From patchwork Mon Oct 14 21:04:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Josh Steadmon <steadmon@google.com>
X-Patchwork-Id: 13835499
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com
 [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 850F5231C92
	for <git@vger.kernel.org>; Mon, 14 Oct 2024 21:04:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728939858; cv=none;
 b=VnXInjmlB3ZiA4NOzkGSPiXnaZu3OZo5qZi+WJ8+oV3AgOlisCWMXKUVl7weNLRQL6n1g9G589h4SsJf5l/ANppfzlzWldFJq8Vwmaj0W7XsfMIeIr+xis+9lDHN0EP3gvBB64f5ivwQD6uXIoaLK4qbMZ1pxUc4WMzZa/RBlsA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728939858; c=relaxed/simple;
	bh=ykBnKKL2F8uAnpnGeqRhy1U076tovdYG2UmB8yg72NM=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=aFx4m4ZrWv9My9RURrMbvHJfwPmKtIOQh4UrPfa77wGjEWVU9sfk2Si0XVNcp5khcFJIqMfCNOjR0Ge84tbVtVvKMU3aSIeCM/E3U9p1OsZbcVnfiwp2davoabeY3tUw/flhK8Z9ZAMxWeXr+HU3YV2Xc+Is1EJiGnAoFKpuY1w=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--steadmon.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=4Bxwpdmy; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--steadmon.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="4Bxwpdmy"
Received: by mail-yw1-f202.google.com with SMTP id
 00721157ae682-6e2e5e376fcso90527137b3.2
        for <git@vger.kernel.org>; Mon, 14 Oct 2024 14:04:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728939853; x=1729544653;
 darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Cg/nogWYb5nPil0bmiIWIlTFZC1mG5ZylfVcIqjL9fI=;
        b=4BxwpdmyZlr4Vu5Lk2+CnHmMFQS4VG7DcxxMu0WTcoh9hQEzT4yFe5GcYeBeckfyU8
         /tyZl0Nh+N+DprCvZQ0TsyFQYFwzrapdjsUl3+/wePOcZJkcpdGGblrBlncrwTI13dx7
         2/2mQXsE5pOx/dictiu1iIs88PNWxu45MROAnrNvIe78FUNrgHOLewMoTLbQsDFxqAdu
         Q0Sz32mAaaSsWVg5xneZXfXKgzshTh+9gpAPhCq8BgxgFcQfOXEQHB5r3YJaoQKCgpy6
         y+p68ui+V2MmfNrXAxCRF1ax2O4qecp0pktA6uF+I7qzz+TBdgBxnPuyCuPBBxsyAsl1
         iBtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728939853; x=1729544653;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=Cg/nogWYb5nPil0bmiIWIlTFZC1mG5ZylfVcIqjL9fI=;
        b=aILif7v9IgqrYDJbzSGXoUqqchcVMDw30MHqADCNzOR1HgugvkEg9IDVOtN7kbdey0
         rzv3ZrqPtLfYjZc6H3cYp/HuDSg7Prlc0qO0bJioJMycrjdlRFgo/YM2K4H2J0kKVuHH
         DkrYmY5j2M5nEK5ZYRx2g4sS/XgCSwbZf7ZJx/EY9r7/ChSzszncBcri0TpIJfA1y1of
         utfyz9sYqq6TkrGRbItjFW1uKxklnt+dHYgZus2nXfYvwKWg59jaTKpxqCWeT0fe8Yz6
         OFtz10sWGz6w3JYJtF7OBt4/jZuDiHCKjtMucIuSYWDSAqM9ji+cM6Ut4ah01vrtcEM2
         qBdg==
X-Gm-Message-State: AOJu0YyMRiEgj5ZOutik1BcJXYVD0kaCWjGfy/kfwgWK2D5KaNDV+gwd
	C2TDe1aE8wZa4yRFrFb5jnK+j2gyKnGYXdxAaY2DmwV0c3OJep6/+b8d5oNPkOH1G/F8kSKJytU
	s+ypBbikhNTdpmbNfHe/LlWfTloTRhSDI7xXsX1staxAw7MOCapvsZ3E59Ebd/sltRc4VYkY4/M
	rNAQlZY+XKlW3XEHl4fJpYDo9CaKeR2lZ2W4jukRU=
X-Google-Smtp-Source: 
 AGHT+IFpogXHBrlHzgKKmsawX88CEeBjARVffdgehHGfvwm+pbSY/ey0KI3Fnh0JaugeGSWX0P5W29z+zJzgnQ==
X-Received: from lunarfall.svl.corp.google.com
 ([2620:15c:2d3:204:2a9b:d27f:d626:2e54])
 (user=steadmon job=sendgmr) by 2002:a5b:284:0:b0:e1a:9ed2:67f4 with SMTP id
 3f1490d57ef6-e2919c5ac92mr9299276.2.1728939853332; Mon, 14 Oct 2024 14:04:13
 -0700 (PDT)
Date: Mon, 14 Oct 2024 14:04:08 -0700
In-Reply-To: <cover.1728939687.git.steadmon@google.com>
Precedence: bulk
X-Mailing-List: git@vger.kernel.org
List-Id: <git.vger.kernel.org>
List-Subscribe: <mailto:git+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:git+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <cover.1728594659.git.steadmon@google.com>
 <cover.1728939687.git.steadmon@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: 
 <04225dd4214cf79256805055f1c52012e62b8e8b.1728939687.git.steadmon@google.com>
Subject: [PATCH v2 1/3] fuzz: port fuzz-credential-from-url-gently from
 OSS-Fuzz
From: Josh Steadmon <steadmon@google.com>
To: git@vger.kernel.org
Cc: eric.sesterhenn@x41-dsec.de, jarlob@gmail.com, oswald.buddenhagen@gmx.de

From: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>

Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several
additional fuzz tests have been contributed directly to OSS-Fuzz;
however, these tests are vulnerable to bitrot because they are not built
during Git's CI runs, and thus breaking changes are much less likely to
be noticed by Git contributors.

Port one of these tests back to the Git project:
fuzz-credential-from-url-gently

This test was originally written by Eric Sesterhenn as part of a
security audit of Git [2]. It was then contributed to the OSS-Fuzz repo
in commit c58ac4492 (Git fuzzing: uncomment the existing and add new
targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon)
have verified with both Eric and Jaroslav that they're OK with moving
this test to the Git project.

[1] https://github.com/google/oss-fuzz
[2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf

Co-authored-by: Jaroslav Lobačevski <jarlob@gmail.com>
Co-authored-by: Josh Steadmon <steadmon@google.com>
Signed-off-by: Josh Steadmon <steadmon@google.com>
---
 Makefile                                   |  1 +
 ci/run-build-and-minimal-fuzzers.sh        | 11 +++++++-
 oss-fuzz/.gitignore                        |  1 +
 oss-fuzz/fuzz-credential-from-url-gently.c | 32 ++++++++++++++++++++++
 4 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 oss-fuzz/fuzz-credential-from-url-gently.c

diff --git a/Makefile b/Makefile
index e298c8b55e..3ce391062f 100644
--- a/Makefile
+++ b/Makefile
@@ -2378,6 +2378,7 @@ endif
 FUZZ_OBJS += oss-fuzz/dummy-cmd-main.o
 FUZZ_OBJS += oss-fuzz/fuzz-commit-graph.o
 FUZZ_OBJS += oss-fuzz/fuzz-config.o
+FUZZ_OBJS += oss-fuzz/fuzz-credential-from-url-gently.o
 FUZZ_OBJS += oss-fuzz/fuzz-date.o
 FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o
 FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o
diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh
index af8065f349..631796ab8b 100755
--- a/ci/run-build-and-minimal-fuzzers.sh
+++ b/ci/run-build-and-minimal-fuzzers.sh
@@ -13,7 +13,16 @@ group "Build fuzzers" make \
 	LIB_FUZZING_ENGINE="-fsanitize=fuzzer,address" \
 	fuzz-all
 
-for fuzzer in commit-graph config date pack-headers pack-idx ; do
+fuzzers="
+commit-graph
+config
+credential-from-url-gently
+date
+pack-headers
+pack-idx
+"
+
+for fuzzer in $fuzzers; do
 	begin_group "fuzz-$fuzzer"
 	./oss-fuzz/fuzz-$fuzzer -verbosity=0 -runs=1 || exit 1
 	end_group "fuzz-$fuzzer"
diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore
index a877c11f42..2cfc845b20 100644
--- a/oss-fuzz/.gitignore
+++ b/oss-fuzz/.gitignore
@@ -1,5 +1,6 @@
 fuzz-commit-graph
 fuzz-config
+fuzz-credential-from-url-gently
 fuzz-date
 fuzz-pack-headers
 fuzz-pack-idx
diff --git a/oss-fuzz/fuzz-credential-from-url-gently.c b/oss-fuzz/fuzz-credential-from-url-gently.c
new file mode 100644
index 0000000000..c872f9ad2d
--- /dev/null
+++ b/oss-fuzz/fuzz-credential-from-url-gently.c
@@ -0,0 +1,32 @@
+#include "git-compat-util.h"
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+#include "credential.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	struct credential c;
+	char *buf;
+
+	buf = malloc(size + 1);
+	if (!buf)
+		return 0;
+
+	memcpy(buf, data, size);
+	buf[size] = 0;
+
+	// start fuzzing
+	credential_init(&c);
+	credential_from_url_gently(&c, buf, 1);
+
+	// cleanup
+	credential_clear(&c);
+	free(buf);
+
+	return 0;
+}

From patchwork Mon Oct 14 21:04:09 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Josh Steadmon <steadmon@google.com>
X-Patchwork-Id: 13835500
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FD1E4683
	for <git@vger.kernel.org>; Mon, 14 Oct 2024 21:04:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728939858; cv=none;
 b=aQFmt/0J7UZnveRYF/tIraoRuWsKYxrTBOUic174d50iN6kSjbuwnGbxyutLnsZsHZFflI5RcLChK7SwhwOfBWR/rnY9fLDJSL2U53i0yR60wFwiu0Mr0m94RYRg7aaaI4mSgiLnFa3AlxxkJ8lxucREgsrf15ysXJt2t3OJJHw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728939858; c=relaxed/simple;
	bh=oa8b3rlK1UycChk0hJauvVi5IVdQ0QMER2Pel62MEw8=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=EXYrpcRS56HVqyXvFv5HykMbBCRR+mwEsWPMErZgBCT8e+9b8sZb/N1SDy3hmbeMFAW0g6CDZgNQfrU8/3g9NvPpbKfmlkfOuVSrTQpzqVbsu3AosYVj0M8yPAktUBXohnSOOzyZaPnWewh46+MJctvlg8T7vQEpQkkBbu97t+4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--steadmon.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=vwjztWMW; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--steadmon.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="vwjztWMW"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6e387c4dca2so24775607b3.2
        for <git@vger.kernel.org>; Mon, 14 Oct 2024 14:04:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728939855; x=1729544655;
 darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YNlGfi/ZeJ8EWRmH8dOS39wdm1/3PK9+itYjq0GRxcY=;
        b=vwjztWMWmrYZdVBcaMONQPi5z8Vp6mi2i7QVQRBJL9WrBLkGYGtCs9KtQd8PD6kN3X
         HMpn3hSN5B660erz9Qn/imnaTH3z9w6Sm8bMxoRk0pZCFIMvLImV+zQSUJKN4A+GbB2J
         OAd5QrISr1z9qK070X4gzatiFak82L2YB1MAUFH2Lrmogt2B/Vy2K1D7P5KFvMEBqOFw
         Fl6knRJRUPt0vwPEOQmcv4EbBWv340lyyk7WoityTIpKByY1VbXh7ao3HDUWdF8l0zU/
         nJm62jTnaZV73jr5Vbbf4vTif4xwJ4C6/lG6uxCNEZ1yOHRAICvJSDgF8aMj0yiuQzrZ
         s9/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728939855; x=1729544655;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=YNlGfi/ZeJ8EWRmH8dOS39wdm1/3PK9+itYjq0GRxcY=;
        b=K9VnXWL4W22uGJ7t4MVNJZ/4i4hHj7cuR83zp/gs/UH+SwLIQsfevrYQ8j67k2jSgo
         a5H3gwwu46swhSDRd55exyLHPZptfNa+le8AD6OjPlbN5keWFliyYWDgLNjTo3Pd4E/p
         SW5+YOng4tCaaLgcln7br133jvARJQEvcdbdb5HeASvi7bdubV8PPe2LlJoDHr4JQExh
         RuismpfmP1OTk4lngce2xyQRn24a0SlIhgjxeZbl3LloLvA34RBVotvOOVWiNwNMkLZT
         GZqBb+yJ8WegXYucS64O1wHDCDMS5Aoxx7m5PxB6LLnx6Ft54YJblzGnbElfe5ptZIiD
         Qw9Q==
X-Gm-Message-State: AOJu0Yw2yUB31m6QZDcT+Wc+JhlYwTfwP1B2HMIjTXhqBzbEaPALm9aI
	dZdlcu1hi23kppcAFKI3Joaxy2RC41i6YOJ2tGOXZ/qCugur/DwfGVrAGGEM+3z86SvteYQWQVc
	TeFzzBTwp1kJZcbAiCUw4Ht4kgR48AXH9VI9iYB0SIiXlbCiVynH7yVwd3mgkqLOyX3m+l8y7IQ
	cxrdzHrrtEAxtX5sPtripGcTx8DojckE5J3hCMgCE=
X-Google-Smtp-Source: 
 AGHT+IFPBM25p7CRnF4AfdBCdkbIFjfutgkR38+CMaq6zG4Yls/NnQNyMbHT6SSU12IYfA3REzsGdJqAamEXvg==
X-Received: from lunarfall.svl.corp.google.com
 ([2620:15c:2d3:204:2a9b:d27f:d626:2e54])
 (user=steadmon job=sendgmr) by 2002:a25:740b:0:b0:e28:ee84:e4d8 with SMTP id
 3f1490d57ef6-e2919dd29fbmr8291276.3.1728939854986; Mon, 14 Oct 2024 14:04:14
 -0700 (PDT)
Date: Mon, 14 Oct 2024 14:04:09 -0700
In-Reply-To: <cover.1728939687.git.steadmon@google.com>
Precedence: bulk
X-Mailing-List: git@vger.kernel.org
List-Id: <git.vger.kernel.org>
List-Subscribe: <mailto:git+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:git+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <cover.1728594659.git.steadmon@google.com>
 <cover.1728939687.git.steadmon@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: 
 <16c6573190e0289eb1f38330796177fb1a066804.1728939687.git.steadmon@google.com>
Subject: [PATCH v2 2/3] fuzz: port fuzz-parse-attr-line from OSS-Fuzz
From: Josh Steadmon <steadmon@google.com>
To: git@vger.kernel.org
Cc: eric.sesterhenn@x41-dsec.de, jarlob@gmail.com, oswald.buddenhagen@gmx.de

From: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>

Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several
additional fuzz tests have been contributed directly to OSS-Fuzz;
however, these tests are vulnerable to bitrot because they are not built
during Git's CI runs, and thus breaking changes are much less likely to
be noticed by Git contributors.

Port one of these tests back to the Git project:
fuzz-parse-attr-line

This test was originally written by Eric Sesterhenn as part of a
security audit of Git [2]. It was then contributed to the OSS-Fuzz repo
in commit c58ac4492 (Git fuzzing: uncomment the existing and add new
targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon)
have verified with both Eric and Jaroslav that they're OK with moving
this test to the Git project.

[1] https://github.com/google/oss-fuzz
[2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf

Co-authored-by: Jaroslav Lobačevski <jarlob@gmail.com>
Co-authored-by: Josh Steadmon <steadmon@google.com>
Signed-off-by: Josh Steadmon <steadmon@google.com>
---
 Makefile                            |  1 +
 attr.c                              | 40 ++-------------------------
 attr.h                              | 43 +++++++++++++++++++++++++++++
 ci/run-build-and-minimal-fuzzers.sh |  1 +
 oss-fuzz/.gitignore                 |  1 +
 oss-fuzz/fuzz-parse-attr-line.c     | 39 ++++++++++++++++++++++++++
 6 files changed, 87 insertions(+), 38 deletions(-)
 create mode 100644 oss-fuzz/fuzz-parse-attr-line.c

diff --git a/Makefile b/Makefile
index 3ce391062f..141e194bf5 100644
--- a/Makefile
+++ b/Makefile
@@ -2382,6 +2382,7 @@ FUZZ_OBJS += oss-fuzz/fuzz-credential-from-url-gently.o
 FUZZ_OBJS += oss-fuzz/fuzz-date.o
 FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o
 FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o
+FUZZ_OBJS += oss-fuzz/fuzz-parse-attr-line.o
 .PHONY: fuzz-objs
 fuzz-objs: $(FUZZ_OBJS)
 
diff --git a/attr.c b/attr.c
index 06b5b5e55e..b0073c5277 100644
--- a/attr.c
+++ b/attr.c
@@ -259,42 +259,6 @@ const struct git_attr *git_attr(const char *name)
 	return git_attr_internal(name, strlen(name));
 }
 
-/* What does a matched pattern decide? */
-struct attr_state {
-	const struct git_attr *attr;
-	const char *setto;
-};
-
-struct pattern {
-	const char *pattern;
-	int patternlen;
-	int nowildcardlen;
-	unsigned flags;		/* PATTERN_FLAG_* */
-};
-
-/*
- * One rule, as from a .gitattributes file.
- *
- * If is_macro is true, then u.attr is a pointer to the git_attr being
- * defined.
- *
- * If is_macro is false, then u.pat is the filename pattern to which the
- * rule applies.
- *
- * In either case, num_attr is the number of attributes affected by
- * this rule, and state is an array listing them.  The attributes are
- * listed as they appear in the file (macros unexpanded).
- */
-struct match_attr {
-	union {
-		struct pattern pat;
-		const struct git_attr *attr;
-	} u;
-	char is_macro;
-	size_t num_attr;
-	struct attr_state state[FLEX_ARRAY];
-};
-
 static const char blank[] = " \t\r\n";
 
 /* Flags usable in read_attr() and parse_attr_line() family of functions. */
@@ -353,8 +317,8 @@ static const char *parse_attr(const char *src, int lineno, const char *cp,
 	return ep + strspn(ep, blank);
 }
 
-static struct match_attr *parse_attr_line(const char *line, const char *src,
-					  int lineno, unsigned flags)
+struct match_attr *parse_attr_line(const char *line, const char *src,
+				   int lineno, unsigned flags)
 {
 	size_t namelen, num_attr, i;
 	const char *cp, *name, *states;
diff --git a/attr.h b/attr.h
index bb33b60880..a04a521092 100644
--- a/attr.h
+++ b/attr.h
@@ -240,4 +240,47 @@ int git_attr_system_is_enabled(void);
 
 extern char *git_attr_tree;
 
+/*
+ * Exposed for fuzz-testing only.
+ */
+
+/* What does a matched pattern decide? */
+struct attr_state {
+	const struct git_attr *attr;
+	const char *setto;
+};
+
+struct pattern {
+	const char *pattern;
+	int patternlen;
+	int nowildcardlen;
+	unsigned flags;		/* PATTERN_FLAG_* */
+};
+
+/*
+ * One rule, as from a .gitattributes file.
+ *
+ * If is_macro is true, then u.attr is a pointer to the git_attr being
+ * defined.
+ *
+ * If is_macro is false, then u.pat is the filename pattern to which the
+ * rule applies.
+ *
+ * In either case, num_attr is the number of attributes affected by
+ * this rule, and state is an array listing them.  The attributes are
+ * listed as they appear in the file (macros unexpanded).
+ */
+struct match_attr {
+	union {
+		struct pattern pat;
+		const struct git_attr *attr;
+	} u;
+	char is_macro;
+	size_t num_attr;
+	struct attr_state state[FLEX_ARRAY];
+};
+
+struct match_attr *parse_attr_line(const char *line, const char *src,
+				   int lineno, unsigned flags);
+
 #endif /* ATTR_H */
diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh
index 631796ab8b..13c85320d6 100755
--- a/ci/run-build-and-minimal-fuzzers.sh
+++ b/ci/run-build-and-minimal-fuzzers.sh
@@ -20,6 +20,7 @@ credential-from-url-gently
 date
 pack-headers
 pack-idx
+parse-attr-line
 "
 
 for fuzzer in $fuzzers; do
diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore
index 2cfc845b20..ec185f061c 100644
--- a/oss-fuzz/.gitignore
+++ b/oss-fuzz/.gitignore
@@ -4,3 +4,4 @@ fuzz-credential-from-url-gently
 fuzz-date
 fuzz-pack-headers
 fuzz-pack-idx
+fuzz-parse-attr-line
diff --git a/oss-fuzz/fuzz-parse-attr-line.c b/oss-fuzz/fuzz-parse-attr-line.c
new file mode 100644
index 0000000000..45a4c4e53c
--- /dev/null
+++ b/oss-fuzz/fuzz-parse-attr-line.c
@@ -0,0 +1,39 @@
+#include "git-compat-util.h"
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "attr.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	struct match_attr *res;
+	char *buf;
+
+	buf = malloc(size + 1);
+	if (!buf)
+		return 0;
+
+	memcpy(buf, data, size);
+	buf[size] = 0;
+
+	res = parse_attr_line(buf, "dummy", 0, 0);
+
+	if (res) {
+		int j;
+		for (j = 0; j < res->num_attr; j++) {
+			const char *setto = res->state[j].setto;
+			if (ATTR_TRUE(setto) || ATTR_FALSE(setto) ||
+				ATTR_UNSET(setto))
+				;
+			else
+				free((char *)setto);
+		}
+		free(res);
+	}
+	free(buf);
+
+	return 0;
+}

From patchwork Mon Oct 14 21:04:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Josh Steadmon <steadmon@google.com>
X-Patchwork-Id: 13835501
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F4671D0E3E
	for <git@vger.kernel.org>; Mon, 14 Oct 2024 21:04:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728939860; cv=none;
 b=hKvgOepgmBO31PDF82vdJXJuc1ODe6dHfj0HTPqVFezcLrN3hH7jhuoxy72HviSUSlVDHfEgIh/keKAzIMEgqnb1jkFJ3jZh2izX+90lK2ccFvFPWh+8oB7Ee2/ppPdw90SojgLm8nE5mbBrB1K2XXiIHcBuPUh14NeCLaVchjU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728939860; c=relaxed/simple;
	bh=Oh2rKeJs/f2GOCblCDbwi8nvzm95ktUkkgHT0tPEL1s=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=lkfN+bFBxtu9lem4cNAOpjEZEvVqeq9+jENCH9GEMAtQ1N8pXPdp1v+rujfB3JeCBl6ZJHOT9Mojt/k0CQlgeSBdxj0/FrLChwB8tAAMJeSCHnWBVWqYNlt8SoNVRJA1q6AfiXCb7vg29mUeFcFUUVM7pUYy5q00vw0wJuPRzIE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--steadmon.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=EPES9nud; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--steadmon.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="EPES9nud"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6e32e8436adso57802837b3.0
        for <git@vger.kernel.org>; Mon, 14 Oct 2024 14:04:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728939857; x=1729544657;
 darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=AiCo2Zi8ZxXe7ZtaIUYwsA/jlrRXEnMgwf1QEHUXiCo=;
        b=EPES9nudtnchIyyJcXokZ+QIcMTbiKCj2S9OIXdVMlgdqmmBVEbD0RG4pr63WqSXhB
         pGd5MGWYFn3Jv/doQQdeOfnwNRLenu50r8Amk7hBOr3iEm+YNaZgmGV8bNS9w7hrvYw2
         55C4KXJpSKPhR/9WzhTJWwqNhcBaBMcdiePrRMWkJWX6JFhUk2L5PaV4GKKN7wqlyVFp
         bwqIynObZItScPY5ZhwvwugCtW+bKfkubaa2rV3iZn0T/Z7uwpcrDUXrNS3WyBcp7pQu
         +2FRbYfLAKLMN42mfgS4RCFcyAUNGLT2FZ5WVzSc7AQLpaiUBojiH6iTtE8gPpKPIsc7
         wHMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728939857; x=1729544657;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=AiCo2Zi8ZxXe7ZtaIUYwsA/jlrRXEnMgwf1QEHUXiCo=;
        b=X/01BXRxR1ZQy/eI3dZX5y4+0Uk+zGSSG9x9FytQFDzg8GIlZ2xgtpvsqMc5joZH6f
         Oh6QkNt2hiMDN4TZCNZ1ty+qADqWNbafUuwPPzY87evEMipMb0xEUHORUYNFlWmCwS0w
         OLYkBaqEyXZ/r6oRviKCYdFAmwolnKccm7VglPinkfdfAf4YyVUdZQrpRVskbeBC5azv
         s1atOmz4wbpwOdHP+6HKRrhW8M34eAdnf0tg2wc02FtBjgHyHD1/wdH8rTTwoPKmJVQQ
         63ChGBGf3XRi1i3z5pPBj6p1O+zXzPX3/L428HBbOHSoxPTK7jP+QEagTcXnCrdgRz3H
         fT7g==
X-Gm-Message-State: AOJu0YwniapovDdU61n4WzL8/hAAWO5t//0nBlUqtogfoC7RYyLZa/NI
	58vmK9xuazbjbf0xivD6ilrMNmeyHKc8oLasemgNe/W4hdHfw09blVbOVodoiBErUMLKdVBisOs
	93AxFUleBToa1vT4mvFveDXsdgMj/BsB3X1Eo0JJgfzhbkHM24xtj6JqZd9nSnlnPyAluVSkhd5
	0XM6hbxWpjN0bCGU1vhN75VusqmAunCUy9pMC1/2I=
X-Google-Smtp-Source: 
 AGHT+IFOl5UJzwqMNwba490OOxgAEcf+/xz4bPgQXbc7hqXdC5OvpHlod+5eFrUe7E++cX/tbCvvJC7ZPqiyxQ==
X-Received: from lunarfall.svl.corp.google.com
 ([2620:15c:2d3:204:2a9b:d27f:d626:2e54])
 (user=steadmon job=sendgmr) by 2002:a05:690c:7007:b0:6e3:eab:18b1 with SMTP
 id 00721157ae682-6e3477bf11emr5121977b3.1.1728939856944; Mon, 14 Oct 2024
 14:04:16 -0700 (PDT)
Date: Mon, 14 Oct 2024 14:04:10 -0700
In-Reply-To: <cover.1728939687.git.steadmon@google.com>
Precedence: bulk
X-Mailing-List: git@vger.kernel.org
List-Id: <git.vger.kernel.org>
List-Subscribe: <mailto:git+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:git+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <cover.1728594659.git.steadmon@google.com>
 <cover.1728939687.git.steadmon@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: 
 <ec6b5eed712e89c31e0d3348fffa04ea2100ef6c.1728939687.git.steadmon@google.com>
Subject: [PATCH v2 3/3] fuzz: port fuzz-url-decode-mem from OSS-Fuzz
From: Josh Steadmon <steadmon@google.com>
To: git@vger.kernel.org
Cc: eric.sesterhenn@x41-dsec.de, jarlob@gmail.com, oswald.buddenhagen@gmx.de

From: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>

Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several
additional fuzz tests have been contributed directly to OSS-Fuzz;
however, these tests are vulnerable to bitrot because they are not built
during Git's CI runs, and thus breaking changes are much less likely to
be noticed by Git contributors.

Port one of these tests back to the Git project:
fuzz-url-decode-mem

This test was originally written by Eric Sesterhenn as part of a
security audit of Git [2]. It was then contributed to the OSS-Fuzz repo
in commit c58ac4492 (Git fuzzing: uncomment the existing and add new
targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon)
have verified with both Eric and Jaroslav that they're OK with moving
this test to the Git project.

[1] https://github.com/google/oss-fuzz
[2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf

Co-authored-by: Jaroslav Lobačevski <jarlob@gmail.com>
Co-authored-by: Josh Steadmon <steadmon@google.com>
Signed-off-by: Josh Steadmon <steadmon@google.com>
---
 Makefile                            |  1 +
 ci/run-build-and-minimal-fuzzers.sh |  1 +
 oss-fuzz/.gitignore                 |  1 +
 oss-fuzz/fuzz-url-decode-mem.c      | 43 +++++++++++++++++++++++++++++
 4 files changed, 46 insertions(+)
 create mode 100644 oss-fuzz/fuzz-url-decode-mem.c

diff --git a/Makefile b/Makefile
index 141e194bf5..2cd7a6e003 100644
--- a/Makefile
+++ b/Makefile
@@ -2383,6 +2383,7 @@ FUZZ_OBJS += oss-fuzz/fuzz-date.o
 FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o
 FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o
 FUZZ_OBJS += oss-fuzz/fuzz-parse-attr-line.o
+FUZZ_OBJS += oss-fuzz/fuzz-url-decode-mem.o
 .PHONY: fuzz-objs
 fuzz-objs: $(FUZZ_OBJS)
 
diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh
index 13c85320d6..e7b97952e7 100755
--- a/ci/run-build-and-minimal-fuzzers.sh
+++ b/ci/run-build-and-minimal-fuzzers.sh
@@ -21,6 +21,7 @@ date
 pack-headers
 pack-idx
 parse-attr-line
+url-decode-mem
 "
 
 for fuzzer in $fuzzers; do
diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore
index ec185f061c..f2d74de457 100644
--- a/oss-fuzz/.gitignore
+++ b/oss-fuzz/.gitignore
@@ -5,3 +5,4 @@ fuzz-date
 fuzz-pack-headers
 fuzz-pack-idx
 fuzz-parse-attr-line
+fuzz-url-decode-mem
diff --git a/oss-fuzz/fuzz-url-decode-mem.c b/oss-fuzz/fuzz-url-decode-mem.c
new file mode 100644
index 0000000000..2342aa993b
--- /dev/null
+++ b/oss-fuzz/fuzz-url-decode-mem.c
@@ -0,0 +1,43 @@
+#include "git-compat-util.h"
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+#include "url.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char *buf;
+	char *r;
+	const char *pbuf;
+
+	buf = malloc(size + 1);
+	if (!buf)
+		return 0;
+
+	memcpy(buf, data, size);
+	buf[size] = 0;
+
+	// start fuzzing
+	r = url_decode(buf);
+	free(r);
+
+	r = url_percent_decode(buf);
+	free(r);
+
+	pbuf = (const char*) buf;
+	r = url_decode_parameter_name(&pbuf);
+	free(r);
+
+	pbuf = (const char*) buf;
+	r = url_decode_parameter_value(&pbuf);
+	free(r);
+
+	// cleanup
+	free(buf);
+
+	return 0;
+}