diff options
author | 2016-12-09 10:36:42 -0500 | |
---|---|---|
committer | 2016-12-09 07:36:42 -0800 | |
commit | ed2ee1adacc6ff6647d72bbe1a08ad2404869f1b (patch) | |
tree | 00376703dde4f5f75b8b535f1197a51220df72d2 /projects/gnutls/gnutls_client_fuzzer.cc | |
parent | 2dfb5a675e10084af5fb8471a12c51c2cc886de1 (diff) |
[In progress] Fuzzer for GNUTLS (#135)
* First cut at gnutls. Doesn't actually find coverage.
* link everything right
* pipes are not sockets
* send not write
* these are not used
* stick this here
* this doesn't exit
* remove jenkinsfile
* move to the right dir
* project file
* update for more recent conventions
* ugh, typo
* new lib
* docs take forever
* name it client fuzzer
* stick a cert store on there!
* add a timeout, ugh
* Shtudown the right side instead of using a timeout
* Use boringssl's test corpus
* simplify grabbing the tarballs
* statically link things. pthread is still dynamically linked because I was not able to make it work
* Added an x509 parser fuzzer
* update for the lastest convention
Diffstat (limited to 'projects/gnutls/gnutls_client_fuzzer.cc')
-rw-r--r-- | projects/gnutls/gnutls_client_fuzzer.cc | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/projects/gnutls/gnutls_client_fuzzer.cc b/projects/gnutls/gnutls_client_fuzzer.cc new file mode 100644 index 00000000..b155ca5e --- /dev/null +++ b/projects/gnutls/gnutls_client_fuzzer.cc @@ -0,0 +1,73 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <assert.h> +#include <fcntl.h> +#include <stdint.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <unistd.h> + +#include <gnutls/gnutls.h> + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + int res; + gnutls_session_t session; + gnutls_certificate_credentials_t xcred; + + int socket_fds[2]; + res = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds); + assert(res >= 0); + ssize_t send_res = send(socket_fds[1], data, size, 0); + assert(send_res == size); + res = shutdown(socket_fds[1], SHUT_WR); + assert(res == 0); + + res = gnutls_init(&session, GNUTLS_CLIENT); + assert(res >= 0); + + res = gnutls_certificate_allocate_credentials(&xcred); + assert(res >= 0); + res = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + assert(res >= 0); + + res = gnutls_set_default_priority(session); + assert(res >= 0); + + gnutls_transport_set_int(session, socket_fds[0]); + + do { + res = gnutls_handshake(session); + } while (res < 0 && gnutls_error_is_fatal(res) == 0); + if (res >= 0) { + while (true) { + char buf[16384]; + res = gnutls_record_recv(session, buf, sizeof(buf)); + if (res <= 0) { + break; + } + } + } + + close(socket_fds[0]); + close(socket_fds[1]); + gnutls_deinit(session); + gnutls_certificate_free_credentials(xcred); + return 0; +} |