Merge remote-tracking branch 'haxxpop/fuzzing-hsv3'

2024-11-10 13:13:44 +01:00 · 2017-08-28 13:46:24 -04:00 · 2017-08-28 13:46:24 -04:00 · 18bc7fa70b
commit 18bc7fa70b
parent ef6ed0f211 97347b1109
6 changed files with 113 additions and 11 deletions
--- a/scripts/codegen/fuzzing_include_am.py
+++ b/scripts/codegen/fuzzing_include_am.py
@ -7,6 +7,7 @@ FUZZERS = """
 	diff-apply
 	extrainfo
 	hsdescv2
+	hsdescv3
 	http
 	iptsv2
 	microdesc
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@ -356,12 +356,12 @@ tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
 *
 * Return 0 on success, negative on failure.
 */
-int
-rsa_ed25519_crosscert_check(const uint8_t *crosscert,
-                            const size_t crosscert_len,
-                            const crypto_pk_t *rsa_id_key,
-                            const ed25519_public_key_t *master_key,
-                            const time_t reject_if_expired_before)
+MOCK_IMPL(int,
+rsa_ed25519_crosscert_check, (const uint8_t *crosscert,
+                              const size_t crosscert_len,
+                              const crypto_pk_t *rsa_id_key,
+                              const ed25519_public_key_t *master_key,
+                              const time_t reject_if_expired_before))
 {
  rsa_ed_crosscert_t *cc = NULL;
  int rv;
--- a/src/or/torcert.h
+++ b/src/or/torcert.h
@ -75,11 +75,12 @@ ssize_t tor_make_rsa_ed25519_crosscert(const ed25519_public_key_t *ed_key,
                                       const crypto_pk_t *rsa_key,
                                       time_t expires,
                                       uint8_t **cert);
-int rsa_ed25519_crosscert_check(const uint8_t *crosscert,
-                                const size_t crosscert_len,
-                                const crypto_pk_t *rsa_id_key,
-                                const ed25519_public_key_t *master_key,
-                                const time_t reject_if_expired_before);
+MOCK_DECL(int,
+rsa_ed25519_crosscert_check, (const uint8_t *crosscert,
+                              const size_t crosscert_len,
+                              const crypto_pk_t *rsa_id_key,
+                              const ed25519_public_key_t *master_key,
+                              const time_t reject_if_expired_before));

 or_handshake_certs_t *or_handshake_certs_new(void);
 void or_handshake_certs_free(or_handshake_certs_t *certs);
--- a/src/test/fuzz/dict/hsdescv3
+++ b/src/test/fuzz/dict/hsdescv3
@ -0,0 +1,6 @@
+"hs-descriptor"
+"descriptor-lifetime"
+"descriptor-signing-key-cert"
+"revision-counter"
+"superencrypted"
+"signature"
--- a/src/test/fuzz/fuzz_hsdescv3.c
+++ b/src/test/fuzz/fuzz_hsdescv3.c
@ -0,0 +1,71 @@
+/* Copyright (c) 2017, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#define ROUTERPARSE_PRIVATE
+#define HS_DESCRIPTOR_PRIVATE
+
+#include "crypto_ed25519.h"
+#include "hs_descriptor.h"
+#include "routerparse.h"
+#include "util.h"
+#include "torcert.h"
+
+#include "fuzzing.h"
+
+static void
+mock_dump_desc__nodump(const char *desc, const char *type)
+{
+  (void)desc;
+  (void)type;
+}
+
+static int
+mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert,
+                                 const size_t crosscert_len,
+                                 const crypto_pk_t *rsa_id_key,
+                                 const ed25519_public_key_t *master_key,
+                                 const time_t reject_if_expired_before)
+{
+  (void) crosscert;
+  (void) crosscert_len;
+  (void) rsa_id_key;
+  (void) master_key;
+  (void) reject_if_expired_before;
+  return 0;
+}
+
+int
+fuzz_init(void)
+{
+  disable_signature_checking();
+  MOCK(dump_desc, mock_dump_desc__nodump);
+  MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check);
+  ed25519_init();
+  return 0;
+}
+
+int
+fuzz_cleanup(void)
+{
+  return 0;
+}
+
+int
+fuzz_main(const uint8_t *data, size_t sz)
+{
+  hs_descriptor_t *desc = NULL;
+
+  char *fuzzing_data = tor_memdup_nulterm(data, sz);
+
+  hs_desc_decode_descriptor(fuzzing_data, NULL, &desc);
+  if (desc) {
+    log_debug(LD_GENERAL, "Decoding okay");
+    hs_descriptor_free(desc);
+  } else {
+    log_debug(LD_GENERAL, "Decoding failed");
+  }
+
+  tor_free(fuzzing_data);
+  return 0;
+}
+
--- a/src/test/fuzz/include.am
+++ b/src/test/fuzz/include.am
@ -94,6 +94,14 @@ src_test_fuzz_fuzz_hsdescv2_CFLAGS = $(FUZZING_CFLAGS)
 src_test_fuzz_fuzz_hsdescv2_LDFLAGS = $(FUZZING_LDFLAG)
 src_test_fuzz_fuzz_hsdescv2_LDADD = $(FUZZING_LIBS)

+src_test_fuzz_fuzz_hsdescv3_SOURCES = \
+	src/test/fuzz/fuzzing_common.c \
+	src/test/fuzz/fuzz_hsdescv3.c
+src_test_fuzz_fuzz_hsdescv3_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_hsdescv3_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_hsdescv3_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_hsdescv3_LDADD = $(FUZZING_LIBS)
+
 src_test_fuzz_fuzz_http_SOURCES = \
 	src/test/fuzz/fuzzing_common.c \
 	src/test/fuzz/fuzz_http.c
@ -133,6 +141,7 @@ FUZZERS = \
 	src/test/fuzz/fuzz-diff-apply \
 	src/test/fuzz/fuzz-extrainfo \
 	src/test/fuzz/fuzz-hsdescv2 \
+	src/test/fuzz/fuzz-hsdescv3 \
 	src/test/fuzz/fuzz-http \
 	src/test/fuzz/fuzz-iptsv2 \
 	src/test/fuzz/fuzz-microdesc \
@ -183,6 +192,13 @@ src_test_fuzz_lf_fuzz_hsdescv2_CFLAGS = $(LIBFUZZER_CFLAGS)
 src_test_fuzz_lf_fuzz_hsdescv2_LDFLAGS = $(LIBFUZZER_LDFLAG)
 src_test_fuzz_lf_fuzz_hsdescv2_LDADD = $(LIBFUZZER_LIBS)

+src_test_fuzz_lf_fuzz_hsdescv3_SOURCES = \
+	$(src_test_fuzz_fuzz_hsdescv3_SOURCES)
+src_test_fuzz_lf_fuzz_hsdescv3_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
+src_test_fuzz_lf_fuzz_hsdescv3_CFLAGS = $(LIBFUZZER_CFLAGS)
+src_test_fuzz_lf_fuzz_hsdescv3_LDFLAGS = $(LIBFUZZER_LDFLAG)
+src_test_fuzz_lf_fuzz_hsdescv3_LDADD = $(LIBFUZZER_LIBS)
+
 src_test_fuzz_lf_fuzz_http_SOURCES = \
 	$(src_test_fuzz_fuzz_http_SOURCES)
 src_test_fuzz_lf_fuzz_http_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
@ -218,6 +234,7 @@ LIBFUZZER_FUZZERS = \
 	src/test/fuzz/lf-fuzz-diff-apply \
 	src/test/fuzz/lf-fuzz-extrainfo \
 	src/test/fuzz/lf-fuzz-hsdescv2 \
+	src/test/fuzz/lf-fuzz-hsdescv3 \
 	src/test/fuzz/lf-fuzz-http \
 	src/test/fuzz/lf-fuzz-iptsv2 \
 	src/test/fuzz/lf-fuzz-microdesc \
@ -260,6 +277,11 @@ src_test_fuzz_liboss_fuzz_hsdescv2_a_SOURCES = \
 src_test_fuzz_liboss_fuzz_hsdescv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
 src_test_fuzz_liboss_fuzz_hsdescv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)

+src_test_fuzz_liboss_fuzz_hsdescv3_a_SOURCES = \
+	$(src_test_fuzz_fuzz_hsdescv3_SOURCES)
+src_test_fuzz_liboss_fuzz_hsdescv3_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
+src_test_fuzz_liboss_fuzz_hsdescv3_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS)
+
 src_test_fuzz_liboss_fuzz_http_a_SOURCES = \
 	$(src_test_fuzz_fuzz_http_SOURCES)
 src_test_fuzz_liboss_fuzz_http_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS)
@ -287,6 +309,7 @@ OSS_FUZZ_FUZZERS = \
 	src/test/fuzz/liboss-fuzz-diff-apply.a \
 	src/test/fuzz/liboss-fuzz-extrainfo.a \
 	src/test/fuzz/liboss-fuzz-hsdescv2.a \
+	src/test/fuzz/liboss-fuzz-hsdescv3.a \
 	src/test/fuzz/liboss-fuzz-http.a \
 	src/test/fuzz/liboss-fuzz-iptsv2.a \
 	src/test/fuzz/liboss-fuzz-microdesc.a \