test_fuzz.c revision 348607 
1/*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "test.h"
26__FBSDID("$FreeBSD: stable/11/contrib/libarchive/libarchive/test/test_fuzz.c 348607 2019-06-04 10:35:54Z mm $");
27
28/*
29 * This was inspired by an ISO fuzz tester written by Michal Zalewski
30 * and posted to the "vulnwatch" mailing list on March 17, 2005:
31 *    http://seclists.org/vulnwatch/2005/q1/0088.html
32 *
33 * This test simply reads each archive image into memory, pokes
34 * random values into it and runs it through libarchive.  It tries
35 * to damage about 1% of each file and repeats the exercise 100 times
36 * with each file.
37 *
38 * Unlike most other tests, this test does not verify libarchive's
39 * responses other than to ensure that libarchive doesn't crash.
40 *
41 * Due to the deliberately random nature of this test, it may be hard
42 * to reproduce failures.  Because this test deliberately attempts to
43 * induce crashes, there's little that can be done in the way of
44 * post-failure diagnostics.
45 */
46
47/* Because this works for any archive, we can just re-use the archives
48 * developed for other tests. */
49struct files {
50	int uncompress; /* If 1, decompress the file before fuzzing. */
51	const char **names;
52};
53
54static void
55test_fuzz(const struct files *filesets)
56{
57	const void *blk;
58	size_t blk_size;
59	int64_t blk_offset;
60	int n;
61	const char *skip_fuzz_tests;
62
63	skip_fuzz_tests = getenv("SKIP_TEST_FUZZ");
64	if (skip_fuzz_tests != NULL) {
65		skipping("Skipping fuzz tests due to SKIP_TEST_FUZZ "
66		    "environment variable");
67		return;
68	}
69
70	for (n = 0; filesets[n].names != NULL; ++n) {
71		const size_t buffsize = 30000000;
72		struct archive_entry *ae;
73		struct archive *a;
74		char *rawimage = NULL, *image = NULL, *tmp = NULL;
75		size_t size = 0, oldsize = 0;
76		int i, q;
77
78		extract_reference_files(filesets[n].names);
79		if (filesets[n].uncompress) {
80			int r;
81			/* Use format_raw to decompress the data. */
82			assert((a = archive_read_new()) != NULL);
83			assertEqualIntA(a, ARCHIVE_OK,
84			    archive_read_support_filter_all(a));
85			assertEqualIntA(a, ARCHIVE_OK,
86			    archive_read_support_format_raw(a));
87			r = archive_read_open_filenames(a, filesets[n].names, 16384);
88			if (r != ARCHIVE_OK) {
89				archive_read_free(a);
90				if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
91					skipping("Cannot uncompress fileset");
92				} else {
93					skipping("Cannot uncompress %s", filesets[n].names[0]);
94				}
95				continue;
96			}
97			assertEqualIntA(a, ARCHIVE_OK,
98			    archive_read_next_header(a, &ae));
99			rawimage = malloc(buffsize);
100			size = archive_read_data(a, rawimage, buffsize);
101			assertEqualIntA(a, ARCHIVE_EOF,
102			    archive_read_next_header(a, &ae));
103			assertEqualInt(ARCHIVE_OK,
104			    archive_read_free(a));
105			assert(size > 0);
106			if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
107				failure("Internal buffer is not big enough for "
108					"uncompressed test files");
109			} else {
110				failure("Internal buffer is not big enough for "
111					"uncompressed test file: %s", filesets[n].names[0]);
112			}
113			if (!assert(size < buffsize)) {
114				free(rawimage);
115				rawimage = NULL;
116				continue;
117			}
118		} else {
119			for (i = 0; filesets[n].names[i] != NULL; ++i)
120			{
121				char *newraw;
122				tmp = slurpfile(&size, filesets[n].names[i]);
123				newraw = realloc(rawimage, oldsize + size);
124				if (!assert(newraw != NULL))
125				{
126					free(rawimage);
127					rawimage = NULL;
128					free(tmp);
129					continue;
130				}
131				rawimage = newraw;
132				memcpy(rawimage + oldsize, tmp, size);
133				oldsize += size;
134				size = oldsize;
135				free(tmp);
136			}
137		}
138		if (size == 0) {
139			free(rawimage);
140			rawimage = NULL;
141			continue;
142		}
143		image = malloc(size);
144		assert(image != NULL);
145		if (image == NULL) {
146			free(rawimage);
147			rawimage = NULL;
148			return;
149		}
150
151		assert(rawimage != NULL);
152
153		srand((unsigned)time(NULL));
154
155		for (i = 0; i < 1000; ++i) {
156			FILE *f;
157			int j, numbytes, trycnt;
158
159			/* Fuzz < 1% of the bytes in the archive. */
160			memcpy(image, rawimage, size);
161			q = (int)size / 100;
162			if (q < 4)
163				q = 4;
164			numbytes = (int)(rand() % q);
165			for (j = 0; j < numbytes; ++j)
166				image[rand() % size] = (char)rand();
167
168			/* Save the messed-up image to a file.
169			 * If we crash, that file will be useful. */
170			for (trycnt = 0; trycnt < 3; trycnt++) {
171				f = fopen("after.test.failure.send.this.file."
172				    "to.libarchive.maintainers.with.system.details", "wb");
173				if (f != NULL)
174					break;
175#if defined(_WIN32) && !defined(__CYGWIN__)
176				/*
177				 * Sometimes previous close operation does not completely
178				 * end at this time. So we should take a wait while
179				 * the operation running.
180				 */
181				Sleep(100);
182#endif
183			}
184			assert(f != NULL);
185			assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f));
186			fclose(f);
187
188			// Try to read all headers and bodies.
189			assert((a = archive_read_new()) != NULL);
190			assertEqualIntA(a, ARCHIVE_OK,
191			    archive_read_support_filter_all(a));
192			assertEqualIntA(a, ARCHIVE_OK,
193			    archive_read_support_format_all(a));
194
195			if (0 == archive_read_open_memory(a, image, size)) {
196				while(0 == archive_read_next_header(a, &ae)) {
197					while (0 == archive_read_data_block(a,
198						&blk, &blk_size, &blk_offset))
199						continue;
200				}
201				archive_read_close(a);
202			}
203			archive_read_free(a);
204
205			// Just list headers, skip bodies.
206			assert((a = archive_read_new()) != NULL);
207			assertEqualIntA(a, ARCHIVE_OK,
208			    archive_read_support_filter_all(a));
209			assertEqualIntA(a, ARCHIVE_OK,
210			    archive_read_support_format_all(a));
211
212			if (0 == archive_read_open_memory(a, image, size)) {
213				while(0 == archive_read_next_header(a, &ae)) {
214				}
215				archive_read_close(a);
216			}
217			archive_read_free(a);
218		}
219		free(image);
220		free(rawimage);
221	}
222}
223
224DEFINE_TEST(test_fuzz_ar)
225{
226	static const char *fileset1[] = {
227		"test_read_format_ar.ar",
228		NULL
229	};
230	static const struct files filesets[] = {
231		{0, fileset1},
232		{1, NULL}
233	};
234	test_fuzz(filesets);
235}
236
237DEFINE_TEST(test_fuzz_cab)
238{
239	static const char *fileset1[] = {
240		"test_fuzz.cab",
241		NULL
242	};
243	static const struct files filesets[] = {
244		{0, fileset1},
245		{1, NULL}
246	};
247	test_fuzz(filesets);
248}
249
250DEFINE_TEST(test_fuzz_cpio)
251{
252	static const char *fileset1[] = {
253		"test_read_format_cpio_bin_be.cpio",
254		NULL
255	};
256	static const char *fileset2[] = {
257		"test_read_format_cpio_bin_le.cpio",
258		NULL
259	};
260	static const char *fileset3[] = {
261		/* Test RPM unwrapper */
262		"test_read_format_cpio_svr4_gzip_rpm.rpm",
263		NULL
264	};
265	static const struct files filesets[] = {
266		{0, fileset1},
267		{0, fileset2},
268		{0, fileset3},
269		{1, NULL}
270	};
271	test_fuzz(filesets);
272}
273
274DEFINE_TEST(test_fuzz_iso9660)
275{
276	static const char *fileset1[] = {
277		"test_fuzz_1.iso.Z",
278		NULL
279	};
280	static const struct files filesets[] = {
281		{0, fileset1}, /* Exercise compress decompressor. */
282		{1, fileset1},
283		{1, NULL}
284	};
285	test_fuzz(filesets);
286}
287
288DEFINE_TEST(test_fuzz_lzh)
289{
290	static const char *fileset1[] = {
291		"test_fuzz.lzh",
292		NULL
293	};
294	static const struct files filesets[] = {
295		{0, fileset1},
296		{1, NULL}
297	};
298	test_fuzz(filesets);
299}
300
301DEFINE_TEST(test_fuzz_mtree)
302{
303	static const char *fileset1[] = {
304		"test_read_format_mtree.mtree",
305		NULL
306	};
307	static const struct files filesets[] = {
308		{0, fileset1},
309		{1, NULL}
310	};
311	test_fuzz(filesets);
312}
313
314DEFINE_TEST(test_fuzz_rar)
315{
316	static const char *fileset1[] = {
317		/* Uncompressed RAR test */
318		"test_read_format_rar.rar",
319		NULL
320	};
321	static const char *fileset2[] = {
322		/* RAR file with binary data */
323		"test_read_format_rar_binary_data.rar",
324		NULL
325	};
326	static const char *fileset3[] = {
327		/* Best Compressed RAR test */
328		"test_read_format_rar_compress_best.rar",
329		NULL
330	};
331	static const char *fileset4[] = {
332		/* Normal Compressed RAR test */
333		"test_read_format_rar_compress_normal.rar",
334		NULL
335	};
336	static const char *fileset5[] = {
337		/* Normal Compressed Multi LZSS blocks RAR test */
338		"test_read_format_rar_multi_lzss_blocks.rar",
339		NULL
340	};
341	static const char *fileset6[] = {
342		/* RAR with no EOF header */
343		"test_read_format_rar_noeof.rar",
344		NULL
345	};
346	static const char *fileset7[] = {
347		/* Best Compressed RAR file with both PPMd and LZSS blocks */
348		"test_read_format_rar_ppmd_lzss_conversion.rar",
349		NULL
350	};
351	static const char *fileset8[] = {
352		/* RAR with subblocks */
353		"test_read_format_rar_subblock.rar",
354		NULL
355	};
356	static const char *fileset9[] = {
357		/* RAR with Unicode filenames */
358		"test_read_format_rar_unicode.rar",
359		NULL
360	};
361	static const char *fileset10[] = {
362		"test_read_format_rar_multivolume.part0001.rar",
363		"test_read_format_rar_multivolume.part0002.rar",
364		"test_read_format_rar_multivolume.part0003.rar",
365		"test_read_format_rar_multivolume.part0004.rar",
366		NULL
367	};
368	static const struct files filesets[] = {
369		{0, fileset1},
370		{0, fileset2},
371		{0, fileset3},
372		{0, fileset4},
373		{0, fileset5},
374		{0, fileset6},
375		{0, fileset7},
376		{0, fileset8},
377		{0, fileset9},
378		{0, fileset10},
379		{1, NULL}
380	};
381	test_fuzz(filesets);
382}
383
384DEFINE_TEST(test_fuzz_tar)
385{
386	static const char *fileset1[] = {
387		"test_compat_bzip2_1.tbz",
388		NULL
389	};
390	static const char *fileset2[] = {
391		"test_compat_gtar_1.tar",
392		NULL
393	};
394	static const char *fileset3[] = {
395		"test_compat_gzip_1.tgz",
396		NULL
397	};
398	static const char *fileset4[] = {
399		"test_compat_gzip_2.tgz",
400		NULL
401	};
402	static const char *fileset5[] = {
403		"test_compat_tar_hardlink_1.tar",
404		NULL
405	};
406	static const char *fileset6[] = {
407		"test_compat_xz_1.txz",
408		NULL
409	};
410	static const char *fileset7[] = {
411		"test_read_format_gtar_sparse_1_17_posix10_modified.tar",
412		NULL
413	};
414	static const char *fileset8[] = {
415		"test_read_format_tar_empty_filename.tar",
416		NULL
417	};
418#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
419	static const char *fileset9[] = {
420		"test_compat_lzop_1.tar.lzo",
421		NULL
422	};
423#endif
424#if HAVE_ZSTD_H && HAVE_LIBZSTD
425	static const char *fileset10[] = {
426		"test_compat_zstd_1.tar.zst",
427		NULL
428	};
429#endif
430	static const struct files filesets[] = {
431		{0, fileset1}, /* Exercise bzip2 decompressor. */
432		{1, fileset1},
433		{0, fileset2},
434		{0, fileset3}, /* Exercise gzip decompressor. */
435		{0, fileset4}, /* Exercise gzip decompressor. */
436		{0, fileset5},
437		{0, fileset6}, /* Exercise xz decompressor. */
438		{0, fileset7},
439		{0, fileset8},
440#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
441		{0, fileset9}, /* Exercise lzo decompressor. */
442#endif
443#if HAVE_ZSTD_H && HAVE_LIBZSTD
444		{0, fileset10}, /* Exercise zstd decompressor. */
445#endif
446		{1, NULL}
447	};
448	test_fuzz(filesets);
449}
450
451DEFINE_TEST(test_fuzz_zip)
452{
453	static const char *fileset1[] = {
454		"test_compat_zip_1.zip",
455		NULL
456	};
457	static const char *fileset2[] = {
458		"test_compat_zip_2.zip",
459		NULL
460	};
461	static const char *fileset3[] = {
462		"test_compat_zip_3.zip",
463		NULL
464	};
465	static const char *fileset4[] = {
466		"test_compat_zip_4.zip",
467		NULL
468	};
469	static const char *fileset5[] = {
470		"test_compat_zip_5.zip",
471		NULL
472	};
473	static const char *fileset6[] = {
474		"test_compat_zip_6.zip",
475		NULL
476	};
477	static const char *fileset7[] = {
478		"test_read_format_zip.zip",
479		NULL
480	};
481	static const char *fileset8[] = {
482		"test_read_format_zip_comment_stored_1.zip",
483		NULL
484	};
485	static const char *fileset9[] = {
486		"test_read_format_zip_comment_stored_2.zip",
487		NULL
488	};
489	static const char *fileset10[] = {
490		"test_read_format_zip_encryption_data.zip",
491		NULL
492	};
493	static const char *fileset11[] = {
494		"test_read_format_zip_encryption_header.zip",
495		NULL
496	};
497	static const char *fileset12[] = {
498		"test_read_format_zip_encryption_partially.zip",
499		NULL
500	};
501	static const char *fileset13[] = {
502		"test_read_format_zip_filename_cp866.zip",
503		NULL
504	};
505	static const char *fileset14[] = {
506		"test_read_format_zip_filename_cp932.zip",
507		NULL
508	};
509	static const char *fileset15[] = {
510		"test_read_format_zip_filename_koi8r.zip",
511		NULL
512	};
513	static const char *fileset16[] = {
514		"test_read_format_zip_filename_utf8_jp.zip",
515		NULL
516	};
517	static const char *fileset17[] = {
518		"test_read_format_zip_filename_utf8_ru.zip",
519		NULL
520	};
521	static const char *fileset18[] = {
522		"test_read_format_zip_filename_utf8_ru2.zip",
523		NULL
524	};
525	static const char *fileset19[] = {
526		"test_read_format_zip_length_at_end.zip",
527		NULL
528	};
529	static const char *fileset20[] = {
530		"test_read_format_zip_mac_metadata.zip",
531		NULL
532	};
533	static const char *fileset21[] = {
534		"test_read_format_zip_malformed1.zip",
535		NULL
536	};
537	static const char *fileset22[] = {
538		"test_read_format_zip_msdos.zip",
539		NULL
540	};
541	static const char *fileset23[] = {
542		"test_read_format_zip_nested.zip",
543		NULL
544	};
545	static const char *fileset24[] = {
546		"test_read_format_zip_nofiletype.zip",
547		NULL
548	};
549	static const char *fileset25[] = {
550		"test_read_format_zip_padded1.zip",
551		NULL
552	};
553	static const char *fileset26[] = {
554		"test_read_format_zip_padded2.zip",
555		NULL
556	};
557	static const char *fileset27[] = {
558		"test_read_format_zip_padded3.zip",
559		NULL
560	};
561	static const char *fileset28[] = {
562		"test_read_format_zip_symlink.zip",
563		NULL
564	};
565	static const char *fileset29[] = {
566		"test_read_format_zip_traditional_encryption_data.zip",
567		NULL
568	};
569	static const char *fileset30[] = {
570		"test_read_format_zip_ux.zip",
571		NULL
572	};
573	static const char *fileset31[] = {
574		"test_read_format_zip_winzip_aes128.zip",
575		NULL
576	};
577	static const char *fileset32[] = {
578		"test_read_format_zip_winzip_aes256.zip",
579		NULL
580	};
581	static const char *fileset33[] = {
582		"test_read_format_zip_winzip_aes256_large.zip",
583		NULL
584	};
585	static const char *fileset34[] = {
586		"test_read_format_zip_winzip_aes256_stored.zip",
587		NULL
588	};
589	static const char *fileset35[] = {
590		"test_read_format_zip_zip64a.zip",
591		NULL
592	};
593	static const char *fileset36[] = {
594		"test_read_format_zip_zip64b.zip",
595		NULL
596	};
597
598	static const struct files filesets[] = {
599		{0, fileset1},
600		{0, fileset2},
601		{0, fileset3},
602		{0, fileset4},
603		{0, fileset5},
604		{0, fileset6},
605		{0, fileset7},
606		{0, fileset8},
607		{0, fileset9},
608		{0, fileset10},
609		{0, fileset11},
610		{0, fileset12},
611		{0, fileset13},
612		{0, fileset14},
613		{0, fileset15},
614		{0, fileset16},
615		{0, fileset17},
616		{0, fileset18},
617		{0, fileset19},
618		{0, fileset20},
619		{0, fileset21},
620		{0, fileset22},
621		{0, fileset23},
622		{0, fileset24},
623		{0, fileset25},
624		{0, fileset26},
625		{0, fileset27},
626		{0, fileset28},
627		{0, fileset29},
628		{0, fileset30},
629		{0, fileset31},
630		{0, fileset32},
631		{0, fileset33},
632		{0, fileset34},
633		{0, fileset35},
634		{0, fileset36},
635		{1, NULL}
636	};
637	test_fuzz(filesets);
638}
639
640