fuzz: add set and setconf fuzzers

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2020-01-11 16:28:19 +01:00
parent f7f1e7da2c
commit 95c30bc034
4 changed files with 123 additions and 2 deletions

2
src/fuzz/.gitignore vendored
View file

@ -2,3 +2,5 @@ config
uapi
stringlist
cmd
set
setconf

View file

@ -2,7 +2,9 @@
#
# Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
all: config uapi stringlist cmd
FUZZERS := config uapi stringlist cmd set setconf
all: $(FUZZERS)
CFLAGS ?= -O3 -march=native -g
CFLAGS += -fsanitize=fuzzer -fsanitize=address -std=gnu11 -idirafter ../uapi -D_GNU_SOURCE
@ -20,7 +22,13 @@ stringlist: stringlist.c ../ipc.c ../curve25519.c ../encoding.c
cmd: cmd.c $(wildcard ../*.c)
$(CC) $(CFLAGS) -D'RUNSTATEDIR="/var/empty"' -D'main(a,b)=wg_main(a,b)' -o $@ $^ -lmnl
set: set.c ../set.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
$(CC) $(CFLAGS) -o $@ $< -lmnl
setconf: setconf.c ../setconf.c ../ipc.c ../encoding.c ../mnlg.c ../curve25519.c ../config.c
$(CC) $(CFLAGS) -o $@ $< -lmnl
clean:
rm -f config uapi stringlist cmd
$(RM) $(FUZZERS)
.PHONY: all clean

57
src/fuzz/set.c Normal file
View file

@ -0,0 +1,57 @@
// SPDX-License-Identifier: GPL-2.0
/*
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
#include <stdio.h>
#undef stderr
#define stderr stdin
#define RUNSTATEDIR "/var/empty"
#include "../curve25519.c"
#define parse_allowedips parse_allowedips_ipc
#include "../ipc.c"
#undef parse_allowedips
#include "../encoding.c"
static FILE *hacked_fopen(const char *pathname, const char *mode);
#define fopen hacked_fopen
#include "../config.c"
#include "../mnlg.c"
#include "../set.c"
#undef stderr
#include <string.h>
#include <stdlib.h>
#include <assert.h>
const char *__asan_default_options()
{
return "verbosity=1";
}
const char *PROG_NAME = "wg";
static FILE *hacked_fopen(const char *pathname, const char *mode)
{
return fmemopen((char *)pathname, strlen(pathname), "r");
}
int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
{
char *argv[8192] = { "set", "wg0" }, *args;
size_t argc = 2;
if (!data_len)
return 0;
assert((args = malloc(data_len)));
memcpy(args, data, data_len);
args[data_len - 1] = '\0';
for (char *arg = strtok(args, " \t\n\r"); arg && argc < 8192; arg = strtok(NULL, " \t\n\r")) {
if (arg[0])
argv[argc++] = arg;
}
set_main(argc, argv);
free(args);
return 0;
}

54
src/fuzz/setconf.c Normal file
View file

@ -0,0 +1,54 @@
// SPDX-License-Identifier: GPL-2.0
/*
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
*/
#include <stdio.h>
#undef stderr
#define stderr stdin
#define RUNSTATEDIR "/var/empty"
#include "../curve25519.c"
#define parse_allowedips parse_allowedips_ipc
#include "../ipc.c"
#undef parse_allowedips
#include "../encoding.c"
#include "../config.c"
#include "../mnlg.c"
static FILE *hacked_fopen(const char *pathname, const char *mode);
#define fopen hacked_fopen
#include "../setconf.c"
#undef fopen
#undef stderr
#include <string.h>
#include <stdlib.h>
#include <assert.h>
const char *__asan_default_options()
{
return "verbosity=1";
}
const char *PROG_NAME = "wg";
struct hacked_pointers {
const char *data;
size_t data_len;
};
static FILE *hacked_fopen(const char *pathname, const char *mode)
{
struct hacked_pointers *h = (struct hacked_pointers *)strtoul(pathname, NULL, 10);
return fmemopen((char *)h->data, h->data_len, "r");
}
int LLVMFuzzerTestOneInput(const char *data, size_t data_len)
{
char strptr[32];
char *argv[3] = { "setconf", "wg0", strptr };
struct hacked_pointers h = { data, data_len };
snprintf(strptr, sizeof(strptr), "%lu", (unsigned long)&h);
setconf_main(3, argv);
return 0;
}