Line | Count | Source |
1 | | /* Copyright 2020 Google Inc. |
2 | | |
3 | | Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | you may not use this file except in compliance with the License. |
5 | | You may obtain a copy of the License at |
6 | | |
7 | | http://www.apache.org/licenses/LICENSE-2.0 |
8 | | |
9 | | Unless required by applicable law or agreed to in writing, software |
10 | | distributed under the License is distributed on an "AS IS" BASIS, |
11 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | See the License for the specific language governing permissions and |
13 | | limitations under the License. |
14 | | */ |
15 | | |
16 | | #include <stdint.h> |
17 | | #include <stddef.h> |
18 | | #include <stdlib.h> |
19 | | #include <stdio.h> |
20 | | #include <stdbool.h> |
21 | | #include <ftw.h> |
22 | | |
23 | | #include "config.h" |
24 | | #include "gpg.h" |
25 | | #include "../common/types.h" |
26 | | #include "../common/iobuf.h" |
27 | | #include "keydb.h" |
28 | | #include "keyedit.h" |
29 | | #include "../common/util.h" |
30 | | #include "main.h" |
31 | | #include "trustdb.h" |
32 | | |
33 | | #include <sys/stat.h> |
34 | | #include <fcntl.h> |
35 | | #include <sys/types.h> |
36 | | #include <unistd.h> |
37 | | #include <sys/mount.h> |
38 | | |
39 | | static bool initialized = false; |
40 | | ctrl_t ctrlGlobal; |
41 | | int fd; |
42 | | char *filename; |
43 | | |
44 | | //hack not to include gpg.c which has main function |
45 | | extern int g10_errors_seen; |
46 | | extern int assert_signer_true; |
47 | | extern int assert_pubkey_algo_false; |
48 | | |
49 | | void |
50 | | g10_exit( int rc ) |
51 | 0 | { |
52 | 0 | gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE); |
53 | 0 | gcry_control (GCRYCTL_TERM_SECMEM ); |
54 | | /* Don't exit in fuzzer - just return to allow fuzzing to continue */ |
55 | 0 | (void)rc; |
56 | 0 | return; |
57 | 0 | } |
58 | | |
59 | | static void |
60 | | gpg_deinit_default_ctrl (ctrl_t ctrl) |
61 | 11.8k | { |
62 | | #ifdef USE_TOFU |
63 | | tofu_closedbs (ctrl); |
64 | | #endif |
65 | 11.8k | gpg_dirmngr_deinit_session_data (ctrl); |
66 | | |
67 | 11.8k | keydb_release (ctrl->cached_getkey_kdb); |
68 | 11.8k | } |
69 | | |
70 | | static void |
71 | | my_gcry_logger (void *dummy, int level, const char *format, va_list arg_ptr) |
72 | 206k | { |
73 | 206k | return; |
74 | 206k | } |
75 | | |
76 | | static int unlink_cb(const char *fpath, const struct stat *sb, int typeflag) |
77 | 0 | { |
78 | 0 | if (typeflag == FTW_F){ |
79 | 0 | unlink(fpath); |
80 | 0 | } |
81 | 0 | return 0; |
82 | 0 | } |
83 | | |
84 | | static void rmrfdir(char *path) |
85 | 1 | { |
86 | 1 | ftw(path, unlink_cb, 16); |
87 | 1 | if (rmdir(path) != 0) { |
88 | 1 | printf("failed rmdir, errno=%d\n", errno); |
89 | 1 | } |
90 | 1 | } |
91 | | |
92 | 5.94k | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
93 | | |
94 | 5.94k | if (! initialized) { |
95 | 1 | ctrlGlobal = (ctrl_t) malloc(sizeof(*ctrlGlobal)); |
96 | 1 | if (!ctrlGlobal) { |
97 | 0 | exit(1); |
98 | 0 | } |
99 | | //deletes previous tmp dir and (re)create it as a ramfs |
100 | | //system("umount /tmp/fuzzdirverify"); |
101 | 1 | rmrfdir("/tmp/fuzzdirverify"); |
102 | 1 | mkdir("/tmp/fuzzdirverify/", 0700); |
103 | | //system("mount -t tmpfs -o size=64M tmpfs /tmp/fuzzdirverify"); |
104 | 1 | filename=strdup("/tmp/fuzzdirverify/fuzz.gpg"); |
105 | 1 | if (!filename) { |
106 | 0 | free(ctrlGlobal); |
107 | 0 | return 0; |
108 | 0 | } |
109 | 1 | fd = open("/tmp/fuzzdirverify/fuzz.gpg", O_RDWR | O_CREAT, 0600); |
110 | 1 | if (fd == -1) { |
111 | 0 | free(ctrlGlobal); |
112 | 0 | free(filename); |
113 | 0 | return 0; |
114 | 0 | } |
115 | 1 | gnupg_set_homedir("/tmp/fuzzdirverify/"); |
116 | 1 | if (keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, |
117 | 1 | KEYDB_RESOURCE_FLAG_DEFAULT) != GPG_ERR_NO_ERROR) { |
118 | 0 | free(filename); |
119 | 0 | free(ctrlGlobal); |
120 | 0 | close(fd); |
121 | 0 | return 0; |
122 | 0 | } |
123 | 1 | if (setup_trustdb (1, NULL) != GPG_ERR_NO_ERROR) { |
124 | 0 | free(filename); |
125 | 0 | free(ctrlGlobal); |
126 | 0 | close(fd); |
127 | 0 | return 0; |
128 | 0 | } |
129 | | //populate /tmp/fuzzdirverify/ as homedir ~/.gnupg |
130 | 1 | strlist_t sl = NULL; |
131 | 1 | public_key_list (ctrlGlobal, sl, 0, 0); |
132 | 1 | free_strlist(sl); |
133 | | //no output for stderr |
134 | 1 | log_set_file("/dev/null"); |
135 | 1 | gcry_set_log_handler (my_gcry_logger, NULL); |
136 | | //gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG); |
137 | 1 | initialized = true; |
138 | 1 | } |
139 | | |
140 | 5.94k | memset(ctrlGlobal, 0, sizeof(*ctrlGlobal)); |
141 | 5.94k | ctrlGlobal->magic = SERVER_CONTROL_MAGIC; |
142 | | |
143 | 5.94k | if (ftruncate(fd, Size) == -1) { |
144 | 0 | return 0; |
145 | 0 | } |
146 | 5.94k | if (lseek (fd, 0, SEEK_SET) < 0) { |
147 | 0 | return 0; |
148 | 0 | } |
149 | 5.94k | if (write (fd, Data, Size) != Size) { |
150 | 0 | return 0; |
151 | 0 | } |
152 | | |
153 | 5.94k | verify_signatures(ctrlGlobal, 1, &filename); |
154 | 5.94k | gpg_deinit_default_ctrl (ctrlGlobal); |
155 | 5.94k | memset(ctrlGlobal, 0, sizeof(*ctrlGlobal)); |
156 | 5.94k | ctrlGlobal->magic = SERVER_CONTROL_MAGIC; |
157 | 5.94k | verify_files(ctrlGlobal, 1, &filename); |
158 | 5.94k | gpg_deinit_default_ctrl (ctrlGlobal); |
159 | | |
160 | 5.94k | return 0; |
161 | 5.94k | } |
162 | | |