test_fuzz.c revision 358088 
1/*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "test.h"
26__FBSDID("$FreeBSD: stable/11/contrib/libarchive/libarchive/test/test_fuzz.c 358088 2020-02-19 01:50:47Z mm $");
27
28/*
29 * This was inspired by an ISO fuzz tester written by Michal Zalewski
30 * and posted to the "vulnwatch" mailing list on March 17, 2005:
31 *    http://seclists.org/vulnwatch/2005/q1/0088.html
32 *
33 * This test simply reads each archive image into memory, pokes
34 * random values into it and runs it through libarchive.  It tries
35 * to damage about 1% of each file and repeats the exercise 100 times
36 * with each file.
37 *
38 * Unlike most other tests, this test does not verify libarchive's
39 * responses other than to ensure that libarchive doesn't crash.
40 *
41 * Due to the deliberately random nature of this test, it may be hard
42 * to reproduce failures.  Because this test deliberately attempts to
43 * induce crashes, there's little that can be done in the way of
44 * post-failure diagnostics.
45 */
46
47/* Because this works for any archive, we can just re-use the archives
48 * developed for other tests. */
49struct files {
50	int uncompress; /* If 1, decompress the file before fuzzing. */
51	const char **names;
52};
53
54static void
55test_fuzz(const struct files *filesets)
56{
57	const void *blk;
58	size_t blk_size;
59	int64_t blk_offset;
60	int n;
61	const char *skip_fuzz_tests;
62
63	skip_fuzz_tests = getenv("SKIP_TEST_FUZZ");
64	if (skip_fuzz_tests != NULL) {
65		skipping("Skipping fuzz tests due to SKIP_TEST_FUZZ "
66		    "environment variable");
67		return;
68	}
69
70	for (n = 0; filesets[n].names != NULL; ++n) {
71		const size_t buffsize = 30000000;
72		struct archive_entry *ae;
73		struct archive *a;
74		char *rawimage = NULL, *image = NULL, *tmp = NULL;
75		size_t size = 0, oldsize = 0;
76		int i, q;
77
78		extract_reference_files(filesets[n].names);
79		if (filesets[n].uncompress) {
80			int r;
81			/* Use format_raw to decompress the data. */
82			assert((a = archive_read_new()) != NULL);
83			assertEqualIntA(a, ARCHIVE_OK,
84			    archive_read_support_filter_all(a));
85			assertEqualIntA(a, ARCHIVE_OK,
86			    archive_read_support_format_raw(a));
87			r = archive_read_open_filenames(a, filesets[n].names, 16384);
88			if (r != ARCHIVE_OK) {
89				archive_read_free(a);
90				if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
91					skipping("Cannot uncompress fileset");
92				} else {
93					skipping("Cannot uncompress %s", filesets[n].names[0]);
94				}
95				continue;
96			}
97			assertEqualIntA(a, ARCHIVE_OK,
98			    archive_read_next_header(a, &ae));
99			rawimage = malloc(buffsize);
100			size = archive_read_data(a, rawimage, buffsize);
101			assertEqualIntA(a, ARCHIVE_EOF,
102			    archive_read_next_header(a, &ae));
103			assertEqualInt(ARCHIVE_OK,
104			    archive_read_free(a));
105			assert(size > 0);
106			if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
107				failure("Internal buffer is not big enough for "
108					"uncompressed test files");
109			} else {
110				failure("Internal buffer is not big enough for "
111					"uncompressed test file: %s", filesets[n].names[0]);
112			}
113			if (!assert(size < buffsize)) {
114				free(rawimage);
115				rawimage = NULL;
116				continue;
117			}
118		} else {
119			for (i = 0; filesets[n].names[i] != NULL; ++i)
120			{
121				char *newraw;
122				tmp = slurpfile(&size, "%s",
123						filesets[n].names[i]);
124				newraw = realloc(rawimage, oldsize + size);
125				if (!assert(newraw != NULL))
126				{
127					free(rawimage);
128					rawimage = NULL;
129					free(tmp);
130					continue;
131				}
132				rawimage = newraw;
133				memcpy(rawimage + oldsize, tmp, size);
134				oldsize += size;
135				size = oldsize;
136				free(tmp);
137			}
138		}
139		if (size == 0) {
140			free(rawimage);
141			rawimage = NULL;
142			continue;
143		}
144		image = malloc(size);
145		assert(image != NULL);
146		if (image == NULL) {
147			free(rawimage);
148			rawimage = NULL;
149			return;
150		}
151
152		assert(rawimage != NULL);
153
154		srand((unsigned)time(NULL));
155
156		for (i = 0; i < 1000; ++i) {
157			FILE *f;
158			int j, numbytes, trycnt;
159
160			/* Fuzz < 1% of the bytes in the archive. */
161			memcpy(image, rawimage, size);
162			q = (int)size / 100;
163			if (q < 4)
164				q = 4;
165			numbytes = (int)(rand() % q);
166			for (j = 0; j < numbytes; ++j)
167				image[rand() % size] = (char)rand();
168
169			/* Save the messed-up image to a file.
170			 * If we crash, that file will be useful. */
171			for (trycnt = 0; trycnt < 3; trycnt++) {
172				f = fopen("after.test.failure.send.this.file."
173				    "to.libarchive.maintainers.with.system.details", "wb");
174				if (f != NULL)
175					break;
176#if defined(_WIN32) && !defined(__CYGWIN__)
177				/*
178				 * Sometimes previous close operation does not completely
179				 * end at this time. So we should take a wait while
180				 * the operation running.
181				 */
182				Sleep(100);
183#endif
184			}
185			assert(f != NULL);
186			assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f));
187			fclose(f);
188
189			// Try to read all headers and bodies.
190			assert((a = archive_read_new()) != NULL);
191			assertEqualIntA(a, ARCHIVE_OK,
192			    archive_read_support_filter_all(a));
193			assertEqualIntA(a, ARCHIVE_OK,
194			    archive_read_support_format_all(a));
195
196			if (0 == archive_read_open_memory(a, image, size)) {
197				while(0 == archive_read_next_header(a, &ae)) {
198					while (0 == archive_read_data_block(a,
199						&blk, &blk_size, &blk_offset))
200						continue;
201				}
202				archive_read_close(a);
203			}
204			archive_read_free(a);
205
206			// Just list headers, skip bodies.
207			assert((a = archive_read_new()) != NULL);
208			assertEqualIntA(a, ARCHIVE_OK,
209			    archive_read_support_filter_all(a));
210			assertEqualIntA(a, ARCHIVE_OK,
211			    archive_read_support_format_all(a));
212
213			if (0 == archive_read_open_memory(a, image, size)) {
214				while(0 == archive_read_next_header(a, &ae)) {
215				}
216				archive_read_close(a);
217			}
218			archive_read_free(a);
219		}
220		free(image);
221		free(rawimage);
222	}
223}
224
225DEFINE_TEST(test_fuzz_ar)
226{
227	static const char *fileset1[] = {
228		"test_read_format_ar.ar",
229		NULL
230	};
231	static const struct files filesets[] = {
232		{0, fileset1},
233		{1, NULL}
234	};
235	test_fuzz(filesets);
236}
237
238DEFINE_TEST(test_fuzz_cab)
239{
240	static const char *fileset1[] = {
241		"test_fuzz.cab",
242		NULL
243	};
244	static const struct files filesets[] = {
245		{0, fileset1},
246		{1, NULL}
247	};
248	test_fuzz(filesets);
249}
250
251DEFINE_TEST(test_fuzz_cpio)
252{
253	static const char *fileset1[] = {
254		"test_read_format_cpio_bin_be.cpio",
255		NULL
256	};
257	static const char *fileset2[] = {
258		"test_read_format_cpio_bin_le.cpio",
259		NULL
260	};
261	static const char *fileset3[] = {
262		/* Test RPM unwrapper */
263		"test_read_format_cpio_svr4_gzip_rpm.rpm",
264		NULL
265	};
266	static const struct files filesets[] = {
267		{0, fileset1},
268		{0, fileset2},
269		{0, fileset3},
270		{1, NULL}
271	};
272	test_fuzz(filesets);
273}
274
275DEFINE_TEST(test_fuzz_iso9660)
276{
277	static const char *fileset1[] = {
278		"test_fuzz_1.iso.Z",
279		NULL
280	};
281	static const struct files filesets[] = {
282		{0, fileset1}, /* Exercise compress decompressor. */
283		{1, fileset1},
284		{1, NULL}
285	};
286	test_fuzz(filesets);
287}
288
289DEFINE_TEST(test_fuzz_lzh)
290{
291	static const char *fileset1[] = {
292		"test_fuzz.lzh",
293		NULL
294	};
295	static const struct files filesets[] = {
296		{0, fileset1},
297		{1, NULL}
298	};
299	test_fuzz(filesets);
300}
301
302DEFINE_TEST(test_fuzz_mtree)
303{
304	static const char *fileset1[] = {
305		"test_read_format_mtree.mtree",
306		NULL
307	};
308	static const struct files filesets[] = {
309		{0, fileset1},
310		{1, NULL}
311	};
312	test_fuzz(filesets);
313}
314
315DEFINE_TEST(test_fuzz_rar)
316{
317	static const char *fileset1[] = {
318		/* Uncompressed RAR test */
319		"test_read_format_rar.rar",
320		NULL
321	};
322	static const char *fileset2[] = {
323		/* RAR file with binary data */
324		"test_read_format_rar_binary_data.rar",
325		NULL
326	};
327	static const char *fileset3[] = {
328		/* Best Compressed RAR test */
329		"test_read_format_rar_compress_best.rar",
330		NULL
331	};
332	static const char *fileset4[] = {
333		/* Normal Compressed RAR test */
334		"test_read_format_rar_compress_normal.rar",
335		NULL
336	};
337	static const char *fileset5[] = {
338		/* Normal Compressed Multi LZSS blocks RAR test */
339		"test_read_format_rar_multi_lzss_blocks.rar",
340		NULL
341	};
342	static const char *fileset6[] = {
343		/* RAR with no EOF header */
344		"test_read_format_rar_noeof.rar",
345		NULL
346	};
347	static const char *fileset7[] = {
348		/* Best Compressed RAR file with both PPMd and LZSS blocks */
349		"test_read_format_rar_ppmd_lzss_conversion.rar",
350		NULL
351	};
352	static const char *fileset8[] = {
353		/* RAR with subblocks */
354		"test_read_format_rar_subblock.rar",
355		NULL
356	};
357	static const char *fileset9[] = {
358		/* RAR with Unicode filenames */
359		"test_read_format_rar_unicode.rar",
360		NULL
361	};
362	static const char *fileset10[] = {
363		"test_read_format_rar_multivolume.part0001.rar",
364		"test_read_format_rar_multivolume.part0002.rar",
365		"test_read_format_rar_multivolume.part0003.rar",
366		"test_read_format_rar_multivolume.part0004.rar",
367		NULL
368	};
369	static const struct files filesets[] = {
370		{0, fileset1},
371		{0, fileset2},
372		{0, fileset3},
373		{0, fileset4},
374		{0, fileset5},
375		{0, fileset6},
376		{0, fileset7},
377		{0, fileset8},
378		{0, fileset9},
379		{0, fileset10},
380		{1, NULL}
381	};
382	test_fuzz(filesets);
383}
384
385DEFINE_TEST(test_fuzz_tar)
386{
387	static const char *fileset1[] = {
388		"test_compat_bzip2_1.tbz",
389		NULL
390	};
391	static const char *fileset2[] = {
392		"test_compat_gtar_1.tar",
393		NULL
394	};
395	static const char *fileset3[] = {
396		"test_compat_gzip_1.tgz",
397		NULL
398	};
399	static const char *fileset4[] = {
400		"test_compat_gzip_2.tgz",
401		NULL
402	};
403	static const char *fileset5[] = {
404		"test_compat_tar_hardlink_1.tar",
405		NULL
406	};
407	static const char *fileset6[] = {
408		"test_compat_xz_1.txz",
409		NULL
410	};
411	static const char *fileset7[] = {
412		"test_read_format_gtar_sparse_1_17_posix10_modified.tar",
413		NULL
414	};
415	static const char *fileset8[] = {
416		"test_read_format_tar_empty_filename.tar",
417		NULL
418	};
419#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
420	static const char *fileset9[] = {
421		"test_compat_lzop_1.tar.lzo",
422		NULL
423	};
424#endif
425#if HAVE_ZSTD_H && HAVE_LIBZSTD
426	static const char *fileset10[] = {
427		"test_compat_zstd_1.tar.zst",
428		NULL
429	};
430#endif
431	static const struct files filesets[] = {
432		{0, fileset1}, /* Exercise bzip2 decompressor. */
433		{1, fileset1},
434		{0, fileset2},
435		{0, fileset3}, /* Exercise gzip decompressor. */
436		{0, fileset4}, /* Exercise gzip decompressor. */
437		{0, fileset5},
438		{0, fileset6}, /* Exercise xz decompressor. */
439		{0, fileset7},
440		{0, fileset8},
441#if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
442		{0, fileset9}, /* Exercise lzo decompressor. */
443#endif
444#if HAVE_ZSTD_H && HAVE_LIBZSTD
445		{0, fileset10}, /* Exercise zstd decompressor. */
446#endif
447		{1, NULL}
448	};
449	test_fuzz(filesets);
450}
451
452DEFINE_TEST(test_fuzz_zip)
453{
454	static const char *fileset1[] = {
455		"test_compat_zip_1.zip",
456		NULL
457	};
458	static const char *fileset2[] = {
459		"test_compat_zip_2.zip",
460		NULL
461	};
462	static const char *fileset3[] = {
463		"test_compat_zip_3.zip",
464		NULL
465	};
466	static const char *fileset4[] = {
467		"test_compat_zip_4.zip",
468		NULL
469	};
470	static const char *fileset5[] = {
471		"test_compat_zip_5.zip",
472		NULL
473	};
474	static const char *fileset6[] = {
475		"test_compat_zip_6.zip",
476		NULL
477	};
478	static const char *fileset7[] = {
479		"test_read_format_zip.zip",
480		NULL
481	};
482	static const char *fileset8[] = {
483		"test_read_format_zip_comment_stored_1.zip",
484		NULL
485	};
486	static const char *fileset9[] = {
487		"test_read_format_zip_comment_stored_2.zip",
488		NULL
489	};
490	static const char *fileset10[] = {
491		"test_read_format_zip_encryption_data.zip",
492		NULL
493	};
494	static const char *fileset11[] = {
495		"test_read_format_zip_encryption_header.zip",
496		NULL
497	};
498	static const char *fileset12[] = {
499		"test_read_format_zip_encryption_partially.zip",
500		NULL
501	};
502	static const char *fileset13[] = {
503		"test_read_format_zip_filename_cp866.zip",
504		NULL
505	};
506	static const char *fileset14[] = {
507		"test_read_format_zip_filename_cp932.zip",
508		NULL
509	};
510	static const char *fileset15[] = {
511		"test_read_format_zip_filename_koi8r.zip",
512		NULL
513	};
514	static const char *fileset16[] = {
515		"test_read_format_zip_filename_utf8_jp.zip",
516		NULL
517	};
518	static const char *fileset17[] = {
519		"test_read_format_zip_filename_utf8_ru.zip",
520		NULL
521	};
522	static const char *fileset18[] = {
523		"test_read_format_zip_filename_utf8_ru2.zip",
524		NULL
525	};
526	static const char *fileset19[] = {
527		"test_read_format_zip_length_at_end.zip",
528		NULL
529	};
530	static const char *fileset20[] = {
531		"test_read_format_zip_mac_metadata.zip",
532		NULL
533	};
534	static const char *fileset21[] = {
535		"test_read_format_zip_malformed1.zip",
536		NULL
537	};
538	static const char *fileset22[] = {
539		"test_read_format_zip_msdos.zip",
540		NULL
541	};
542	static const char *fileset23[] = {
543		"test_read_format_zip_nested.zip",
544		NULL
545	};
546	static const char *fileset24[] = {
547		"test_read_format_zip_nofiletype.zip",
548		NULL
549	};
550	static const char *fileset25[] = {
551		"test_read_format_zip_padded1.zip",
552		NULL
553	};
554	static const char *fileset26[] = {
555		"test_read_format_zip_padded2.zip",
556		NULL
557	};
558	static const char *fileset27[] = {
559		"test_read_format_zip_padded3.zip",
560		NULL
561	};
562	static const char *fileset28[] = {
563		"test_read_format_zip_symlink.zip",
564		NULL
565	};
566	static const char *fileset29[] = {
567		"test_read_format_zip_traditional_encryption_data.zip",
568		NULL
569	};
570	static const char *fileset30[] = {
571		"test_read_format_zip_ux.zip",
572		NULL
573	};
574	static const char *fileset31[] = {
575		"test_read_format_zip_winzip_aes128.zip",
576		NULL
577	};
578	static const char *fileset32[] = {
579		"test_read_format_zip_winzip_aes256.zip",
580		NULL
581	};
582	static const char *fileset33[] = {
583		"test_read_format_zip_winzip_aes256_large.zip",
584		NULL
585	};
586	static const char *fileset34[] = {
587		"test_read_format_zip_winzip_aes256_stored.zip",
588		NULL
589	};
590	static const char *fileset35[] = {
591		"test_read_format_zip_zip64a.zip",
592		NULL
593	};
594	static const char *fileset36[] = {
595		"test_read_format_zip_zip64b.zip",
596		NULL
597	};
598
599	static const struct files filesets[] = {
600		{0, fileset1},
601		{0, fileset2},
602		{0, fileset3},
603		{0, fileset4},
604		{0, fileset5},
605		{0, fileset6},
606		{0, fileset7},
607		{0, fileset8},
608		{0, fileset9},
609		{0, fileset10},
610		{0, fileset11},
611		{0, fileset12},
612		{0, fileset13},
613		{0, fileset14},
614		{0, fileset15},
615		{0, fileset16},
616		{0, fileset17},
617		{0, fileset18},
618		{0, fileset19},
619		{0, fileset20},
620		{0, fileset21},
621		{0, fileset22},
622		{0, fileset23},
623		{0, fileset24},
624		{0, fileset25},
625		{0, fileset26},
626		{0, fileset27},
627		{0, fileset28},
628		{0, fileset29},
629		{0, fileset30},
630		{0, fileset31},
631		{0, fileset32},
632		{0, fileset33},
633		{0, fileset34},
634		{0, fileset35},
635		{0, fileset36},
636		{1, NULL}
637	};
638	test_fuzz(filesets);
639}
640
641