aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorGravatar Noah Eisen <ncteisen@gmail.com>2017-04-26 14:12:02 -0700
committerGravatar GitHub <noreply@github.com>2017-04-26 14:12:02 -0700
commit436a3942963117a4751428afeb6f9952a720ce1a (patch)
tree33d8748210306de9bda2953853b88466f5387288
parentec6f434610a5aef301d2747bbcd986af13c67267 (diff)
parentf725d7e6b6ac57641e67f363f3e3b585d074f0e2 (diff)
Merge pull request #10823 from ncteisen/client-auth-filter-fuzz
Don't Abort on Input
-rw-r--r--src/core/ext/filters/client_channel/subchannel.c15
-rw-r--r--src/core/lib/channel/connected_channel.c4
-rw-r--r--src/core/lib/security/transport/client_auth_filter.c10
-rw-r--r--test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-minimized-5175380371570688bin0 -> 48 bytes
-rw-r--r--tools/run_tests/generated/tests.json23
5 files changed, 43 insertions, 9 deletions
diff --git a/src/core/ext/filters/client_channel/subchannel.c b/src/core/ext/filters/client_channel/subchannel.c
index 967e571221..b2de85c4a1 100644
--- a/src/core/ext/filters/client_channel/subchannel.c
+++ b/src/core/ext/filters/client_channel/subchannel.c
@@ -615,7 +615,7 @@ void grpc_connected_subchannel_ping(grpc_exec_ctx *exec_ctx,
elem->filter->start_transport_op(exec_ctx, elem, op);
}
-static void publish_transport_locked(grpc_exec_ctx *exec_ctx,
+static bool publish_transport_locked(grpc_exec_ctx *exec_ctx,
grpc_subchannel *c) {
grpc_connected_subchannel *con;
grpc_channel_stack *stk;
@@ -631,15 +631,16 @@ static void publish_transport_locked(grpc_exec_ctx *exec_ctx,
if (!grpc_channel_init_create_stack(exec_ctx, builder,
GRPC_CLIENT_SUBCHANNEL)) {
grpc_channel_stack_builder_destroy(exec_ctx, builder);
- abort(); /* TODO(ctiller): what to do here (previously we just crashed) */
+ return false;
}
grpc_error *error = grpc_channel_stack_builder_finish(
exec_ctx, builder, 0, 1, connection_destroy, NULL, (void **)&con);
if (error != GRPC_ERROR_NONE) {
+ grpc_transport_destroy(exec_ctx, c->connecting_result.transport);
gpr_log(GPR_ERROR, "error initializing subchannel stack: %s",
grpc_error_string(error));
GRPC_ERROR_UNREF(error);
- abort(); /* TODO(ctiller): what to do here? */
+ return false;
}
stk = CHANNEL_STACK_FROM_CONNECTION(con);
memset(&c->connecting_result, 0, sizeof(c->connecting_result));
@@ -656,7 +657,7 @@ static void publish_transport_locked(grpc_exec_ctx *exec_ctx,
grpc_channel_stack_destroy(exec_ctx, stk);
gpr_free(con);
GRPC_SUBCHANNEL_WEAK_UNREF(exec_ctx, c, "connecting");
- return;
+ return false;
}
/* publish */
@@ -678,6 +679,7 @@ static void publish_transport_locked(grpc_exec_ctx *exec_ctx,
/* signal completion */
grpc_connectivity_state_set(exec_ctx, &c->state_tracker, GRPC_CHANNEL_READY,
GRPC_ERROR_NONE, "connected");
+ return true;
}
static void subchannel_connected(grpc_exec_ctx *exec_ctx, void *arg,
@@ -688,8 +690,9 @@ static void subchannel_connected(grpc_exec_ctx *exec_ctx, void *arg,
GRPC_SUBCHANNEL_WEAK_REF(c, "connected");
gpr_mu_lock(&c->mu);
c->connecting = false;
- if (c->connecting_result.transport != NULL) {
- publish_transport_locked(exec_ctx, c);
+ if (c->connecting_result.transport != NULL &&
+ publish_transport_locked(exec_ctx, c)) {
+ /* do nothing, transport was published */
} else if (c->disconnected) {
GRPC_SUBCHANNEL_WEAK_UNREF(exec_ctx, c, "connecting");
} else {
diff --git a/src/core/lib/channel/connected_channel.c b/src/core/lib/channel/connected_channel.c
index 22caf24373..d8985268eb 100644
--- a/src/core/lib/channel/connected_channel.c
+++ b/src/core/lib/channel/connected_channel.c
@@ -128,7 +128,9 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx,
static void destroy_channel_elem(grpc_exec_ctx *exec_ctx,
grpc_channel_element *elem) {
channel_data *cd = (channel_data *)elem->channel_data;
- grpc_transport_destroy(exec_ctx, cd->transport);
+ if (cd->transport) {
+ grpc_transport_destroy(exec_ctx, cd->transport);
+ }
}
static char *con_get_peer(grpc_exec_ctx *exec_ctx, grpc_call_element *elem) {
diff --git a/src/core/lib/security/transport/client_auth_filter.c b/src/core/lib/security/transport/client_auth_filter.c
index f526653ffa..1f0daf7325 100644
--- a/src/core/lib/security/transport/client_auth_filter.c
+++ b/src/core/lib/security/transport/client_auth_filter.c
@@ -343,8 +343,16 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx,
grpc_channel_element_args *args) {
grpc_security_connector *sc =
grpc_security_connector_find_in_args(args->channel_args);
+ if (sc == NULL) {
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+ "Security connector missing from client auth filter args");
+ }
grpc_auth_context *auth_context =
grpc_find_auth_context_in_args(args->channel_args);
+ if (auth_context == NULL) {
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+ "Auth context missing from client auth filter args");
+ }
/* grab pointers to our data from the channel element */
channel_data *chand = elem->channel_data;
@@ -353,8 +361,6 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx,
handle the case that there's no 'next' filter to call on the up or down
path */
GPR_ASSERT(!args->is_last);
- GPR_ASSERT(sc != NULL);
- GPR_ASSERT(auth_context != NULL);
/* initialize members */
chand->security_connector =
diff --git a/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-minimized-5175380371570688 b/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-minimized-5175380371570688
new file mode 100644
index 0000000000..9c7aebc63a
--- /dev/null
+++ b/test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-minimized-5175380371570688
Binary files differ
diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json
index 058127862e..2928b870c9 100644
--- a/tools/run_tests/generated/tests.json
+++ b/tools/run_tests/generated/tests.json
@@ -85304,6 +85304,29 @@
},
{
"args": [
+ "test/core/end2end/fuzzers/api_fuzzer_corpus/clusterfuzz-testcase-minimized-5175380371570688"
+ ],
+ "ci_platforms": [
+ "linux"
+ ],
+ "cpu_cost": 0.1,
+ "exclude_configs": [
+ "tsan"
+ ],
+ "exclude_iomgrs": [
+ "uv"
+ ],
+ "flaky": false,
+ "language": "c",
+ "name": "api_fuzzer_one_entry",
+ "platforms": [
+ "mac",
+ "linux"
+ ],
+ "uses_polling": false
+ },
+ {
+ "args": [
"test/core/end2end/fuzzers/api_fuzzer_corpus/crash-0597bbdd657fa4ed14443994c9147a1a7bbc205f"
],
"ci_platforms": [