test_fuzz.c revision 348607
1/*- 2 * Copyright (c) 2003-2007 Tim Kientzle 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25#include "test.h" 26__FBSDID("$FreeBSD: stable/11/contrib/libarchive/libarchive/test/test_fuzz.c 348607 2019-06-04 10:35:54Z mm $"); 27 28/* 29 * This was inspired by an ISO fuzz tester written by Michal Zalewski 30 * and posted to the "vulnwatch" mailing list on March 17, 2005: 31 * http://seclists.org/vulnwatch/2005/q1/0088.html 32 * 33 * This test simply reads each archive image into memory, pokes 34 * random values into it and runs it through libarchive. It tries 35 * to damage about 1% of each file and repeats the exercise 100 times 36 * with each file. 37 * 38 * Unlike most other tests, this test does not verify libarchive's 39 * responses other than to ensure that libarchive doesn't crash. 40 * 41 * Due to the deliberately random nature of this test, it may be hard 42 * to reproduce failures. Because this test deliberately attempts to 43 * induce crashes, there's little that can be done in the way of 44 * post-failure diagnostics. 45 */ 46 47/* Because this works for any archive, we can just re-use the archives 48 * developed for other tests. */ 49struct files { 50 int uncompress; /* If 1, decompress the file before fuzzing. */ 51 const char **names; 52}; 53 54static void 55test_fuzz(const struct files *filesets) 56{ 57 const void *blk; 58 size_t blk_size; 59 int64_t blk_offset; 60 int n; 61 const char *skip_fuzz_tests; 62 63 skip_fuzz_tests = getenv("SKIP_TEST_FUZZ"); 64 if (skip_fuzz_tests != NULL) { 65 skipping("Skipping fuzz tests due to SKIP_TEST_FUZZ " 66 "environment variable"); 67 return; 68 } 69 70 for (n = 0; filesets[n].names != NULL; ++n) { 71 const size_t buffsize = 30000000; 72 struct archive_entry *ae; 73 struct archive *a; 74 char *rawimage = NULL, *image = NULL, *tmp = NULL; 75 size_t size = 0, oldsize = 0; 76 int i, q; 77 78 extract_reference_files(filesets[n].names); 79 if (filesets[n].uncompress) { 80 int r; 81 /* Use format_raw to decompress the data. */ 82 assert((a = archive_read_new()) != NULL); 83 assertEqualIntA(a, ARCHIVE_OK, 84 archive_read_support_filter_all(a)); 85 assertEqualIntA(a, ARCHIVE_OK, 86 archive_read_support_format_raw(a)); 87 r = archive_read_open_filenames(a, filesets[n].names, 16384); 88 if (r != ARCHIVE_OK) { 89 archive_read_free(a); 90 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) { 91 skipping("Cannot uncompress fileset"); 92 } else { 93 skipping("Cannot uncompress %s", filesets[n].names[0]); 94 } 95 continue; 96 } 97 assertEqualIntA(a, ARCHIVE_OK, 98 archive_read_next_header(a, &ae)); 99 rawimage = malloc(buffsize); 100 size = archive_read_data(a, rawimage, buffsize); 101 assertEqualIntA(a, ARCHIVE_EOF, 102 archive_read_next_header(a, &ae)); 103 assertEqualInt(ARCHIVE_OK, 104 archive_read_free(a)); 105 assert(size > 0); 106 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) { 107 failure("Internal buffer is not big enough for " 108 "uncompressed test files"); 109 } else { 110 failure("Internal buffer is not big enough for " 111 "uncompressed test file: %s", filesets[n].names[0]); 112 } 113 if (!assert(size < buffsize)) { 114 free(rawimage); 115 rawimage = NULL; 116 continue; 117 } 118 } else { 119 for (i = 0; filesets[n].names[i] != NULL; ++i) 120 { 121 char *newraw; 122 tmp = slurpfile(&size, filesets[n].names[i]); 123 newraw = realloc(rawimage, oldsize + size); 124 if (!assert(newraw != NULL)) 125 { 126 free(rawimage); 127 rawimage = NULL; 128 free(tmp); 129 continue; 130 } 131 rawimage = newraw; 132 memcpy(rawimage + oldsize, tmp, size); 133 oldsize += size; 134 size = oldsize; 135 free(tmp); 136 } 137 } 138 if (size == 0) { 139 free(rawimage); 140 rawimage = NULL; 141 continue; 142 } 143 image = malloc(size); 144 assert(image != NULL); 145 if (image == NULL) { 146 free(rawimage); 147 rawimage = NULL; 148 return; 149 } 150 151 assert(rawimage != NULL); 152 153 srand((unsigned)time(NULL)); 154 155 for (i = 0; i < 1000; ++i) { 156 FILE *f; 157 int j, numbytes, trycnt; 158 159 /* Fuzz < 1% of the bytes in the archive. */ 160 memcpy(image, rawimage, size); 161 q = (int)size / 100; 162 if (q < 4) 163 q = 4; 164 numbytes = (int)(rand() % q); 165 for (j = 0; j < numbytes; ++j) 166 image[rand() % size] = (char)rand(); 167 168 /* Save the messed-up image to a file. 169 * If we crash, that file will be useful. */ 170 for (trycnt = 0; trycnt < 3; trycnt++) { 171 f = fopen("after.test.failure.send.this.file." 172 "to.libarchive.maintainers.with.system.details", "wb"); 173 if (f != NULL) 174 break; 175#if defined(_WIN32) && !defined(__CYGWIN__) 176 /* 177 * Sometimes previous close operation does not completely 178 * end at this time. So we should take a wait while 179 * the operation running. 180 */ 181 Sleep(100); 182#endif 183 } 184 assert(f != NULL); 185 assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f)); 186 fclose(f); 187 188 // Try to read all headers and bodies. 189 assert((a = archive_read_new()) != NULL); 190 assertEqualIntA(a, ARCHIVE_OK, 191 archive_read_support_filter_all(a)); 192 assertEqualIntA(a, ARCHIVE_OK, 193 archive_read_support_format_all(a)); 194 195 if (0 == archive_read_open_memory(a, image, size)) { 196 while(0 == archive_read_next_header(a, &ae)) { 197 while (0 == archive_read_data_block(a, 198 &blk, &blk_size, &blk_offset)) 199 continue; 200 } 201 archive_read_close(a); 202 } 203 archive_read_free(a); 204 205 // Just list headers, skip bodies. 206 assert((a = archive_read_new()) != NULL); 207 assertEqualIntA(a, ARCHIVE_OK, 208 archive_read_support_filter_all(a)); 209 assertEqualIntA(a, ARCHIVE_OK, 210 archive_read_support_format_all(a)); 211 212 if (0 == archive_read_open_memory(a, image, size)) { 213 while(0 == archive_read_next_header(a, &ae)) { 214 } 215 archive_read_close(a); 216 } 217 archive_read_free(a); 218 } 219 free(image); 220 free(rawimage); 221 } 222} 223 224DEFINE_TEST(test_fuzz_ar) 225{ 226 static const char *fileset1[] = { 227 "test_read_format_ar.ar", 228 NULL 229 }; 230 static const struct files filesets[] = { 231 {0, fileset1}, 232 {1, NULL} 233 }; 234 test_fuzz(filesets); 235} 236 237DEFINE_TEST(test_fuzz_cab) 238{ 239 static const char *fileset1[] = { 240 "test_fuzz.cab", 241 NULL 242 }; 243 static const struct files filesets[] = { 244 {0, fileset1}, 245 {1, NULL} 246 }; 247 test_fuzz(filesets); 248} 249 250DEFINE_TEST(test_fuzz_cpio) 251{ 252 static const char *fileset1[] = { 253 "test_read_format_cpio_bin_be.cpio", 254 NULL 255 }; 256 static const char *fileset2[] = { 257 "test_read_format_cpio_bin_le.cpio", 258 NULL 259 }; 260 static const char *fileset3[] = { 261 /* Test RPM unwrapper */ 262 "test_read_format_cpio_svr4_gzip_rpm.rpm", 263 NULL 264 }; 265 static const struct files filesets[] = { 266 {0, fileset1}, 267 {0, fileset2}, 268 {0, fileset3}, 269 {1, NULL} 270 }; 271 test_fuzz(filesets); 272} 273 274DEFINE_TEST(test_fuzz_iso9660) 275{ 276 static const char *fileset1[] = { 277 "test_fuzz_1.iso.Z", 278 NULL 279 }; 280 static const struct files filesets[] = { 281 {0, fileset1}, /* Exercise compress decompressor. */ 282 {1, fileset1}, 283 {1, NULL} 284 }; 285 test_fuzz(filesets); 286} 287 288DEFINE_TEST(test_fuzz_lzh) 289{ 290 static const char *fileset1[] = { 291 "test_fuzz.lzh", 292 NULL 293 }; 294 static const struct files filesets[] = { 295 {0, fileset1}, 296 {1, NULL} 297 }; 298 test_fuzz(filesets); 299} 300 301DEFINE_TEST(test_fuzz_mtree) 302{ 303 static const char *fileset1[] = { 304 "test_read_format_mtree.mtree", 305 NULL 306 }; 307 static const struct files filesets[] = { 308 {0, fileset1}, 309 {1, NULL} 310 }; 311 test_fuzz(filesets); 312} 313 314DEFINE_TEST(test_fuzz_rar) 315{ 316 static const char *fileset1[] = { 317 /* Uncompressed RAR test */ 318 "test_read_format_rar.rar", 319 NULL 320 }; 321 static const char *fileset2[] = { 322 /* RAR file with binary data */ 323 "test_read_format_rar_binary_data.rar", 324 NULL 325 }; 326 static const char *fileset3[] = { 327 /* Best Compressed RAR test */ 328 "test_read_format_rar_compress_best.rar", 329 NULL 330 }; 331 static const char *fileset4[] = { 332 /* Normal Compressed RAR test */ 333 "test_read_format_rar_compress_normal.rar", 334 NULL 335 }; 336 static const char *fileset5[] = { 337 /* Normal Compressed Multi LZSS blocks RAR test */ 338 "test_read_format_rar_multi_lzss_blocks.rar", 339 NULL 340 }; 341 static const char *fileset6[] = { 342 /* RAR with no EOF header */ 343 "test_read_format_rar_noeof.rar", 344 NULL 345 }; 346 static const char *fileset7[] = { 347 /* Best Compressed RAR file with both PPMd and LZSS blocks */ 348 "test_read_format_rar_ppmd_lzss_conversion.rar", 349 NULL 350 }; 351 static const char *fileset8[] = { 352 /* RAR with subblocks */ 353 "test_read_format_rar_subblock.rar", 354 NULL 355 }; 356 static const char *fileset9[] = { 357 /* RAR with Unicode filenames */ 358 "test_read_format_rar_unicode.rar", 359 NULL 360 }; 361 static const char *fileset10[] = { 362 "test_read_format_rar_multivolume.part0001.rar", 363 "test_read_format_rar_multivolume.part0002.rar", 364 "test_read_format_rar_multivolume.part0003.rar", 365 "test_read_format_rar_multivolume.part0004.rar", 366 NULL 367 }; 368 static const struct files filesets[] = { 369 {0, fileset1}, 370 {0, fileset2}, 371 {0, fileset3}, 372 {0, fileset4}, 373 {0, fileset5}, 374 {0, fileset6}, 375 {0, fileset7}, 376 {0, fileset8}, 377 {0, fileset9}, 378 {0, fileset10}, 379 {1, NULL} 380 }; 381 test_fuzz(filesets); 382} 383 384DEFINE_TEST(test_fuzz_tar) 385{ 386 static const char *fileset1[] = { 387 "test_compat_bzip2_1.tbz", 388 NULL 389 }; 390 static const char *fileset2[] = { 391 "test_compat_gtar_1.tar", 392 NULL 393 }; 394 static const char *fileset3[] = { 395 "test_compat_gzip_1.tgz", 396 NULL 397 }; 398 static const char *fileset4[] = { 399 "test_compat_gzip_2.tgz", 400 NULL 401 }; 402 static const char *fileset5[] = { 403 "test_compat_tar_hardlink_1.tar", 404 NULL 405 }; 406 static const char *fileset6[] = { 407 "test_compat_xz_1.txz", 408 NULL 409 }; 410 static const char *fileset7[] = { 411 "test_read_format_gtar_sparse_1_17_posix10_modified.tar", 412 NULL 413 }; 414 static const char *fileset8[] = { 415 "test_read_format_tar_empty_filename.tar", 416 NULL 417 }; 418#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H 419 static const char *fileset9[] = { 420 "test_compat_lzop_1.tar.lzo", 421 NULL 422 }; 423#endif 424#if HAVE_ZSTD_H && HAVE_LIBZSTD 425 static const char *fileset10[] = { 426 "test_compat_zstd_1.tar.zst", 427 NULL 428 }; 429#endif 430 static const struct files filesets[] = { 431 {0, fileset1}, /* Exercise bzip2 decompressor. */ 432 {1, fileset1}, 433 {0, fileset2}, 434 {0, fileset3}, /* Exercise gzip decompressor. */ 435 {0, fileset4}, /* Exercise gzip decompressor. */ 436 {0, fileset5}, 437 {0, fileset6}, /* Exercise xz decompressor. */ 438 {0, fileset7}, 439 {0, fileset8}, 440#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H 441 {0, fileset9}, /* Exercise lzo decompressor. */ 442#endif 443#if HAVE_ZSTD_H && HAVE_LIBZSTD 444 {0, fileset10}, /* Exercise zstd decompressor. */ 445#endif 446 {1, NULL} 447 }; 448 test_fuzz(filesets); 449} 450 451DEFINE_TEST(test_fuzz_zip) 452{ 453 static const char *fileset1[] = { 454 "test_compat_zip_1.zip", 455 NULL 456 }; 457 static const char *fileset2[] = { 458 "test_compat_zip_2.zip", 459 NULL 460 }; 461 static const char *fileset3[] = { 462 "test_compat_zip_3.zip", 463 NULL 464 }; 465 static const char *fileset4[] = { 466 "test_compat_zip_4.zip", 467 NULL 468 }; 469 static const char *fileset5[] = { 470 "test_compat_zip_5.zip", 471 NULL 472 }; 473 static const char *fileset6[] = { 474 "test_compat_zip_6.zip", 475 NULL 476 }; 477 static const char *fileset7[] = { 478 "test_read_format_zip.zip", 479 NULL 480 }; 481 static const char *fileset8[] = { 482 "test_read_format_zip_comment_stored_1.zip", 483 NULL 484 }; 485 static const char *fileset9[] = { 486 "test_read_format_zip_comment_stored_2.zip", 487 NULL 488 }; 489 static const char *fileset10[] = { 490 "test_read_format_zip_encryption_data.zip", 491 NULL 492 }; 493 static const char *fileset11[] = { 494 "test_read_format_zip_encryption_header.zip", 495 NULL 496 }; 497 static const char *fileset12[] = { 498 "test_read_format_zip_encryption_partially.zip", 499 NULL 500 }; 501 static const char *fileset13[] = { 502 "test_read_format_zip_filename_cp866.zip", 503 NULL 504 }; 505 static const char *fileset14[] = { 506 "test_read_format_zip_filename_cp932.zip", 507 NULL 508 }; 509 static const char *fileset15[] = { 510 "test_read_format_zip_filename_koi8r.zip", 511 NULL 512 }; 513 static const char *fileset16[] = { 514 "test_read_format_zip_filename_utf8_jp.zip", 515 NULL 516 }; 517 static const char *fileset17[] = { 518 "test_read_format_zip_filename_utf8_ru.zip", 519 NULL 520 }; 521 static const char *fileset18[] = { 522 "test_read_format_zip_filename_utf8_ru2.zip", 523 NULL 524 }; 525 static const char *fileset19[] = { 526 "test_read_format_zip_length_at_end.zip", 527 NULL 528 }; 529 static const char *fileset20[] = { 530 "test_read_format_zip_mac_metadata.zip", 531 NULL 532 }; 533 static const char *fileset21[] = { 534 "test_read_format_zip_malformed1.zip", 535 NULL 536 }; 537 static const char *fileset22[] = { 538 "test_read_format_zip_msdos.zip", 539 NULL 540 }; 541 static const char *fileset23[] = { 542 "test_read_format_zip_nested.zip", 543 NULL 544 }; 545 static const char *fileset24[] = { 546 "test_read_format_zip_nofiletype.zip", 547 NULL 548 }; 549 static const char *fileset25[] = { 550 "test_read_format_zip_padded1.zip", 551 NULL 552 }; 553 static const char *fileset26[] = { 554 "test_read_format_zip_padded2.zip", 555 NULL 556 }; 557 static const char *fileset27[] = { 558 "test_read_format_zip_padded3.zip", 559 NULL 560 }; 561 static const char *fileset28[] = { 562 "test_read_format_zip_symlink.zip", 563 NULL 564 }; 565 static const char *fileset29[] = { 566 "test_read_format_zip_traditional_encryption_data.zip", 567 NULL 568 }; 569 static const char *fileset30[] = { 570 "test_read_format_zip_ux.zip", 571 NULL 572 }; 573 static const char *fileset31[] = { 574 "test_read_format_zip_winzip_aes128.zip", 575 NULL 576 }; 577 static const char *fileset32[] = { 578 "test_read_format_zip_winzip_aes256.zip", 579 NULL 580 }; 581 static const char *fileset33[] = { 582 "test_read_format_zip_winzip_aes256_large.zip", 583 NULL 584 }; 585 static const char *fileset34[] = { 586 "test_read_format_zip_winzip_aes256_stored.zip", 587 NULL 588 }; 589 static const char *fileset35[] = { 590 "test_read_format_zip_zip64a.zip", 591 NULL 592 }; 593 static const char *fileset36[] = { 594 "test_read_format_zip_zip64b.zip", 595 NULL 596 }; 597 598 static const struct files filesets[] = { 599 {0, fileset1}, 600 {0, fileset2}, 601 {0, fileset3}, 602 {0, fileset4}, 603 {0, fileset5}, 604 {0, fileset6}, 605 {0, fileset7}, 606 {0, fileset8}, 607 {0, fileset9}, 608 {0, fileset10}, 609 {0, fileset11}, 610 {0, fileset12}, 611 {0, fileset13}, 612 {0, fileset14}, 613 {0, fileset15}, 614 {0, fileset16}, 615 {0, fileset17}, 616 {0, fileset18}, 617 {0, fileset19}, 618 {0, fileset20}, 619 {0, fileset21}, 620 {0, fileset22}, 621 {0, fileset23}, 622 {0, fileset24}, 623 {0, fileset25}, 624 {0, fileset26}, 625 {0, fileset27}, 626 {0, fileset28}, 627 {0, fileset29}, 628 {0, fileset30}, 629 {0, fileset31}, 630 {0, fileset32}, 631 {0, fileset33}, 632 {0, fileset34}, 633 {0, fileset35}, 634 {0, fileset36}, 635 {1, NULL} 636 }; 637 test_fuzz(filesets); 638} 639 640