fuzz: Added PB-TNC fuzzer
This commit is contained in:
parent
cd6e45817e
commit
75181f4836
|
@ -431,7 +431,7 @@ if test x$eap_radius = xtrue -o x$radattr = xtrue -o x$tnc_pdp = xtrue; then
|
||||||
radius=true;
|
radius=true;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
|
if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_20 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
|
||||||
tnc_tnccs=true;
|
tnc_tnccs=true;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
fuzz_certs
|
fuzz_certs
|
||||||
fuzz_crls
|
fuzz_crls
|
||||||
fuzz_pa_tnc
|
fuzz_pa_tnc
|
||||||
|
fuzz_pb_tnc
|
||||||
|
|
|
@ -3,6 +3,8 @@ AM_CPPFLAGS = @CPPFLAGS@ \
|
||||||
-I$(top_srcdir)/src/libimcv \
|
-I$(top_srcdir)/src/libimcv \
|
||||||
-I$(top_srcdir)/src/libtncif \
|
-I$(top_srcdir)/src/libtncif \
|
||||||
-I$(top_srcdir)/src/libtpmtss \
|
-I$(top_srcdir)/src/libtpmtss \
|
||||||
|
-I$(top_srcdir)/src/libtnccs \
|
||||||
|
-I$(top_srcdir)/src/libtnccs/plugins/tnccs_20 \
|
||||||
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
|
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
|
||||||
-DPLUGINS="\"${fuzz_plugins}\""
|
-DPLUGINS="\"${fuzz_plugins}\""
|
||||||
|
|
||||||
|
@ -17,7 +19,12 @@ pa_tnc_ldflags = \
|
||||||
$(top_builddir)/src/libtpmtss/.libs/libtpmtss.a \
|
$(top_builddir)/src/libtpmtss/.libs/libtpmtss.a \
|
||||||
$(fuzz_ldflags)
|
$(fuzz_ldflags)
|
||||||
|
|
||||||
FUZZ_TARGETS=fuzz_certs fuzz_crls fuzz_pa_tnc
|
pb_tnc_ldflags = \
|
||||||
|
$(top_builddir)/src/libtnccs/.libs/libtnccs.a \
|
||||||
|
$(top_builddir)/src/libtncif/.libs/libtncif.a \
|
||||||
|
$(fuzz_ldflags)
|
||||||
|
|
||||||
|
FUZZ_TARGETS=fuzz_certs fuzz_crls fuzz_pa_tnc fuzz_pb_tnc
|
||||||
|
|
||||||
all-local: $(FUZZ_TARGETS)
|
all-local: $(FUZZ_TARGETS)
|
||||||
|
|
||||||
|
@ -32,6 +39,9 @@ fuzz_crls: fuzz_crls.c ${libfuzzer}
|
||||||
fuzz_pa_tnc: fuzz_pa_tnc.c ${libfuzzer}
|
fuzz_pa_tnc: fuzz_pa_tnc.c ${libfuzzer}
|
||||||
$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pa_tnc_ldflags)
|
$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pa_tnc_ldflags)
|
||||||
|
|
||||||
|
fuzz_pb_tnc: fuzz_pb_tnc.c ${libfuzzer}
|
||||||
|
$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pb_tnc_ldflags)
|
||||||
|
|
||||||
noinst_LIBRARIES = libFuzzerLocal.a
|
noinst_LIBRARIES = libFuzzerLocal.a
|
||||||
libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
|
libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
|
||||||
libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2018 Andreas Steffen
|
||||||
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License as published by the
|
||||||
|
* Free Software Foundation; either version 2 of the License, or (at your
|
||||||
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||||
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <library.h>
|
||||||
|
#include <batch/pb_tnc_batch.h>
|
||||||
|
#include <messages/ietf/pb_error_msg.h>
|
||||||
|
#include <state_machine/pb_tnc_state_machine.h>
|
||||||
|
#include <utils/debug.h>
|
||||||
|
|
||||||
|
|
||||||
|
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
|
||||||
|
{
|
||||||
|
pb_tnc_batch_t *batch;
|
||||||
|
pb_tnc_state_machine_t *state;
|
||||||
|
pb_tnc_msg_t *msg;
|
||||||
|
pb_error_msg_t *error;
|
||||||
|
enumerator_t *enumerator;
|
||||||
|
bool from_server;
|
||||||
|
chunk_t chunk;
|
||||||
|
|
||||||
|
dbg_default_set_level(-1);
|
||||||
|
library_init(NULL, "fuzz_pb_tnc");
|
||||||
|
plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
|
||||||
|
if (!lib->plugins->load(lib->plugins, PLUGINS))
|
||||||
|
{
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
chunk = chunk_create((u_char*)buf, len);
|
||||||
|
|
||||||
|
INIT(state,
|
||||||
|
.receive_batch = (void*)return_true,
|
||||||
|
.set_empty_cdata = (void*)nop,
|
||||||
|
);
|
||||||
|
|
||||||
|
/* parse incoming PB-TNC batch */
|
||||||
|
batch = pb_tnc_batch_create_from_data(chunk);
|
||||||
|
if (batch->process_header(batch, TRUE, FALSE, &from_server) == SUCCESS ||
|
||||||
|
batch->process_header(batch, TRUE, TRUE, &from_server) == SUCCESS)
|
||||||
|
{
|
||||||
|
batch->process(batch, state);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* enumerate correctly decoded PB-TNC messages */
|
||||||
|
enumerator = batch->create_msg_enumerator(batch);
|
||||||
|
while (enumerator->enumerate(enumerator, &msg))
|
||||||
|
{
|
||||||
|
msg->get_type(msg);
|
||||||
|
}
|
||||||
|
enumerator->destroy(enumerator);
|
||||||
|
|
||||||
|
/* enumerate errors detected while parsing PB-TNC batch and messages */
|
||||||
|
enumerator = batch->create_error_enumerator(batch);
|
||||||
|
while (enumerator->enumerate(enumerator, &msg))
|
||||||
|
{
|
||||||
|
error = (pb_error_msg_t*)msg;
|
||||||
|
error->get_error_code(error);
|
||||||
|
}
|
||||||
|
enumerator->destroy(enumerator);
|
||||||
|
|
||||||
|
batch->destroy(batch);
|
||||||
|
|
||||||
|
free(state);
|
||||||
|
lib->plugins->unload(lib->plugins);
|
||||||
|
library_deinit();
|
||||||
|
return 0;
|
||||||
|
}
|
|
@ -127,7 +127,7 @@ osx)
|
||||||
fuzzing)
|
fuzzing)
|
||||||
CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
|
CFLAGS="$CFLAGS -DNO_CHECK_MEMWIPE"
|
||||||
CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
|
CONFIG="--enable-fuzzing --enable-static --disable-shared --disable-scripts
|
||||||
--enable-imc-test"
|
--enable-imc-test --enable-tnccs-20"
|
||||||
# don't run any of the unit tests
|
# don't run any of the unit tests
|
||||||
export TESTS_RUNNERS=
|
export TESTS_RUNNERS=
|
||||||
# prepare corpora
|
# prepare corpora
|
||||||
|
|
Loading…
Reference in New Issue