From 82f44c5b1f6b43718c331c3a9e6f45d841a25996 Mon Sep 17 00:00:00 2001 From: Teufelchen1 Date: Thu, 15 Dec 2022 15:18:16 +0100 Subject: [PATCH] fuzzing: Add uri_parser fuzzer setup --- fuzzing/uri_parser/Makefile | 5 ++++ fuzzing/uri_parser/input/input0.txt | 1 + fuzzing/uri_parser/input/input1.txt | 1 + fuzzing/uri_parser/input/input2.txt | 1 + fuzzing/uri_parser/input/input3.txt | 1 + fuzzing/uri_parser/input/input4.txt | 1 + fuzzing/uri_parser/main.c | 30 ++++++++++++++++++++++++ sys/fuzzing/fuzzing.c | 36 +++++++++-------------------- sys/include/fuzzing.h | 8 +------ 9 files changed, 52 insertions(+), 32 deletions(-) create mode 100644 fuzzing/uri_parser/Makefile create mode 100644 fuzzing/uri_parser/input/input0.txt create mode 100644 fuzzing/uri_parser/input/input1.txt create mode 100644 fuzzing/uri_parser/input/input2.txt create mode 100644 fuzzing/uri_parser/input/input3.txt create mode 100644 fuzzing/uri_parser/input/input4.txt create mode 100644 fuzzing/uri_parser/main.c diff --git a/fuzzing/uri_parser/Makefile b/fuzzing/uri_parser/Makefile new file mode 100644 index 000000000000..2f27215a92c7 --- /dev/null +++ b/fuzzing/uri_parser/Makefile @@ -0,0 +1,5 @@ +include ../Makefile.fuzzing_common + +USEMODULE += uri_parser + +include $(RIOTBASE)/Makefile.include diff --git a/fuzzing/uri_parser/input/input0.txt b/fuzzing/uri_parser/input/input0.txt new file mode 100644 index 000000000000..4288fd7e2ca3 --- /dev/null +++ b/fuzzing/uri_parser/input/input0.txt @@ -0,0 +1 @@ +coap:///R@[2008::1]:5own//R@[2008::1]:5own/?v=1 \ No newline at end of file diff --git a/fuzzing/uri_parser/input/input1.txt b/fuzzing/uri_parser/input/input1.txt new file mode 100644 index 000000000000..1d62eaa7b1cb --- /dev/null +++ b/fuzzing/uri_parser/input/input1.txt @@ -0,0 +1 @@ +coap://user@[2001:db8::1]:12345 \ No newline at end of file diff --git a/fuzzing/uri_parser/input/input2.txt b/fuzzing/uri_parser/input/input2.txt new file mode 100644 index 000000000000..549eebcebdac --- /dev/null +++ b/fuzzing/uri_parser/input/input2.txt @@ -0,0 +1 @@ +ftp://riot-os.org:99/bar/foo \ No newline at end of file diff --git a/fuzzing/uri_parser/input/input3.txt b/fuzzing/uri_parser/input/input3.txt new file mode 100644 index 000000000000..8f328c62f765 --- /dev/null +++ b/fuzzing/uri_parser/input/input3.txt @@ -0,0 +1 @@ +http://riot-os.org:99/bar/foo \ No newline at end of file diff --git a/fuzzing/uri_parser/input/input4.txt b/fuzzing/uri_parser/input/input4.txt new file mode 100644 index 000000000000..5193b18e4864 --- /dev/null +++ b/fuzzing/uri_parser/input/input4.txt @@ -0,0 +1 @@ +coap://user@[2001:db8::1%eth0]:12345 \ No newline at end of file diff --git a/fuzzing/uri_parser/main.c b/fuzzing/uri_parser/main.c new file mode 100644 index 000000000000..2378de74166c --- /dev/null +++ b/fuzzing/uri_parser/main.c @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2022 HAW Hamburg + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +#include +#include + +#include "uri_parser.h" +#include "fuzzing.h" + +int main(void) +{ + size_t input_len; + char *input_buf = (char *)fuzzing_read_bytes(STDIN_FILENO, &input_len); + + if (input_buf == NULL) { + errx(EXIT_FAILURE, "fuzzing_read_bytes failed"); + } + + uri_parser_result_t uri_res; + + uri_parser_process(&uri_res, input_buf, input_len); + + exit(EXIT_SUCCESS); + return EXIT_SUCCESS; +} diff --git a/sys/fuzzing/fuzzing.c b/sys/fuzzing/fuzzing.c index 06bd148120a8..1dd620590f49 100644 --- a/sys/fuzzing/fuzzing.c +++ b/sys/fuzzing/fuzzing.c @@ -23,6 +23,10 @@ extern int fuzzing_netdev(gnrc_netif_t *); extern void fuzzing_netdev_wait(void); +/* buffer sizes for reading from an fd */ +#define FUZZING_BSIZE 1024 +#define FUZZING_BSTEP 128 + /* used by gnrc_pktbuf_malloc to exit on free */ gnrc_pktsnip_t *gnrc_pktbuf_fuzzptr = NULL; @@ -48,40 +52,22 @@ fuzzing_init(ipv6_addr_t *addr, unsigned pfx_len) int fuzzing_read_packet(int fd, gnrc_pktsnip_t *pkt) { - ssize_t r; - size_t csiz, rsiz; + size_t rsiz; /* can only be called once currently */ assert(gnrc_pktbuf_fuzzptr == NULL); - csiz = 0; - rsiz = FUZZING_BSIZE; - if (gnrc_pktbuf_realloc_data(pkt, rsiz)) { - return -ENOMEM; - } - - while ((r = read(fd, &((char *)pkt->data)[csiz], rsiz)) > 0) { - assert((size_t)r <= rsiz); - - csiz += r; - rsiz -= r; - - if (rsiz == 0) { - if (gnrc_pktbuf_realloc_data(pkt, csiz + FUZZING_BSTEP)) { - return -ENOMEM; - } - rsiz += FUZZING_BSTEP; - } - } - if (r == -1) { + uint8_t *input = fuzzing_read_bytes(fd, &rsiz); + if (input == NULL) { return -errno; } - /* shrink packet to actual size */ - if (gnrc_pktbuf_realloc_data(pkt, csiz)) { + if (gnrc_pktbuf_realloc_data(pkt, rsiz)) { return -ENOMEM; } + memcpy(pkt->data, input, rsiz); + gnrc_pktbuf_fuzzptr = pkt; return 0; } @@ -116,7 +102,7 @@ fuzzing_read_bytes(int fd, size_t *size) return NULL; } - /* shrink packet to actual size */ + /* shrink buffer to actual size */ if ((buffer = realloc(buffer, csiz)) == NULL) { return NULL; } diff --git a/sys/include/fuzzing.h b/sys/include/fuzzing.h index 1cb2f001bc19..feb8bb4fba8c 100644 --- a/sys/include/fuzzing.h +++ b/sys/include/fuzzing.h @@ -26,17 +26,11 @@ extern "C" { #endif - #include #include "net/ipv6/addr.h" #include "net/gnrc/pkt.h" - -/* buffer sizes for reading from an fd */ -#define FUZZING_BSIZE 1024 -#define FUZZING_BSTEP 128 - /** * @brief Initialize dummy network interface with given address. * @@ -63,7 +57,7 @@ int fuzzing_read_packet(int fd, gnrc_pktsnip_t *pkt); * * @param fd File descriptor to read data from. * @param size Byte count of the data read. - * + * * @return pointer to the data on success, NULL otherwise. */ uint8_t *fuzzing_read_bytes(int fd, size_t *size);