tests: libFuzzer integration for test-json and test-x509
Allow these test tools to be used with libFuzzer in addition to afl-fuzz. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
bb05d03606
commit
f3e671591e
4 changed files with 65 additions and 16 deletions
|
|
@ -5,6 +5,15 @@ TESTS=test-base64 test-md4 test-milenage \
|
|||
|
||||
all: $(TESTS)
|
||||
|
||||
ifdef LIBFUZZER
|
||||
CC=clang
|
||||
CFLAGS = -MMD -O2 -Wall -g
|
||||
CFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
|
||||
CFLAGS += -DTEST_LIBFUZZER
|
||||
LDFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
|
||||
TEST_FUZZ=y
|
||||
endif
|
||||
|
||||
ifndef CC
|
||||
CC=gcc
|
||||
endif
|
||||
|
|
|
|||
|
|
@ -45,6 +45,15 @@ cat > json-examples/1.json <<EOF
|
|||
EOF
|
||||
afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@
|
||||
|
||||
Alternatively, using libFuzzer from LLVM:
|
||||
make clean
|
||||
make test-json LIBFUZZER=y
|
||||
mkdir json-examples
|
||||
cat > json-examples/1.json <<EOF
|
||||
{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
|
||||
EOF
|
||||
./test-json json-examples
|
||||
|
||||
##### EAPOL-Key Supplicant
|
||||
make clean
|
||||
CC=afl-gcc make test-eapol TEST_FUZZ=y
|
||||
|
|
|
|||
|
|
@ -7,15 +7,47 @@
|
|||
*/
|
||||
|
||||
#include "utils/includes.h"
|
||||
#include "utils/common.h"
|
||||
#include "utils/os.h"
|
||||
#include "utils/json.h"
|
||||
#include "utils/wpa_debug.h"
|
||||
|
||||
|
||||
void run_test(const char *buf, size_t len)
|
||||
{
|
||||
struct json_token *root;
|
||||
char *txt;
|
||||
size_t buflen = 10000;
|
||||
|
||||
root = json_parse(buf, len);
|
||||
if (!root) {
|
||||
wpa_printf(MSG_DEBUG, "JSON parsing failed");
|
||||
return;
|
||||
}
|
||||
|
||||
txt = os_zalloc(buflen);
|
||||
if (txt) {
|
||||
json_print_tree(root, txt, buflen);
|
||||
wpa_printf(MSG_DEBUG, "%s", txt);
|
||||
os_free(txt);
|
||||
}
|
||||
json_free(root);
|
||||
}
|
||||
|
||||
|
||||
#ifdef TEST_LIBFUZZER
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
{
|
||||
run_test((const char *) data, size);
|
||||
return 0;
|
||||
}
|
||||
#else /* TEST_LIBFUZZER */
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
char *buf;
|
||||
size_t len;
|
||||
struct json_token *root;
|
||||
|
||||
wpa_debug_level = 0;
|
||||
|
||||
if (argc < 2)
|
||||
return -1;
|
||||
|
|
@ -24,21 +56,9 @@ int main(int argc, char *argv[])
|
|||
if (!buf)
|
||||
return -1;
|
||||
|
||||
root = json_parse(buf, len);
|
||||
run_test(buf, len);
|
||||
os_free(buf);
|
||||
if (root) {
|
||||
size_t buflen = 10000;
|
||||
|
||||
buf = os_zalloc(buflen);
|
||||
if (buf) {
|
||||
json_print_tree(root, buf, buflen);
|
||||
printf("%s\n", buf);
|
||||
os_free(buf);
|
||||
}
|
||||
json_free(root);
|
||||
} else {
|
||||
printf("JSON parsing failed\n");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* TEST_LIBFUZZER */
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Testing tool for X.509v3 routines
|
||||
* Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
|
||||
* Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
|
||||
*
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
|
|
@ -12,6 +12,16 @@
|
|||
#include "tls/x509v3.h"
|
||||
|
||||
|
||||
#ifdef TEST_LIBFUZZER
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
{
|
||||
struct x509_certificate *cert;
|
||||
|
||||
cert = x509_certificate_parse(data, size);
|
||||
x509_certificate_free(cert);
|
||||
return 0;
|
||||
}
|
||||
#else /* TEST_LIBFUZZER */
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
FILE *f;
|
||||
|
|
@ -34,3 +44,4 @@ int main(int argc, char *argv[])
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* TEST_LIBFUZZER */
|
||||
|
|
|
|||
Loading…
Reference in a new issue