diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2020-01-11 16:28:19 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2020-01-11 10:47:59 -0500 |
| commit | 95c30bc0344b4e3085336c5b957ea1d1281b0d0b (patch) | |
| tree | b8df0aa2b54e782125ef6ee4d76599f527b6f318 /src/fuzz | |
| parent | Makefile: evaluate git version lazily (diff) | |
| download | wireguard-tools-95c30bc0344b4e3085336c5b957ea1d1281b0d0b.tar.xz wireguard-tools-95c30bc0344b4e3085336c5b957ea1d1281b0d0b.zip | |
fuzz: add set and setconf fuzzers
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/fuzz')
| -rw-r--r-- | src/fuzz/.gitignore | 2 | ||||
| -rw-r--r-- | src/fuzz/Makefile | 12 | ||||
| -rw-r--r-- | src/fuzz/set.c | 57 | ||||
| -rw-r--r-- | src/fuzz/setconf.c | 54 |
4 files changed, 123 insertions, 2 deletions
diff --git a/src/fuzz/.gitignore b/src/fuzz/.gitignore index 3b69fda..04f5323 100644 --- a/src/fuzz/.gitignore +++ b/src/fuzz/.gitignore @@ -2,3 +2,5 @@ config uapi stringlist cmd +set +setconf diff --git a/src/fuzz/Makefile b/src/fuzz/Makefile index cb9db3b..eaa0eca 100644 --- a/src/fuzz/Makefile +++ b/src/fuzz/Makefile @@ -2,7 +2,9 @@ # # Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. -all: config uapi stringlist cmd +FUZZERS := config uapi stringlist cmd set setconf + +all: $(FUZZERS) CFLAGS ?= -O3 -march=native -g CFLAGS += -fsanitize=fuzzer -fsanitize=address -std=gnu11 -idirafter ../uapi -D_GNU_SOURCE @@ -20,7 +22,13 @@ stringlist: stringlist.c ../ipc.c ../curve25519.c ../encoding.c cmd: cmd.c $(wildcard ../*.c) $(CC) $(CFLAGS) -D'RUNSTATEDIR="/var/empty"' -D'main(a,b)=wg_main(a,b)' -o $@ $^ -lmnl +set: set.c ../set.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c + $(CC) $(CFLAGS) -o $@ $< -lmnl + +setconf: setconf.c ../setconf.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c + $(CC) $(CFLAGS) -o $@ $< -lmnl + clean: - rm -f config uapi stringlist cmd + $(RM) $(FUZZERS) .PHONY: all clean diff --git a/src/fuzz/set.c b/src/fuzz/set.c new file mode 100644 index 0000000..22f953b --- /dev/null +++ b/src/fuzz/set.c @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. + */ + +#include <stdio.h> +#undef stderr +#define stderr stdin +#define RUNSTATEDIR "/var/empty" +#include "../curve25519.c" +#define parse_allowedips parse_allowedips_ipc +#include "../ipc.c" +#undef parse_allowedips +#include "../encoding.c" +static FILE *hacked_fopen(const char *pathname, const char *mode); +#define fopen hacked_fopen +#include "../config.c" +#include "../mnlg.c" +#include "../set.c" +#undef stderr + +#include <string.h> +#include <stdlib.h> +#include <assert.h> + +const char *__asan_default_options() +{ + return "verbosity=1"; +} + +const char *PROG_NAME = "wg"; + +static FILE *hacked_fopen(const char *pathname, const char *mode) +{ + return fmemopen((char *)pathname, strlen(pathname), "r"); +} + +int LLVMFuzzerTestOneInput(const char *data, size_t data_len) +{ + char *argv[8192] = { "set", "wg0" }, *args; + size_t argc = 2; + + if (!data_len) + return 0; + + assert((args = malloc(data_len))); + memcpy(args, data, data_len); + args[data_len - 1] = '\0'; + + for (char *arg = strtok(args, " \t\n\r"); arg && argc < 8192; arg = strtok(NULL, " \t\n\r")) { + if (arg[0]) + argv[argc++] = arg; + } + set_main(argc, argv); + free(args); + return 0; +} diff --git a/src/fuzz/setconf.c b/src/fuzz/setconf.c new file mode 100644 index 0000000..44bfeb9 --- /dev/null +++ b/src/fuzz/setconf.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. + */ + +#include <stdio.h> +#undef stderr +#define stderr stdin +#define RUNSTATEDIR "/var/empty" +#include "../curve25519.c" +#define parse_allowedips parse_allowedips_ipc +#include "../ipc.c" +#undef parse_allowedips +#include "../encoding.c" +#include "../config.c" +#include "../mnlg.c" +static FILE *hacked_fopen(const char *pathname, const char *mode); +#define fopen hacked_fopen +#include "../setconf.c" +#undef fopen +#undef stderr + +#include <string.h> +#include <stdlib.h> +#include <assert.h> + +const char *__asan_default_options() +{ + return "verbosity=1"; +} + +const char *PROG_NAME = "wg"; + +struct hacked_pointers { + const char *data; + size_t data_len; +}; + +static FILE *hacked_fopen(const char *pathname, const char *mode) +{ + struct hacked_pointers *h = (struct hacked_pointers *)strtoul(pathname, NULL, 10); + return fmemopen((char *)h->data, h->data_len, "r"); +} + +int LLVMFuzzerTestOneInput(const char *data, size_t data_len) +{ + char strptr[32]; + char *argv[3] = { "setconf", "wg0", strptr }; + struct hacked_pointers h = { data, data_len }; + + snprintf(strptr, sizeof(strptr), "%lu", (unsigned long)&h); + setconf_main(3, argv); + return 0; +} |