action #154105
closed[security][maintenance][15-SPx][s390x] test fails in dbus_fuzzer: unexpected dfuzzer exit status for org.freedesktop.PolicyKit1
100%
Description
Observation¶
The following fuzzing:
./dfuzzer -v -n org.freedesktop.PolicyKit1
returns
Exit Status: 3
which is not handled in any special way by the test.
This makes the test fail. Not sure if we can handle this case as "Exit status: 1". Hence opening this ticket.
openQA test in scenario sle-15-SP5-Server-DVD-Updates-s390x-cc_atsec@s390x-kvm fails in
dbus_fuzzer
Reproducible¶
Fails since (at least) Build 20240122-1
Expected result¶
Last good: 20240121-1 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by pstivanin 3 months ago
- Subject changed from [security][15-SP5][s390x] test fails in dbus_fuzzer: unexpected dfuzzer exit status for org.freedesktop.PolicyKit1 to [security][maintenance][15-SPx][s390x] test fails in dbus_fuzzer: unexpected dfuzzer exit status for org.freedesktop.PolicyKit1
Updated by pstivanin 3 months ago
- % Done changed from 0 to 30
about dbus_service_exposure these are the unknown ids:
15-SP3:
:1.27 3900 snapperd root :1.27 snapperd.service - -
:1.28 4789 busctl root :1.28 session-3.scope 3 -
15-SP4+
:1.34 4042 snapperd root :1.34 snapperd.service - -
:1.35 4743 busctl root :1.35 session-3.scope 3 -
Updated by pstivanin 3 months ago
- % Done changed from 30 to 50
The exit code 3 is returned when there's a memory leak. From the log:
Suppressions from './dfuzzer.conf'
[36m[SESSION BUS][0m
Error: Could not get PID of name 'org.freedesktop.PolicyKit1': no such name.
[36m[SYSTEM BUS][0m
[36m[PROCESS: /usr/lib/polkit-1/polkitd[0m
[36m[PACKAGE: polkit-121-150500.1.6.s390x
[0m
[36m[CONNECTED TO PID: 4211[0m
Object: [1m/[0m
Object: [1m/org[0m
Object: [1m/org/freedesktop[0m
Object: [1m/org/freedesktop/PolicyKit1[0m
Object: [1m/org/freedesktop/PolicyKit1/Authority[0m
Interface: [1morg.freedesktop.DBus.Properties[0m
Get...
[32mPASS[0m Get
GetAll...
[32mPASS[0m GetAll
Set...
[32mPASS[0m Set
Interface: [1morg.freedesktop.DBus.Introspectable[0m
[34mSKIP[0m Introspect - void method
Interface: [1morg.freedesktop.DBus.Peer[0m
[34mSKIP[0m Ping - void method
[34mSKIP[0m GetMachineId - void method
Interface: [1morg.freedesktop.PolicyKit1.Authority[0m
EnumerateActions...
[35mWARN[0m EnumerateActions - memory usage 3.0x more than initial memory
(9880 -> 29784 [kB])
CheckAuthorization...
[34mSKIP[0m CheckAuthorization - advanced signatures not yet implemented
CancelCheckAuthorization...
[32mPASS[0m CancelCheckAuthorization
RegisterAuthenticationAgent...
[34mSKIP[0m RegisterAuthenticationAgent - advanced signatures not yet implemented
RegisterAuthenticationAgentWithOptions...
[34mSKIP[0m RegisterAuthenticationAgentWithOptions - advanced signatures not yet implemented
UnregisterAuthenticationAgent...
[34mSKIP[0m UnregisterAuthenticationAgent - advanced signatures not yet implemented
AuthenticationAgentResponse...
[34mSKIP[0m AuthenticationAgentResponse - advanced signatures not yet implemented
AuthenticationAgentResponse2...
[34mSKIP[0m AuthenticationAgentResponse2 - advanced signatures not yet implemented
EnumerateTemporaryAuthorizations...
[34mSKIP[0m EnumerateTemporaryAuthorizations - advanced signatures not yet implemented
RevokeTemporaryAuthorizations...
[34mSKIP[0m RevokeTemporaryAuthorizations - advanced signatures not yet implemented
RevokeTemporaryAuthorizationById...
[32mPASS[0m RevokeTemporaryAuthorizationById
[1mExit status: 3[0m
we can see:
[35mWARN[0m EnumerateActions - memory usage 3.0x more than initial memory
(9880 -> 29784 [kB])
therefore the variable leaking_mem_flg is set to 1 here https://gitlab.suse.de/qe-security/atsec/-/blob/main/pentest/dfuzzer-master/src/fuzz.c?ref_type=heads#L688 causing dfuzz_test_method to return 3 here https://gitlab.suse.de/qe-security/atsec/-/blob/main/pentest/dfuzzer-master/src/fuzz.c?ref_type=heads#L730