tests: libFuzzer integration for test-json and test-x509

Allow these test tools to be used with libFuzzer in addition to
afl-fuzz.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/tests/Makefile b/tests/Makefile
index 3b5c86fbac6a76b2ad193cae7e727186ae0f6ff7..95855aa3b91c9b4825df12b3733ca8304bb23d69 100644 (file)
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -5,6 +5,15 @@ TESTS=test-base64 test-md4 test-milenage \
 
 all: $(TESTS)
 
+ifdef LIBFUZZER
+CC=clang
+CFLAGS = -MMD -O2 -Wall -g
+CFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
+CFLAGS += -DTEST_LIBFUZZER
+LDFLAGS += -fsanitize=fuzzer,address,signed-integer-overflow,unsigned-integer-overflow
+TEST_FUZZ=y
+endif
+
 ifndef CC
 CC=gcc
 endif

diff --git a/tests/README b/tests/README
index 68f6023d08205891449f65ca768d5ef767489d2e..b11e07b08cdf214394281d5ad81ac63fe3533841 100644 (file)
--- a/tests/README
+++ b/tests/README
@@ -45,6 +45,15 @@ cat > json-examples/1.json <<EOF
 EOF
 afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@
 
+Alternatively, using libFuzzer from LLVM:
+make clean
+make test-json LIBFUZZER=y
+mkdir json-examples
+cat > json-examples/1.json <<EOF
+{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
+EOF
+./test-json json-examples
+
 ##### EAPOL-Key Supplicant
 make clean
 CC=afl-gcc make test-eapol TEST_FUZZ=y

diff --git a/tests/test-json.c b/tests/test-json.c
index c7cb4603077e75f7e934a36cd1b7c7f9b48b0571..b33a79214481d4fa294e1c7e8b64fa551ee76a0d 100644 (file)
--- a/tests/test-json.c
+++ b/tests/test-json.c
@@ -7,15 +7,47 @@
  */
 
 #include "utils/includes.h"
+#include "utils/common.h"
 #include "utils/os.h"
 #include "utils/json.h"
+#include "utils/wpa_debug.h"
 
 
+void run_test(const char *buf, size_t len)
+{
+       struct json_token *root;
+       char *txt;
+       size_t buflen = 10000;
+
+       root = json_parse(buf, len);
+       if (!root) {
+               wpa_printf(MSG_DEBUG, "JSON parsing failed");
+               return;
+       }
+
+       txt = os_zalloc(buflen);
+       if (txt) {
+               json_print_tree(root, txt, buflen);
+               wpa_printf(MSG_DEBUG, "%s", txt);
+               os_free(txt);
+       }
+       json_free(root);
+}
+
+
+#ifdef TEST_LIBFUZZER
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+       run_test((const char *) data, size);
+       return 0;
+}
+#else /* TEST_LIBFUZZER */
 int main(int argc, char *argv[])
 {
        char *buf;
        size_t len;
-       struct json_token *root;
+
+       wpa_debug_level = 0;
 
        if (argc < 2)
                return -1;
@@ -24,21 +56,9 @@ int main(int argc, char *argv[])
        if (!buf)
                return -1;
 
-       root = json_parse(buf, len);
+       run_test(buf, len);
        os_free(buf);
-       if (root) {
-               size_t buflen = 10000;
-
-               buf = os_zalloc(buflen);
-               if (buf) {
-                       json_print_tree(root, buf, buflen);
-                       printf("%s\n", buf);
-                       os_free(buf);
-               }
-               json_free(root);
-       } else {
-               printf("JSON parsing failed\n");
-       }
 
        return 0;
 }
+#endif /* TEST_LIBFUZZER */

diff --git a/tests/test-x509.c b/tests/test-x509.c
index 194f229e909ebab376c05f9a3a605075ce7e88f7..055446eccda26ae8082550f230f2f2d3557641e4 100644 (file)
--- a/tests/test-x509.c
+++ b/tests/test-x509.c
@@ -1,6 +1,6 @@
 /*
  * Testing tool for X.509v3 routines
- * Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2019, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -12,6 +12,16 @@
 #include "tls/x509v3.h"
 
 
+#ifdef TEST_LIBFUZZER
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+       struct x509_certificate *cert;
+
+       cert = x509_certificate_parse(data, size);
+       x509_certificate_free(cert);
+       return 0;
+}
+#else /* TEST_LIBFUZZER */
 int main(int argc, char *argv[])
 {
        FILE *f;
@@ -34,3 +44,4 @@ int main(int argc, char *argv[])
 
        return 0;
 }
+#endif /* TEST_LIBFUZZER */