Add libFuzzer support to the .sbat parser.

shim takes several forms of input from several sources that are not
necessarily trustworthy.  As such, we need to take measures to validate
that we don't have unacceptable results from bad inputs.  One such
measure is "fuzzing" the inputs which parse untrusted data by running
them with randomized or partially randomized input.

This change adds such testing using clang's "libFuzzer" to our parser
for ".sbat" sections.  I've run it for about half an hour and so far it
found one memory leak, but no other errors.

Signed-off-by: Peter Jones <pjones@redhat.com>

fuzz-sbat.c

@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * fuzz-sbat-section.c - fuzz our .sbat parsing code
+ * Copyright Peter Jones <pjones@redhat.com>
+ */
+
+#ifndef SHIM_UNIT_TEST
+#define SHIM_UNIT_TEST
+#endif
+#include "shim.h"
+
+#include <stdio.h>
+
+list_t sbat_var;
+
+BOOLEAN
+secure_mode() {
+	return 1;
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	uint8_t *data_copy;
+	EFI_STATUS status = 0;
+	size_t n = 0;
+	struct sbat_section_entry **entries = NULL;
+
+	if (size < 1)
+		return 0;
+
+	data_copy = malloc(size+1);
+	if (!data_copy)
+		return -1;
+
+	memcpy(data_copy, data, size);
+	data_copy[size] = 0;
+	status = parse_sbat_section(data_copy, size, &n, &entries);
+	cleanup_sbat_section_entries(n, entries);
+
+	free(data_copy);
+
+	return 0;
+}
+
+// vim:fenc=utf-8:tw=75:noet

include/fuzz.mk

@@ -69,6 +69,8 @@ libefi-test.a :
 		-f $(TOPDIR)/gnu-efi/Makefile \
 		clean
 
+fuzz-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c
+fuzz-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
 
 fuzzers := $(patsubst %.c,%,$(wildcard fuzz-*.c))