Three more fuzzers: consensus, hsdesc, intro points

This commit is contained in:
Nick Mathewson 2016-12-19 15:11:27 -05:00
parent 83e9918107
commit b1567cf500
8 changed files with 252 additions and 1 deletions

View File

@ -1172,6 +1172,12 @@ tor_version_is_obsolete(const char *myversion, const char *versionlist)
return ret;
}
MOCK_IMPL(STATIC int,
signed_digest_equals, (const uint8_t *d1, const uint8_t *d2, size_t len))
{
return tor_memeq(d1, d2, len);
}
/** Check whether the object body of the token in <b>tok</b> has a good
* signature for <b>digest</b> using key <b>pkey</b>.
* If <b>CST_NO_CHECK_OBJTYPE</b> is set, do not check
@ -1214,7 +1220,8 @@ check_signature_token(const char *digest,
}
// log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
// hex_str(signed_digest,4));
if (tor_memneq(digest, signed_digest, digest_len)) {
if (! signed_digest_equals((const uint8_t *)digest,
(const uint8_t *)signed_digest, digest_len)) {
log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
tor_free(signed_digest);
return -1;

View File

@ -123,6 +123,8 @@ MOCK_DECL(STATIC void,dump_desc,(const char *desc, const char *type));
MOCK_DECL(STATIC int, router_compute_hash_final,(char *digest,
const char *start, size_t len,
digest_algorithm_t alg));
MOCK_DECL(STATIC int, signed_digest_equals,
(const uint8_t *d1, const uint8_t *d2, size_t len));
#endif
#define ED_DESC_SIGNATURE_PREFIX "Tor router descriptor signature v1"

View File

@ -0,0 +1,52 @@
"a"
"additional-digest"
"additional-signature"
"bandwidth-weights"
"client-versions"
"consensus-digest"
"consensus-method"
"consensus-methods"
"contact"
"dir-address"
"directory-footer"
"directory-signature"
"dir-identity-key"
"dir-key-certificate-version"
"dir-key-certification"
"dir-key-crosscert"
"dir-key-expires"
"dir-key-published"
"dir-signing-key"
"dir-source"
"fingerprint"
"fresh-until"
"id"
"known-flags"
"legacy-dir-key"
"m"
"network-status-version"
"opt"
"p"
"package"
"params"
"pr"
"published"
"r"
"recommended-client-protocols"
"recommended-relay-protocols"
"required-client-protocols"
"required-relay-protocols"
"s"
"server-versions"
"shared-rand-commit"
"shared-rand-current-value"
"shared-rand-participate"
"shared-rand-previous-value"
"signing-ed25519"
"v"
"valid-after"
"valid-until"
"vote-digest"
"vote-status"
"voting-delay"
"w"

View File

@ -0,0 +1,8 @@
"introduction-points"
"permanent-key"
"protocol-versions"
"publication-time"
"rendezvous-service-descriptor"
"secret-id-part"
"signature"
"version"

View File

@ -0,0 +1,6 @@
"introduction-point"
"ip-address"
"onion-port"
"onion-key"
"service-key"

View File

@ -0,0 +1,78 @@
/* Copyright (c) 2016, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
#include "or.h"
#include "routerparse.h"
#include "networkstatus.h"
#include "fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
{
(void)desc;
(void)type;
}
static int
mock_router_produce_hash_final__nohash(char *digest,
const char *start, size_t len,
digest_algorithm_t alg)
{
(void)start;
(void)len;
/* we could look at start[..] */
if (alg == DIGEST_SHA1)
memset(digest, 0x01, 20);
else
memset(digest, 0x02, 32);
return 0;
}
static int
mock_signed_digest_equals__yes(const uint8_t *d1, const uint8_t *d2,
size_t len)
{
(void) tor_memeq(d1, d2, len);
return 1;
}
int
fuzz_init(void)
{
disable_signature_checking();
MOCK(dump_desc, mock_dump_desc__nodump);
MOCK(router_compute_hash_final, mock_router_produce_hash_final__nohash);
MOCK(signed_digest_equals, mock_signed_digest_equals__yes);
ed25519_init();
return 0;
}
int
fuzz_cleanup(void)
{
return 0;
}
int
fuzz_main(const uint8_t *data, size_t sz)
{
networkstatus_t *ns;
char *str = tor_memdup_nulterm(data, sz);
const char *eos = NULL;
networkstatus_type_t tp = NS_TYPE_CONSENSUS;
if (tor_memstr(data, MIN(sz, 1024), "tus vote"))
tp = NS_TYPE_VOTE;
const char *what = (tp == NS_TYPE_CONSENSUS) ? "consensus" : "vote";
ns = networkstatus_parse_vote_from_string(str,
&eos,
tp);
if (ns) {
log_debug(LD_GENERAL, "Parsing as %s okay", what);
networkstatus_vote_free(ns);
} else {
log_debug(LD_GENERAL, "Parsing as %s failed", what);
}
tor_free(str);
return 0;
}

View File

@ -0,0 +1,52 @@
/* Copyright (c) 2016, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
#include "or.h"
#include "routerparse.h"
#include "rendcommon.h"
#include "fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
{
(void)desc;
(void)type;
}
int
fuzz_init(void)
{
disable_signature_checking();
MOCK(dump_desc, mock_dump_desc__nodump);
ed25519_init();
return 0;
}
int
fuzz_cleanup(void)
{
return 0;
}
int
fuzz_main(const uint8_t *data, size_t sz)
{
rend_service_descriptor_t *desc = NULL;
char desc_id[64];
char *ipts = NULL;
size_t ipts_size, esize;
const char *next;
char *str = tor_memdup_nulterm(data, sz);
(void) rend_parse_v2_service_descriptor(&desc, desc_id, &ipts, &ipts_size,
&esize, &next, str, 1);
if (desc) {
log_debug(LD_GENERAL, "Parsing okay");
rend_service_descriptor_free(desc);
} else {
log_debug(LD_GENERAL, "Parsing failed");
}
tor_free(ipts);
tor_free(str);
return 0;
}

View File

@ -0,0 +1,46 @@
/* Copyright (c) 2016, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#define ROUTERPARSE_PRIVATE
#include "or.h"
#include "routerparse.h"
#include "rendcommon.h"
#include "fuzzing.h"
static void
mock_dump_desc__nodump(const char *desc, const char *type)
{
(void)desc;
(void)type;
}
int
fuzz_init(void)
{
disable_signature_checking();
MOCK(dump_desc, mock_dump_desc__nodump);
ed25519_init();
return 0;
}
int
fuzz_cleanup(void)
{
return 0;
}
int
fuzz_main(const uint8_t *data, size_t sz)
{
rend_service_descriptor_t *desc =
tor_malloc_zero(sizeof(rend_service_descriptor_t));
const char *str = (const char*) data;
int r = rend_parse_introduction_points(desc, str, sz);
if (r >= 0) {
log_debug(LD_GENERAL, "Parsing okay: %d", r);
} else {
log_debug(LD_GENERAL, "Parsing failed");
}
rend_service_descriptor_free(desc);
return 0;
}