Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

It was found by ClusterFuzz in https://oss-fuzz.com/testcase-detail/4747480244813824
but hasn't been reported on Monorail
(https://bugs.chromium.org/p/oss-fuzz/) yet

```
$ cat minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
lxc.net.0.hwaddr=0
lxc.net.0.hwaddr=4

./out/fuzz-lxc-config-read minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e
INFO: Seed: 1473396311
INFO: Loaded 1 modules   (18821 inline 8-bit counters): 18821 [0x885fa0, 0x88a925),
INFO: Loaded 1 PC tables (18821 PCs): 18821 [0x88a928,0x8d4178),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: minimized-from-1a18983c13ce64e8a3bd0f699a97d25beb21481e

=================================================================
==226185==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4d25d7 in strdup (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x4d25d7)
    #1 0x58e48f in set_config_net_hwaddr /home/vagrant/lxc/src/lxc/confile.c:654:14
    #2 0x59af3b in set_config_net_nic /home/vagrant/lxc/src/lxc/confile.c:5276:9
    #3 0x571c29 in parse_line /home/vagrant/lxc/src/lxc/confile.c:2958:9
    #4 0x61b0b2 in lxc_file_for_each_line_mmap /home/vagrant/lxc/src/lxc/parse.c:125:9
    #5 0x5710ed in lxc_config_read /home/vagrant/lxc/src/lxc/confile.c:3035:9
    #6 0x542cd6 in LLVMFuzzerTestOneInput /home/vagrant/lxc/src/tests/fuzz-lxc-config-read.c:23:2
    #7 0x449e8c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x449e8c)
    #8 0x42bbad in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x42bbad)
    #9 0x432c50 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x432c50)
    #10 0x423136 in main (/home/vagrant/lxc/out/fuzz-lxc-config-read+0x423136)
    #11 0x7f2cbb992081 in __libc_start_main (/lib64/libc.so.6+0x27081)

SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Move all input sanity checks up and add two missing checks for the
correct network type when using veth-vlan and vlan network types.

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32513Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32558Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32484Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32482Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

We need to allow relative log paths.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32532Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32521Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32473Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

We never call these helper without an initialized config afaict but
since we're now exposing these two functions to oss-fuzz directly in a
way we never do to users so let's be stricter about it.

Inspired-by: #3733
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32491Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fixes: #3730
Fixes: https://github.com/google/oss-fuzz/issues/5509Suggested-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fixes: #3730
Fixes: https://github.com/google/oss-fuzz/issues/5509Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

It should help to cover more code faster
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

It's mostly a cosmetic change that should prevent the fuzzer
from cluttering the "$OUT" directory (which OSS-Fuzz uses to
build docker images):

```
Step #44: Already have image: gcr.io/oss-fuzz/lxc
Step #44:   adding: fuzz-lxc-config-read (deflated 67%)
Step #44:   adding: fuzz-lxc-config-read-WBWKxN (deflated 32%)
Step #44:   adding: fuzz-lxc-config-read_seed_corpus.zip (stored 0%)
Step #44:   adding: honggfuzz (deflated 66%)
Step #44:   adding: llvm-symbolizer (deflated 65%)
```
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Reviewed-by: Blair Steven <blair.steven@alliedtelesis.co.nz>
Signed-off-by: Sam Boyles <sam.boyles@alliedtelesis.co.nz>

With this patch applied the fuzz target can be built (with ASan)
and run with
```
./src/tests/oss-fuzz.sh
./out/fuzz-lxc-config-read doc/examples/
```

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475 can be
reproduced by running
```
$ echo "lxc.console.buffer.size=d" >oss-fuzz-32475
$ ./out/fuzz-lxc-config-read ./oss-fuzz-32475
INFO: Seed: 1044753468
INFO: Loaded 1 modules   (18770 inline 8-bit counters): 18770 [0x883cc0, 0x888612),
INFO: Loaded 1 PC tables (18770 PCs): 18770 [0x888618,0x8d1b38),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: oss-fuzz-32475
=================================================================
==2052097==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcca063e7f at pc 0x000000659e0d bp 0x7ffcca063e30 sp 0x7ffcca063e28
READ of size 1 at 0x7ffcca063e7f thread T0
...
```

I'll point OSS-Fuzz to the build script once this patch is merged.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32478Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32474Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32487Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Now that lxc has been integrated into OSS-Fuzz it should be
possible to start using https://google.github.io/oss-fuzz/getting-started/continuous-integration/
(mostly to make sure that the project is buildable there).

It should help to keep the integration in more or less good shape.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

It was triggered by passing "lxc.selinux.context.keyring=xroot" to the
fuzz target introduced in https://github.com/google/oss-fuzz/pull/5498
```
=================================================================
==22==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 6 byte(s) in 1 object(s) allocated from:
    #0 0x538ca4 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
    #1 0x5c40e8 in set_config_string_item /src/lxc/src/lxc/confile_utils.c:635:14
    #2 0x44394e in set_config_selinux_context_keyring /src/lxc/src/lxc/confile.c:1596:9
    #3 0x5af955 in parse_line /src/lxc/src/lxc/confile.c:2953:9
    #4 0x4475cd in lxc_file_for_each_line_mmap /src/lxc/src/lxc/parse.c:125:9
    #5 0x5af24f in lxc_config_read /src/lxc/src/lxc/confile.c:3024:9
    #6 0x580b04 in LLVMFuzzerTestOneInput /src/fuzz-lxc-config-read.c:36:2
    #7 0x483643 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
    #8 0x46d4a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
    #9 0x4732ea in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
    #10 0x49f022 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #11 0x7f16d09b883f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
```

This is a follow-up to https://github.com/lxc/lxc/commit/4fef78bc332a2d186dca6fSigned-off-by: Evgeny Vereshchagin <evvers@ya.ru>

lxc_free_netdev() will already free the list element.

Fixes: https://github.com/google/oss-fuzz/pull/5498Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fixes: https://jenkins.linuxcontainers.org/view/LXC/job/lxc-build-android/7949/consoleSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>