/src/fuzz_import.c

Source
/* Copyright 2020 Google Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdbool.h>
#include <ftw.h>

#include "config.h"
#include "gpg.h"
#include "../common/types.h"
#include "../common/iobuf.h"
#include "keydb.h"
#include "keyedit.h"
#include "../common/util.h"
#include "main.h"
#include "options.h"
#include "trustdb.h"

#include <sys/stat.h>
#include <fcntl.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/mount.h>

// 8kb should be enough ;-)
#define MAX_LEN 0x2000

static bool initialized = false;
ctrl_t ctrlGlobal;
int fd;
char *filename;

//hack not to include gpg.c which has main function
extern int g10_errors_seen;
extern int assert_signer_true;
extern int assert_pubkey_algo_false;

void
g10_exit( int rc )
{
    gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
    gcry_control (GCRYCTL_TERM_SECMEM );
    /* Don't exit in fuzzer - just return to allow fuzzing to continue */
    (void)rc;
    return;
}

static void
gpg_deinit_default_ctrl (ctrl_t ctrl)
{
#ifdef USE_TOFU
    tofu_closedbs (ctrl);
#endif
    gpg_dirmngr_deinit_session_data (ctrl);

    keydb_release (ctrl->cached_getkey_kdb);
}

static void
my_gcry_logger (void *dummy, int level, const char *format, va_list arg_ptr)
{
    return;
}

static int unlink_cb(const char *fpath, const struct stat *sb, int typeflag)
{
    if (typeflag == FTW_F){
        unlink(fpath);
    }
    return 0;
}

static void rmrfdir(char *path)
{
    ftw(path, unlink_cb, 16);
    if (rmdir(path) != 0) {
        printf("failed rmdir, errno=%d\n", errno);
    }
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    if (! initialized) {
        ctrlGlobal = (ctrl_t) malloc(sizeof(*ctrlGlobal));
        if (!ctrlGlobal) {
            exit(1);
        }
        //deletes previous tmp dir and (re)create it as a ramfs
        //system("umount /tmp/fuzzdirimport");
        rmrfdir("/tmp/fuzzdirimport");
        if (mkdir("/tmp/fuzzdirimport", 0700) < 0) {
            printf("failed mkdir, errno=%d\n", errno);
            if (errno != EEXIST) {
                return 0;
            }
        }
        //system("mount -t tmpfs -o size=64M tmpfs /tmp/fuzzdirimport");
        filename=strdup("/tmp/fuzzdirimport/fuzz.gpg");
        if (!filename) {
            free(ctrlGlobal);
            return 0;
        }
        fd = open(filename, O_RDWR | O_CREAT, 0666);
        if (fd == -1) {
            free(filename);
            free(ctrlGlobal);
            printf("failed open, errno=%d\n", errno);
            return 0;
        }
        gnupg_set_homedir("/tmp/fuzzdirimport/");
        gpg_error_t gpgerr = keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, KEYDB_RESOURCE_FLAG_DEFAULT);
        if (gpgerr != GPG_ERR_NO_ERROR) {
            free(filename);
            free(ctrlGlobal);
            close(fd);
            printf("failed keydb_add_resource, errno=%d\n", gpgerr);
            return 0;
        }
        gpgerr = setup_trustdb (1, NULL);
        if (gpgerr != GPG_ERR_NO_ERROR) {
            free(filename);
            free(ctrlGlobal);
            close(fd);
            printf("failed setup_trustdb, errno=%d\n", gpgerr);
            return 0;
        }
        //populate /tmp/fuzzdirimport/ as homedir ~/.gnupg
        strlist_t sl = NULL;
        public_key_list (ctrlGlobal, sl, 0, 0);
        free_strlist(sl);
        //no output for stderr
        log_set_file("/dev/null");
        gcry_set_log_handler (my_gcry_logger, NULL);
        //gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
        initialized = true;
    }

    memset(ctrlGlobal, 0, sizeof(*ctrlGlobal));
    ctrlGlobal->magic = SERVER_CONTROL_MAGIC;
    if (Size > MAX_LEN) {
        // limit maximum size to avoid long computing times
        Size = MAX_LEN;
    }

    if (ftruncate(fd, Size) == -1) {
        return 0;
    }
    if (lseek (fd, 0, SEEK_SET) < 0) {
        return 0;
    }
    if (write (fd, Data, Size) != Size) {
        return 0;
    }

    import_keys (ctrlGlobal, &filename, 1, NULL, IMPORT_REPAIR_KEYS, 0, NULL);
    gpg_deinit_default_ctrl (ctrlGlobal);
    /*memset(ctrlGlobal, 0, sizeof(*ctrlGlobal));
    ctrlGlobal->magic = SERVER_CONTROL_MAGIC;
    PKT_public_key pk;
    get_pubkey_fromfile (ctrlGlobal, &pk, filename);
    release_public_key_parts (&pk);
    gpg_deinit_default_ctrl (ctrlGlobal);*/

    return 0;
}


Line	Count	Source
1		/* Copyright 2020 Google Inc.
2
3		Licensed under the Apache License, Version 2.0 (the "License");
4		you may not use this file except in compliance with the License.
5		You may obtain a copy of the License at
6
7		http://www.apache.org/licenses/LICENSE-2.0
8
9		Unless required by applicable law or agreed to in writing, software
10		distributed under the License is distributed on an "AS IS" BASIS,
11		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		See the License for the specific language governing permissions and
13		limitations under the License.
14		*/
15
16		#include <stdint.h>
17		#include <stddef.h>
18		#include <stdlib.h>
19		#include <stdio.h>
20		#include <stdbool.h>
21		#include <ftw.h>
22
23		#include "config.h"
24		#include "gpg.h"
25		#include "../common/types.h"
26		#include "../common/iobuf.h"
27		#include "keydb.h"
28		#include "keyedit.h"
29		#include "../common/util.h"
30		#include "main.h"
31		#include "options.h"
32		#include "trustdb.h"
33
34		#include <sys/stat.h>
35		#include <fcntl.h>
36		#include <sys/types.h>
37		#include <unistd.h>
38		#include <sys/mount.h>
39
40		// 8kb should be enough ;-)
41	7.79k	#define MAX_LEN 0x2000
42
43		static bool initialized = false;
44		ctrl_t ctrlGlobal;
45		int fd;
46		char *filename;
47
48		//hack not to include gpg.c which has main function
49		extern int g10_errors_seen;
50		extern int assert_signer_true;
51		extern int assert_pubkey_algo_false;
52
53		void
54		g10_exit( int rc )
55	0	{
56	0	gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
57	0	gcry_control (GCRYCTL_TERM_SECMEM );
58		/* Don't exit in fuzzer - just return to allow fuzzing to continue */
59	0	(void)rc;
60	0	return;
61	0	}
62
63		static void
64		gpg_deinit_default_ctrl (ctrl_t ctrl)
65	7.75k	{
66		#ifdef USE_TOFU
67		tofu_closedbs (ctrl);
68		#endif
69	7.75k	gpg_dirmngr_deinit_session_data (ctrl);
70
71	7.75k	keydb_release (ctrl->cached_getkey_kdb);
72	7.75k	}
73
74		static void
75		my_gcry_logger (void dummy, int level, const char format, va_list arg_ptr)
76	0	{
77	0	return;
78	0	}
79
80		static int unlink_cb(const char fpath, const struct stat sb, int typeflag)
81	0	{
82	0	if (typeflag == FTW_F){
83	0	unlink(fpath);
84	0	}
85	0	return 0;
86	0	}
87
88		static void rmrfdir(char *path)
89	1	{
90	1	ftw(path, unlink_cb, 16);
91	1	if (rmdir(path) != 0) {
92	1	printf("failed rmdir, errno=%d\n", errno);
93	1	}
94	1	}
95
96	7.75k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
97	7.75k	if (! initialized) {
98	1	ctrlGlobal = (ctrl_t) malloc(sizeof(*ctrlGlobal));
99	1	if (!ctrlGlobal) {
100	0	exit(1);
101	0	}
102		//deletes previous tmp dir and (re)create it as a ramfs
103		//system("umount /tmp/fuzzdirimport");
104	1	rmrfdir("/tmp/fuzzdirimport");
105	1	if (mkdir("/tmp/fuzzdirimport", 0700) < 0) {
106	0	printf("failed mkdir, errno=%d\n", errno);
107	0	if (errno != EEXIST) {
108	0	return 0;
109	0	}
110	0	}
111		//system("mount -t tmpfs -o size=64M tmpfs /tmp/fuzzdirimport");
112	1	filename=strdup("/tmp/fuzzdirimport/fuzz.gpg");
113	1	if (!filename) {
114	0	free(ctrlGlobal);
115	0	return 0;
116	0	}
117	1	fd = open(filename, O_RDWR \| O_CREAT, 0666);
118	1	if (fd == -1) {
119	0	free(filename);
120	0	free(ctrlGlobal);
121	0	printf("failed open, errno=%d\n", errno);
122	0	return 0;
123	0	}
124	1	gnupg_set_homedir("/tmp/fuzzdirimport/");
125	1	gpg_error_t gpgerr = keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, KEYDB_RESOURCE_FLAG_DEFAULT);
126	1	if (gpgerr != GPG_ERR_NO_ERROR) {
127	0	free(filename);
128	0	free(ctrlGlobal);
129	0	close(fd);
130	0	printf("failed keydb_add_resource, errno=%d\n", gpgerr);
131	0	return 0;
132	0	}
133	1	gpgerr = setup_trustdb (1, NULL);
134	1	if (gpgerr != GPG_ERR_NO_ERROR) {
135	0	free(filename);
136	0	free(ctrlGlobal);
137	0	close(fd);
138	0	printf("failed setup_trustdb, errno=%d\n", gpgerr);
139	0	return 0;
140	0	}
141		//populate /tmp/fuzzdirimport/ as homedir ~/.gnupg
142	1	strlist_t sl = NULL;
143	1	public_key_list (ctrlGlobal, sl, 0, 0);
144	1	free_strlist(sl);
145		//no output for stderr
146	1	log_set_file("/dev/null");
147	1	gcry_set_log_handler (my_gcry_logger, NULL);
148		//gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
149	1	initialized = true;
150	1	}
151
152	7.75k	memset(ctrlGlobal, 0, sizeof(*ctrlGlobal));
153	7.75k	ctrlGlobal->magic = SERVER_CONTROL_MAGIC;
154	7.75k	if (Size > MAX_LEN) {
155		// limit maximum size to avoid long computing times
156	36	Size = MAX_LEN;
157	36	}
158
159	7.75k	if (ftruncate(fd, Size) == -1) {
160	0	return 0;
161	0	}
162	7.75k	if (lseek (fd, 0, SEEK_SET) < 0) {
163	0	return 0;
164	0	}
165	7.75k	if (write (fd, Data, Size) != Size) {
166	0	return 0;
167	0	}
168
169	7.75k	import_keys (ctrlGlobal, &filename, 1, NULL, IMPORT_REPAIR_KEYS, 0, NULL);
170	7.75k	gpg_deinit_default_ctrl (ctrlGlobal);
171		/memset(ctrlGlobal, 0, sizeof(ctrlGlobal));
172		ctrlGlobal->magic = SERVER_CONTROL_MAGIC;
173		PKT_public_key pk;
174		get_pubkey_fromfile (ctrlGlobal, &pk, filename);
175		release_public_key_parts (&pk);
176		gpg_deinit_default_ctrl (ctrlGlobal);*/
177
178	7.75k	return 0;
179	7.75k	}
180

Coverage Report

Created: 2026-01-09 06:48