From f3e671591e6938e27aa15ba52f258617456a8fac Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 24 Feb 2019 18:52:54 +0200
Subject: [PATCH] tests: libFuzzer integration for test-json and test-x509

Allow these test tools to be used with libFuzzer in addition to
afl-fuzz.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 tests/Makefile    |  9 +++++++++
 tests/README      |  9 +++++++++
 tests/test-json.c | 50 +++++++++++++++++++++++++++++++++--------------
 tests/test-x509.c | 13 +++++++++++-
 4 files changed, 65 insertions(+), 16 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 3b5c86fba..95855aa3b 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -5,6 +5,15 @@ TESTS=test-base64 test-md4 test-milenage \
 
 all: $(TESTS)
 
+ifdef LIBFUZZER
+CC=clang
+CFLAGS = -MMD -O2 -Wall -g
+CFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
+CFLAGS += -DTEST_LIBFUZZER
+LDFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
+TEST_FUZZ=y
+endif
+
 ifndef CC
 CC=gcc
 endif
diff --git a/tests/README b/tests/README
index 68f6023d0..b11e07b08 100644
--- a/tests/README
+++ b/tests/README
@@ -45,6 +45,15 @@ cat > json-examples/1.json <<EOF
 EOF
 afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@
 
+Alternatively, using libFuzzer from LLVM:
+make clean
+make test-json LIBFUZZER=y
+mkdir json-examples
+cat > json-examples/1.json <<EOF
+{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
+EOF
+./test-json json-examples
+
 ##### EAPOL-Key Supplicant
 make clean
 CC=afl-gcc make test-eapol TEST_FUZZ=y
diff --git a/tests/test-json.c b/tests/test-json.c
index c7cb46030..b33a79214 100644
--- a/tests/test-json.c
+++ b/tests/test-json.c
@@ -7,15 +7,47 @@
  */
 
 #include "utils/includes.h"
+#include "utils/common.h"
 #include "utils/os.h"
 #include "utils/json.h"
+#include "utils/wpa_debug.h"
 
 
+void run_test(const char *buf, size_t len)
+{
+	struct json_token *root;
+	char *txt;
+	size_t buflen = 10000;
+
+	root = json_parse(buf, len);
+	if (!root) {
+		wpa_printf(MSG_DEBUG, "JSON parsing failed");
+		return;
+	}
+
+	txt = os_zalloc(buflen);
+	if (txt) {
+		json_print_tree(root, txt, buflen);
+		wpa_printf(MSG_DEBUG, "%s", txt);
+		os_free(txt);
+	}
+	json_free(root);
+}
+
+
+#ifdef TEST_LIBFUZZER
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	run_test((const char *) data, size);
+	return 0;
+}
+#else /* TEST_LIBFUZZER */
 int main(int argc, char *argv[])
 {
 	char *buf;
 	size_t len;
-	struct json_token *root;
+
+	wpa_debug_level = 0;
 
 	if (argc < 2)
 		return -1;
@@ -24,21 +56,9 @@ int main(int argc, char *argv[])
 	if (!buf)
 		return -1;
 
-	root = json_parse(buf, len);
+	run_test(buf, len);
 	os_free(buf);
-	if (root) {
-		size_t buflen = 10000;
-
-		buf = os_zalloc(buflen);
-		if (buf) {
-			json_print_tree(root, buf, buflen);
-			printf("%s\n", buf);
-			os_free(buf);
-		}
-		json_free(root);
-	} else {
-		printf("JSON parsing failed\n");
-	}
 
 	return 0;
 }
+#endif /* TEST_LIBFUZZER */
diff --git a/tests/test-x509.c b/tests/test-x509.c
index 194f229e9..055446ecc 100644
--- a/tests/test-x509.c
+++ b/tests/test-x509.c
@@ -1,6 +1,6 @@
 /*
  * Testing tool for X.509v3 routines
- * Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -12,6 +12,16 @@
 #include "tls/x509v3.h"
 
 
+#ifdef TEST_LIBFUZZER
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	struct x509_certificate *cert;
+
+	cert = x509_certificate_parse(data, size);
+	x509_certificate_free(cert);
+	return 0;
+}
+#else /* TEST_LIBFUZZER */
 int main(int argc, char *argv[])
 {
 	FILE *f;
@@ -34,3 +44,4 @@ int main(int argc, char *argv[])
 
 	return 0;
 }
+#endif /* TEST_LIBFUZZER */