| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Meson (meson.build):
- Add "target_winver" (default: "") option to support Windows versions
earlier Windows 7 (0x0601, the same as glib.) This sets a compiler
command-line define "-DTARGET_WINVER=${target_winver}", which
unconditionally sets WINVER and _WIN32_WINNT to select the requested
target Windows API.
Ref: https://learn.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt
- Clean up building the static library.
- Build the static library when "-Dstatic=true" is present on the
command line, not just when doing fuzz testing.
- Add the "*_STATIC_COMPILATION" defines to the compiler's command
line. For Windows, ensure that libiconv is an explicit dependency
since "pkg-config --libs --static" fails to add it as a dependency
library.
|
|
as they were before 72f85005a230 ("socket abstraction: slirp_os_socket"):
that broke the ABI. Better introduce SlirpAddPollCbSocket,
{,un}register_poll_socket that people can use instead, and wrappers for
the old API, for a smooth API/ABI upgrade.
|
|
Found by ALT Linux Team.
Signed-off-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Fixes #80
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It's no use sending to the slirp stack the trace packets which are
supposed to be generated by the stack. Also no use fuzzing them, then.
|
|
We don't know in advance what the trace will have received as sequence
number, so when fuzzing tcp, just align on what the trace says
|
|
- by adding trace examples
- by separating fuzzing different headers / data
- by adding an echo TCP server forward
- also factorizing code along the way
Also-by: JC <luffy33820@gmail.com>
Also-by: Alisee Lafontaine <alisee.lafontaine@u-bordeaux.fr>
|
|
The slirp_fuzz_ip_header harness should be working and is a basic
example of a custom mutator focusing on part of the input.
The slirp_fuzz_udp harness needs a bit of work to calculate the checksum
properly.
The code can be built using `meson build` followed by `ninja -C build`,
the current meson.build file is not suitable with a general usage.
To run the fuzzing code just run `build/fuzzing/fuzz-ip-header
fuzzing/IN -detect_leaks=0`, crash will be sent to current folder and
new input will go directly in the `IN` folder.
The main point to focus on to improve the fuzzing should be generating
a better corpus.
|
|
You can run the tests over the corpus with a "regular" build, then
$ fuzzing/fuzz-input ../fuzzing/IN/*
Or building with fuzzing enabled, and running:
$ CFLAGS="-fsanitize=fuzzer" CC=clang CXX=clang++ meson -Db_lundef=false
$ fuzzing/fuzz-input ../fuzzing/IN
I have an initial corpus which was generated by running fuzz-input for
a few hours starting with qemu.pkt, which is the first packet sent by
qemu. Sadly, it only covers 25%... I tried to increase the coverage
manually, see for example tftp-get-blah.pkt, but that's not so simple,
as multiple packets may be required to setup a session etc.
Neverthess, the fuzzing already found a few issues, so it might be
worth to add it in this current form.
fuzzing/oss-fuzz.sh is used by oss-fuzz, for Google fuzzing.
(see documentation if you want to reproduce the build locally)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
The macro just makes things more difficult to debug, inline it.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
