diff options
author | Mark Haines <mjark@negativecurvature.net> | 2016-05-26 13:25:34 +0100 |
---|---|---|
committer | Mark Haines <mjark@negativecurvature.net> | 2016-05-26 13:25:34 +0100 |
commit | bfeb554e8699c5cb90cab14dc74e15c30f963d74 (patch) | |
tree | 64dfe3776f06874fa591a28b5ff7456c8824b1c0 | |
parent | ee8172d882e853e737ac7e8b00fb760f21e80bfe (diff) |
Add a fuzzer for olm_group_decrypt
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | fuzzers/fuzz_decrypt.cpp | 1 | ||||
-rw-r--r-- | fuzzers/fuzz_group_decrypt.cpp | 71 | ||||
-rw-r--r-- | fuzzers/include/fuzzing.hh | 16 |
4 files changed, 86 insertions, 4 deletions
@@ -7,7 +7,7 @@ JS_OPTIMIZE_FLAGS ?= -O3 FUZZING_OPTIMIZE_FLAGS ?= -O3 CC = gcc EMCC = emcc -AFL_CC = afl_gcc +AFL_CC = afl-gcc AFL_CXX = afl-g++ RELEASE_TARGET := $(BUILD_DIR)/libolm.so DEBUG_TARGET := $(BUILD_DIR)/libolm_debug.so diff --git a/fuzzers/fuzz_decrypt.cpp b/fuzzers/fuzz_decrypt.cpp index 6116934..0b48060 100644 --- a/fuzzers/fuzz_decrypt.cpp +++ b/fuzzers/fuzz_decrypt.cpp @@ -61,4 +61,5 @@ int main(int argc, const char *argv[]) { ignored = write(STDOUT_FILENO, plaintext, length); ignored = write(STDOUT_FILENO, "\n", 1); + return ignored; } diff --git a/fuzzers/fuzz_group_decrypt.cpp b/fuzzers/fuzz_group_decrypt.cpp new file mode 100644 index 0000000..1fc99d7 --- /dev/null +++ b/fuzzers/fuzz_group_decrypt.cpp @@ -0,0 +1,71 @@ +#include "olm/olm.hh" + +#include "fuzzing.hh" + +int main(int argc, const char *argv[]) { + size_t ignored; + if (argc <= 2) { + const char * message = "Usage: decrypt <pickle_key> <group_session>\n"; + ignored = write(STDERR_FILENO, message, strlen(message)); + exit(3); + } + + const char * key = argv[1]; + size_t key_length = strlen(key); + + + int session_fd = check_errno( + "Error opening session file", open(argv[2], O_RDONLY) + ); + + uint8_t *session_buffer; + ssize_t session_length = check_errno( + "Error reading session file", read_file(session_fd, &session_buffer) + ); + + int message_fd = STDIN_FILENO; + uint8_t * message_buffer; + ssize_t message_length = check_errno( + "Error reading message file", read_file(message_fd, &message_buffer) + ); + + uint8_t * tmp_buffer = (uint8_t *) malloc(message_length); + memcpy(tmp_buffer, message_buffer, message_length); + + uint8_t session_memory[olm_inbound_group_session_size()]; + OlmInboundGroupSession * session = olm_inbound_group_session(session_memory); + check_error( + olm_inbound_group_session_last_error, + session, + "Error unpickling session", + olm_unpickle_inbound_group_session( + session, key, key_length, session_buffer, session_length + ) + ); + + size_t max_length = check_error( + olm_inbound_group_session_last_error, + session, + "Error getting plaintext length", + olm_group_decrypt_max_plaintext_length( + session, tmp_buffer, message_length + ) + ); + + uint8_t plaintext[max_length]; + + size_t length = check_error( + olm_inbound_group_session_last_error, + session, + "Error decrypting message", + olm_group_decrypt( + session, + message_buffer, message_length, + plaintext, max_length + ) + ); + + ignored = write(STDOUT_FILENO, plaintext, length); + ignored = write(STDOUT_FILENO, "\n", 1); + return ignored; +} diff --git a/fuzzers/include/fuzzing.hh b/fuzzers/include/fuzzing.hh index e4f5eb9..b27c396 100644 --- a/fuzzers/include/fuzzing.hh +++ b/fuzzers/include/fuzzing.hh @@ -53,13 +53,15 @@ T check_errno( return value; } -size_t check_session( - OlmSession * session, +template<typename T, typename F> +size_t check_error( + F f, + T * object, const char * message, size_t value ) { if (value == olm_error()) { - const char * olm_message = olm_session_last_error(session); + const char * olm_message = f(object); ssize_t ignored; ignored = write(STDERR_FILENO, message, strlen(message)); ignored = write(STDERR_FILENO, ": ", 2); @@ -70,3 +72,11 @@ size_t check_session( } return value; } + +size_t check_session( + OlmSession * session, + const char * message, + size_t value +) { + return check_error(olm_session_last_error, session, message, value); +} |