StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

add fuzzing harnesses

Browse Source 
Toxsave harness ported to libFuzzer interface.
New harness for bootstrap phase.
This commit is contained in:
sudden6 2021-12-05 13:07:27 +01:00
parent 210ea9e25c
commit 9eb88798a3
No known key found for this signature in database
GPG Key ID: 279509B499E032B9
4 changed files with 78 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CMakeLists.txt
View File

@ -535,8 +535,23 @@ if (BUILD_MISC_TESTS)
target_link_libraries(cracker OpenMP::OpenMP_C) target_link_libraries(cracker OpenMP::OpenMP_C)
endif() endif()
endif() endif()
add_executable(afl_toxsave
testing/afl_toxsave.c)
target_link_modules(afl_toxsave toxcore)
endif() endif()
# Enabling this breaks all other tests and no network connections will be possible
option(BUILD_FUZZ_TESTS "Build fuzzing harnesses" OFF)
if (BUILD_FUZZ_TESTS)
# For coverage tests
target_compile_definitions(toxcore_static PUBLIC "FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION")
# Override network functions
add_library(network_adapter testing/fuzzing/network_adapter.c)
# Fuzzes the toxsave API
add_executable(toxsave_fuzzer testing/fuzzing/toxsave_harness.cc)
target_link_libraries(toxsave_fuzzer toxcore_static network_adapter -fsanitize=fuzzer)
# Fuzzes the bootstrap process
add_executable(bootstrap_fuzzer testing/fuzzing/bootstrap_harness.cc)
target_link_libraries(bootstrap_fuzzer toxcore_static network_adapter -fsanitize=fuzzer)
endif()

56
testing/afl_toxsave.c
View File

@ -1,56 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include "../toxcore/tox.h"
int main(int argc, char **argv)
{
if (argc != 2) {
return -1;
}
// determine file size
FILE *fileptr = fopen(argv[1], "rb");
fseek(fileptr, 0, SEEK_END);
long filelen = ftell(fileptr);
rewind(fileptr);
// read file into buffer
uint8_t *buffer = (uint8_t *)malloc(filelen * sizeof(uint8_t));
size_t bytes_read = fread(buffer, filelen, 1, fileptr);
if (bytes_read != filelen) {
fclose(fileptr);
free(buffer);
return -1;
}
fclose(fileptr);
Tox_Err_Options_New error_options;
struct Tox_Options *tox_options = tox_options_new(&error_options);
if (error_options != TOX_ERR_OPTIONS_NEW_OK) {
free(buffer);
return -1;
}
// pass test data to Tox
tox_options_set_savedata_data(tox_options, buffer, filelen);
tox_options_set_savedata_type(tox_options, TOX_SAVEDATA_TYPE_TOX_SAVE);
Tox_Err_New error_new;
Tox *tox = tox_new(tox_options, &error_new);
tox_options_free(tox_options);
if (!tox || error_new != TOX_ERR_NEW_OK) {
free(buffer);
return -1;
}
tox_kill(tox);
free(buffer);
return 0;
}

34
testing/fuzzing/bootstrap_harness.cc Normal file
View File

@ -0,0 +1,34 @@
#include "../../toxcore/tox.h"
#include "network_adapter.h"
#include <cstring>
#include <cassert>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
network_adapter_init(data, size);
Tox_Err_New error_new;
Tox *tox = tox_new(NULL, &error_new);
assert(tox != nullptr);
assert(error_new == TOX_ERR_NEW_OK);
uint8_t pub_key[TOX_PUBLIC_KEY_SIZE] = {0};
bool success = tox_bootstrap(tox, "127.0.0.1", 12345, pub_key, nullptr);
assert(success);
/*
* The iteration count here is a magic value in the literal sense, too small
* and coverage will be bad, too big and fuzzing will not be efficient.
* NOTE: This should be fine tuned after gathering some experience.
*/
for (uint32_t i = 0; i < 100; ++i) {
tox_iterate(tox, nullptr);
}
tox_kill(tox);
return 0; // Non-zero return values are reserved for future use.
}

25
testing/fuzzing/toxsave_harness.cc Normal file
View File

@ -0,0 +1,25 @@
#include "../../toxcore/tox.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
Tox_Err_Options_New error_options;
struct Tox_Options *tox_options = tox_options_new(&error_options);
assert(tox_options != nullptr);
assert(error_options == TOX_ERR_OPTIONS_NEW_OK);
// pass test data to Tox
tox_options_set_savedata_data(tox_options, data, size);
tox_options_set_savedata_type(tox_options, TOX_SAVEDATA_TYPE_TOX_SAVE);
Tox_Err_New error_new;
Tox *tox = tox_new(tox_options, &error_new);
assert(tox != nullptr);
assert(error_new == TOX_ERR_NEW_OK);
tox_options_free(tox_options);
tox_kill(tox);
return 0; // Non-zero return values are reserved for future use.
}