Add unpickle_megolm_outbound fuzzer. Enable C harness support.
This commit is contained in:
parent
811e56a0f0
commit
e06ac20558
3 changed files with 133 additions and 4 deletions
8
Makefile
8
Makefile
|
@ -146,13 +146,13 @@ $(TEST_BINARIES): LDFLAGS += $(DEBUG_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
|
||||||
$(FUZZER_OBJECTS): CFLAGS += $(FUZZER_OPTIMIZE_FLAGS)
|
$(FUZZER_OBJECTS): CFLAGS += $(FUZZER_OPTIMIZE_FLAGS)
|
||||||
$(FUZZER_OBJECTS): CXXFLAGS += $(FUZZER_OPTIMIZE_FLAGS)
|
$(FUZZER_OBJECTS): CXXFLAGS += $(FUZZER_OPTIMIZE_FLAGS)
|
||||||
$(FUZZER_BINARIES): CPPFLAGS += -Ifuzzers/include
|
$(FUZZER_BINARIES): CPPFLAGS += -Ifuzzers/include
|
||||||
$(FUZZER_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
|
$(FUZZER_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR) -lstdc++
|
||||||
$(FUZZER_ASAN_BINARIES): CPPFLAGS += -Ifuzzers/include
|
$(FUZZER_ASAN_BINARIES): CPPFLAGS += -Ifuzzers/include
|
||||||
$(FUZZER_ASAN_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
|
$(FUZZER_ASAN_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR) -lstdc++
|
||||||
$(FUZZER_MSAN_BINARIES): CPPFLAGS += -Ifuzzers/include
|
$(FUZZER_MSAN_BINARIES): CPPFLAGS += -Ifuzzers/include
|
||||||
$(FUZZER_MSAN_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR)
|
$(FUZZER_MSAN_BINARIES): LDFLAGS += $(FUZZER_OPTIMIZE_FLAGS) -L$(BUILD_DIR) -lstdc++
|
||||||
$(FUZZER_DEBUG_BINARIES): CPPFLAGS += -Ifuzzers/include
|
$(FUZZER_DEBUG_BINARIES): CPPFLAGS += -Ifuzzers/include
|
||||||
$(FUZZER_DEBUG_BINARIES): LDFLAGS += $(DEBUG_OPTIMIZE_FLAGS)
|
$(FUZZER_DEBUG_BINARIES): LDFLAGS += $(DEBUG_OPTIMIZE_FLAGS) -lstdc++
|
||||||
|
|
||||||
$(JS_OBJECTS): CFLAGS += $(JS_OPTIMIZE_FLAGS)
|
$(JS_OBJECTS): CFLAGS += $(JS_OPTIMIZE_FLAGS)
|
||||||
$(JS_OBJECTS): CXXFLAGS += $(JS_OPTIMIZE_FLAGS)
|
$(JS_OBJECTS): CXXFLAGS += $(JS_OPTIMIZE_FLAGS)
|
||||||
|
|
28
fuzzers/fuzz_unpickle_megolm_outbound.c
Normal file
28
fuzzers/fuzz_unpickle_megolm_outbound.c
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
#include <olm/outbound_group_session.h>
|
||||||
|
|
||||||
|
#include "fuzzing.h"
|
||||||
|
|
||||||
|
int main(int argc, const char *argv[]) {
|
||||||
|
if (argc != 1) {
|
||||||
|
printf("Usage: %s <input_file\n", argv[0]);
|
||||||
|
exit(3);
|
||||||
|
}
|
||||||
|
|
||||||
|
void *session_buffer = malloc(olm_outbound_group_session_size());
|
||||||
|
OlmOutboundGroupSession *session = olm_outbound_group_session(session_buffer);
|
||||||
|
|
||||||
|
int pickle_fd = STDIN_FILENO;
|
||||||
|
uint8_t *pickle_buffer;
|
||||||
|
ssize_t pickle_length = check_errno("Error reading message file",
|
||||||
|
read_file(pickle_fd, &pickle_buffer));
|
||||||
|
|
||||||
|
check_outbound_group_session(
|
||||||
|
session, "Error unpickling outbound group session",
|
||||||
|
olm_unpickle_outbound_group_session(session, "", 0, pickle_buffer,
|
||||||
|
pickle_length));
|
||||||
|
|
||||||
|
free(session_buffer);
|
||||||
|
free(pickle_buffer);
|
||||||
|
|
||||||
|
return EXIT_SUCCESS;
|
||||||
|
}
|
101
fuzzers/include/fuzzing.h
Normal file
101
fuzzers/include/fuzzing.h
Normal file
|
@ -0,0 +1,101 @@
|
||||||
|
#include "olm/olm.h"
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <stddef.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
|
||||||
|
#define OLM_FUZZING 1
|
||||||
|
|
||||||
|
ssize_t read_file(
|
||||||
|
int fd,
|
||||||
|
uint8_t **buffer
|
||||||
|
) {
|
||||||
|
size_t buffer_size = 1;
|
||||||
|
size_t buffer_pos = 0;
|
||||||
|
uint8_t * current_buffer = (uint8_t *) malloc(buffer_size);
|
||||||
|
if (!current_buffer) return -1;
|
||||||
|
|
||||||
|
while (1) {
|
||||||
|
ssize_t count = read(
|
||||||
|
fd, current_buffer + buffer_pos, buffer_size - buffer_pos
|
||||||
|
);
|
||||||
|
|
||||||
|
if (count < 0) break; // A read error happened, so just fail immediately.
|
||||||
|
|
||||||
|
if (count == 0) {
|
||||||
|
// Nothing more left to read. We downsize the buffer to fit the
|
||||||
|
// data exactly, unless no data was read at all, in which case we
|
||||||
|
// skip the downsizing.
|
||||||
|
|
||||||
|
if (buffer_pos != 0) {
|
||||||
|
current_buffer = (uint8_t *) realloc(current_buffer, buffer_pos);
|
||||||
|
if (!current_buffer) break;
|
||||||
|
}
|
||||||
|
|
||||||
|
// The read was successful so we return the allocated buffer.
|
||||||
|
*buffer = current_buffer;
|
||||||
|
return buffer_pos;
|
||||||
|
}
|
||||||
|
|
||||||
|
buffer_pos += count;
|
||||||
|
|
||||||
|
// We've reached capacity, so enlarge the buffer.
|
||||||
|
if (buffer_pos == buffer_size) {
|
||||||
|
buffer_size *= 2;
|
||||||
|
uint8_t * new_buffer = (uint8_t *) realloc(current_buffer, buffer_size);
|
||||||
|
if (!new_buffer) break;
|
||||||
|
current_buffer = new_buffer;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
free(current_buffer);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ssize_t check_errno(
|
||||||
|
const char * message,
|
||||||
|
ssize_t value
|
||||||
|
) {
|
||||||
|
if (value == (ssize_t)-1) {
|
||||||
|
perror(message);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t check_error(
|
||||||
|
const char * message,
|
||||||
|
const char * olm_message,
|
||||||
|
size_t value
|
||||||
|
) {
|
||||||
|
if (value == olm_error()) {
|
||||||
|
(void)write(STDERR_FILENO, message, strlen(message));
|
||||||
|
(void)write(STDERR_FILENO, ": ", 2);
|
||||||
|
(void)write(STDERR_FILENO, olm_message, strlen(olm_message));
|
||||||
|
(void)write(STDERR_FILENO, "\n", 1);
|
||||||
|
|
||||||
|
exit(2);
|
||||||
|
}
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t check_session(
|
||||||
|
OlmSession * session,
|
||||||
|
const char * message,
|
||||||
|
size_t value
|
||||||
|
) {
|
||||||
|
return check_error(message, olm_session_last_error(session), value);
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t check_outbound_group_session(
|
||||||
|
OlmOutboundGroupSession * session,
|
||||||
|
const char * message,
|
||||||
|
size_t value
|
||||||
|
) {
|
||||||
|
return check_error(message, olm_outbound_group_session_last_error(session), value);
|
||||||
|
}
|
Loading…
Reference in a new issue