openvpn-fuzzer-proxy openvpn-fuzzer-proxy-standalone \
openvpn-fuzzer-options openvpn-fuzzer-options-standalone \
openvpn-fuzzer-verify-cert openvpn-fuzzer-verify-cert-standalone \
- openvpn-fuzzer-buffer openvpn-fuzzer-buffer-standalone
+ openvpn-fuzzer-buffer openvpn-fuzzer-buffer-standalone \
+ openvpn-fuzzer-list openvpn-fuzzer-list-standalone
extradir = .
fuzzer_sources = dummy.cpp
fuzzer_cflags = \
openvpn_fuzzer_options_CFLAGS = $(fuzzer_cflags)
openvpn_fuzzer_options_LDADD = $(fuzzer_ldadd) fuzzer-options.o libFuzzer.a
+openvpn_fuzzer_verify_cert_SOURCES = $(fuzzer_sources)
+openvpn_fuzzer_verify_cert_LDFLAGS = $(fuzzer_ldflags)
+openvpn_fuzzer_verify_cert_CFLAGS = $(fuzzer_cflags)
+openvpn_fuzzer_verify_cert_LDADD = $(fuzzer_ldadd) fuzzer-verify-cert.o libFuzzer.a
+
openvpn_fuzzer_buffer_SOURCES = $(fuzzer_sources)
openvpn_fuzzer_buffer_LDFLAGS = $(fuzzer_ldflags)
openvpn_fuzzer_buffer_CFLAGS = $(fuzzer_cflags)
openvpn_fuzzer_buffer_LDADD = $(fuzzer_ldadd) fuzzer-buffer.o libFuzzer.a
-openvpn_fuzzer_verify_cert_SOURCES = $(fuzzer_sources)
-openvpn_fuzzer_verify_cert_LDFLAGS = $(fuzzer_ldflags)
-openvpn_fuzzer_verify_cert_CFLAGS = $(fuzzer_cflags)
-openvpn_fuzzer_verify_cert_LDADD = $(fuzzer_ldadd) fuzzer-verify-cert.o libFuzzer.a
+openvpn_fuzzer_list_SOURCES = $(fuzzer_sources)
+openvpn_fuzzer_list_LDFLAGS = $(fuzzer_ldflags)
+openvpn_fuzzer_list_CFLAGS = $(fuzzer_cflags)
+openvpn_fuzzer_list_LDADD = $(fuzzer_ldadd) fuzzer-list.o libFuzzer.a
openvpn_fuzzer_base64_standalone_SOURCES = fuzzer-standalone-loader.c
openvpn_fuzzer_base64_standalone_LDFLAGS = $(fuzzer_ldflags)
openvpn_fuzzer_buffer_standalone_LDFLAGS = $(fuzzer_ldflags)
openvpn_fuzzer_buffer_standalone_CFLAGS = $(fuzzer_cflags)
openvpn_fuzzer_buffer_standalone_LDADD = $(fuzzer_ldadd) fuzzer-buffer.o
+
+openvpn_fuzzer_list_standalone_SOURCES = fuzzer-standalone-loader.c
+openvpn_fuzzer_list_standalone_LDFLAGS = $(fuzzer_ldflags)
+openvpn_fuzzer_list_standalone_CFLAGS = $(fuzzer_cflags)
+openvpn_fuzzer_list_standalone_LDADD = $(fuzzer_ldadd) fuzzer-list.o
--- /dev/null
+#include "config.h"
+#include "syshead.h"
+
+#include "fuzzing.h"
+#include "misc.h"
+#include "list.h"
+
+#define SUBBUFFER_SIZE 256
+
+static uint32_t
+word_hash_function(const void *key, uint32_t iv)
+{
+ return hash_func(key, sizeof(key), iv);
+}
+
+static bool
+word_compare_function(const void *key1, const void *key2)
+{
+ return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
+}
+
+
+static void serialize_hash_element(struct hash_element* he)
+{
+ test_undefined_memory(&he->hash_value, sizeof(he->hash_value));
+}
+static void serialize_hash_element_list(struct hash_element* list)
+{
+ while ( list )
+ {
+ serialize_hash_element(list);
+ list = list->next;
+ }
+}
+static void serialize_hash_bucket(struct hash_bucket* buckets)
+{
+ if ( buckets->list )
+ {
+ serialize_hash_element_list(buckets->list);
+ }
+}
+static void serialize_hash(struct hash* hash)
+{
+ test_undefined_memory(&hash->n_buckets, sizeof(hash->n_buckets));
+ test_undefined_memory(&hash->n_elements, sizeof(hash->n_elements));
+ test_undefined_memory(&hash->mask, sizeof(hash->mask));
+ test_undefined_memory(&hash->iv, sizeof(hash->iv));
+ if ( hash->buckets )
+ {
+ serialize_hash_bucket(hash->buckets);
+ }
+}
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+ return 1;
+}
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ struct gc_arena gc;
+ struct hash* hash = NULL;
+ ssize_t i, generic_ssizet, generic_ssizet2, num_loops;
+ fuzzer_set_input((unsigned char*)data, size);
+ gc = gc_new();
+
+ FUZZER_GET_INTEGER(num_loops, 16);
+ for (i = 0; i < num_loops; i++)
+ {
+ FUZZER_GET_INTEGER(generic_ssizet, 7);
+ switch ( generic_ssizet )
+ {
+ case 0:
+ if ( hash == NULL )
+ {
+ int n_buckets;
+ uint32_t iv;
+ FUZZER_GET_INTEGER(generic_ssizet, 102400);
+ n_buckets = generic_ssizet;
+ FUZZER_GET_INTEGER(generic_ssizet, 4294967296);
+ iv = generic_ssizet;
+ hash = hash_init(generic_ssizet, iv, word_hash_function, word_compare_function);
+ }
+ break;
+ case 1:
+ if ( hash )
+ {
+ hash_free(hash);
+ hash = NULL;
+ }
+ break;
+ case 2:
+ if ( hash )
+ {
+ struct hash_iterator hi;
+ struct hash_element *he;
+ hash_iterator_init(hash, &hi);
+ while ((he = hash_iterator_next(&hi)))
+ {
+ void *w = he->value;
+ }
+ hash_iterator_free(&hi);
+ }
+ case 3:
+ if ( hash )
+ {
+ void* key;
+ void* value;
+ FUZZER_GET_INTEGER(generic_ssizet, 4294967296);
+ key = (void*)generic_ssizet;
+ if ( !hash_lookup(hash, key) )
+ {
+ FUZZER_GET_INTEGER(generic_ssizet, 4294967296);
+ value = (void*)generic_ssizet;
+ hash_add(hash, key, value, false);
+ }
+ }
+ break;
+ case 4:
+ if ( hash )
+ {
+ hash_n_elements(hash);
+ }
+ break;
+ case 5:
+ if ( hash )
+ {
+ hash_n_buckets(hash);
+ }
+ break;
+ case 6:
+ if ( hash )
+ {
+ uint32_t hv;
+ FUZZER_GET_INTEGER(generic_ssizet, 4294967296);
+ hv = generic_ssizet;
+ hash_bucket(hash, hv);
+ }
+ break;
+ case 7:
+ if ( hash )
+ {
+ void* key;
+ FUZZER_GET_INTEGER(generic_ssizet, 4294967296);
+ key = (void*)generic_ssizet;
+ hash_remove(hash, key);
+ }
+ break;
+ }
+ }
+cleanup:
+ if ( hash )
+ {
+ hash_free(hash);
+ }
+ return 0;
+}
projects / thirdparty / openvpn.git / commitdiff
