0a321d1733
Processing of WNM frames can results in a lookup of the current BSS table. As such, the testing tool needs to initialize the BSS table to avoid NULL pointer dereferences. This is not an issue that would show up with real production uses with wpa_supplicant since wpa_bss_init() is called there. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67244 Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com> |
||
|---|---|---|
| .. | ||
| ap-mgmt | ||
| asn1 | ||
| dpp-uri | ||
| eap-aka-peer | ||
| eap-mschapv2-peer | ||
| eap-sim-peer | ||
| eapol-key-auth | ||
| eapol-key-supp | ||
| eapol-supp | ||
| json | ||
| p2p | ||
| pasn-init | ||
| pasn-resp | ||
| sae | ||
| tls-client | ||
| tls-server | ||
| wnm | ||
| x509 | ||
| build-test.sh | ||
| fuzzer-common.c | ||
| fuzzer-common.h | ||
| README | ||
| rules.include | ||
hostap.git fuzz testing ----------------------- These tools can be used for fuzz testing of various components used within wpa_supplicant and hostapd. Each directory contains a fuzzing tool that focuses on one input handler. Each tool can be compiled either to work with the libFuzzer or as a separate tool that reads the input from a file specified on the command line, e.g., for American fuzzy lop (afl-fuzz). Example test corpus is included in */corpus directory. Example fuzzing with libFuzzer cd @TOOL@ make clean make LIBFUZZER=y ./@TOOL@ corpus Example fuzzing with afl-fuzz cd @TOOL@ make clean CC=afl-gcc make afl-fuzz -i corpus -o findings -- $PWD/@TOOL@ @@