Mercurial > dropbear
annotate fuzz/fuzz-harness.c @ 1885:5d8dbb6fdab7
Fix SSH_PUBKEYINFO, limit characters, add tests
We fix a bad_bufptr() failure from a previous commit. We now limit
the allowed characters to those that will definitely be safe
in a shell. Some scripts/programs may use arbitrary environment
variables without escaping correctly - that could be a problem
in a restricted environment.
The current allowed set is a-z A-Z 0-9 .,_-+@
This also adds a test for SSH_PUBKEYINFO, by default it only runs
under github actions (or "act -j build").
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 16 Mar 2022 17:17:23 +0800 |
parents | fd00aeff38fd |
children | be236878efcf |
rev | line source |
---|---|
1348 | 1 #include "includes.h" |
1354 | 2 #include "buffer.h" |
3 #include "dbutil.h" | |
1348 | 4 |
5 extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size); | |
6 | |
7 int main(int argc, char ** argv) { | |
1354 | 8 int i; |
9 buffer *input = buf_new(100000); | |
1809
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
10 int quiet = 0; |
1354 | 11 |
1363 | 12 for (i = 1; i < argc; i++) { |
13 #if DEBUG_TRACE | |
14 if (strcmp(argv[i], "-v") == 0) { | |
15 debug_trace = 1; | |
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1363
diff
changeset
|
16 TRACE(("debug printing on")) |
1363 | 17 } |
1357 | 18 #endif |
1809
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
19 if (strcmp(argv[i], "-q") == 0) { |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
20 printf("Running quiet\n"); |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
21 quiet = 1; |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
22 } |
1363 | 23 } |
1357 | 24 |
1605
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
25 int old_fuzz_wrapfds = 0; |
1354 | 26 for (i = 1; i < argc; i++) { |
1363 | 27 if (argv[i][0] == '-') { |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1373
diff
changeset
|
28 /* ignore arguments */ |
1363 | 29 continue; |
30 } | |
31 | |
1354 | 32 char* fn = argv[i]; |
33 buf_setlen(input, 0); | |
34 buf_readfile(input, fn); | |
35 buf_setpos(input, 0); | |
36 | |
1741
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
37 /* Run twice to catch problems with statefulness */ |
1605
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
38 fuzz.wrapfds = old_fuzz_wrapfds; |
1809
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
39 if (!quiet) { |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
40 printf("Running %s once \n", fn); |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
41 } |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
42 LLVMFuzzerTestOneInput(input->data, input->len); |
1809
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
43 if (!quiet) { |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
44 printf("Running %s twice \n", fn); |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
45 } |
1354 | 46 LLVMFuzzerTestOneInput(input->data, input->len); |
1809
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
47 if (!quiet) { |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
48 printf("Done %s\n", fn); |
fd00aeff38fd
fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents:
1775
diff
changeset
|
49 } |
1605
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
50 |
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
51 /* Disable wrapfd so it won't interfere with buf_readfile() above */ |
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
52 old_fuzz_wrapfds = fuzz.wrapfds; |
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
53 fuzz.wrapfds = 0; |
1354 | 54 } |
55 | |
56 printf("Finished\n"); | |
57 | |
1348 | 58 return 0; |
59 } | |
1760
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
60 |
1775
8179eabe16c9
fuzzing - fix some wrong types and -lcrypt on macos
Matt Johnston <matt@ucc.asn.au>
parents:
1760
diff
changeset
|
61 // Just to let it link |
8179eabe16c9
fuzzing - fix some wrong types and -lcrypt on macos
Matt Johnston <matt@ucc.asn.au>
parents:
1760
diff
changeset
|
62 size_t LLVMFuzzerMutate(uint8_t *UNUSED(Data), size_t UNUSED(Size), size_t UNUSED(MaxSize)) { |
1760
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
63 printf("standalone fuzzer harness shouldn't call LLVMFuzzerMutate"); |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
64 abort(); |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
65 return 0; |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
66 } |