diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-12-27 14:57:09 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-12-27 18:33:55 +0100 |
| commit | 2d000809ddbebbc6841b4711c2c0440269dce05e (patch) | |
| tree | 3d080aaf5e3947dad16e05f1d85ea2d8da7b03c1 | |
| parent | fuzz: find bugs in the config syntax parser (diff) | |
| download | wireguard-tools-2d000809ddbebbc6841b4711c2c0440269dce05e.tar.xz wireguard-tools-2d000809ddbebbc6841b4711c2c0440269dce05e.zip | |
fuzz: find bugs when parsing uapi input
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | src/fuzz/.gitignore | 1 | ||||
| -rw-r--r-- | src/fuzz/Makefile | 10 | ||||
| -rw-r--r-- | src/fuzz/uapi.c | 56 |
3 files changed, 64 insertions, 3 deletions
diff --git a/src/fuzz/.gitignore b/src/fuzz/.gitignore index 04204c7..988712e 100644 --- a/src/fuzz/.gitignore +++ b/src/fuzz/.gitignore @@ -1 +1,2 @@ config +uapi diff --git a/src/fuzz/Makefile b/src/fuzz/Makefile index 87a5dcd..0e7ddb5 100644 --- a/src/fuzz/Makefile +++ b/src/fuzz/Makefile @@ -2,15 +2,19 @@ # # Copyright (C) 2018-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. -all: config +all: config uapi CFLAGS ?= -O3 -march=native -g CFLAGS += -fsanitize=fuzzer -std=gnu11 -idirafter ../uapi +CC := clang config: config.c ../config.c ../encoding.c - clang $(CFLAGS) -o $@ $< + $(CC) $(CFLAGS) -o $@ $< + +uapi: uapi.c ../ipc.c ../curve25519.c ../encoding.c + $(CC) $(CFLAGS) -o $@ $< clean: - rm -f config + rm -f config uapi .PHONY: all clean diff --git a/src/fuzz/uapi.c b/src/fuzz/uapi.c new file mode 100644 index 0000000..3094f1c --- /dev/null +++ b/src/fuzz/uapi.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2018-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. + */ + +#include <stdio.h> +#include <sys/stat.h> +static FILE *hacked_userspace_interface_file(const char *iface); +#define stat(a, b) ({ return hacked_userspace_interface_file(iface); 0; }) +#define RUNSTATEDIR "/var/empty" +#undef __linux__ +#include "../ipc.c" +#include "../curve25519.c" +#include "../encoding.c" + +#include <stdint.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> + +const char *__asan_default_options() +{ + return "verbosity=1"; +} + +union hackiface { + char ifname[IFNAMSIZ]; + struct { + const uint8_t *data; + size_t len; + }; +}; + +static FILE *hacked_userspace_interface_file(const char *iface) +{ + union hackiface *hack = (union hackiface *)iface; + FILE *f = fmemopen(NULL, hack->len + 7, "r+"); + fseek(f, 7, SEEK_SET); + fwrite(hack->data, hack->len, 1, f); + fseek(f, 0, SEEK_SET); + memcpy(hack->ifname, "hack", 5); + return f; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t len) +{ + union hackiface hack = { + .data = data, + .len = len + }; + struct wgdevice *dev = NULL; + + userspace_get_device(&dev, (const char *)&hack); + free_wgdevice(dev); + return 0; +} |