test_fuzz.c revision 315432
1/*- 2 * Copyright (c) 2003-2007 Tim Kientzle 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25#include "test.h" 26__FBSDID("$FreeBSD: stable/11/contrib/libarchive/libarchive/test/test_fuzz.c 315432 2017-03-16 23:07:35Z mm $"); 27 28/* 29 * This was inspired by an ISO fuzz tester written by Michal Zalewski 30 * and posted to the "vulnwatch" mailing list on March 17, 2005: 31 * http://seclists.org/vulnwatch/2005/q1/0088.html 32 * 33 * This test simply reads each archive image into memory, pokes 34 * random values into it and runs it through libarchive. It tries 35 * to damage about 1% of each file and repeats the exercise 100 times 36 * with each file. 37 * 38 * Unlike most other tests, this test does not verify libarchive's 39 * responses other than to ensure that libarchive doesn't crash. 40 * 41 * Due to the deliberately random nature of this test, it may be hard 42 * to reproduce failures. Because this test deliberately attempts to 43 * induce crashes, there's little that can be done in the way of 44 * post-failure diagnostics. 45 */ 46 47/* Because this works for any archive, we can just re-use the archives 48 * developed for other tests. */ 49struct files { 50 int uncompress; /* If 1, decompress the file before fuzzing. */ 51 const char **names; 52}; 53 54static void 55test_fuzz(const struct files *filesets) 56{ 57 const void *blk; 58 size_t blk_size; 59 int64_t blk_offset; 60 int n; 61 62 for (n = 0; filesets[n].names != NULL; ++n) { 63 const size_t buffsize = 30000000; 64 struct archive_entry *ae; 65 struct archive *a; 66 char *rawimage = NULL, *image = NULL, *tmp = NULL; 67 size_t size = 0, oldsize = 0; 68 int i, q; 69 70 extract_reference_files(filesets[n].names); 71 if (filesets[n].uncompress) { 72 int r; 73 /* Use format_raw to decompress the data. */ 74 assert((a = archive_read_new()) != NULL); 75 assertEqualIntA(a, ARCHIVE_OK, 76 archive_read_support_filter_all(a)); 77 assertEqualIntA(a, ARCHIVE_OK, 78 archive_read_support_format_raw(a)); 79 r = archive_read_open_filenames(a, filesets[n].names, 16384); 80 if (r != ARCHIVE_OK) { 81 archive_read_free(a); 82 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) { 83 skipping("Cannot uncompress fileset"); 84 } else { 85 skipping("Cannot uncompress %s", filesets[n].names[0]); 86 } 87 continue; 88 } 89 assertEqualIntA(a, ARCHIVE_OK, 90 archive_read_next_header(a, &ae)); 91 rawimage = malloc(buffsize); 92 size = archive_read_data(a, rawimage, buffsize); 93 assertEqualIntA(a, ARCHIVE_EOF, 94 archive_read_next_header(a, &ae)); 95 assertEqualInt(ARCHIVE_OK, 96 archive_read_free(a)); 97 assert(size > 0); 98 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) { 99 failure("Internal buffer is not big enough for " 100 "uncompressed test files"); 101 } else { 102 failure("Internal buffer is not big enough for " 103 "uncompressed test file: %s", filesets[n].names[0]); 104 } 105 if (!assert(size < buffsize)) { 106 free(rawimage); 107 rawimage = NULL; 108 continue; 109 } 110 } else { 111 for (i = 0; filesets[n].names[i] != NULL; ++i) 112 { 113 char *newraw; 114 tmp = slurpfile(&size, filesets[n].names[i]); 115 newraw = realloc(rawimage, oldsize + size); 116 if (!assert(newraw != NULL)) 117 { 118 free(rawimage); 119 rawimage = NULL; 120 free(tmp); 121 continue; 122 } 123 rawimage = newraw; 124 memcpy(rawimage + oldsize, tmp, size); 125 oldsize += size; 126 size = oldsize; 127 free(tmp); 128 } 129 } 130 if (size == 0) { 131 free(rawimage); 132 rawimage = NULL; 133 continue; 134 } 135 image = malloc(size); 136 assert(image != NULL); 137 if (image == NULL) { 138 free(rawimage); 139 rawimage = NULL; 140 return; 141 } 142 143 assert(rawimage != NULL); 144 145 srand((unsigned)time(NULL)); 146 147 for (i = 0; i < 1000; ++i) { 148 FILE *f; 149 int j, numbytes, trycnt; 150 151 /* Fuzz < 1% of the bytes in the archive. */ 152 memcpy(image, rawimage, size); 153 q = (int)size / 100; 154 if (q < 4) 155 q = 4; 156 numbytes = (int)(rand() % q); 157 for (j = 0; j < numbytes; ++j) 158 image[rand() % size] = (char)rand(); 159 160 /* Save the messed-up image to a file. 161 * If we crash, that file will be useful. */ 162 for (trycnt = 0; trycnt < 3; trycnt++) { 163 f = fopen("after.test.failure.send.this.file." 164 "to.libarchive.maintainers.with.system.details", "wb"); 165 if (f != NULL) 166 break; 167#if defined(_WIN32) && !defined(__CYGWIN__) 168 /* 169 * Sometimes previous close operation does not completely 170 * end at this time. So we should take a wait while 171 * the operation running. 172 */ 173 Sleep(100); 174#endif 175 } 176 assert(f != NULL); 177 assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f)); 178 fclose(f); 179 180 // Try to read all headers and bodies. 181 assert((a = archive_read_new()) != NULL); 182 assertEqualIntA(a, ARCHIVE_OK, 183 archive_read_support_filter_all(a)); 184 assertEqualIntA(a, ARCHIVE_OK, 185 archive_read_support_format_all(a)); 186 187 if (0 == archive_read_open_memory(a, image, size)) { 188 while(0 == archive_read_next_header(a, &ae)) { 189 while (0 == archive_read_data_block(a, 190 &blk, &blk_size, &blk_offset)) 191 continue; 192 } 193 archive_read_close(a); 194 } 195 archive_read_free(a); 196 197 // Just list headers, skip bodies. 198 assert((a = archive_read_new()) != NULL); 199 assertEqualIntA(a, ARCHIVE_OK, 200 archive_read_support_filter_all(a)); 201 assertEqualIntA(a, ARCHIVE_OK, 202 archive_read_support_format_all(a)); 203 204 if (0 == archive_read_open_memory(a, image, size)) { 205 while(0 == archive_read_next_header(a, &ae)) { 206 } 207 archive_read_close(a); 208 } 209 archive_read_free(a); 210 } 211 free(image); 212 free(rawimage); 213 } 214} 215 216DEFINE_TEST(test_fuzz_ar) 217{ 218 static const char *fileset1[] = { 219 "test_read_format_ar.ar", 220 NULL 221 }; 222 static const struct files filesets[] = { 223 {0, fileset1}, 224 {1, NULL} 225 }; 226 test_fuzz(filesets); 227} 228 229DEFINE_TEST(test_fuzz_cab) 230{ 231 static const char *fileset1[] = { 232 "test_fuzz.cab", 233 NULL 234 }; 235 static const struct files filesets[] = { 236 {0, fileset1}, 237 {1, NULL} 238 }; 239 test_fuzz(filesets); 240} 241 242DEFINE_TEST(test_fuzz_cpio) 243{ 244 static const char *fileset1[] = { 245 "test_read_format_cpio_bin_be.cpio", 246 NULL 247 }; 248 static const char *fileset2[] = { 249 "test_read_format_cpio_bin_le.cpio", 250 NULL 251 }; 252 static const char *fileset3[] = { 253 /* Test RPM unwrapper */ 254 "test_read_format_cpio_svr4_gzip_rpm.rpm", 255 NULL 256 }; 257 static const struct files filesets[] = { 258 {0, fileset1}, 259 {0, fileset2}, 260 {0, fileset3}, 261 {1, NULL} 262 }; 263 test_fuzz(filesets); 264} 265 266DEFINE_TEST(test_fuzz_iso9660) 267{ 268 static const char *fileset1[] = { 269 "test_fuzz_1.iso.Z", 270 NULL 271 }; 272 static const struct files filesets[] = { 273 {0, fileset1}, /* Exercise compress decompressor. */ 274 {1, fileset1}, 275 {1, NULL} 276 }; 277 test_fuzz(filesets); 278} 279 280DEFINE_TEST(test_fuzz_lzh) 281{ 282 static const char *fileset1[] = { 283 "test_fuzz.lzh", 284 NULL 285 }; 286 static const struct files filesets[] = { 287 {0, fileset1}, 288 {1, NULL} 289 }; 290 test_fuzz(filesets); 291} 292 293DEFINE_TEST(test_fuzz_mtree) 294{ 295 static const char *fileset1[] = { 296 "test_read_format_mtree.mtree", 297 NULL 298 }; 299 static const struct files filesets[] = { 300 {0, fileset1}, 301 {1, NULL} 302 }; 303 test_fuzz(filesets); 304} 305 306DEFINE_TEST(test_fuzz_rar) 307{ 308 static const char *fileset1[] = { 309 /* Uncompressed RAR test */ 310 "test_read_format_rar.rar", 311 NULL 312 }; 313 static const char *fileset2[] = { 314 /* RAR file with binary data */ 315 "test_read_format_rar_binary_data.rar", 316 NULL 317 }; 318 static const char *fileset3[] = { 319 /* Best Compressed RAR test */ 320 "test_read_format_rar_compress_best.rar", 321 NULL 322 }; 323 static const char *fileset4[] = { 324 /* Normal Compressed RAR test */ 325 "test_read_format_rar_compress_normal.rar", 326 NULL 327 }; 328 static const char *fileset5[] = { 329 /* Normal Compressed Multi LZSS blocks RAR test */ 330 "test_read_format_rar_multi_lzss_blocks.rar", 331 NULL 332 }; 333 static const char *fileset6[] = { 334 /* RAR with no EOF header */ 335 "test_read_format_rar_noeof.rar", 336 NULL 337 }; 338 static const char *fileset7[] = { 339 /* Best Compressed RAR file with both PPMd and LZSS blocks */ 340 "test_read_format_rar_ppmd_lzss_conversion.rar", 341 NULL 342 }; 343 static const char *fileset8[] = { 344 /* RAR with subblocks */ 345 "test_read_format_rar_subblock.rar", 346 NULL 347 }; 348 static const char *fileset9[] = { 349 /* RAR with Unicode filenames */ 350 "test_read_format_rar_unicode.rar", 351 NULL 352 }; 353 static const char *fileset10[] = { 354 "test_read_format_rar_multivolume.part0001.rar", 355 "test_read_format_rar_multivolume.part0002.rar", 356 "test_read_format_rar_multivolume.part0003.rar", 357 "test_read_format_rar_multivolume.part0004.rar", 358 NULL 359 }; 360 static const struct files filesets[] = { 361 {0, fileset1}, 362 {0, fileset2}, 363 {0, fileset3}, 364 {0, fileset4}, 365 {0, fileset5}, 366 {0, fileset6}, 367 {0, fileset7}, 368 {0, fileset8}, 369 {0, fileset9}, 370 {0, fileset10}, 371 {1, NULL} 372 }; 373 test_fuzz(filesets); 374} 375 376DEFINE_TEST(test_fuzz_tar) 377{ 378 static const char *fileset1[] = { 379 "test_compat_bzip2_1.tbz", 380 NULL 381 }; 382 static const char *fileset2[] = { 383 "test_compat_gtar_1.tar", 384 NULL 385 }; 386 static const char *fileset3[] = { 387 "test_compat_gzip_1.tgz", 388 NULL 389 }; 390 static const char *fileset4[] = { 391 "test_compat_gzip_2.tgz", 392 NULL 393 }; 394 static const char *fileset5[] = { 395 "test_compat_tar_hardlink_1.tar", 396 NULL 397 }; 398 static const char *fileset6[] = { 399 "test_compat_xz_1.txz", 400 NULL 401 }; 402 static const char *fileset7[] = { 403 "test_read_format_gtar_sparse_1_17_posix10_modified.tar", 404 NULL 405 }; 406 static const char *fileset8[] = { 407 "test_read_format_tar_empty_filename.tar", 408 NULL 409 }; 410#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H 411 static const char *fileset9[] = { 412 "test_compat_lzop_1.tar.lzo", 413 NULL 414 }; 415#endif 416 static const struct files filesets[] = { 417 {0, fileset1}, /* Exercise bzip2 decompressor. */ 418 {1, fileset1}, 419 {0, fileset2}, 420 {0, fileset3}, /* Exercise gzip decompressor. */ 421 {0, fileset4}, /* Exercise gzip decompressor. */ 422 {0, fileset5}, 423 {0, fileset6}, /* Exercise xz decompressor. */ 424 {0, fileset7}, 425 {0, fileset8}, 426#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H 427 {0, fileset9}, /* Exercise lzo decompressor. */ 428#endif 429 {1, NULL} 430 }; 431 test_fuzz(filesets); 432} 433 434DEFINE_TEST(test_fuzz_zip) 435{ 436 static const char *fileset1[] = { 437 "test_compat_zip_1.zip", 438 NULL 439 }; 440 static const char *fileset2[] = { 441 "test_compat_zip_2.zip", 442 NULL 443 }; 444 static const char *fileset3[] = { 445 "test_compat_zip_3.zip", 446 NULL 447 }; 448 static const char *fileset4[] = { 449 "test_compat_zip_4.zip", 450 NULL 451 }; 452 static const char *fileset5[] = { 453 "test_compat_zip_5.zip", 454 NULL 455 }; 456 static const char *fileset6[] = { 457 "test_compat_zip_6.zip", 458 NULL 459 }; 460 static const char *fileset7[] = { 461 "test_read_format_zip.zip", 462 NULL 463 }; 464 static const char *fileset8[] = { 465 "test_read_format_zip_comment_stored_1.zip", 466 NULL 467 }; 468 static const char *fileset9[] = { 469 "test_read_format_zip_comment_stored_2.zip", 470 NULL 471 }; 472 static const char *fileset10[] = { 473 "test_read_format_zip_encryption_data.zip", 474 NULL 475 }; 476 static const char *fileset11[] = { 477 "test_read_format_zip_encryption_header.zip", 478 NULL 479 }; 480 static const char *fileset12[] = { 481 "test_read_format_zip_encryption_partially.zip", 482 NULL 483 }; 484 static const char *fileset13[] = { 485 "test_read_format_zip_filename_cp866.zip", 486 NULL 487 }; 488 static const char *fileset14[] = { 489 "test_read_format_zip_filename_cp932.zip", 490 NULL 491 }; 492 static const char *fileset15[] = { 493 "test_read_format_zip_filename_koi8r.zip", 494 NULL 495 }; 496 static const char *fileset16[] = { 497 "test_read_format_zip_filename_utf8_jp.zip", 498 NULL 499 }; 500 static const char *fileset17[] = { 501 "test_read_format_zip_filename_utf8_ru.zip", 502 NULL 503 }; 504 static const char *fileset18[] = { 505 "test_read_format_zip_filename_utf8_ru2.zip", 506 NULL 507 }; 508 static const char *fileset19[] = { 509 "test_read_format_zip_length_at_end.zip", 510 NULL 511 }; 512 static const char *fileset20[] = { 513 "test_read_format_zip_mac_metadata.zip", 514 NULL 515 }; 516 static const char *fileset21[] = { 517 "test_read_format_zip_malformed1.zip", 518 NULL 519 }; 520 static const char *fileset22[] = { 521 "test_read_format_zip_msdos.zip", 522 NULL 523 }; 524 static const char *fileset23[] = { 525 "test_read_format_zip_nested.zip", 526 NULL 527 }; 528 static const char *fileset24[] = { 529 "test_read_format_zip_nofiletype.zip", 530 NULL 531 }; 532 static const char *fileset25[] = { 533 "test_read_format_zip_padded1.zip", 534 NULL 535 }; 536 static const char *fileset26[] = { 537 "test_read_format_zip_padded2.zip", 538 NULL 539 }; 540 static const char *fileset27[] = { 541 "test_read_format_zip_padded3.zip", 542 NULL 543 }; 544 static const char *fileset28[] = { 545 "test_read_format_zip_symlink.zip", 546 NULL 547 }; 548 static const char *fileset29[] = { 549 "test_read_format_zip_traditional_encryption_data.zip", 550 NULL 551 }; 552 static const char *fileset30[] = { 553 "test_read_format_zip_ux.zip", 554 NULL 555 }; 556 static const char *fileset31[] = { 557 "test_read_format_zip_winzip_aes128.zip", 558 NULL 559 }; 560 static const char *fileset32[] = { 561 "test_read_format_zip_winzip_aes256.zip", 562 NULL 563 }; 564 static const char *fileset33[] = { 565 "test_read_format_zip_winzip_aes256_large.zip", 566 NULL 567 }; 568 static const char *fileset34[] = { 569 "test_read_format_zip_winzip_aes256_stored.zip", 570 NULL 571 }; 572 static const char *fileset35[] = { 573 "test_read_format_zip_zip64a.zip", 574 NULL 575 }; 576 static const char *fileset36[] = { 577 "test_read_format_zip_zip64b.zip", 578 NULL 579 }; 580 581 static const struct files filesets[] = { 582 {0, fileset1}, 583 {0, fileset2}, 584 {0, fileset3}, 585 {0, fileset4}, 586 {0, fileset5}, 587 {0, fileset6}, 588 {0, fileset7}, 589 {0, fileset8}, 590 {0, fileset9}, 591 {0, fileset10}, 592 {0, fileset11}, 593 {0, fileset12}, 594 {0, fileset13}, 595 {0, fileset14}, 596 {0, fileset15}, 597 {0, fileset16}, 598 {0, fileset17}, 599 {0, fileset18}, 600 {0, fileset19}, 601 {0, fileset20}, 602 {0, fileset21}, 603 {0, fileset22}, 604 {0, fileset23}, 605 {0, fileset24}, 606 {0, fileset25}, 607 {0, fileset26}, 608 {0, fileset27}, 609 {0, fileset28}, 610 {0, fileset29}, 611 {0, fileset30}, 612 {0, fileset31}, 613 {0, fileset32}, 614 {0, fileset33}, 615 {0, fileset34}, 616 {0, fileset35}, 617 {0, fileset36}, 618 {1, NULL} 619 }; 620 test_fuzz(filesets); 621} 622 623