test_fuzz.c revision 342360 
1/*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "test.h"
26__FBSDID("$FreeBSD: stable/11/contrib/libarchive/libarchive/test/test_fuzz.c 342360 2018-12-21 23:33:05Z mm $");
27
28/*
29 * This was inspired by an ISO fuzz tester written by Michal Zalewski
30 * and posted to the "vulnwatch" mailing list on March 17, 2005:
31 *    http://seclists.org/vulnwatch/2005/q1/0088.html
32 *
33 * This test simply reads each archive image into memory, pokes
34 * random values into it and runs it through libarchive.  It tries
35 * to damage about 1% of each file and repeats the exercise 100 times
36 * with each file.
37 *
38 * Unlike most other tests, this test does not verify libarchive's
39 * responses other than to ensure that libarchive doesn't crash.
40 *
41 * Due to the deliberately random nature of this test, it may be hard
42 * to reproduce failures.  Because this test deliberately attempts to
43 * induce crashes, there's little that can be done in the way of
44 * post-failure diagnostics.
45 */
46
47/* Because this works for any archive, we can just re-use the archives
48 * developed for other tests. */
49struct files {
50	int uncompress; /* If 1, decompress the file before fuzzing. */
51	const char **names;
52};
53
54static void
55test_fuzz(const struct files *filesets)
56{
57	const void *blk;
58	size_t blk_size;
59	int64_t blk_offset;
60	int n;
61
62	for (n = 0; filesets[n].names != NULL; ++n) {
63		const size_t buffsize = 30000000;
64		struct archive_entry *ae;
65		struct archive *a;
66		char *rawimage = NULL, *image = NULL, *tmp = NULL;
67		size_t size = 0, oldsize = 0;
68		int i, q;
69
70		extract_reference_files(filesets[n].names);
71		if (filesets[n].uncompress) {
72			int r;
73			/* Use format_raw to decompress the data. */
74			assert((a = archive_read_new()) != NULL);
75			assertEqualIntA(a, ARCHIVE_OK,
76			    archive_read_support_filter_all(a));
77			assertEqualIntA(a, ARCHIVE_OK,
78			    archive_read_support_format_raw(a));
79			r = archive_read_open_filenames(a, filesets[n].names, 16384);
80			if (r != ARCHIVE_OK) {
81				archive_read_free(a);
82				if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
83					skipping("Cannot uncompress fileset");
84				} else {
85					skipping("Cannot uncompress %s", filesets[n].names[0]);
86				}
87				continue;
88			}
89			assertEqualIntA(a, ARCHIVE_OK,
90			    archive_read_next_header(a, &ae));
91			rawimage = malloc(buffsize);
92			size = archive_read_data(a, rawimage, buffsize);
93			assertEqualIntA(a, ARCHIVE_EOF,
94			    archive_read_next_header(a, &ae));
95			assertEqualInt(ARCHIVE_OK,
96			    archive_read_free(a));
97			assert(size > 0);
98			if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
99				failure("Internal buffer is not big enough for "
100					"uncompressed test files");
101			} else {
102				failure("Internal buffer is not big enough for "
103					"uncompressed test file: %s", filesets[n].names[0]);
104			}
105			if (!assert(size < buffsize)) {
106				free(rawimage);
107				rawimage = NULL;
108				continue;
109			}
110		} else {
111			for (i = 0; filesets[n].names[i] != NULL; ++i)
112			{
113				char *newraw;
114				tmp = slurpfile(&size, filesets[n].names[i]);
115				newraw = realloc(rawimage, oldsize + size);
116				if (!assert(newraw != NULL))
117				{
118					free(rawimage);
119					rawimage = NULL;
120					free(tmp);
121					continue;
122				}
123				rawimage = newraw;
124				memcpy(rawimage + oldsize, tmp, size);
125				oldsize += size;
126				size = oldsize;
127				free(tmp);
128			}
129		}
130		if (size == 0) {
131			free(rawimage);
132			rawimage = NULL;
133			continue;
134		}
135		image = malloc(size);
136		assert(image != NULL);
137		if (image == NULL) {
138			free(rawimage);
139			rawimage = NULL;
140			return;
141		}
142
143		assert(rawimage != NULL);
144
145		srand((unsigned)time(NULL));
146
147		for (i = 0; i < 1000; ++i) {
148			FILE *f;
149			int j, numbytes, trycnt;
150
151			/* Fuzz < 1% of the bytes in the archive. */
152			memcpy(image, rawimage, size);
153			q = (int)size / 100;
154			if (q < 4)
155				q = 4;
156			numbytes = (int)(rand() % q);
157			for (j = 0; j < numbytes; ++j)
158				image[rand() % size] = (char)rand();
159
160			/* Save the messed-up image to a file.
161			 * If we crash, that file will be useful. */
162			for (trycnt = 0; trycnt < 3; trycnt++) {
163				f = fopen("after.test.failure.send.this.file."
164				    "to.libarchive.maintainers.with.system.details", "wb");
165				if (f != NULL)
166					break;
167#if defined(_WIN32) && !defined(__CYGWIN__)
168				/*
169				 * Sometimes previous close operation does not completely
170				 * end at this time. So we should take a wait while
171				 * the operation running.
172				 */
173				Sleep(100);
174#endif
175			}
176			assert(f != NULL);
177			assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f));
178			fclose(f);
179
180			// Try to read all headers and bodies.
181			assert((a = archive_read_new()) != NULL);
182			assertEqualIntA(a, ARCHIVE_OK,
183			    archive_read_support_filter_all(a));
184			assertEqualIntA(a, ARCHIVE_OK,
185			    archive_read_support_format_all(a));
186
187			if (0 == archive_read_open_memory(a, image, size)) {
188				while(0 == archive_read_next_header(a, &ae)) {
189					while (0 == archive_read_data_block(a,
190						&blk, &blk_size, &blk_offset))
191						continue;
192				}
193				archive_read_close(a);
194			}
195			archive_read_free(a);
196
197			// Just list headers, skip bodies.
198			assert((a = archive_read_new()) != NULL);
199			assertEqualIntA(a, ARCHIVE_OK,
200			    archive_read_support_filter_all(a));
201			assertEqualIntA(a, ARCHIVE_OK,
202			    archive_read_support_format_all(a));
203
204			if (0 == archive_read_open_memory(a, image, size)) {
205				while(0 == archive_read_next_header(a, &ae)) {
206				}
207				archive_read_close(a);
208			}
209			archive_read_free(a);
210		}
211		free(image);
212		free(rawimage);
213	}
214}
215
216DEFINE_TEST(test_fuzz_ar)
217{
218	static const char *fileset1[] = {
219		"test_read_format_ar.ar",
220		NULL
221	};
222	static const struct files filesets[] = {
223		{0, fileset1},
224		{1, NULL}
225	};
226	test_fuzz(filesets);
227}
228
229DEFINE_TEST(test_fuzz_cab)
230{
231	static const char *fileset1[] = {
232		"test_fuzz.cab",
233		NULL
234	};
235	static const struct files filesets[] = {
236		{0, fileset1},
237		{1, NULL}
238	};
239	test_fuzz(filesets);
240}
241
242DEFINE_TEST(test_fuzz_cpio)
243{
244	static const char *fileset1[] = {
245		"test_read_format_cpio_bin_be.cpio",
246		NULL
247	};
248	static const char *fileset2[] = {
249		"test_read_format_cpio_bin_le.cpio",
250		NULL
251	};
252	static const char *fileset3[] = {
253		/* Test RPM unwrapper */
254		"test_read_format_cpio_svr4_gzip_rpm.rpm",
255		NULL
256	};
257	static const struct files filesets[] = {
258		{0, fileset1},
259		{0, fileset2},
260		{0, fileset3},
261		{1, NULL}
262	};
263	test_fuzz(filesets);
264}
265
266DEFINE_TEST(test_fuzz_iso9660)
267{
268	static const char *fileset1[] = {
269		"test_fuzz_1.iso.Z",
270		NULL
271	};
272	static const struct files filesets[] = {
273		{0, fileset1}, /* Exercise compress decompressor. */
274		{1, fileset1},
275		{1, NULL}
276	};
277	test_fuzz(filesets);
278}
279
280DEFINE_TEST(test_fuzz_lzh)
281{
282	static const char *fileset1[] = {
283		"test_fuzz.lzh",
284		NULL
285	};
286	static const struct files filesets[] = {
287		{0, fileset1},
288		{1, NULL}
289	};
290	test_fuzz(filesets);
291}
292
293DEFINE_TEST(test_fuzz_mtree)
294{
295	static const char *fileset1[] = {
296		"test_read_format_mtree.mtree",
297		NULL
298	};
299	static const struct files filesets[] = {
300		{0, fileset1},
301		{1, NULL}
302	};
303	test_fuzz(filesets);
304}
305
306DEFINE_TEST(test_fuzz_rar)
307{
308	static const char *fileset1[] = {
309		/* Uncompressed RAR test */
310		"test_read_format_rar.rar",
311		NULL
312	};
313	static const char *fileset2[] = {
314		/* RAR file with binary data */
315		"test_read_format_rar_binary_data.rar",
316		NULL
317	};
318	static const char *fileset3[] = {
319		/* Best Compressed RAR test */
320		"test_read_format_rar_compress_best.rar",
321		NULL
322	};
323	static const char *fileset4[] = {
324		/* Normal Compressed RAR test */
325		"test_read_format_rar_compress_normal.rar",
326		NULL
327	};
328	static const char *fileset5[] = {
329		/* Normal Compressed Multi LZSS blocks RAR test */
330		"test_read_format_rar_multi_lzss_blocks.rar",
331		NULL
332	};
333	static const char *fileset6[] = {
334		/* RAR with no EOF header */
335		"test_read_format_rar_noeof.rar",
336		NULL
337	};
338	static const char *fileset7[] = {
339		/* Best Compressed RAR file with both PPMd and LZSS blocks */
340		"test_read_format_rar_ppmd_lzss_conversion.rar",
341		NULL
342	};
343	static const char *fileset8[] = {
344		/* RAR with subblocks */
345		"test_read_format_rar_subblock.rar",
346		NULL
347	};
348	static const char *fileset9[] = {
349		/* RAR with Unicode filenames */
350		"test_read_format_rar_unicode.rar",
351		NULL
352	};
353	static const char *fileset10[] = {
354		"test_read_format_rar_multivolume.part0001.rar",
355		"test_read_format_rar_multivolume.part0002.rar",
356		"test_read_format_rar_multivolume.part0003.rar",
357		"test_read_format_rar_multivolume.part0004.rar",
358		NULL
359	};
360	static const struct files filesets[] = {
361		{0, fileset1},
362		{0, fileset2},
363		{0, fileset3},
364		{0, fileset4},
365		{0, fileset5},
366		{0, fileset6},
367		{0, fileset7},
368		{0, fileset8},
369		{0, fileset9},
370		{0, fileset10},
371		{1, NULL}
372	};
373	test_fuzz(filesets);
374}
375
376DEFINE_TEST(test_fuzz_tar)
377{
378	static const char *fileset1[] = {
379		"test_compat_bzip2_1.tbz",
380		NULL
381	};
382	static const char *fileset2[] = {
383		"test_compat_gtar_1.tar",
384		NULL
385	};
386	static const char *fileset3[] = {
387		"test_compat_gzip_1.tgz",
388		NULL
389	};
390	static const char *fileset4[] = {
391		"test_compat_gzip_2.tgz",
392		NULL
393	};
394	static const char *fileset5[] = {
395		"test_compat_tar_hardlink_1.tar",
396		NULL
397	};
398	static const char *fileset6[] = {
399		"test_compat_xz_1.txz",
400		NULL
401	};
402	static const char *fileset7[] = {
403		"test_read_format_gtar_sparse_1_17_posix10_modified.tar",
404		NULL
405	};
406	static const char *fileset8[] = {
407		"test_read_format_tar_empty_filename.tar",
408		NULL
409	};
410#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
411	static const char *fileset9[] = {
412		"test_compat_lzop_1.tar.lzo",
413		NULL
414	};
415#endif
416#if HAVE_ZSTD_H && HAVE_LIBZSTD
417	static const char *fileset10[] = {
418		"test_compat_zstd_1.tar.zst",
419		NULL
420	};
421#endif
422	static const struct files filesets[] = {
423		{0, fileset1}, /* Exercise bzip2 decompressor. */
424		{1, fileset1},
425		{0, fileset2},
426		{0, fileset3}, /* Exercise gzip decompressor. */
427		{0, fileset4}, /* Exercise gzip decompressor. */
428		{0, fileset5},
429		{0, fileset6}, /* Exercise xz decompressor. */
430		{0, fileset7},
431		{0, fileset8},
432#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
433		{0, fileset9}, /* Exercise lzo decompressor. */
434#endif
435#if HAVE_ZSTD_H && HAVE_LIBZSTD
436		{0, fileset10}, /* Exercise zstd decompressor. */
437#endif
438		{1, NULL}
439	};
440	test_fuzz(filesets);
441}
442
443DEFINE_TEST(test_fuzz_zip)
444{
445	static const char *fileset1[] = {
446		"test_compat_zip_1.zip",
447		NULL
448	};
449	static const char *fileset2[] = {
450		"test_compat_zip_2.zip",
451		NULL
452	};
453	static const char *fileset3[] = {
454		"test_compat_zip_3.zip",
455		NULL
456	};
457	static const char *fileset4[] = {
458		"test_compat_zip_4.zip",
459		NULL
460	};
461	static const char *fileset5[] = {
462		"test_compat_zip_5.zip",
463		NULL
464	};
465	static const char *fileset6[] = {
466		"test_compat_zip_6.zip",
467		NULL
468	};
469	static const char *fileset7[] = {
470		"test_read_format_zip.zip",
471		NULL
472	};
473	static const char *fileset8[] = {
474		"test_read_format_zip_comment_stored_1.zip",
475		NULL
476	};
477	static const char *fileset9[] = {
478		"test_read_format_zip_comment_stored_2.zip",
479		NULL
480	};
481	static const char *fileset10[] = {
482		"test_read_format_zip_encryption_data.zip",
483		NULL
484	};
485	static const char *fileset11[] = {
486		"test_read_format_zip_encryption_header.zip",
487		NULL
488	};
489	static const char *fileset12[] = {
490		"test_read_format_zip_encryption_partially.zip",
491		NULL
492	};
493	static const char *fileset13[] = {
494		"test_read_format_zip_filename_cp866.zip",
495		NULL
496	};
497	static const char *fileset14[] = {
498		"test_read_format_zip_filename_cp932.zip",
499		NULL
500	};
501	static const char *fileset15[] = {
502		"test_read_format_zip_filename_koi8r.zip",
503		NULL
504	};
505	static const char *fileset16[] = {
506		"test_read_format_zip_filename_utf8_jp.zip",
507		NULL
508	};
509	static const char *fileset17[] = {
510		"test_read_format_zip_filename_utf8_ru.zip",
511		NULL
512	};
513	static const char *fileset18[] = {
514		"test_read_format_zip_filename_utf8_ru2.zip",
515		NULL
516	};
517	static const char *fileset19[] = {
518		"test_read_format_zip_length_at_end.zip",
519		NULL
520	};
521	static const char *fileset20[] = {
522		"test_read_format_zip_mac_metadata.zip",
523		NULL
524	};
525	static const char *fileset21[] = {
526		"test_read_format_zip_malformed1.zip",
527		NULL
528	};
529	static const char *fileset22[] = {
530		"test_read_format_zip_msdos.zip",
531		NULL
532	};
533	static const char *fileset23[] = {
534		"test_read_format_zip_nested.zip",
535		NULL
536	};
537	static const char *fileset24[] = {
538		"test_read_format_zip_nofiletype.zip",
539		NULL
540	};
541	static const char *fileset25[] = {
542		"test_read_format_zip_padded1.zip",
543		NULL
544	};
545	static const char *fileset26[] = {
546		"test_read_format_zip_padded2.zip",
547		NULL
548	};
549	static const char *fileset27[] = {
550		"test_read_format_zip_padded3.zip",
551		NULL
552	};
553	static const char *fileset28[] = {
554		"test_read_format_zip_symlink.zip",
555		NULL
556	};
557	static const char *fileset29[] = {
558		"test_read_format_zip_traditional_encryption_data.zip",
559		NULL
560	};
561	static const char *fileset30[] = {
562		"test_read_format_zip_ux.zip",
563		NULL
564	};
565	static const char *fileset31[] = {
566		"test_read_format_zip_winzip_aes128.zip",
567		NULL
568	};
569	static const char *fileset32[] = {
570		"test_read_format_zip_winzip_aes256.zip",
571		NULL
572	};
573	static const char *fileset33[] = {
574		"test_read_format_zip_winzip_aes256_large.zip",
575		NULL
576	};
577	static const char *fileset34[] = {
578		"test_read_format_zip_winzip_aes256_stored.zip",
579		NULL
580	};
581	static const char *fileset35[] = {
582		"test_read_format_zip_zip64a.zip",
583		NULL
584	};
585	static const char *fileset36[] = {
586		"test_read_format_zip_zip64b.zip",
587		NULL
588	};
589
590	static const struct files filesets[] = {
591		{0, fileset1},
592		{0, fileset2},
593		{0, fileset3},
594		{0, fileset4},
595		{0, fileset5},
596		{0, fileset6},
597		{0, fileset7},
598		{0, fileset8},
599		{0, fileset9},
600		{0, fileset10},
601		{0, fileset11},
602		{0, fileset12},
603		{0, fileset13},
604		{0, fileset14},
605		{0, fileset15},
606		{0, fileset16},
607		{0, fileset17},
608		{0, fileset18},
609		{0, fileset19},
610		{0, fileset20},
611		{0, fileset21},
612		{0, fileset22},
613		{0, fileset23},
614		{0, fileset24},
615		{0, fileset25},
616		{0, fileset26},
617		{0, fileset27},
618		{0, fileset28},
619		{0, fileset29},
620		{0, fileset30},
621		{0, fileset31},
622		{0, fileset32},
623		{0, fileset33},
624		{0, fileset34},
625		{0, fileset35},
626		{0, fileset36},
627		{1, NULL}
628	};
629	test_fuzz(filesets);
630}
631
632