fuzzing restconf changes, json mem error

fuzz/restconf/input/1.http

@@ -1,5 +1,10 @@
-GET /.well-known/host-meta HTTP/1.1
-Host: localhost
-Accept: application/yang-data+xml
+PUT /restconf/data/ietf-interfaces:interfaces/interface=eth%2f0%2f0 HTTP/1.1
+Host: 127.0.0.1
+Accept: */*
+Content-Type: application/yang-data+json
+Content-Length: 91
+
+{"ietf-interfaces:interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}
+
 
 

fuzz/restconf/input/2.http

@@ -1,10 +1,5 @@
-PUT /restconf/data/ietf-interfaces:interfaces/interface=eth%2f0%2f0 HTTP/1.1
-Host: 127.0.0.1
-Accept: */*
-Content-Type: application/yang-data+json
-Content-Length: 91
-
-{"ietf-interfaces:interface":{"name":"eth/0/0","type":"clixon-example:eth","enabled":true}}
-
+GET /restconf/data/ HTTP/1.1
+Host: localhost
+Accept: application/yang-data+xml
 
 

fuzz/restconf/input/3.http

@@ -1,5 +1,8 @@
-GET /restconf/data/ HTTP/1.1
-Host: localhost
+POST /restconf/data/ietf-interfaces:interfaces HTTP/1.1
+Host: 127.0.0.1
 Accept: application/yang-data+xml
+Content-Type: application/yang-data+xml
+Content-Length: 138
 
+<interface xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"><name>eth/0/42</name><type>ex:eth</type><enabled>true</enabled></interface>
 

fuzz/restconf/input/4.http

@@ -0,0 +1,4 @@
+DELETE /restconf/data/ietf-interfaces:interfaces HTTP/1.1
+Host: 127.0.0.1
+
+

fuzz/restconf/runfuzz.sh

@@ -51,10 +51,15 @@ sudo clixon_backend -z -f $cfg -s init
 # Start backend
 sudo clixon_backend -f $cfg -s init
 
+# Dryrun without afl (comment this if you run for real)
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/1.http || true
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/2.http || true
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/3.http || true
+sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/4.http || true
+exit
+
 # Run script 
 #  CC=/usr/bin/afl-clang 
 sudo LD_PRELOAD="/usr/local/lib/desock.so" afl-fuzz -i input -o output -d -m $MEGS -- /usr/local/sbin/clixon_restconf -rf $cfg
 
-# Dryrun without afl:
-#echo "sudo LD_PRELOAD=\"/usr/local/lib/desock.so\" 
-#sudo LD_PRELOAD="/usr/local/lib/desock.so" clixon_restconf -rf $cfg < input/1.http
+

lib/src/clixon_json_parse.y

@@ -250,7 +250,6 @@ static int
 json_empty_list(clixon_json_yacc *jy)
 {
     xml_rm(jy->jy_current);
-    xml_free(jy->jy_current);
     jy->jy_current = NULL;
     return 0;
 }

test/mem.sh

@@ -40,7 +40,7 @@ function memonce(){
 	    sudo chmod 660 $valgrindfile
 	    sudo chown www-data $valgrindfile
 	    : ${DEMWAIT:=15} # valgrind backend needs some time to get up 
-	    clixon_restconf="/usr/bin/valgrind --leak-check=full --show-leak-kinds=all --suppressions=./valgrind-clixon.supp --track-fds=yes --trace-children=no  --child-silent-after-fork=yes --log-file=$valgrindfile /www-data/clixon_restconf"
+	    clixon_restconf="/usr/bin/valgrind --leak-check=full --show-leak-kinds=all --suppressions=./valgrind-clixon.supp --track-fds=yes --trace-children=no  --child-silent-after-fork=yes --log-file=$valgrindfile clixon_restconf"
 
 	    ;;
 	*)

test/test_restconf_err.sh

@@ -206,6 +206,9 @@ if false; then
 	err1 "netcat/nc not found"
     fi
 
+#    new "restconf try fuzz crash"
+#    expectpart "$(${netcat} 127.0.0.1 80 < ~/tmp/crashes/id:000000,sig:06,src:000493+000365,op:splice,rep:8)" 0 "HTTP/1.1 400 Bad Request"
+    
     new "restconf GET initial datastore netcat"
     expectpart "$(${netcat} 127.0.0.1 80 <<EOF
 GET /restconf/data/example:a=0 HTTP/1.1

test/test_restconf_nmap.sh

@@ -128,7 +128,7 @@ if [ $RC -ne 0 ]; then
     
     new "start restconf daemon"
     # inline of start_restconf, cant make quotes to work
-    echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg -R <xml>"
+    echo "sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg"
     sudo -u $wwwstartuser -s $clixon_restconf $RCLOG -D $DBG -f $cfg &
     if [ $? -ne 0 ]; then
 	err1 "expected 0" "$?"