fuzzing: improve archive fuzzer

Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-01-11 21:25:06 +00:00
parent 61617211bf
commit 802c6c5c0d
10 changed files with 123 additions and 49 deletions
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
@@ -1,3 +1,17 @@
+// Copyright 2023 The go-fuzz-headers Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package gofuzzheaders

 import (
@@ -18,7 +32,10 @@ import (
 	securejoin "github.com/cyphar/filepath-securejoin"
 )

-var MaxTotalLen uint32 = 2000000
+var (
+	MaxTotalLen uint32 = 2000000
+	maxDepth           = 100
+)

 func SetMaxTotalLen(newLen uint32) {
 	MaxTotalLen = newLen
@@ -32,6 +49,7 @@ type ConsumeFuzzer struct {
 	NumberOfCalls        int
 	position             uint32
 	fuzzUnexportedFields bool
+	curDepth             int
 	Funcs                map[reflect.Type]reflect.Value
 }

@@ -44,6 +62,7 @@ func NewConsumer(fuzzData []byte) *ConsumeFuzzer {
 		data:      fuzzData,
 		dataTotal: uint32(len(fuzzData)),
 		Funcs:     make(map[reflect.Type]reflect.Value),
+		curDepth:  0,
 	}
 }

@@ -129,11 +148,18 @@ func (f *ConsumeFuzzer) setCustom(v reflect.Value) error {
 }

 func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error {
+	if f.curDepth >= maxDepth {
+		// return err or nil here?
+		return nil
+	}
+	f.curDepth++
+	defer func() { f.curDepth-- }()
+
 	// We check if we should check for custom functions
 	if customFunctions && e.IsValid() && e.CanAddr() {
 		err := f.setCustom(e.Addr())
-		if err == nil {
-			return nil
+		if err != nil {
+			return err
 		}
 	}

@@ -367,13 +393,6 @@ func (f *ConsumeFuzzer) GetUint32() (uint32, error) {
 	if err != nil {
 		return 0, err
 	}
-	littleEndian, err := f.GetBool()
-	if err != nil {
-		return 0, err
-	}
-	if littleEndian {
-		return binary.LittleEndian.Uint32(u32), nil
-	}
 	return binary.BigEndian.Uint32(u32), nil
 }

@@ -403,14 +422,14 @@ func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
 	if f.position+length > MaxTotalLen {
 		return nil, errors.New("created too large a string")
 	}
-	byteBegin := f.position - 1
+	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if length == 0 {
 		return nil, errors.New("zero-length is not supported")
 	}
-	if byteBegin+length >= f.dataTotal {
+	if byteBegin+length-1 >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if byteBegin+length < byteBegin {
@@ -431,7 +450,7 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
 	if f.position > MaxTotalLen {
 		return "nil", errors.New("created too large a string")
 	}
-	byteBegin := f.position - 1
+	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
@@ -463,6 +482,7 @@ func (f *ConsumeFuzzer) FuzzMap(m interface{}) error {
 }

 func returnTarBytes(buf []byte) ([]byte, error) {
+	return buf, nil
 	// Count files
 	var fileCounter int
 	tr := tar.NewReader(bytes.NewReader(buf))
@@ -476,7 +496,7 @@ func returnTarBytes(buf []byte) ([]byte, error) {
 		}
 		fileCounter++
 	}
-	if fileCounter > 4 {
+	if fileCounter >= 1 {
 		return buf, nil
 	}
 	return nil, fmt.Errorf("not enough files were created\n")
@@ -547,6 +567,15 @@ func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error {
 }

 func tooSmallFileBody(length uint32) bool {
+	if length < 2 {
+		return true
+	}
+	if length < 4 {
+		return true
+	}
+	if length < 10 {
+		return true
+	}
 	if length < 100 {
 		return true
 	}
@@ -589,30 +618,16 @@ func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
 		return nil, errors.New("not enough bytes to create byte array")
 	}

-	shouldUseLargeFileBody, err := f.GetBool()
-	if err != nil {
-		return nil, errors.New("not enough bytes to check long file body")
-	}
-
-	if shouldUseLargeFileBody && tooSmallFileBody(length) {
-		return nil, errors.New("File body was too small")
-	}
-
 	// A bit of optimization to attempt to create a file body
 	// when we don't have as many bytes left as "length"
 	remainingBytes := f.dataTotal - f.position
-	if remainingBytes == 0 {
+	if remainingBytes <= 0 {
 		return nil, errors.New("created too large a string")
 	}
-	if remainingBytes < 50 {
-		length = length % remainingBytes
-	} else if f.dataTotal < 500 {
-		length = length % f.dataTotal
-	}
 	if f.position+length > MaxTotalLen {
 		return nil, errors.New("created too large a string")
 	}
-	byteBegin := f.position - 1
+	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
@@ -641,18 +656,13 @@ func (f *ConsumeFuzzer) getTarFilename() (string, error) {
 	// A bit of optimization to attempt to create a file name
 	// when we don't have as many bytes left as "length"
 	remainingBytes := f.dataTotal - f.position
-	if remainingBytes == 0 {
+	if remainingBytes <= 0 {
 		return "nil", errors.New("created too large a string")
 	}
-	if remainingBytes < 50 {
-		length = length % remainingBytes
-	} else if f.dataTotal < 500 {
-		length = length % f.dataTotal
-	}
 	if f.position > MaxTotalLen {
 		return "nil", errors.New("created too large a string")
 	}
-	byteBegin := f.position - 1
+	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
@@ -687,6 +697,7 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
 		if err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
+
 		sec, err := f.GetInt()
 		if err != nil {
 			return returnTarBytes(buf.Bytes())
@@ -715,7 +726,7 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
 			return returnTarBytes(buf.Bytes())
 		}
 	}
-	return returnTarBytes(buf.Bytes())
+	return buf.Bytes(), nil
 }

 // CreateFiles creates pseudo-random files in rootDir.
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go
@@ -1,3 +1,17 @@
+// Copyright 2023 The go-fuzz-headers Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package gofuzzheaders

 import (
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go
@@ -1,3 +1,17 @@
+// Copyright 2023 The go-fuzz-headers Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package gofuzzheaders

 import (
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,6 +1,6 @@
 # cloud.google.com/go/compute/metadata v0.2.1
 ## explicit; go 1.19
-# github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830
+# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 => github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230111232327-1f10f66a31bf
 ## explicit; go 1.18
 github.com/AdaLogics/go-fuzz-headers
 # github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652
@@ -798,3 +798,4 @@ sigs.k8s.io/structured-merge-diff/v4/value
 ## explicit; go 1.12
 sigs.k8s.io/yaml
 # github.com/opencontainers/runtime-tools => github.com/opencontainers/runtime-tools v0.0.0-20221026201742-946c877fa809
+# github.com/AdaLogics/go-fuzz-headers => github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230111232327-1f10f66a31bf