/src/fuzz_list.c

Source
/* Copyright 2020 Google Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdbool.h>
#include <ftw.h>

#include "config.h"
#include "gpg.h"
#include "../common/types.h"
#include "../common/iobuf.h"
#include "keydb.h"
#include "keyedit.h"
#include "../common/util.h"
#include "main.h"
#include "trustdb.h"

#include <sys/stat.h>
#include <fcntl.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/mount.h>

static bool initialized = false;
ctrl_t ctrlGlobal;
int fd;
char *filename;

//hack not to include gpg.c which has main function
extern int g10_errors_seen;
extern int assert_signer_true;
extern int assert_pubkey_algo_false;

void
g10_exit( int rc )
{
    gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
    gcry_control (GCRYCTL_TERM_SECMEM );
    /* Don't exit in fuzzer - just return to allow fuzzing to continue */
    (void)rc;
    return;
}

static void
gpg_deinit_default_ctrl (ctrl_t ctrl)
{
#ifdef USE_TOFU
    tofu_closedbs (ctrl);
#endif
    gpg_dirmngr_deinit_session_data (ctrl);

    keydb_release (ctrl->cached_getkey_kdb);
}

static void
my_gcry_logger (void *dummy, int level, const char *format, va_list arg_ptr)
{
    return;
}

static int unlink_cb(const char *fpath, const struct stat *sb, int typeflag)
{
    if (typeflag == FTW_F){
        unlink(fpath);
    }
    return 0;
}

static void rmrfdir(char *path)
{
    ftw(path, unlink_cb, 16);
    if (rmdir(path) != 0) {
        printf("failed rmdir, errno=%d\n", errno);
    }
}

// 65kb should be enough ;-)
#define MAX_LEN 0x10000

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    IOBUF a;
    armor_filter_context_t *afx = NULL;

    if (! initialized) {
        ctrlGlobal = (ctrl_t) malloc(sizeof(*ctrlGlobal));
        if (!ctrlGlobal) {
            exit(1);
        }
        //deletes previous tmp dir and (re)create it as a ramfs
        //system("umount /tmp/fuzzdirlist");
        rmrfdir("/tmp/fuzzdirlist");
        if (mkdir("/tmp/fuzzdirlist", 0700) < 0) {
            printf("failed mkdir, errno=%d\n", errno);
            if (errno != EEXIST) {
                return 0;
            }
        }
        //system("mount -t tmpfs -o size=64M tmpfs /tmp/fuzzdirlist");
        filename=strdup("/tmp/fuzzdirlist/fuzz.gpg");
        if (!filename) {
            free(ctrlGlobal);
            return 0;
        }
        fd = open(filename, O_RDWR | O_CREAT, 0666);
        if (fd == -1) {
            free(filename);
            free(ctrlGlobal);
            printf("failed open, errno=%d\n", errno);
            return 0;
        }
        gnupg_set_homedir("/tmp/fuzzdirlist/");
        gpg_error_t gpgerr = keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, KEYDB_RESOURCE_FLAG_DEFAULT);
        if (gpgerr != GPG_ERR_NO_ERROR) {
            free(filename);
            free(ctrlGlobal);
            close(fd);
            printf("failed keydb_add_resource, errno=%d\n", gpgerr);
            return 0;
        }
        gpgerr = setup_trustdb (1, NULL);
        if (gpgerr != GPG_ERR_NO_ERROR) {
            free(filename);
            free(ctrlGlobal);
            close(fd);
            printf("failed setup_trustdb, errno=%d\n", gpgerr);
            return 0;
        }
        //populate /tmp/fuzzdirlist/ as homedir ~/.gnupg
        strlist_t sl = NULL;
        public_key_list (ctrlGlobal, sl, 0, 0);
        free_strlist(sl);
        //no output for stderr
        log_set_file("/dev/null");
        gcry_set_log_handler (my_gcry_logger, NULL);
        //gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
        //opt.list_packets=1;
        // Disable packet listing during fuzzing to avoid output flooding
        //set_packet_list_mode(1);
        initialized = true;
    }

    if (Size > MAX_LEN) {
        // limit maximum size to avoid long computing times
        return 0;
    }

    memset(ctrlGlobal, 0, sizeof(*ctrlGlobal));
    ctrlGlobal->magic = SERVER_CONTROL_MAGIC;

    if (ftruncate(fd, Size) == -1) {
        return 0;
    }
    if (lseek (fd, 0, SEEK_SET) < 0) {
        return 0;
    }
    if (write (fd, Data, Size) != Size) {
        return 0;
    }

    a = iobuf_open(filename);
    if( !a ) {
        printf("failed iobuf_open\n");
        return 0;
    }
    if( use_armor_filter( a ) ) {
        afx = new_armor_context ();
        push_armor_filter (afx, a);
    }
    proc_packets (ctrlGlobal, NULL, a );
    iobuf_close(a);
    release_armor_context (afx);
    gpg_deinit_default_ctrl (ctrlGlobal);

    return 0;
}


Line	Count	Source
1		/* Copyright 2020 Google Inc.
2
3		Licensed under the Apache License, Version 2.0 (the "License");
4		you may not use this file except in compliance with the License.
5		You may obtain a copy of the License at
6
7		http://www.apache.org/licenses/LICENSE-2.0
8
9		Unless required by applicable law or agreed to in writing, software
10		distributed under the License is distributed on an "AS IS" BASIS,
11		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		See the License for the specific language governing permissions and
13		limitations under the License.
14		*/
15
16		#include <stdint.h>
17		#include <stddef.h>
18		#include <stdlib.h>
19		#include <stdio.h>
20		#include <stdbool.h>
21		#include <ftw.h>
22
23		#include "config.h"
24		#include "gpg.h"
25		#include "../common/types.h"
26		#include "../common/iobuf.h"
27		#include "keydb.h"
28		#include "keyedit.h"
29		#include "../common/util.h"
30		#include "main.h"
31		#include "trustdb.h"
32
33		#include <sys/stat.h>
34		#include <fcntl.h>
35		#include <sys/types.h>
36		#include <unistd.h>
37		#include <sys/mount.h>
38
39		static bool initialized = false;
40		ctrl_t ctrlGlobal;
41		int fd;
42		char *filename;
43
44		//hack not to include gpg.c which has main function
45		extern int g10_errors_seen;
46		extern int assert_signer_true;
47		extern int assert_pubkey_algo_false;
48
49		void
50		g10_exit( int rc )
51	0	{
52	0	gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
53	0	gcry_control (GCRYCTL_TERM_SECMEM );
54		/* Don't exit in fuzzer - just return to allow fuzzing to continue */
55	0	(void)rc;
56	0	return;
57	0	}
58
59		static void
60		gpg_deinit_default_ctrl (ctrl_t ctrl)
61	5.74k	{
62		#ifdef USE_TOFU
63		tofu_closedbs (ctrl);
64		#endif
65	5.74k	gpg_dirmngr_deinit_session_data (ctrl);
66
67	5.74k	keydb_release (ctrl->cached_getkey_kdb);
68	5.74k	}
69
70		static void
71		my_gcry_logger (void dummy, int level, const char format, va_list arg_ptr)
72	783	{
73	783	return;
74	783	}
75
76		static int unlink_cb(const char fpath, const struct stat sb, int typeflag)
77	0	{
78	0	if (typeflag == FTW_F){
79	0	unlink(fpath);
80	0	}
81	0	return 0;
82	0	}
83
84		static void rmrfdir(char *path)
85	1	{
86	1	ftw(path, unlink_cb, 16);
87	1	if (rmdir(path) != 0) {
88	1	printf("failed rmdir, errno=%d\n", errno);
89	1	}
90	1	}
91
92		// 65kb should be enough ;-)
93	5.74k	#define MAX_LEN 0x10000
94
95	5.74k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
96	5.74k	IOBUF a;
97	5.74k	armor_filter_context_t *afx = NULL;
98
99	5.74k	if (! initialized) {
100	1	ctrlGlobal = (ctrl_t) malloc(sizeof(*ctrlGlobal));
101	1	if (!ctrlGlobal) {
102	0	exit(1);
103	0	}
104		//deletes previous tmp dir and (re)create it as a ramfs
105		//system("umount /tmp/fuzzdirlist");
106	1	rmrfdir("/tmp/fuzzdirlist");
107	1	if (mkdir("/tmp/fuzzdirlist", 0700) < 0) {
108	0	printf("failed mkdir, errno=%d\n", errno);
109	0	if (errno != EEXIST) {
110	0	return 0;
111	0	}
112	0	}
113		//system("mount -t tmpfs -o size=64M tmpfs /tmp/fuzzdirlist");
114	1	filename=strdup("/tmp/fuzzdirlist/fuzz.gpg");
115	1	if (!filename) {
116	0	free(ctrlGlobal);
117	0	return 0;
118	0	}
119	1	fd = open(filename, O_RDWR \| O_CREAT, 0666);
120	1	if (fd == -1) {
121	0	free(filename);
122	0	free(ctrlGlobal);
123	0	printf("failed open, errno=%d\n", errno);
124	0	return 0;
125	0	}
126	1	gnupg_set_homedir("/tmp/fuzzdirlist/");
127	1	gpg_error_t gpgerr = keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, KEYDB_RESOURCE_FLAG_DEFAULT);
128	1	if (gpgerr != GPG_ERR_NO_ERROR) {
129	0	free(filename);
130	0	free(ctrlGlobal);
131	0	close(fd);
132	0	printf("failed keydb_add_resource, errno=%d\n", gpgerr);
133	0	return 0;
134	0	}
135	1	gpgerr = setup_trustdb (1, NULL);
136	1	if (gpgerr != GPG_ERR_NO_ERROR) {
137	0	free(filename);
138	0	free(ctrlGlobal);
139	0	close(fd);
140	0	printf("failed setup_trustdb, errno=%d\n", gpgerr);
141	0	return 0;
142	0	}
143		//populate /tmp/fuzzdirlist/ as homedir ~/.gnupg
144	1	strlist_t sl = NULL;
145	1	public_key_list (ctrlGlobal, sl, 0, 0);
146	1	free_strlist(sl);
147		//no output for stderr
148	1	log_set_file("/dev/null");
149	1	gcry_set_log_handler (my_gcry_logger, NULL);
150		//gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
151		//opt.list_packets=1;
152		// Disable packet listing during fuzzing to avoid output flooding
153		//set_packet_list_mode(1);
154	1	initialized = true;
155	1	}
156
157	5.74k	if (Size > MAX_LEN) {
158		// limit maximum size to avoid long computing times
159	1	return 0;
160	1	}
161
162	5.74k	memset(ctrlGlobal, 0, sizeof(*ctrlGlobal));
163	5.74k	ctrlGlobal->magic = SERVER_CONTROL_MAGIC;
164
165	5.74k	if (ftruncate(fd, Size) == -1) {
166	0	return 0;
167	0	}
168	5.74k	if (lseek (fd, 0, SEEK_SET) < 0) {
169	0	return 0;
170	0	}
171	5.74k	if (write (fd, Data, Size) != Size) {
172	0	return 0;
173	0	}
174
175	5.74k	a = iobuf_open(filename);
176	5.74k	if( !a ) {
177	0	printf("failed iobuf_open\n");
178	0	return 0;
179	0	}
180	5.74k	if( use_armor_filter( a ) ) {
181	1.67k	afx = new_armor_context ();
182	1.67k	push_armor_filter (afx, a);
183	1.67k	}
184	5.74k	proc_packets (ctrlGlobal, NULL, a );
185	5.74k	iobuf_close(a);
186	5.74k	release_armor_context (afx);
187	5.74k	gpg_deinit_default_ctrl (ctrlGlobal);
188
189	5.74k	return 0;
190	5.74k	}
191

Coverage Report

Created: 2026-01-09 06:46