From 95c30bc0344b4e3085336c5b957ea1d1281b0d0b Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 11 Jan 2020 16:28:19 +0100
Subject: fuzz: add set and setconf fuzzers

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/fuzz/.gitignore |  2 ++
 src/fuzz/Makefile   | 12 +++++++++--
 src/fuzz/set.c      | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/fuzz/setconf.c  | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 123 insertions(+), 2 deletions(-)
 create mode 100644 src/fuzz/set.c
 create mode 100644 src/fuzz/setconf.c

diff --git a/src/fuzz/.gitignore b/src/fuzz/.gitignore
index 3b69fda..04f5323 100644
--- a/src/fuzz/.gitignore
+++ b/src/fuzz/.gitignore
@@ -2,3 +2,5 @@ config
 uapi
 stringlist
 cmd
+set
+setconf
diff --git a/src/fuzz/Makefile b/src/fuzz/Makefile
index cb9db3b..eaa0eca 100644
--- a/src/fuzz/Makefile
+++ b/src/fuzz/Makefile
@@ -2,7 +2,9 @@
 #
 # Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 
-all: config uapi stringlist cmd
+FUZZERS := config uapi stringlist cmd set setconf
+
+all: $(FUZZERS)
 
 CFLAGS ?= -O3 -march=native -g
 CFLAGS += -fsanitize=fuzzer -fsanitize=address -std=gnu11 -idirafter ../uapi -D_GNU_SOURCE
@@ -20,7 +22,13 @@ stringlist: stringlist.c ../ipc.c ../curve25519.c ../encoding.c
 cmd: cmd.c $(wildcard ../*.c)
 	$(CC) $(CFLAGS) -D'RUNSTATEDIR="/var/empty"' -D'main(a,b)=wg_main(a,b)' -o $@ $^ -lmnl
 
+set: set.c ../set.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
+	$(CC) $(CFLAGS) -o $@ $< -lmnl
+
+setconf: setconf.c ../setconf.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
+	$(CC) $(CFLAGS) -o $@ $< -lmnl
+
 clean:
-	rm -f config uapi stringlist cmd
+	$(RM) $(FUZZERS)
 
 .PHONY: all clean
diff --git a/src/fuzz/set.c b/src/fuzz/set.c
new file mode 100644
index 0000000..22f953b
--- /dev/null
+++ b/src/fuzz/set.c
@@ -0,0 +1,57 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#include <stdio.h>
+#undef stderr
+#define stderr stdin
+#define RUNSTATEDIR "/var/empty"
+#include "../curve25519.c"
+#define parse_allowedips parse_allowedips_ipc
+#include "../ipc.c"
+#undef parse_allowedips
+#include "../encoding.c"
+static FILE *hacked_fopen(const char *pathname, const char *mode);
+#define fopen hacked_fopen
+#include "../config.c"
+#include "../mnlg.c"
+#include "../set.c"
+#undef stderr
+
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+const char *__asan_default_options()
+{
+	return "verbosity=1";
+}
+
+const char *PROG_NAME = "wg";
+
+static FILE *hacked_fopen(const char *pathname, const char *mode)
+{
+	return fmemopen((char *)pathname, strlen(pathname), "r");
+}
+
+int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
+{
+	char *argv[8192] = { "set", "wg0" }, *args;
+	size_t argc = 2;
+
+	if (!data_len)
+		return 0;
+
+	assert((args = malloc(data_len)));
+	memcpy(args, data, data_len);
+	args[data_len - 1] = '\0';
+
+	for (char *arg = strtok(args, " \t\n\r"); arg && argc < 8192; arg = strtok(NULL, " \t\n\r")) {
+		if (arg[0])
+			argv[argc++] = arg;
+	}
+	set_main(argc, argv);
+	free(args);
+	return 0;
+}
diff --git a/src/fuzz/setconf.c b/src/fuzz/setconf.c
new file mode 100644
index 0000000..44bfeb9
--- /dev/null
+++ b/src/fuzz/setconf.c
@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#include <stdio.h>
+#undef stderr
+#define stderr stdin
+#define RUNSTATEDIR "/var/empty"
+#include "../curve25519.c"
+#define parse_allowedips parse_allowedips_ipc
+#include "../ipc.c"
+#undef parse_allowedips
+#include "../encoding.c"
+#include "../config.c"
+#include "../mnlg.c"
+static FILE *hacked_fopen(const char *pathname, const char *mode);
+#define fopen hacked_fopen
+#include "../setconf.c"
+#undef fopen
+#undef stderr
+
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+const char *__asan_default_options()
+{
+	return "verbosity=1";
+}
+
+const char *PROG_NAME = "wg";
+
+struct hacked_pointers {
+	const char *data;
+	size_t data_len;
+};
+
+static FILE *hacked_fopen(const char *pathname, const char *mode)
+{
+	struct hacked_pointers *h = (struct hacked_pointers *)strtoul(pathname, NULL, 10);
+	return fmemopen((char *)h->data, h->data_len, "r");
+}
+
+int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
+{
+	char strptr[32];
+	char *argv[3] = { "setconf", "wg0", strptr };
+	struct hacked_pointers h = { data, data_len };
+
+	snprintf(strptr, sizeof(strptr), "%lu", (unsigned long)&h);
+	setconf_main(3, argv);
+	return 0;
+}
-- 
cgit v1.2.3-59-g8ed1b