fuzz: add set and setconf fuzzers

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-11 16:28:19 +01:00 · 2020-01-11 16:28:19 +01:00 · 95c30bc034
parent f7f1e7da2c
commit 95c30bc034
4 changed files with 123 additions and 2 deletions
--- a/src/fuzz/.gitignore
+++ b/src/fuzz/.gitignore
@ -2,3 +2,5 @@ config
 uapi
 stringlist
 cmd
+set
+setconf
--- a/src/fuzz/Makefile
+++ b/src/fuzz/Makefile
@ -2,7 +2,9 @@
 #
 # Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.

-all: config uapi stringlist cmd
+FUZZERS := config uapi stringlist cmd set setconf
+
+all: $(FUZZERS)

 CFLAGS ?= -O3 -march=native -g
 CFLAGS += -fsanitize=fuzzer -fsanitize=address -std=gnu11 -idirafter ../uapi -D_GNU_SOURCE
@ -20,7 +22,13 @@ stringlist: stringlist.c ../ipc.c ../curve25519.c ../encoding.c
 cmd: cmd.c $(wildcard ../*.c)
 	$(CC) $(CFLAGS) -D'RUNSTATEDIR="/var/empty"' -D'main(a,b)=wg_main(a,b)' -o $@ $^ -lmnl

+set: set.c ../set.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
+	$(CC) $(CFLAGS) -o $@ $< -lmnl
+
+setconf: setconf.c ../setconf.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
+	$(CC) $(CFLAGS) -o $@ $< -lmnl
+
 clean:
-	rm -f config uapi stringlist cmd
+	$(RM) $(FUZZERS)

 .PHONY: all clean
--- a/src/fuzz/set.c
+++ b/src/fuzz/set.c
@ -0,0 +1,57 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#include <stdio.h>
+#undef stderr
+#define stderr stdin
+#define RUNSTATEDIR "/var/empty"
+#include "../curve25519.c"
+#define parse_allowedips parse_allowedips_ipc
+#include "../ipc.c"
+#undef parse_allowedips
+#include "../encoding.c"
+static FILE *hacked_fopen(const char *pathname, const char *mode);
+#define fopen hacked_fopen
+#include "../config.c"
+#include "../mnlg.c"
+#include "../set.c"
+#undef stderr
+
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+const char *__asan_default_options()
+{
+	return "verbosity=1";
+}
+
+const char *PROG_NAME = "wg";
+
+static FILE *hacked_fopen(const char *pathname, const char *mode)
+{
+	return fmemopen((char *)pathname, strlen(pathname), "r");
+}
+
+int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
+{
+	char *argv[8192] = { "set", "wg0" }, *args;
+	size_t argc = 2;
+
+	if (!data_len)
+		return 0;
+
+	assert((args = malloc(data_len)));
+	memcpy(args, data, data_len);
+	args[data_len - 1] = '\0';
+
+	for (char *arg = strtok(args, " \t\n\r"); arg && argc < 8192; arg = strtok(NULL, " \t\n\r")) {
+		if (arg[0])
+			argv[argc++] = arg;
+	}
+	set_main(argc, argv);
+	free(args);
+	return 0;
+}
--- a/src/fuzz/setconf.c
+++ b/src/fuzz/setconf.c
@ -0,0 +1,54 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#include <stdio.h>
+#undef stderr
+#define stderr stdin
+#define RUNSTATEDIR "/var/empty"
+#include "../curve25519.c"
+#define parse_allowedips parse_allowedips_ipc
+#include "../ipc.c"
+#undef parse_allowedips
+#include "../encoding.c"
+#include "../config.c"
+#include "../mnlg.c"
+static FILE *hacked_fopen(const char *pathname, const char *mode);
+#define fopen hacked_fopen
+#include "../setconf.c"
+#undef fopen
+#undef stderr
+
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+const char *__asan_default_options()
+{
+	return "verbosity=1";
+}
+
+const char *PROG_NAME = "wg";
+
+struct hacked_pointers {
+	const char *data;
+	size_t data_len;
+};
+
+static FILE *hacked_fopen(const char *pathname, const char *mode)
+{
+	struct hacked_pointers *h = (struct hacked_pointers *)strtoul(pathname, NULL, 10);
+	return fmemopen((char *)h->data, h->data_len, "r");
+}
+
+int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
+{
+	char strptr[32];
+	char *argv[3] = { "setconf", "wg0", strptr };
+	struct hacked_pointers h = { data, data_len };
+
+	snprintf(strptr, sizeof(strptr), "%lu", (unsigned long)&h);
+	setconf_main(3, argv);
+	return 0;
+}