From cada801de524fcbb085bced6fb49a079fad2c1e0 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Wed, 19 Oct 2016 14:59:50 +0100 Subject: Add a README for the fuzzers --- fuzzers/README.rst | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 fuzzers/README.rst (limited to 'fuzzers') diff --git a/fuzzers/README.rst b/fuzzers/README.rst new file mode 100644 index 0000000..b3142ca --- /dev/null +++ b/fuzzers/README.rst @@ -0,0 +1,51 @@ +Fuzzers +======= + +This directory contains a collection of fuzzing tools. Each tests a different +entry point to the code. + +Usage notes: + +1. Install AFL: + + .. code:: + + apt-get install afl + +2. Build the fuzzers: + + .. code:: + + make fuzzers + +3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a + session file. You can use the ones generated by the python test script + (``python/test.sh``). + +4. Make some work directories: + + .. code:: + + mkdir -p fuzzing/in fuzzing/out + +5. Generate starting input: + + .. code:: + + echo "Test" > fuzzing/in/test + +6. Run the test under ``afl-fuzz``: + + .. code:: + + afl-fuzz -i fuzzing/in -o fuzzing/out -- \ + ./build/fuzzers/fuzz_ [] + +7. To resume with the data produced by an earlier run: + + .. code:: + + ./afl-fuzz -i- -o existing_output_dir [...etc...] + +8. If it shows failures, pipe the failure case into + ``./build/fuzzers/debug_``, fix, and repeat. -- cgit v1.2.3 From 64130c1f8b0a2dd09379ac02544897ad5a2bfb75 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Mon, 24 Oct 2016 16:31:42 +0100 Subject: Fix broken fuzzer compilation fuzz_group_decrypt.cpp got broken by 653790e; fix it up --- fuzzers/README.rst | 2 +- fuzzers/fuzz_group_decrypt.cpp | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'fuzzers') diff --git a/fuzzers/README.rst b/fuzzers/README.rst index b3142ca..d052303 100644 --- a/fuzzers/README.rst +++ b/fuzzers/README.rst @@ -45,7 +45,7 @@ Usage notes: .. code:: - ./afl-fuzz -i- -o existing_output_dir [...etc...] + afl-fuzz -i- -o existing_output_dir [...etc...] 8. If it shows failures, pipe the failure case into ``./build/fuzzers/debug_``, fix, and repeat. diff --git a/fuzzers/fuzz_group_decrypt.cpp b/fuzzers/fuzz_group_decrypt.cpp index 1fc99d7..bb12d0e 100644 --- a/fuzzers/fuzz_group_decrypt.cpp +++ b/fuzzers/fuzz_group_decrypt.cpp @@ -54,6 +54,8 @@ int main(int argc, const char *argv[]) { uint8_t plaintext[max_length]; + uint32_t ratchet_index; + size_t length = check_error( olm_inbound_group_session_last_error, session, @@ -61,7 +63,7 @@ int main(int argc, const char *argv[]) { olm_group_decrypt( session, message_buffer, message_length, - plaintext, max_length + plaintext, max_length, &ratchet_index ) ); -- cgit v1.2.3