fuzz_group_decrypt: Enable AFL++ persistent mode.

This commit is contained in:
Denis Kasak 2021-05-20 15:02:23 +02:00
parent 7dd4c77c19
commit 93352b55e7

View file

@ -2,6 +2,18 @@
#include "fuzzing.hh" #include "fuzzing.hh"
#ifndef __AFL_FUZZ_TESTCASE_LEN
ssize_t fuzz_len;
#define __AFL_FUZZ_TESTCASE_LEN fuzz_len
unsigned char fuzz_buf[1024000];
#define __AFL_FUZZ_TESTCASE_BUF fuzz_buf
#define __AFL_FUZZ_INIT() void sync(void);
#define __AFL_LOOP(x) ((fuzz_len = read(0, fuzz_buf, sizeof(fuzz_buf))) > 0 ? 1 : 0)
#define __AFL_INIT() sync()
#endif
__AFL_FUZZ_INIT();
int main(int argc, const char *argv[]) { int main(int argc, const char *argv[]) {
if (argc <= 2) { if (argc <= 2) {
const char * message = "Usage: decrypt <pickle_key> <group_session>\n"; const char * message = "Usage: decrypt <pickle_key> <group_session>\n";
@ -22,15 +34,6 @@ int main(int argc, const char *argv[]) {
"Error reading session file", read_file(session_fd, &session_buffer) "Error reading session file", read_file(session_fd, &session_buffer)
); );
int message_fd = STDIN_FILENO;
uint8_t * message_buffer;
ssize_t message_length = check_errno(
"Error reading message file", read_file(message_fd, &message_buffer)
);
uint8_t * tmp_buffer = (uint8_t *) malloc(message_length);
memcpy(tmp_buffer, message_buffer, message_length);
uint8_t session_memory[olm_inbound_group_session_size()]; uint8_t session_memory[olm_inbound_group_session_size()];
OlmInboundGroupSession * session = olm_inbound_group_session(session_memory); OlmInboundGroupSession * session = olm_inbound_group_session(session_memory);
check_error( check_error(
@ -42,6 +45,27 @@ int main(int argc, const char *argv[]) {
) )
); );
#ifdef __AFL_HAVE_MANUAL_CONTROL
__AFL_INIT();
#endif
size_t test_case_buf_len = 1024;
uint8_t * message_buffer = (uint8_t *) malloc(test_case_buf_len);
uint8_t * tmp_buffer = (uint8_t *) malloc(test_case_buf_len);
while (__AFL_LOOP(10000)) {
size_t message_length = __AFL_FUZZ_TESTCASE_LEN;
if (message_length > test_case_buf_len) {
message_buffer = (uint8_t *)realloc(message_buffer, message_length);
tmp_buffer = (uint8_t *)realloc(tmp_buffer, message_length);
if (!message_buffer || !tmp_buffer) return 1;
}
memcpy(message_buffer, __AFL_FUZZ_TESTCASE_BUF, message_length);
memcpy(tmp_buffer, message_buffer, message_length);
size_t max_length = check_error( size_t max_length = check_error(
olm_inbound_group_session_last_error, olm_inbound_group_session_last_error,
session, session,
@ -68,6 +92,7 @@ int main(int argc, const char *argv[]) {
(void)write(STDOUT_FILENO, plaintext, length); (void)write(STDOUT_FILENO, plaintext, length);
(void)write(STDOUT_FILENO, "\n", 1); (void)write(STDOUT_FILENO, "\n", 1);
}
free(session_buffer); free(session_buffer);
free(message_buffer); free(message_buffer);