diff options
Diffstat (limited to 'fuzzers')
-rw-r--r-- | fuzzers/README.rst | 50 | ||||
-rw-r--r-- | fuzzers/fuzz_decode_message.cpp | 14 | ||||
-rw-r--r-- | fuzzers/fuzz_decrypt.cpp | 65 | ||||
-rw-r--r-- | fuzzers/fuzz_group_decrypt.cpp | 73 | ||||
-rw-r--r-- | fuzzers/fuzz_unpickle_account.cpp | 14 | ||||
-rw-r--r-- | fuzzers/fuzz_unpickle_session.cpp | 14 | ||||
-rw-r--r-- | fuzzers/include/fuzzing.hh | 82 |
7 files changed, 0 insertions, 312 deletions
diff --git a/fuzzers/README.rst b/fuzzers/README.rst deleted file mode 100644 index b6f5f9c..0000000 --- a/fuzzers/README.rst +++ /dev/null @@ -1,50 +0,0 @@ -Fuzzers -======= - -This directory contains a collection of fuzzing tools. Each tests a different -entry point to the code. - -Usage notes: - -1. Install AFL: - - .. code:: - - apt-get install afl - -2. Build the fuzzers: - - .. code:: - - make fuzzers - -3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a - session file. You can create one by pickling an Olm session. - -4. Make some work directories: - - .. code:: - - mkdir -p fuzzing/in fuzzing/out - -5. Generate starting input: - - .. code:: - - echo "Test" > fuzzing/in/test - -6. Run the test under ``afl-fuzz``: - - .. code:: - - afl-fuzz -i fuzzing/in -o fuzzing/out -- \ - ./build/fuzzers/fuzz_<fuzzing_tool> [<test args>] - -7. To resume with the data produced by an earlier run: - - .. code:: - - afl-fuzz -i- -o existing_output_dir [...etc...] - -8. If it shows failures, pipe the failure case into - ``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat. diff --git a/fuzzers/fuzz_decode_message.cpp b/fuzzers/fuzz_decode_message.cpp deleted file mode 100644 index 2ef734c..0000000 --- a/fuzzers/fuzz_decode_message.cpp +++ /dev/null @@ -1,14 +0,0 @@ -#include "olm/message.hh" -#include "fuzzing.hh" - -int main(int argc, const char *argv[]) { - int message_fd = STDIN_FILENO; - uint8_t * message_buffer; - ssize_t message_length = check_errno( - "Error reading message file", read_file(message_fd, &message_buffer) - ); - olm::MessageReader * reader = new olm::MessageReader; - decode_message(*reader, message_buffer, message_length, 8); - free(message_buffer); - delete reader; -} diff --git a/fuzzers/fuzz_decrypt.cpp b/fuzzers/fuzz_decrypt.cpp deleted file mode 100644 index 0b48060..0000000 --- a/fuzzers/fuzz_decrypt.cpp +++ /dev/null @@ -1,65 +0,0 @@ -#include "olm/olm.hh" - -#include "fuzzing.hh" - -int main(int argc, const char *argv[]) { - size_t ignored; - if (argc <= 3) { - const char * message = "Usage: decrypt: <session_key> <session_file>" - " <message_type>\n"; - ignored = write(STDERR_FILENO, message, strlen(message)); - exit(3); - } - - const char * key = argv[1]; - size_t key_length = strlen(key); - - - int session_fd = check_errno( - "Error opening session file", open(argv[2], O_RDONLY) - ); - - int message_type = atoi(argv[3]); - - uint8_t *session_buffer; - ssize_t session_length = check_errno( - "Error reading session file", read_file(session_fd, &session_buffer) - ); - - int message_fd = STDIN_FILENO; - uint8_t * message_buffer; - ssize_t message_length = check_errno( - "Error reading message file", read_file(message_fd, &message_buffer) - ); - - uint8_t * tmp_buffer = (uint8_t *) malloc(message_length); - memcpy(tmp_buffer, message_buffer, message_length); - - uint8_t session_memory[olm_session_size()]; - OlmSession * session = olm_session(session_memory); - check_session(session, "Error unpickling session", olm_unpickle_session( - session, key, key_length, session_buffer, session_length - )); - - size_t max_length = check_session( - session, - "Error getting plaintext length", - olm_decrypt_max_plaintext_length( - session, message_type, tmp_buffer, message_length - ) - ); - - uint8_t plaintext[max_length]; - - size_t length = check_session( - session, "Error decrypting message", olm_decrypt( - session, message_type, - message_buffer, message_length, - plaintext, max_length - ) - ); - - ignored = write(STDOUT_FILENO, plaintext, length); - ignored = write(STDOUT_FILENO, "\n", 1); - return ignored; -} diff --git a/fuzzers/fuzz_group_decrypt.cpp b/fuzzers/fuzz_group_decrypt.cpp deleted file mode 100644 index bb12d0e..0000000 --- a/fuzzers/fuzz_group_decrypt.cpp +++ /dev/null @@ -1,73 +0,0 @@ -#include "olm/olm.hh" - -#include "fuzzing.hh" - -int main(int argc, const char *argv[]) { - size_t ignored; - if (argc <= 2) { - const char * message = "Usage: decrypt <pickle_key> <group_session>\n"; - ignored = write(STDERR_FILENO, message, strlen(message)); - exit(3); - } - - const char * key = argv[1]; - size_t key_length = strlen(key); - - - int session_fd = check_errno( - "Error opening session file", open(argv[2], O_RDONLY) - ); - - uint8_t *session_buffer; - ssize_t session_length = check_errno( - "Error reading session file", read_file(session_fd, &session_buffer) - ); - - int message_fd = STDIN_FILENO; - uint8_t * message_buffer; - ssize_t message_length = check_errno( - "Error reading message file", read_file(message_fd, &message_buffer) - ); - - uint8_t * tmp_buffer = (uint8_t *) malloc(message_length); - memcpy(tmp_buffer, message_buffer, message_length); - - uint8_t session_memory[olm_inbound_group_session_size()]; - OlmInboundGroupSession * session = olm_inbound_group_session(session_memory); - check_error( - olm_inbound_group_session_last_error, - session, - "Error unpickling session", - olm_unpickle_inbound_group_session( - session, key, key_length, session_buffer, session_length - ) - ); - - size_t max_length = check_error( - olm_inbound_group_session_last_error, - session, - "Error getting plaintext length", - olm_group_decrypt_max_plaintext_length( - session, tmp_buffer, message_length - ) - ); - - uint8_t plaintext[max_length]; - - uint32_t ratchet_index; - - size_t length = check_error( - olm_inbound_group_session_last_error, - session, - "Error decrypting message", - olm_group_decrypt( - session, - message_buffer, message_length, - plaintext, max_length, &ratchet_index - ) - ); - - ignored = write(STDOUT_FILENO, plaintext, length); - ignored = write(STDOUT_FILENO, "\n", 1); - return ignored; -} diff --git a/fuzzers/fuzz_unpickle_account.cpp b/fuzzers/fuzz_unpickle_account.cpp deleted file mode 100644 index 12c6d9b..0000000 --- a/fuzzers/fuzz_unpickle_account.cpp +++ /dev/null @@ -1,14 +0,0 @@ -#include "olm/account.hh" -#include "fuzzing.hh" - -int main(int argc, const char *argv[]) { - int pickle_fd = STDIN_FILENO; - uint8_t * pickle_buffer; - ssize_t pickle_length = check_errno( - "Error reading pickle file", read_file(pickle_fd, &pickle_buffer) - ); - olm::Account * account = new olm::Account; - unpickle(pickle_buffer, pickle_buffer + pickle_length, *account); - free(pickle_buffer); - delete account; -} diff --git a/fuzzers/fuzz_unpickle_session.cpp b/fuzzers/fuzz_unpickle_session.cpp deleted file mode 100644 index 6edbc96..0000000 --- a/fuzzers/fuzz_unpickle_session.cpp +++ /dev/null @@ -1,14 +0,0 @@ -#include "olm/session.hh" -#include "fuzzing.hh" - -int main(int argc, const char *argv[]) { - int pickle_fd = STDIN_FILENO; - uint8_t * pickle_buffer; - ssize_t pickle_length = check_errno( - "Error reading pickle file", read_file(pickle_fd, &pickle_buffer) - ); - olm::Session * session = new olm::Session; - unpickle(pickle_buffer, pickle_buffer + pickle_length, *session); - free(pickle_buffer); - delete session; -} diff --git a/fuzzers/include/fuzzing.hh b/fuzzers/include/fuzzing.hh deleted file mode 100644 index b27c396..0000000 --- a/fuzzers/include/fuzzing.hh +++ /dev/null @@ -1,82 +0,0 @@ -#include "olm/olm.hh" - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <stddef.h> -#include <string.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> - - -ssize_t read_file( - int fd, - uint8_t **buffer -) { - size_t buffer_size = 4096; - uint8_t * current_buffer = (uint8_t *) malloc(buffer_size); - if (current_buffer == NULL) return -1; - size_t buffer_pos = 0; - while (1) { - ssize_t count = read( - fd, current_buffer + buffer_pos, buffer_size - buffer_pos - ); - if (count < 0) break; - if (count == 0) { - uint8_t * return_buffer = (uint8_t *) realloc(current_buffer, buffer_pos); - if (return_buffer == NULL) break; - *buffer = return_buffer; - return buffer_pos; - } - buffer_pos += count; - if (buffer_pos == buffer_size) { - buffer_size *= 2; - uint8_t * new_buffer = (uint8_t *) realloc(current_buffer, buffer_size); - if (new_buffer == NULL) break; - current_buffer = new_buffer; - } - } - free(current_buffer); - return -1; -} - -template<typename T> -T check_errno( - const char * message, - T value -) { - if (value == T(-1)) { - perror(message); - exit(1); - } - return value; -} - -template<typename T, typename F> -size_t check_error( - F f, - T * object, - const char * message, - size_t value -) { - if (value == olm_error()) { - const char * olm_message = f(object); - ssize_t ignored; - ignored = write(STDERR_FILENO, message, strlen(message)); - ignored = write(STDERR_FILENO, ": ", 2); - ignored = write(STDERR_FILENO, olm_message, strlen(olm_message)); - ignored = write(STDERR_FILENO, "\n", 1); - exit(2); - return ignored; - } - return value; -} - -size_t check_session( - OlmSession * session, - const char * message, - size_t value -) { - return check_error(olm_session_last_error, session, message, value); -} |