fuzz: add set and setconf fuzzers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
f7f1e7da2c
commit
95c30bc034
4 changed files with 123 additions and 2 deletions
2
src/fuzz/.gitignore
vendored
2
src/fuzz/.gitignore
vendored
|
@ -2,3 +2,5 @@ config
|
|||
uapi
|
||||
stringlist
|
||||
cmd
|
||||
set
|
||||
setconf
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
#
|
||||
# Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
|
||||
all: config uapi stringlist cmd
|
||||
FUZZERS := config uapi stringlist cmd set setconf
|
||||
|
||||
all: $(FUZZERS)
|
||||
|
||||
CFLAGS ?= -O3 -march=native -g
|
||||
CFLAGS += -fsanitize=fuzzer -fsanitize=address -std=gnu11 -idirafter ../uapi -D_GNU_SOURCE
|
||||
|
@ -20,7 +22,13 @@ stringlist: stringlist.c ../ipc.c ../curve25519.c ../encoding.c
|
|||
cmd: cmd.c $(wildcard ../*.c)
|
||||
$(CC) $(CFLAGS) -D'RUNSTATEDIR="/var/empty"' -D'main(a,b)=wg_main(a,b)' -o $@ $^ -lmnl
|
||||
|
||||
set: set.c ../set.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
|
||||
$(CC) $(CFLAGS) -o $@ $< -lmnl
|
||||
|
||||
setconf: setconf.c ../setconf.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
|
||||
$(CC) $(CFLAGS) -o $@ $< -lmnl
|
||||
|
||||
clean:
|
||||
rm -f config uapi stringlist cmd
|
||||
$(RM) $(FUZZERS)
|
||||
|
||||
.PHONY: all clean
|
||||
|
|
57
src/fuzz/set.c
Normal file
57
src/fuzz/set.c
Normal file
|
@ -0,0 +1,57 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#undef stderr
|
||||
#define stderr stdin
|
||||
#define RUNSTATEDIR "/var/empty"
|
||||
#include "../curve25519.c"
|
||||
#define parse_allowedips parse_allowedips_ipc
|
||||
#include "../ipc.c"
|
||||
#undef parse_allowedips
|
||||
#include "../encoding.c"
|
||||
static FILE *hacked_fopen(const char *pathname, const char *mode);
|
||||
#define fopen hacked_fopen
|
||||
#include "../config.c"
|
||||
#include "../mnlg.c"
|
||||
#include "../set.c"
|
||||
#undef stderr
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <assert.h>
|
||||
|
||||
const char *__asan_default_options()
|
||||
{
|
||||
return "verbosity=1";
|
||||
}
|
||||
|
||||
const char *PROG_NAME = "wg";
|
||||
|
||||
static FILE *hacked_fopen(const char *pathname, const char *mode)
|
||||
{
|
||||
return fmemopen((char *)pathname, strlen(pathname), "r");
|
||||
}
|
||||
|
||||
int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
|
||||
{
|
||||
char *argv[8192] = { "set", "wg0" }, *args;
|
||||
size_t argc = 2;
|
||||
|
||||
if (!data_len)
|
||||
return 0;
|
||||
|
||||
assert((args = malloc(data_len)));
|
||||
memcpy(args, data, data_len);
|
||||
args[data_len - 1] = '\0';
|
||||
|
||||
for (char *arg = strtok(args, " \t\n\r"); arg && argc < 8192; arg = strtok(NULL, " \t\n\r")) {
|
||||
if (arg[0])
|
||||
argv[argc++] = arg;
|
||||
}
|
||||
set_main(argc, argv);
|
||||
free(args);
|
||||
return 0;
|
||||
}
|
54
src/fuzz/setconf.c
Normal file
54
src/fuzz/setconf.c
Normal file
|
@ -0,0 +1,54 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#undef stderr
|
||||
#define stderr stdin
|
||||
#define RUNSTATEDIR "/var/empty"
|
||||
#include "../curve25519.c"
|
||||
#define parse_allowedips parse_allowedips_ipc
|
||||
#include "../ipc.c"
|
||||
#undef parse_allowedips
|
||||
#include "../encoding.c"
|
||||
#include "../config.c"
|
||||
#include "../mnlg.c"
|
||||
static FILE *hacked_fopen(const char *pathname, const char *mode);
|
||||
#define fopen hacked_fopen
|
||||
#include "../setconf.c"
|
||||
#undef fopen
|
||||
#undef stderr
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <assert.h>
|
||||
|
||||
const char *__asan_default_options()
|
||||
{
|
||||
return "verbosity=1";
|
||||
}
|
||||
|
||||
const char *PROG_NAME = "wg";
|
||||
|
||||
struct hacked_pointers {
|
||||
const char *data;
|
||||
size_t data_len;
|
||||
};
|
||||
|
||||
static FILE *hacked_fopen(const char *pathname, const char *mode)
|
||||
{
|
||||
struct hacked_pointers *h = (struct hacked_pointers *)strtoul(pathname, NULL, 10);
|
||||
return fmemopen((char *)h->data, h->data_len, "r");
|
||||
}
|
||||
|
||||
int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
|
||||
{
|
||||
char strptr[32];
|
||||
char *argv[3] = { "setconf", "wg0", strptr };
|
||||
struct hacked_pointers h = { data, data_len };
|
||||
|
||||
snprintf(strptr, sizeof(strptr), "%lu", (unsigned long)&h);
|
||||
setconf_main(3, argv);
|
||||
return 0;
|
||||
}
|
Loading…
Reference in a new issue