Add a fuzzer for olm_group_decrypt

4 files changed, 86 insertions, 4 deletions

diff --git a/Makefile b/Makefile
index 49bec6a..6554c44 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ JS_OPTIMIZE_FLAGS ?= -O3
 FUZZING_OPTIMIZE_FLAGS ?= -O3
 CC = gcc
 EMCC = emcc
-AFL_CC = afl_gcc
+AFL_CC = afl-gcc
 AFL_CXX = afl-g++
 RELEASE_TARGET := $(BUILD_DIR)/libolm.so
 DEBUG_TARGET := $(BUILD_DIR)/libolm_debug.so
diff --git a/fuzzers/fuzz_decrypt.cpp b/fuzzers/fuzz_decrypt.cpp
index 6116934..0b48060 100644
--- a/fuzzers/fuzz_decrypt.cpp
+++ b/fuzzers/fuzz_decrypt.cpp
@@ -61,4 +61,5 @@ int main(int argc, const char *argv[]) {
 
     ignored = write(STDOUT_FILENO, plaintext, length);
     ignored = write(STDOUT_FILENO, "\n", 1);
+    return ignored;
 }
diff --git a/fuzzers/fuzz_group_decrypt.cpp b/fuzzers/fuzz_group_decrypt.cpp
new file mode 100644
index 0000000..1fc99d7
--- /dev/null
+++ b/fuzzers/fuzz_group_decrypt.cpp
@@ -0,0 +1,71 @@
+#include "olm/olm.hh"
+
+#include "fuzzing.hh"
+
+int main(int argc, const char *argv[]) {
+    size_t ignored;
+    if (argc <= 2) {
+        const char * message = "Usage: decrypt <pickle_key> <group_session>\n";
+        ignored = write(STDERR_FILENO, message, strlen(message));
+        exit(3);
+    }
+
+    const char * key = argv[1];
+    size_t key_length = strlen(key);
+
+
+    int session_fd = check_errno(
+        "Error opening session file", open(argv[2], O_RDONLY)
+    );
+
+    uint8_t *session_buffer;
+    ssize_t session_length = check_errno(
+        "Error reading session file", read_file(session_fd, &session_buffer)
+    );
+
+    int message_fd = STDIN_FILENO;
+    uint8_t * message_buffer;
+    ssize_t message_length = check_errno(
+        "Error reading message file", read_file(message_fd, &message_buffer)
+    );
+
+    uint8_t * tmp_buffer = (uint8_t *) malloc(message_length);
+    memcpy(tmp_buffer, message_buffer, message_length);
+
+    uint8_t session_memory[olm_inbound_group_session_size()];
+    OlmInboundGroupSession * session = olm_inbound_group_session(session_memory);
+    check_error(
+        olm_inbound_group_session_last_error,
+        session,
+        "Error unpickling session",
+        olm_unpickle_inbound_group_session(
+            session, key, key_length, session_buffer, session_length
+        )
+    );
+
+    size_t max_length = check_error(
+        olm_inbound_group_session_last_error,
+        session,
+        "Error getting plaintext length",
+        olm_group_decrypt_max_plaintext_length(
+            session, tmp_buffer, message_length
+        )
+    );
+
+    uint8_t plaintext[max_length];
+
+    size_t length = check_error(
+        olm_inbound_group_session_last_error,
+        session,
+        "Error decrypting message",
+        olm_group_decrypt(
+            session,
+            message_buffer, message_length,
+            plaintext, max_length
+        )
+    );
+
+    ignored = write(STDOUT_FILENO, plaintext, length);
+    ignored = write(STDOUT_FILENO, "\n", 1);
+    return ignored;
+}
diff --git a/fuzzers/include/fuzzing.hh b/fuzzers/include/fuzzing.hh
index e4f5eb9..b27c396 100644
--- a/fuzzers/include/fuzzing.hh
+++ b/fuzzers/include/fuzzing.hh
@@ -53,13 +53,15 @@ T check_errno(
     return value;
 }
 
-size_t check_session(
-    OlmSession * session,
+template<typename T, typename F>
+size_t check_error(
+    F f,
+    T * object,
     const char * message,
     size_t value
 ) {
     if (value == olm_error()) {
-        const char * olm_message = olm_session_last_error(session);
+        const char * olm_message = f(object);
         ssize_t ignored;
         ignored = write(STDERR_FILENO, message, strlen(message));
         ignored = write(STDERR_FILENO, ": ", 2);
@@ -70,3 +72,11 @@ size_t check_session(
     }
     return value;
 }
+
+size_t check_session(
+    OlmSession * session,
+    const char * message,
+    size_t value
+) {
+    return check_error(olm_session_last_error, session, message, value);
+}