2016-10-19 15:59:50 +02:00
|
|
|
Fuzzers
|
|
|
|
=======
|
|
|
|
|
|
|
|
This directory contains a collection of fuzzing tools. Each tests a different
|
|
|
|
entry point to the code.
|
|
|
|
|
|
|
|
Usage notes:
|
|
|
|
|
|
|
|
1. Install AFL:
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
|
|
|
apt-get install afl
|
|
|
|
|
|
|
|
2. Build the fuzzers:
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
|
|
|
make fuzzers
|
|
|
|
|
|
|
|
3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a
|
2018-07-08 12:19:15 +02:00
|
|
|
session file. You can create one by pickling an Olm session.
|
2016-10-19 15:59:50 +02:00
|
|
|
|
|
|
|
4. Make some work directories:
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
|
|
|
mkdir -p fuzzing/in fuzzing/out
|
|
|
|
|
|
|
|
5. Generate starting input:
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
|
|
|
echo "Test" > fuzzing/in/test
|
|
|
|
|
|
|
|
6. Run the test under ``afl-fuzz``:
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
|
|
|
afl-fuzz -i fuzzing/in -o fuzzing/out -- \
|
|
|
|
./build/fuzzers/fuzz_<fuzzing_tool> [<test args>]
|
|
|
|
|
|
|
|
7. To resume with the data produced by an earlier run:
|
|
|
|
|
|
|
|
.. code::
|
|
|
|
|
2016-10-24 17:31:42 +02:00
|
|
|
afl-fuzz -i- -o existing_output_dir [...etc...]
|
2016-10-19 15:59:50 +02:00
|
|
|
|
|
|
|
8. If it shows failures, pipe the failure case into
|
|
|
|
``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat.
|