DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

tests: libFuzzer integration for test-json and test-x509

Browse source 
Allow these test tools to be used with libFuzzer in addition to
afl-fuzz.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-02-24 18:52:54 +02:00
parent bb05d03606
commit f3e671591e
4 changed files with 65 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
tests/Makefile
View file

@ -5,6 +5,15 @@ TESTS=test-base64 test-md4 test-milenage \
all: $(TESTS) all: $(TESTS)
ifdef LIBFUZZER
CC=clang
CFLAGS = -MMD -O2 -Wall -g
CFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
CFLAGS += -DTEST_LIBFUZZER
LDFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
TEST_FUZZ=y
endif
ifndef CC ifndef CC
CC=gcc CC=gcc
endif endif

9
tests/README
View file

@ -45,6 +45,15 @@ cat > json-examples/1.json <<EOF
EOF EOF
afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@ afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@
Alternatively, using libFuzzer from LLVM:
make clean
make test-json LIBFUZZER=y
mkdir json-examples
cat > json-examples/1.json <<EOF
{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
EOF
./test-json json-examples
##### EAPOL-Key Supplicant ##### EAPOL-Key Supplicant
make clean make clean
CC=afl-gcc make test-eapol TEST_FUZZ=y CC=afl-gcc make test-eapol TEST_FUZZ=y

50
tests/test-json.c
View file

@ -7,15 +7,47 @@
*/ */
#include "utils/includes.h" #include "utils/includes.h"
#include "utils/common.h"
#include "utils/os.h" #include "utils/os.h"
#include "utils/json.h" #include "utils/json.h"
#include "utils/wpa_debug.h"
void run_test(const char *buf, size_t len)
{
struct json_token *root;
char *txt;
size_t buflen = 10000;
root = json_parse(buf, len);
if (!root) {
wpa_printf(MSG_DEBUG, "JSON parsing failed");
return;
}
txt = os_zalloc(buflen);
if (txt) {
json_print_tree(root, txt, buflen);
wpa_printf(MSG_DEBUG, "%s", txt);
os_free(txt);
}
json_free(root);
}
#ifdef TEST_LIBFUZZER
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
run_test((const char *) data, size);
return 0;
}
#else /* TEST_LIBFUZZER */
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
char *buf; char *buf;
size_t len; size_t len;
struct json_token *root;
wpa_debug_level = 0;
if (argc < 2) if (argc < 2)
return -1; return -1;
@ -24,21 +56,9 @@ int main(int argc, char *argv[])
if (!buf) if (!buf)
return -1; return -1;
root = json_parse(buf, len); run_test(buf, len);
os_free(buf); os_free(buf);
if (root) {
size_t buflen = 10000;
buf = os_zalloc(buflen);
if (buf) {
json_print_tree(root, buf, buflen);
printf("%s\n", buf);
os_free(buf);
}
json_free(root);
} else {
printf("JSON parsing failed\n");
}
return 0; return 0;
} }
#endif /* TEST_LIBFUZZER */

13
tests/test-x509.c
View file

@ -1,6 +1,6 @@
/* /*
* Testing tool for X.509v3 routines * Testing tool for X.509v3 routines
* Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi> * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -12,6 +12,16 @@
#include "tls/x509v3.h" #include "tls/x509v3.h"
#ifdef TEST_LIBFUZZER
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
struct x509_certificate *cert;
cert = x509_certificate_parse(data, size);
x509_certificate_free(cert);
return 0;
}
#else /* TEST_LIBFUZZER */
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
FILE *f; FILE *f;
@ -34,3 +44,4 @@ int main(int argc, char *argv[])
return 0; return 0;
} }
#endif /* TEST_LIBFUZZER */