1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/* usbredirfilterfuzz.cc -- fuzzing for usbredirfilter
Copyright 2021 Michael Hanselmann
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#include <cstdio>
#include <limits>
#include <memory>
#include <string>
#include <fuzzer/FuzzedDataProvider.h>
#include "usbredirfilter.h"
namespace {
struct FilterDeleter {
void operator()(void *ptr) {
usbredirfilter_free(ptr);
}
};
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
static FILE *dev_null = nullptr;
if (dev_null == nullptr) {
dev_null = fopen("/dev/null", "wb");
if (dev_null == nullptr) {
perror("open /dev/null");
abort();
}
}
FuzzedDataProvider fdp{data, size};
std::unique_ptr<usbredirfilter_rule, FilterDeleter> rules;
int ret, rules_count;
const std::string
token_sep = fdp.ConsumeBytesAsString(1),
rule_sep = fdp.ConsumeBytesAsString(1);
{
usbredirfilter_rule *rules_ptr = nullptr;
ret = usbredirfilter_string_to_rules(
fdp.ConsumeRandomLengthString().c_str(),
token_sep.c_str(), rule_sep.c_str(),
&rules_ptr, &rules_count);
if (ret != 0 || rules_ptr == nullptr) {
return 1;
}
rules.reset(rules_ptr);
}
usbredirfilter_verify(rules.get(), rules_count);
usbredirfilter_print(rules.get(), rules_count, dev_null);
{
std::unique_ptr<char, FilterDeleter> str;
str.reset(usbredirfilter_rules_to_string(rules.get(), rules_count,
token_sep.c_str(),
rule_sep.c_str()));
}
{
const int interface_count = fdp.ConsumeIntegralInRange(1, 128);
std::vector<uint8_t>
interface_class = fdp.ConsumeBytes<uint8_t>(interface_count),
interface_subclass = fdp.ConsumeBytes<uint8_t>(interface_count),
interface_protocol = fdp.ConsumeBytes<uint8_t>(interface_count);
// Fill with zeros up to the desired length
interface_class.resize(interface_count, 0);
interface_subclass.resize(interface_count, 0);
interface_protocol.resize(interface_count, 0);
usbredirfilter_check(rules.get(), rules_count,
fdp.ConsumeIntegral<uint8_t>(), fdp.ConsumeIntegral<uint8_t>(),
fdp.ConsumeIntegral<uint8_t>(),
&interface_class[0], &interface_subclass[0], &interface_protocol[0],
interface_count,
fdp.ConsumeIntegral<uint16_t>(), fdp.ConsumeIntegral<uint16_t>(),
fdp.ConsumeIntegral<uint16_t>(),
fdp.ConsumeIntegral<uint8_t>());
}
return 0;
}
/* vim: set sw=4 sts=4 et : */
|
