diff options
| author |  Yunshu Ouyang <61579667+yooyoo9@users.noreply.github.com> | 2020-09-10 16:49:59 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-09-10 07:49:59 -0700 |
| commit | b0c1a12b03a1077d3adb8ec8bddfbe47a461e434 (patch) | |
| tree | 2a3f74edf8e36b961b074147a938eaa515b2d1d1 | |
| parent | 7033ab69e6bd2c25b1adcbdd39e72f9e02f4d459 (diff) | |
[nginx] Fix startup crashes (#4433)
* Fix startup crashes
* Clean-up fuzzer
| -rw-r--r-- | projects/nginx/fuzz/http_request_fuzzer.cc | 13 | ||||
| -rw-r--r-- | projects/nginx/fuzz/wrappers.c | 13 |
2 files changed, 8 insertions, 18 deletions
diff --git a/projects/nginx/fuzz/http_request_fuzzer.cc b/projects/nginx/fuzz/http_request_fuzzer.cc index bed04d7d..8d69e82c 100644 --- a/projects/nginx/fuzz/http_request_fuzzer.cc +++ b/projects/nginx/fuzz/http_request_fuzzer.cc @@ -101,7 +101,7 @@ static char arg1[] = {0, 0xA, 0}; extern char **environ; -static const char *config_file = "http_config.conf"; +static const char *config_file = "/tmp/http_config.conf"; struct fuzzing_data { const uint8_t *data; @@ -307,15 +307,4 @@ DEFINE_PROTO_FUZZER(const HttpProto &input) { // Will redirect to http parser ngx_http_init_connection(c); - - // Clean-up in case of error - if (req_reply && upstream && upstream->cleanup) { - (*(upstream->cleanup))(req_reply); - if (!c->destroyed) - ngx_http_close_connection(c); - } else if (!c->destroyed) { - ngx_http_request_t *r = (ngx_http_request_t *)(c->data); - ngx_http_free_request(r, 0); - ngx_http_close_connection(c); - } } diff --git a/projects/nginx/fuzz/wrappers.c b/projects/nginx/fuzz/wrappers.c index 21391217..cb29872d 100644 --- a/projects/nginx/fuzz/wrappers.c +++ b/projects/nginx/fuzz/wrappers.c @@ -44,14 +44,15 @@ int __wrap_chown(const char *pathname, uid_t owner, gid_t group){ return 0; } +struct passwd pwd; +struct group grp; + struct passwd *__wrap_getpwnam(const char *name){ - struct passwd *pwd = (struct passwd *) calloc(1, sizeof(struct passwd)); - pwd->pw_uid = 1; - return pwd; + pwd.pw_uid = 1; + return &pwd; } struct group *__wrap_getgrnam(const char *name){ - struct group *grp = (struct group *) calloc(1, sizeof(struct group)); - grp->gr_gid = 1; - return grp; + grp.gr_gid = 1; + return &grp; } |