annotate fuzz/fuzz-harness.c @ 1885:5d8dbb6fdab7

Fix SSH_PUBKEYINFO, limit characters, add tests We fix a bad_bufptr() failure from a previous commit. We now limit the allowed characters to those that will definitely be safe in a shell. Some scripts/programs may use arbitrary environment variables without escaping correctly - that could be a problem in a restricted environment. The current allowed set is a-z A-Z 0-9 .,_-+@ This also adds a test for SSH_PUBKEYINFO, by default it only runs under github actions (or "act -j build").
author Matt Johnston <matt@ucc.asn.au>
date Wed, 16 Mar 2022 17:17:23 +0800
parents fd00aeff38fd
children be236878efcf
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "includes.h"
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
2 #include "buffer.h"
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
3 #include "dbutil.h"
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 int main(int argc, char ** argv) {
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
8 int i;
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
9 buffer *input = buf_new(100000);
1809
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
10 int quiet = 0;
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
11
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
12 for (i = 1; i < argc; i++) {
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
13 #if DEBUG_TRACE
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
14 if (strcmp(argv[i], "-v") == 0) {
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
15 debug_trace = 1;
1373
9891bc31a1b3 fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents: 1363
diff changeset
16 TRACE(("debug printing on"))
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
17 }
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1354
diff changeset
18 #endif
1809
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
19 if (strcmp(argv[i], "-q") == 0) {
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
20 printf("Running quiet\n");
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
21 quiet = 1;
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
22 }
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
23 }
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1354
diff changeset
24
1605
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
25 int old_fuzz_wrapfds = 0;
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
26 for (i = 1; i < argc; i++) {
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
27 if (argv[i][0] == '-') {
1559
92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents: 1373
diff changeset
28 /* ignore arguments */
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
29 continue;
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
30 }
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
31
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
32 char* fn = argv[i];
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
33 buf_setlen(input, 0);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
34 buf_readfile(input, fn);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
35 buf_setpos(input, 0);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
36
1741
d1b279aa5ed1 Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents: 1740
diff changeset
37 /* Run twice to catch problems with statefulness */
1605
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
38 fuzz.wrapfds = old_fuzz_wrapfds;
1809
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
39 if (!quiet) {
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
40 printf("Running %s once \n", fn);
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
41 }
1358
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
42 LLVMFuzzerTestOneInput(input->data, input->len);
1809
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
43 if (!quiet) {
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
44 printf("Running %s twice \n", fn);
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
45 }
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
46 LLVMFuzzerTestOneInput(input->data, input->len);
1809
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
47 if (!quiet) {
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
48 printf("Done %s\n", fn);
fd00aeff38fd fuzz: add -q quiet argument for standalone fuzzers.
Matt Johnston <matt@ucc.asn.au>
parents: 1775
diff changeset
49 }
1605
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
50
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
51 /* Disable wrapfd so it won't interfere with buf_readfile() above */
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
52 old_fuzz_wrapfds = fuzz.wrapfds;
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
53 fuzz.wrapfds = 0;
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
54 }
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
55
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
56 printf("Finished\n");
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
57
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 return 0;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 }
1760
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
60
1775
8179eabe16c9 fuzzing - fix some wrong types and -lcrypt on macos
Matt Johnston <matt@ucc.asn.au>
parents: 1760
diff changeset
61 // Just to let it link
8179eabe16c9 fuzzing - fix some wrong types and -lcrypt on macos
Matt Johnston <matt@ucc.asn.au>
parents: 1760
diff changeset
62 size_t LLVMFuzzerMutate(uint8_t *UNUSED(Data), size_t UNUSED(Size), size_t UNUSED(MaxSize)) {
1760
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
63 printf("standalone fuzzer harness shouldn't call LLVMFuzzerMutate");
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
64 abort();
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
65 return 0;
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
66 }