c-ares/test/ares-fuzz.c

/*
 * Copyright (C) The c-ares project
 *
 * Permission to use, copy, modify, and distribute this
 * software and its documentation for any purpose and without
 * fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright
 * notice and this permission notice appear in supporting
 * documentation, and that the name of M.I.T. not be used in
 * advertising or publicity pertaining to distribution of the
 * software without specific, written prior permission.
 * M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is"
 * without express or implied warranty.
 *
 * SPDX-License-Identifier: MIT
 */
/*
 * General driver to allow command-line fuzzer (i.e. afl) to
 * exercise the libFuzzer entrypoint.
 */

#include <sys/types.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WIN32
#  include <io.h>
#else
#  include <unistd.h>
#endif

#include "ares.h"

#define kMaxAflInputSize (1 << 20)
static unsigned char afl_buffer[kMaxAflInputSize];

#ifdef __AFL_LOOP
/* If we are built with afl-clang-fast, use persistent mode */
#  define KEEP_FUZZING(count) __AFL_LOOP(1000)
#else
/* If we are built with afl-clang, execute each input once */
#  define KEEP_FUZZING(count) ((count) < 1)
#endif

/* In ares-test-fuzz.c and ares-test-fuzz-name.c: */
int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size);

static void ProcessFile(int fd)
{
  ares_ssize_t count = read(fd, afl_buffer, kMaxAflInputSize);
  /*
   * Make a copy of the data so that it's not part of a larger
   * buffer (where buffer overflows would go unnoticed).
   */
  if (count > 0) {
    unsigned char *copied_data = (unsigned char *)malloc((size_t)count);
    memcpy(copied_data, afl_buffer, (size_t)count);
    LLVMFuzzerTestOneInput(copied_data, (size_t)count);
    free(copied_data);
  }
}

int main(int argc, char *argv[])
{
  if (argc == 1) {
    int count = 0;
    while (KEEP_FUZZING(count)) {
      ProcessFile(fileno(stdin));
      count++;
    }
  } else {
    int ii;
    for (ii = 1; ii < argc; ++ii) {
      int fd = open(argv[ii], O_RDONLY);
      if (fd < 0) {
        fprintf(stderr, "Failed to open '%s'\n", argv[ii]);
        continue;
      }
      ProcessFile(fd);
      close(fd);
    }
  }
  return 0;
}
provide SPDX identifiers and a REUSE CI job to verify All files have their licence and copyright information clearly identifiable. If not in the file header, they are set separately in .reuse/dep5. All used license texts are provided in LICENSES/ 2 years ago			`/*`
Fix internal datatype usage and warnings (#573) PR #568 increased the warning levels and c-ares code emitted a bunch of warnings. This PR fixes those warnings and starts transitioning internal data types into more proper forms (e.g. data lengths should be size_t not int). It does, however, have to manually cast back to what the public API needs due to API and ABI compliance (we aren't looking to break integrations, just clean up internals). Fix By: Brad House (@bradh352) 1 year ago			`* Copyright (C) The c-ares project`
provide SPDX identifiers and a REUSE CI job to verify All files have their licence and copyright information clearly identifiable. If not in the file header, they are set separately in .reuse/dep5. All used license texts are provided in LICENSES/ 2 years ago			`*`
			`* Permission to use, copy, modify, and distribute this`
			`* software and its documentation for any purpose and without`
			`* fee is hereby granted, provided that the above copyright`
			`* notice appear in all copies and that both that copyright`
			`* notice and this permission notice appear in supporting`
			`* documentation, and that the name of M.I.T. not be used in`
			`* advertising or publicity pertaining to distribution of the`
			`* software without specific, written prior permission.`
			`* M.I.T. makes no representations about the suitability of`
			`* this software for any purpose. It is provided "as is"`
			`* without express or implied warranty.`
			`*`
			`* SPDX-License-Identifier: MIT`
			`*/`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`/*`
			`* General driver to allow command-line fuzzer (i.e. afl) to`
			`* exercise the libFuzzer entrypoint.`
			`*/`

			`#include <sys/types.h>`
			`#include <fcntl.h>`
			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#ifdef WIN32`
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i /.c /.h //.c //.h ``` Fix By: Brad House (@bradh352) 1 year ago			`# include <io.h>`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`#else`
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i /.c /.h //.c //.h ``` Fix By: Brad House (@bradh352) 1 year ago			`# include <unistd.h>`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`#endif`

Fix internal datatype usage and warnings (#573) PR #568 increased the warning levels and c-ares code emitted a bunch of warnings. This PR fixes those warnings and starts transitioning internal data types into more proper forms (e.g. data lengths should be size_t not int). It does, however, have to manually cast back to what the public API needs due to API and ABI compliance (we aren't looking to break integrations, just clean up internals). Fix By: Brad House (@bradh352) 1 year ago			`#include "ares.h"`

Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`#define kMaxAflInputSize (1 << 20)`
			`static unsigned char afl_buffer[kMaxAflInputSize];`

			`#ifdef __AFL_LOOP`
			`/* If we are built with afl-clang-fast, use persistent mode */`
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i /.c /.h //.c //.h ``` Fix By: Brad House (@bradh352) 1 year ago			`# define KEEP_FUZZING(count) __AFL_LOOP(1000)`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`#else`
			`/* If we are built with afl-clang, execute each input once */`
Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i /.c /.h //.c //.h ``` Fix By: Brad House (@bradh352) 1 year ago			`# define KEEP_FUZZING(count) ((count) < 1)`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`#endif`

			`/* In ares-test-fuzz.c and ares-test-fuzz-name.c: */`
			`int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size);`

Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i /.c /.h //.c //.h ``` Fix By: Brad House (@bradh352) 1 year ago			`static void ProcessFile(int fd)`
			`{`
Fix internal datatype usage and warnings (#573) PR #568 increased the warning levels and c-ares code emitted a bunch of warnings. This PR fixes those warnings and starts transitioning internal data types into more proper forms (e.g. data lengths should be size_t not int). It does, however, have to manually cast back to what the public API needs due to API and ABI compliance (we aren't looking to break integrations, just clean up internals). Fix By: Brad House (@bradh352) 1 year ago			`ares_ssize_t count = read(fd, afl_buffer, kMaxAflInputSize);`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`/*`
			`* Make a copy of the data so that it's not part of a larger`
			`* buffer (where buffer overflows would go unnoticed).`
			`*/`
Fix internal datatype usage and warnings (#573) PR #568 increased the warning levels and c-ares code emitted a bunch of warnings. This PR fixes those warnings and starts transitioning internal data types into more proper forms (e.g. data lengths should be size_t not int). It does, however, have to manually cast back to what the public API needs due to API and ABI compliance (we aren't looking to break integrations, just clean up internals). Fix By: Brad House (@bradh352) 1 year ago			`if (count > 0) {`
			`unsigned char copied_data = (unsigned char )malloc((size_t)count);`
			`memcpy(copied_data, afl_buffer, (size_t)count);`
			`LLVMFuzzerTestOneInput(copied_data, (size_t)count);`
			`free(copied_data);`
			`}`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`}`

Reformat code using clang-format (#579) c-ares uses multiple code styles, standardize on one. Talking with @bagder he feels strongly about maintaining an 80 column limit, but feels less strongly about things I feel strongly about (like alignment). Can re-run the formatter on the codebase via: ``` clang-format -i /.c /.h //.c //.h ``` Fix By: Brad House (@bradh352) 1 year ago			`int main(int argc, char *argv[])`
			`{`
Avoid buffer overflow in RC4 loop comparison (#336) The rc4 function iterates over a buffer of size buffer_len who's maximum value is INT_MAX with a counter of type short that is not guaranteed to have maximum size INT_MAX. In circumstances where short is narrower than int and where buffer_len is larger than the maximum value of a short, it may be possible to loop infinitely as counter will overflow and never be greater than or equal to buffer_len. The solution is to make the comparison be between types of equal width. This commit defines counter as an int. Fix By: Fionn Fitzmaurice (@fionn) 5 years ago			`if (argc == 1) {`
			`int count = 0;`
			`while (KEEP_FUZZING(count)) {`
			`ProcessFile(fileno(stdin));`
			`count++;`
			`}`
			`} else {`
			`int ii;`
			`for (ii = 1; ii < argc; ++ii) {`
			`int fd = open(argv[ii], O_RDONLY);`
			`if (fd < 0) {`
			`fprintf(stderr, "Failed to open '%s'\n", argv[ii]);`
			`continue;`
			`}`
			`ProcessFile(fd);`
			`close(fd);`
			`}`
			`}`
			`return 0;`
			`}`