Specconv: Add fuzzer

Signed-off-by: AdamKorcz <adam@adalogics.com>

go.mod

@@ -3,6 +3,7 @@ module github.com/opencontainers/runc
 go 1.14
 
 require (
+	github.com/AdamKorcz/go-fuzz-headers v0.0.0-20210319161527-f761c2329661
 	github.com/checkpoint-restore/go-criu/v4 v4.1.0
 	github.com/cilium/ebpf v0.2.0
 	github.com/containerd/console v1.0.1

go.sum

@@ -1,3 +1,5 @@
+github.com/AdamKorcz/go-fuzz-headers v0.0.0-20210319161527-f761c2329661 h1:LxxqfxscKXL1kv7QNh4nggNf4Ais8B0ME8zWMCAsttY=
+github.com/AdamKorcz/go-fuzz-headers v0.0.0-20210319161527-f761c2329661/go.mod h1:VPevheIvXETHZT/ddjwarP3POR5p/cnH9Hy5yoFnQjc=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0 h1:WW2B2uxx9KWF6bGlHqhm8Okiafwwx7Y2kcpn8lCpjgo=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=

libcontainer/specconv/specconv_fuzzer.go

@@ -0,0 +1,94 @@
+package specconv
+
+import (
+	"io/ioutil"
+	"os"
+
+	"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
+	"github.com/opencontainers/runc/libcontainer/configs"
+	"github.com/opencontainers/runc/libcontainer/configs/validate"
+	"github.com/opencontainers/runtime-spec/specs-go"
+
+	gofuzzheaders "github.com/AdamKorcz/go-fuzz-headers"
+)
+
+func newTestRoot(name string) (string, error) {
+	dir, err := ioutil.TempDir("", name)
+	if err != nil {
+		return "", err
+	}
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return "", err
+	}
+	return dir, nil
+}
+
+func Fuzz(data []byte) int {
+	if len(data) < 30 {
+		return -1
+	}
+	f := gofuzzheaders.NewConsumer(data)
+	linuxSpec := new(specs.Linux)
+	err := f.GenerateStruct(linuxSpec)
+	if err != nil {
+		return 0
+	}
+
+	// Create spec.Spec
+	spec := new(specs.Spec)
+	err = f.GenerateStruct(spec)
+	if err != nil {
+		return 0
+	}
+	spec.Linux = linuxSpec
+
+	// Create CreateOpts
+	opts := new(CreateOpts)
+	err = f.GenerateStruct(opts)
+	if err != nil {
+		return 0
+	}
+	opts.Spec = spec
+	rootfs, err := newTestRoot("libcontainer")
+	if err != nil {
+		return 0
+	}
+	config := newTemplateConfig(&fuzzTParam{
+		rootfs: rootfs,
+		userns: false,
+	})
+	err = f.GenerateStruct(config)
+	if err != nil {
+		return 0
+	}
+	config.Rootfs = rootfs
+
+	// Add network
+	cn := new(configs.Network)
+	err = f.GenerateStruct(cn)
+	if err != nil {
+		return 0
+	}
+
+	config.Networks = []*configs.Network{cn}
+
+	validator := validate.New()
+	err = validator.Validate(config)
+	if err != nil {
+		return 0
+	}
+	c, err := CreateCgroupConfig(opts, nil)
+	if err != nil {
+		return 0
+	}
+
+	path, err := newTestRoot("fuzzDir")
+	if err != nil {
+		return 0
+	}
+	um := systemd.NewUnifiedManager(c, path, false)
+	err = um.Set(config)
+	err = um.Apply(int(data[0]))
+	err = um.Destroy()
+	return 1
+}

vendor/modules.txt

@@ -1,82 +1,63 @@
+# github.com/AdamKorcz/go-fuzz-headers v0.0.0-20210319161527-f761c2329661
+github.com/AdamKorcz/go-fuzz-headers
 # github.com/checkpoint-restore/go-criu/v4 v4.1.0
-## explicit
 github.com/checkpoint-restore/go-criu/v4
 github.com/checkpoint-restore/go-criu/v4/rpc
 # github.com/cilium/ebpf v0.2.0
-## explicit
 github.com/cilium/ebpf
 github.com/cilium/ebpf/asm
 github.com/cilium/ebpf/internal
 github.com/cilium/ebpf/internal/btf
 github.com/cilium/ebpf/internal/unix
 # github.com/containerd/console v1.0.1
-## explicit
 github.com/containerd/console
 # github.com/coreos/go-systemd/v22 v22.1.0
-## explicit
 github.com/coreos/go-systemd/v22/activation
 github.com/coreos/go-systemd/v22/dbus
 # github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d
 github.com/cpuguy83/go-md2man/v2/md2man
 # github.com/cyphar/filepath-securejoin v0.2.2
-## explicit
 github.com/cyphar/filepath-securejoin
 # github.com/docker/go-units v0.4.0
-## explicit
 github.com/docker/go-units
 # github.com/godbus/dbus/v5 v5.0.3
-## explicit
 github.com/godbus/dbus/v5
 # github.com/golang/protobuf v1.4.3
-## explicit
 github.com/golang/protobuf/proto
 # github.com/moby/sys/mountinfo v0.4.0
-## explicit
 github.com/moby/sys/mountinfo
 # github.com/mrunalp/fileutils v0.5.0
-## explicit
 github.com/mrunalp/fileutils
 # github.com/opencontainers/runtime-spec v1.0.3-0.20210316141917-a8c4a9ee0f6b
-## explicit
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/opencontainers/selinux v1.8.0
-## explicit
 github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk
 # github.com/pkg/errors v0.9.1
-## explicit
 github.com/pkg/errors
 # github.com/russross/blackfriday/v2 v2.0.1
 github.com/russross/blackfriday/v2
 # github.com/seccomp/libseccomp-golang v0.9.1
-## explicit
 github.com/seccomp/libseccomp-golang
 # github.com/shurcooL/sanitized_anchor_name v1.0.0
 github.com/shurcooL/sanitized_anchor_name
 # github.com/sirupsen/logrus v1.7.0
-## explicit
 github.com/sirupsen/logrus
 # github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
-## explicit
 github.com/syndtr/gocapability/capability
 # github.com/urfave/cli v1.22.1
-## explicit
 github.com/urfave/cli
 # github.com/vishvananda/netlink v1.1.0
-## explicit
 github.com/vishvananda/netlink
 github.com/vishvananda/netlink/nl
 # github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
 github.com/vishvananda/netns
 # github.com/willf/bitset v1.1.11
-## explicit
 github.com/willf/bitset
 # golang.org/x/net v0.0.0-20201224014010-6772e930b67b
-## explicit
 golang.org/x/net/bpf
 # golang.org/x/sys v0.0.0-20201119102817-f84b799fce68
-## explicit
 golang.org/x/sys/internal/unsafeheader
 golang.org/x/sys/unix
 golang.org/x/sys/windows