Dfuzzer: A D-Bus Service Fuzzing Tool

We present Dfuzzer, a fully automated tool for fuzz testing programs communicating via D-Bus. D-Bus is the prevalent modern mechanism for an inter-process communication in the GNU/Linux ecosystem. Programs receiving data over D-Bus should sanitize the inputs correctly as it may come from any application having access to the message bus. Unfortunately, it is often not the case as demonstrated by severe bugs found by the presented fuzzing tool. Dfuzzer is fully automated: using D-Bus introspection, it is able to acquire the structure of the parameters expected by the target program. It can then generate ballast data respecting this structure, so the target program starts using such data incorrectly if it does not carefully validate it. We have found numerous bugs in various parts of the GNU/Linux operating system, including GNOME Shell and systemd. The bugs usually result in crashes, but we have found other bugs like memory leaks and even a data-loss bug. We also discuss the software engineering aspects of fuzz testing D-Bus services. We have met developer opinions that the problems found do not constitute valid bugs, because the D-Bus interface is actually an internal API. The discussion is interesting by showing that D-Bus usage is not a fully mature area of engineering, and programmers do not have a shared understanding of its purpose.