From 105f4a0f393c55bdffd30ae39414251c37182522 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 8 Dec 2020 11:02:54 +0000 Subject: [PATCH] fuzzing: Add more fuzzing tests for various string parsing functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There’s no explicit guarantee that any of these functions are safe to use on untrusted data, but it does no harm to test them. Signed-off-by: Philip Withnall --- fuzzing/fuzz_date_parse.c | 19 ++++++++++++++ fuzzing/fuzz_date_time_new_from_iso8601.c | 25 +++++++++++++++++++ .../fuzz_inet_address_mask_new_from_string.c | 25 +++++++++++++++++++ fuzzing/fuzz_inet_address_new_from_string.c | 25 +++++++++++++++++++ ...fuzz_inet_socket_address_new_from_string.c | 25 +++++++++++++++++++ fuzzing/fuzz_network_address_parse.c | 25 +++++++++++++++++++ fuzzing/fuzz_network_address_parse_uri.c | 25 +++++++++++++++++++ fuzzing/meson.build | 7 ++++++ 8 files changed, 176 insertions(+) create mode 100644 fuzzing/fuzz_date_parse.c create mode 100644 fuzzing/fuzz_date_time_new_from_iso8601.c create mode 100644 fuzzing/fuzz_inet_address_mask_new_from_string.c create mode 100644 fuzzing/fuzz_inet_address_new_from_string.c create mode 100644 fuzzing/fuzz_inet_socket_address_new_from_string.c create mode 100644 fuzzing/fuzz_network_address_parse.c create mode 100644 fuzzing/fuzz_network_address_parse_uri.c diff --git a/fuzzing/fuzz_date_parse.c b/fuzzing/fuzz_date_parse.c new file mode 100644 index 000000000..0a7b62eec --- /dev/null +++ b/fuzzing/fuzz_date_parse.c @@ -0,0 +1,19 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GDate *date = g_date_new (); + + fuzz_set_logging_func (); + + /* ignore @size (g_date_set_parse() doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + g_date_set_parse (date, (const gchar *) nul_terminated_data); + g_free (nul_terminated_data); + + g_date_free (date); + + return 0; +} diff --git a/fuzzing/fuzz_date_time_new_from_iso8601.c b/fuzzing/fuzz_date_time_new_from_iso8601.c new file mode 100644 index 000000000..be53a1319 --- /dev/null +++ b/fuzzing/fuzz_date_time_new_from_iso8601.c @@ -0,0 +1,25 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GDateTime *dt = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + dt = g_date_time_new_from_iso8601 ((const gchar *) nul_terminated_data, NULL); + g_free (nul_terminated_data); + + if (dt != NULL) + { + gchar *text = g_date_time_format_iso8601 (dt); + g_free (text); + } + + g_clear_pointer (&dt, g_date_time_unref); + + return 0; +} diff --git a/fuzzing/fuzz_inet_address_mask_new_from_string.c b/fuzzing/fuzz_inet_address_mask_new_from_string.c new file mode 100644 index 000000000..9ac62eda4 --- /dev/null +++ b/fuzzing/fuzz_inet_address_mask_new_from_string.c @@ -0,0 +1,25 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GInetAddressMask *mask = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + mask = g_inet_address_mask_new_from_string ((const gchar *) nul_terminated_data, NULL); + g_free (nul_terminated_data); + + if (mask != NULL) + { + gchar *text = g_inet_address_mask_to_string (mask); + g_free (text); + } + + g_clear_object (&mask); + + return 0; +} diff --git a/fuzzing/fuzz_inet_address_new_from_string.c b/fuzzing/fuzz_inet_address_new_from_string.c new file mode 100644 index 000000000..af24592ac --- /dev/null +++ b/fuzzing/fuzz_inet_address_new_from_string.c @@ -0,0 +1,25 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GInetAddress *addr = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + addr = g_inet_address_new_from_string ((const gchar *) nul_terminated_data); + g_free (nul_terminated_data); + + if (addr != NULL) + { + gchar *text = g_inet_address_to_string (addr); + g_free (text); + } + + g_clear_object (&addr); + + return 0; +} diff --git a/fuzzing/fuzz_inet_socket_address_new_from_string.c b/fuzzing/fuzz_inet_socket_address_new_from_string.c new file mode 100644 index 000000000..11dd16508 --- /dev/null +++ b/fuzzing/fuzz_inet_socket_address_new_from_string.c @@ -0,0 +1,25 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GSocketAddress *addr = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + addr = g_inet_socket_address_new_from_string ((const gchar *) nul_terminated_data, 1); + g_free (nul_terminated_data); + + if (addr != NULL) + { + gchar *text = g_socket_connectable_to_string (G_SOCKET_CONNECTABLE (addr)); + g_free (text); + } + + g_clear_object (&addr); + + return 0; +} diff --git a/fuzzing/fuzz_network_address_parse.c b/fuzzing/fuzz_network_address_parse.c new file mode 100644 index 000000000..bda05c2f6 --- /dev/null +++ b/fuzzing/fuzz_network_address_parse.c @@ -0,0 +1,25 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GSocketConnectable *connectable = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (g_network_address_parse() doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + connectable = g_network_address_parse ((const gchar *) nul_terminated_data, 1, NULL); + g_free (nul_terminated_data); + + if (connectable != NULL) + { + gchar *text = g_socket_connectable_to_string (connectable); + g_free (text); + } + + g_clear_object (&connectable); + + return 0; +} diff --git a/fuzzing/fuzz_network_address_parse_uri.c b/fuzzing/fuzz_network_address_parse_uri.c new file mode 100644 index 000000000..ea5113363 --- /dev/null +++ b/fuzzing/fuzz_network_address_parse_uri.c @@ -0,0 +1,25 @@ +#include "fuzz.h" + +int +LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) +{ + unsigned char *nul_terminated_data = NULL; + GSocketConnectable *connectable = NULL; + + fuzz_set_logging_func (); + + /* ignore @size (g_network_address_parse_uri() doesn’t support it); ensure @data is nul-terminated */ + nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size); + connectable = g_network_address_parse_uri ((const gchar *) nul_terminated_data, 1, NULL); + g_free (nul_terminated_data); + + if (connectable != NULL) + { + gchar *text = g_socket_connectable_to_string (connectable); + g_free (text); + } + + g_clear_object (&connectable); + + return 0; +} diff --git a/fuzzing/meson.build b/fuzzing/meson.build index 1a591c4b7..a40321200 100644 --- a/fuzzing/meson.build +++ b/fuzzing/meson.build @@ -1,7 +1,14 @@ fuzz_targets = [ 'fuzz_bookmark', + 'fuzz_date_parse', + 'fuzz_date_time_new_from_iso8601', 'fuzz_dbus_message', + 'fuzz_inet_address_mask_new_from_string', + 'fuzz_inet_address_new_from_string', + 'fuzz_inet_socket_address_new_from_string', 'fuzz_key', + 'fuzz_network_address_parse', + 'fuzz_network_address_parse_uri', 'fuzz_uri_escape', 'fuzz_uri_parse', 'fuzz_uri_parse_params',