From 37da0aa45ea313f5697395d1df95078203408ed8 Mon Sep 17 00:00:00 2001
From: Olof hagsand <olof@hagsand.se>
Date: Wed, 2 Jun 2021 13:39:48 +0200
Subject: [PATCH] fuzzing restconf changes, json mem error

---
 fuzz/restconf/input/1.http  | 11 ++++++++---
 fuzz/restconf/input/2.http  | 11 +++--------
 fuzz/restconf/input/3.http  |  9 ++++++---
 fuzz/restconf/input/4.http  |  4 ++++
 fuzz/restconf/runfuzz.sh    | 11 ++++++++---
 lib/src/clixon_json_parse.y |  1 -
 test/mem.sh                 |  2 +-
 test/test_restconf_err.sh   |  3 +++
 test/test_restconf_nmap.sh  |  2 +-
 9 files changed, 34 insertions(+), 20 deletions(-)
 create mode 100644 fuzz/restconf/input/4.http

diff --git a/fuzz/restconf/input/1.http b/fuzz/restconf/input/1.http
index 2e0183fe..9bb0ee9b 100644
--- a/fuzz/restconf/input/1.http
+++ b/fuzz/restconf/input/1.http
@@ -1,5 +1,10 @@
-GET /.well-known/host-meta HTTP/1.1
-Host: localhost
-Accept: application/yang-data+xml
+PUT /restconf/data/ietf-interfaces:interfaces/interface=eth%2f0%2f0 HTTP/1.1
+Host: 127.0.0.1
+Accept: */*
+Content-Type: application/yang-data+json
+Content-Length: 91
+
+{"ietf-interfaces:interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}
 
 
+
diff --git a/fuzz/restconf/input/2.http b/fuzz/restconf/input/2.http
index 9bb0ee9b..5293183a 100644
--- a/fuzz/restconf/input/2.http
+++ b/fuzz/restconf/input/2.http
@@ -1,10 +1,5 @@
-PUT /restconf/data/ietf-interfaces:interfaces/interface=eth%2f0%2f0 HTTP/1.1
-Host: 127.0.0.1
-Accept: */*
-Content-Type: application/yang-data+json
-Content-Length: 91
-
-{"ietf-interfaces:interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}
+GET /restconf/data/ HTTP/1.1
+Host: localhost
+Accept: application/yang-data+xml
 
 
-
diff --git a/fuzz/restconf/input/3.http b/fuzz/restconf/input/3.http
index 5293183a..a259c4e5 100644
--- a/fuzz/restconf/input/3.http
+++ b/fuzz/restconf/input/3.http
@@ -1,5 +1,8 @@
-GET /restconf/data/ HTTP/1.1
-Host: localhost
+POST /restconf/data/ietf-interfaces:interfaces HTTP/1.1
+Host: 127.0.0.1
 Accept: application/yang-data+xml
+Content-Type: application/yang-data+xml
+Content-Length: 138
+
+<interface xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"><name>eth/0/42</name><type>ex:eth</type><enabled>true</enabled></interface>
 
-
diff --git a/fuzz/restconf/input/4.http b/fuzz/restconf/input/4.http
new file mode 100644
index 00000000..5ce1b0c5
--- /dev/null
+++ b/fuzz/restconf/input/4.http
@@ -0,0 +1,4 @@
+DELETE /restconf/data/ietf-interfaces:interfaces HTTP/1.1
+Host: 127.0.0.1
+
+
diff --git a/fuzz/restconf/runfuzz.sh b/fuzz/restconf/runfuzz.sh
index 6602434a..8ad6a495 100755
--- a/fuzz/restconf/runfuzz.sh
+++ b/fuzz/restconf/runfuzz.sh
@@ -51,10 +51,15 @@ sudo clixon_backend -z -f $cfg -s init
 # Start backend
 sudo clixon_backend -f $cfg -s init
 
+# Dryrun without afl (comment this if you run for real)
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/1.http || true
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/2.http || true
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/3.http || true
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/4.http || true
+exit
+
 # Run script 
 #  CC=/usr/bin/afl-clang 
 sudo LD_PRELOAD="/usr/local/lib/desock.so" afl-fuzz -i input -o output -d -m $MEGS -- /usr/local/sbin/clixon_restconf -rf $cfg
 
-# Dryrun without afl:
-#echo "sudo LD_PRELOAD=\"/usr/local/lib/desock.so\" 
-#sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/1.http
+
diff --git a/lib/src/clixon_json_parse.y b/lib/src/clixon_json_parse.y
index 9ebbf30d..b203d921 100644
--- a/lib/src/clixon_json_parse.y
+++ b/lib/src/clixon_json_parse.y
@@ -250,7 +250,6 @@ static int
 json_empty_list(clixon_json_yacc *jy)
 {
     xml_rm(jy->jy_current);
-    xml_free(jy->jy_current);
     jy->jy_current = NULL;
     return 0;
 }
diff --git a/test/mem.sh b/test/mem.sh
index bce3e162..30648a09 100755
--- a/test/mem.sh
+++ b/test/mem.sh
@@ -40,7 +40,7 @@ function memonce(){
 	    sudo chmod 660 $valgrindfile
 	    sudo chown www-data $valgrindfile
 	    : ${DEMWAIT:=15} # valgrind backend needs some time to get up 
-	    clixon_restconf="/usr/bin/valgrind --leak-check=full --show-leak-kinds=all --suppressions=./valgrind-clixon.supp --track-fds=yes --trace-children=no  --child-silent-after-fork=yes --log-file=$valgrindfile /www-data/clixon_restconf"
+	    clixon_restconf="/usr/bin/valgrind --leak-check=full --show-leak-kinds=all --suppressions=./valgrind-clixon.supp --track-fds=yes --trace-children=no  --child-silent-after-fork=yes --log-file=$valgrindfile clixon_restconf"
 
 	    ;;
 	*)
diff --git a/test/test_restconf_err.sh b/test/test_restconf_err.sh
index dbe6019b..3a7f541c 100755
--- a/test/test_restconf_err.sh
+++ b/test/test_restconf_err.sh
@@ -206,6 +206,9 @@ if false; then
 	err1 "netcat/nc not found"
     fi
 
+#    new "restconf try fuzz crash"
+#    expectpart "$(${netcat} 127.0.0.1 80 < ~/tmp/crashes/id:000000,sig:06,src:000493+000365,op:splice,rep:8)" 0 "HTTP/1.1 400 Bad Request"
+    
     new "restconf GET initial datastore netcat"
     expectpart "$(${netcat} 127.0.0.1 80 <<EOF
 GET /restconf/data/example:a=0 HTTP/1.1
diff --git a/test/test_restconf_nmap.sh b/test/test_restconf_nmap.sh
index f0537f3b..a31b5f64 100755
--- a/test/test_restconf_nmap.sh
+++ b/test/test_restconf_nmap.sh
@@ -128,7 +128,7 @@ if [ $RC -ne 0 ]; then
     
     new "start restconf daemon"
     # inline of start_restconf, cant make quotes to work
-    echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg -R <xml>"
+    echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg"
     sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg &
     if [ $? -ne 0 ]; then
 	err1 "expected 0" "$?"