜˜˜˜˜˜˜˜" := +"˜˜˜˜˜˜=" +constants{M=Z=M""$"˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜Íʘ˜˜˜˜˜˜˜˜˜˜˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" +" +" + +"÷" +" +" +" +" +" +" +" +" +" +" +" +" +" + +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" + +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" +" + +"˜‚˜˜˜˜˜˜˜˜" := +"˜˜˜˜˜˜=" +constants{M=Z=M""$"˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" + +" +" +" + +" +" +" +" +" +"$=$=$=$ÿÿÿÿÿÿÿ=$constanŒs$=$=$=$=$=$=$ =$=$=$=$=$=$=$B$=$=""$=$=$=ƒ=$=$" +" +" +" +" +" +" +" +" +" +" +" +" +" + +"˜‚˜˜˜˜˜˜˜˜" := +"˜˜˜˜˜˜=" +constants{M=Z=M""$"˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" + +" +" +" + +" +" +" +" +" +"$=$=$=$ÿÿÿÿÿÿÿ=$constan:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜Íʘ˜˜˜˜˜˜˜˜˜˜˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" + +" +" +" + +" +" +" +" +" +"$=$=$=$ÿÿÿÿÿÿÿ=$constan:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜Íʘ˜˜˜˜˜˜˜˜˜˜˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" + +" +" +" + +" +" +" +" +" +"$=$=$=$ÿÿÿÿÿÿÿ=$constan:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜Íʘ˜˜˜˜˜˜˜˜˜˜˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" + +" +" +" + +" +" +" +" +" +"$=$=$=$ÿÿÿÿÿÿÿ=$constan:}${M:}${M:}${M:}${M:M:}Z=M${M:}${I:}${M:}$$=$=$=$=$=$=$=""$"˜˜˜˜˜˜˜˜˜˜˜˜˜˜˜Íʘ˜˜˜˜˜˜˜˜˜˜˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$=$=$=$=$=$=$=$=$=$ÿ˜˜˜˜˜˜˜˜˜˜˜˜˜ := +"˜˜˜˜˜˜=" +constants{M=]=${M:}${M:.}${M:}${I:}${M:}${N:}${M:}${M:}${M:{{M:}${M:}${M:M:}Z=M${M:}${I:˜dd4" ˜˜˜Â˜˜˜˜$=$=$=$=$T$=$=$=$=$=$=$=$=$ÿõ=$=$=" +" +" +" +" +" +" + +"÷" +" +" +" +" +" +" +" +" +" +" +" +" +" + +" +" +" +" +" +" +" +" +" +" +" +Œs$=$=$=$=$=$=$ =$=$=$=$=$=$=$B$=$=""$=$=$=ƒ=$=$=$=$=$=$=$B$=$=""$=$=$=$=$=$Ã$=$=$=off +(=off +(=of{M:}$˜˜˜˜+Z=M""$"˜˜˜˜˜˜˜˜˜˜˜˜˜" : +" +" +" +" +" +" +" +" +" +" +" +"= +"˜˜˜˜˜˜*=" + +co \ No newline at end of file diff --git a/src/lib/lwan-config.c b/src/lib/lwan-config.c index 674b8aef5..865e95ef0 100644 --- a/src/lib/lwan-config.c +++ b/src/lib/lwan-config.c @@ -851,7 +851,8 @@ static const struct config_line *parser_next(struct parser *parser) if (!l) return NULL; - if (l->type == CONFIG_LINE_TYPE_SECTION && streq(l->key, "constants")) { + if (l->type == CONFIG_LINE_TYPE_SECTION && streq(l->key, "constants") && + config_from_parser(parser)->opened_brackets == 1) { struct config *config = config_from_parser(parser); if (parse_constants(config, l))