<?xml version="1.0"?>
<source-code>
  <file fpath="/out/src/cryptsetup/lib/utils_io.c">/*
 * utils - miscellaneous I/O utilities for cryptsetup
 *
 * Copyright (C) 2004 Jana Saout &lt;jana@saout.de&gt;
 * Copyright (C) 2004-2007 Clemens Fruhwirth &lt;clemens@endorphin.org&gt;
 * Copyright (C) 2009-2024 Red Hat, Inc. All rights reserved.
 * Copyright (C) 2009-2024 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include &lt;errno.h&gt;
#include &lt;string.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;stdint.h&gt;
#include &lt;unistd.h&gt;

#include "utils_io.h"

/* coverity[ -taint_source : arg-1 ] */
static ssize_t _read_buffer(int fd, void *buf, size_t length, volatile int *quit)
{
	size_t read_size = 0;
	ssize_t r;

	if (fd &lt; 0 || !buf)
		return -EINVAL;

	do {
		r = read(fd, buf, length - read_size);
		if (r == -1 &amp;&amp; errno != EINTR)
			return r;
		if (r &gt; 0) {
			read_size += (size_t)r;
			buf = (uint8_t*)buf + r;
		}
		if (r == 0 || (quit &amp;&amp; *quit))
			return (ssize_t)read_size;
	} while (read_size != length);

	return (ssize_t)length;
}

ssize_t read_buffer(int fd, void *buf, size_t length)
{
	return _read_buffer(fd, buf, length, NULL);
}

ssize_t read_buffer_intr(int fd, void *buf, size_t length, volatile int *quit)
{
	return _read_buffer(fd, buf, length, quit);
}

static ssize_t _write_buffer(int fd, const void *buf, size_t length, volatile int *quit)
{
	size_t write_size = 0;
	ssize_t w;

	if (fd &lt; 0 || !buf || !length)
		return -EINVAL;

	do {
		w = write(fd, buf, length - write_size);
		if (w &lt; 0 &amp;&amp; errno != EINTR)
			return w;
		if (w &gt; 0) {
			write_size += (size_t) w;
			buf = (const uint8_t*)buf + w;
		}
		if (w == 0 || (quit &amp;&amp; *quit))
			return (ssize_t)write_size;
	} while (write_size != length);

	return (ssize_t)write_size;
}

ssize_t write_buffer(int fd, const void *buf, size_t length)
{
	return _write_buffer(fd, buf, length, NULL);
}

ssize_t write_buffer_intr(int fd, const void *buf, size_t length, volatile int *quit)
{
	return _write_buffer(fd, buf, length, quit);
}

ssize_t write_blockwise(int fd, size_t bsize, size_t alignment,
			void *orig_buf, size_t length)
{
	void *hangover_buf = NULL, *buf = NULL;
	size_t hangover, solid;
	ssize_t r, ret = -1;

	if (fd == -1 || !orig_buf || !bsize || !alignment)
		return -1;

	hangover = length % bsize;
	solid = length - hangover;

	if ((size_t)orig_buf &amp; (alignment - 1)) {
		if (posix_memalign(&amp;buf, alignment, length))
			return -1;
		memcpy(buf, orig_buf, length);
	} else
		buf = orig_buf;

	if (solid) {
		r = write_buffer(fd, buf, solid);
		if (r &lt; 0 || r != (ssize_t)solid)
			goto out;
	}

	if (hangover) {
		if (posix_memalign(&amp;hangover_buf, alignment, bsize))
			goto out;
		memset(hangover_buf, 0, bsize);

		r = read_buffer(fd, hangover_buf, bsize);
		if (r &lt; 0)
			goto out;

		if (lseek(fd, -(off_t)r, SEEK_CUR) &lt; 0)
			goto out;

		memcpy(hangover_buf, (char*)buf + solid, hangover);

		r = write_buffer(fd, hangover_buf, bsize);
		if (r &lt; 0 || r &lt; (ssize_t)hangover)
			goto out;
	}
	ret = length;
out:
	free(hangover_buf);
	if (buf != orig_buf)
		free(buf);
	return ret;
}

ssize_t read_blockwise(int fd, size_t bsize, size_t alignment,
		       void *orig_buf, size_t length)
{
	void *hangover_buf = NULL, *buf = NULL;
	size_t hangover, solid;
	ssize_t r, ret = -1;

	if (fd == -1 || !orig_buf || !bsize || !alignment)
		return -1;

	hangover = length % bsize;
	solid = length - hangover;

	if ((size_t)orig_buf &amp; (alignment - 1)) {
		if (posix_memalign(&amp;buf, alignment, length))
			return -1;
	} else
		buf = orig_buf;

	r = read_buffer(fd, buf, solid);
	if (r &lt; 0 || r != (ssize_t)solid)
		goto out;

	if (hangover) {
		if (posix_memalign(&amp;hangover_buf, alignment, bsize))
			goto out;
		r = read_buffer(fd, hangover_buf, bsize);
		if (r &lt;  0 || r &lt; (ssize_t)hangover)
			goto out;

		memcpy((char *)buf + solid, hangover_buf, hangover);
	}
	ret = length;
out:
	free(hangover_buf);
	if (buf != orig_buf) {
		if (ret != -1)
			memcpy(orig_buf, buf, length);
		free(buf);
	}
	return ret;
}

/*
 * Combines llseek with blockwise write. write_blockwise can already deal with short writes
 * but we also need a function to deal with short writes at the start. But this information
 * is implicitly included in the read/write offset, which can not be set to non-aligned
 * boundaries. Hence, we combine llseek with write.
 */
ssize_t write_lseek_blockwise(int fd, size_t bsize, size_t alignment,
			      void *buf, size_t length, off_t offset)
{
	void *frontPadBuf = NULL;
	size_t frontHang, innerCount = 0;
	ssize_t r, ret = -1;

	if (fd == -1 || !buf || !bsize || !alignment)
		return -1;

	if (offset &lt; 0)
		offset = lseek(fd, offset, SEEK_END);

	if (offset &lt; 0)
		return -1;

	frontHang = offset % bsize;

	if (lseek(fd, offset - frontHang, SEEK_SET) &lt; 0)
		return -1;

	if (frontHang &amp;&amp; length) {
		if (posix_memalign(&amp;frontPadBuf, alignment, bsize))
			return -1;

		innerCount = bsize - frontHang;
		if (innerCount &gt; length)
			innerCount = length;

		r = read_buffer(fd, frontPadBuf, bsize);
		if (r &lt; 0 || r &lt; (ssize_t)(frontHang + innerCount))
			goto out;

		memcpy((char*)frontPadBuf + frontHang, buf, innerCount);

		if (lseek(fd, offset - frontHang, SEEK_SET) &lt; 0)
			goto out;

		r = write_buffer(fd, frontPadBuf, bsize);
		if (r &lt; 0 || r != (ssize_t)bsize)
			goto out;

		buf = (char*)buf + innerCount;
		length -= innerCount;
	}

	ret = length ? write_blockwise(fd, bsize, alignment, buf, length) : 0;
	if (ret &gt;= 0)
		ret += innerCount;
out:
	free(frontPadBuf);
	return ret;
}

ssize_t read_lseek_blockwise(int fd, size_t bsize, size_t alignment,
			     void *buf, size_t length, off_t offset)
{
	void *frontPadBuf = NULL;
	size_t frontHang, innerCount = 0;
	ssize_t r, ret = -1;

	if (fd == -1 || !buf || bsize &lt;= 0)
		return -1;

	if (offset &lt; 0)
		offset = lseek(fd, offset, SEEK_END);

	if (offset &lt; 0)
		return -1;

	frontHang = offset % bsize;

	if (lseek(fd, offset - frontHang, SEEK_SET) &lt; 0)
		return -1;

	if (frontHang &amp;&amp; length) {
		if (posix_memalign(&amp;frontPadBuf, alignment, bsize))
			return -1;

		innerCount = bsize - frontHang;
		if (innerCount &gt; length)
			innerCount = length;

		r = read_buffer(fd, frontPadBuf, bsize);
		if (r &lt; 0 || r &lt; (ssize_t)(frontHang + innerCount))
			goto out;

		memcpy(buf, (char*)frontPadBuf + frontHang, innerCount);

		buf = (char*)buf + innerCount;
		length -= innerCount;
	}

	ret = read_blockwise(fd, bsize, alignment, buf, length);
	if (ret &gt;= 0)
		ret += innerCount;
out:
	free(frontPadBuf);
	return ret;
}
</file>
  <file fpath="/out/src/cryptsetup/tests/fuzz/crypt2_load_fuzz.cc">/*
 * cryptsetup LUKS2 fuzz target
 *
 * Copyright (C) 2022-2024 Daniel Zatovic &lt;daniel.zatovic@gmail.com&gt;
 * Copyright (C) 2022-2024 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

extern "C" {
#define FILESIZE (16777216)
#include "src/cryptsetup.h"
#include "luks2/luks2.h"
#include "crypto_backend/crypto_backend.h"
#include "FuzzerInterface.h"

#define CHKSUM_ALG "sha256"
#define CHKSUM_SIZE 32

static bool fix_checksum_hdr(struct luks2_hdr_disk *hdr, const char *data, size_t len)
{
	char *csum = (char *)&amp;hdr-&gt;csum;
	struct crypt_hash *hd = NULL;
	bool r = false;

	if (crypt_hash_init(&amp;hd, CHKSUM_ALG))
		return false;

	memset(csum, 0, LUKS2_CHECKSUM_L);

	if (!crypt_hash_write(hd, data, len) &amp;&amp;
	    !crypt_hash_final(hd, csum, CHKSUM_SIZE))
		r = true;

	crypt_hash_destroy(hd);
	return r;
}

static bool calculate_checksum(const char *data, size_t size, struct luks2_hdr_disk *hdr_rw)
{
	uint64_t hdr_size;

	/* Primary header cannot fit in data */
	if (sizeof(*hdr_rw) &gt; size)
		return false;

	hdr_size = be64_to_cpu(((struct luks2_hdr_disk *)data)-&gt;hdr_size);
	if (hdr_size &gt; size || hdr_size &lt;= sizeof(*hdr_rw))
		return false;

	/* Calculate checksum for primary header */
	memcpy(hdr_rw, data, sizeof(*hdr_rw));
	return fix_checksum_hdr(hdr_rw, data, (size_t)hdr_size);
}

int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
	int fd, r = EXIT_FAILURE;
	struct crypt_device *cd = NULL;
	char name[] = "/tmp/test-script-fuzz.XXXXXX";
	struct luks2_hdr_disk hdr_rw;
	size_t modified_data_size;

	/* if csum calculation fails, keep fuzzer running on original input */
	if (size &gt;= sizeof(hdr_rw) &amp;&amp; calculate_checksum((const char *)data, size, &amp;hdr_rw))
		modified_data_size = sizeof(hdr_rw);
	else
		modified_data_size = 0;

	/* create file with LUKS header for libcryptsetup */
	fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC);
	if (fd == -1)
		return r;

	/* enlarge header */
	if (ftruncate(fd, FILESIZE) == -1)
		goto out;

	if (modified_data_size &amp;&amp;
	    write_buffer(fd, &amp;hdr_rw, modified_data_size) != (ssize_t)modified_data_size)
		goto out;

	if (write_buffer(fd, data + modified_data_size, size - modified_data_size) != (ssize_t)size)
		goto out;

	/* Actual fuzzing */
	if (crypt_init(&amp;cd, name) == 0)
		(void)crypt_load(cd, CRYPT_LUKS2, NULL);
	crypt_free(cd);
	r = 0;
out:
	close(fd);
	unlink(name);

	return r;
}
}
</file>
</source-code>
