From: Guido Vranken <guidovranken@gmail.com>
Date: Fri, 23 Jun 2017 13:45:55 +0000 (+0200)
Subject: Add dhcp.c fuzzer
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=787626a0024897d77712b834f65a5829e08ad291;p=thirdparty%2Fopenvpn.git

Add dhcp.c fuzzer
---

diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
index 17ffd4e9b..219050080 100644
--- a/src/openvpn/Makefile.am
+++ b/src/openvpn/Makefile.am
@@ -125,7 +125,8 @@ libopenvpn_la_SOURCES += \
 
 extra_PROGRAMS = \
 				 openvpn-fuzzer-base64 openvpn-fuzzer-base64-standalone \
-				 openvpn-fuzzer-route openvpn-fuzzer-route-standalone
+				 openvpn-fuzzer-route openvpn-fuzzer-route-standalone \
+				 openvpn-fuzzer-dhcp openvpn-fuzzer-dhcp-standalone
 extradir = .
 fuzzer_sources = dummy.cpp
 fuzzer_cflags = \
@@ -158,6 +159,11 @@ openvpn_fuzzer_route_LDFLAGS = $(fuzzer_ldflags)
 openvpn_fuzzer_route_CFLAGS = $(fuzzer_cflags)
 openvpn_fuzzer_route_LDADD = $(fuzzer_ldadd) fuzzer-route.o libFuzzer.a
 
+openvpn_fuzzer_dhcp_SOURCES = $(fuzzer_sources)
+openvpn_fuzzer_dhcp_LDFLAGS = $(fuzzer_ldflags)
+openvpn_fuzzer_dhcp_CFLAGS = $(fuzzer_cflags)
+openvpn_fuzzer_dhcp_LDADD = $(fuzzer_ldadd) fuzzer-dhcp.o libFuzzer.a
+
 openvpn_fuzzer_base64_standalone_SOURCES = fuzzer-standalone-loader.c
 openvpn_fuzzer_base64_standalone_LDFLAGS = $(fuzzer_ldflags)
 openvpn_fuzzer_base64_standalone_CFLAGS = $(fuzzer_cflags)
@@ -167,3 +173,8 @@ openvpn_fuzzer_route_standalone_SOURCES = fuzzer-standalone-loader.c
 openvpn_fuzzer_route_standalone_LDFLAGS = $(fuzzer_ldflags)
 openvpn_fuzzer_route_standalone_CFLAGS = $(fuzzer_cflags)
 openvpn_fuzzer_route_standalone_LDADD = $(fuzzer_ldadd) fuzzer-route.o
+
+openvpn_fuzzer_dhcp_standalone_SOURCES = fuzzer-standalone-loader.c
+openvpn_fuzzer_dhcp_standalone_LDFLAGS = $(fuzzer_ldflags)
+openvpn_fuzzer_dhcp_standalone_CFLAGS = $(fuzzer_cflags)
+openvpn_fuzzer_dhcp_standalone_LDADD = $(fuzzer_ldadd) fuzzer-dhcp.o
diff --git a/src/openvpn/fuzzer-dhcp.c b/src/openvpn/fuzzer-dhcp.c
new file mode 100644
index 000000000..1d421ca49
--- /dev/null
+++ b/src/openvpn/fuzzer-dhcp.c
@@ -0,0 +1,28 @@
+#include "config.h"
+#include "syshead.h"
+#include "fuzzing.h"
+#include "dhcp.h"
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+    return 1;
+}
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    struct gc_arena gc;
+    struct buffer ipbuf;
+    in_addr_t ret;
+
+    ipbuf = alloc_buf(size);
+    if ( buf_write(&ipbuf, data, size) == false ) {
+        goto cleanup;
+    }
+    fuzzer_alter_buffer(&ipbuf);
+    ret = dhcp_extract_router_msg(&ipbuf);
+#ifdef MSAN
+    test_undefined_memory(&ret, sizeof(ret));
+#endif
+cleanup:
+    free_buf(&ipbuf);
+
+    return 0;
+}