[gcab/wip/hughsie/future: 13/18] Allow skipping the checksum when fuzzing



commit 3fd4ec4cc9adfd3d48522c8660e740fea68e97c0
Author: Richard Hughes <richard hughsie com>
Date:   Wed Dec 13 15:48:43 2017 +0000

    Allow skipping the checksum when fuzzing
    
    It's easy enough to fix the checksum for a malicious file, so we shouldn't just
    rely on this to catch corruption.

 README.md         |   13 +++++++++++++
 libgcab/cabinet.c |   11 ++++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ad24af8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+GCab
+====
+
+A GObject library to create cabinet files
+
+Fuzzing
+-------
+
+    CC=afl-gcc meson --default-library=static ../
+    AFL_HARDEN=1 ninja
+    export GCAB_SKIP_CHECKSUM=1
+    afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings ./gcab --list-details @@
+    afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings2 ./gcab --directory=/tmp --extract @@
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
index 09e5572..90a296e 100644
--- a/libgcab/cabinet.c
+++ b/libgcab/cabinet.c
@@ -513,6 +513,15 @@ cdata_finish (cdata_t *cd, GError **error)
                      "zlib failed: %s", zError (zret));
 }
 
+static gint
+_enforce_checksum (void)
+{
+    static gint enforce = -1;
+    if (enforce == -1)
+        enforce = g_getenv ("GCAB_SKIP_CHECKSUM") == NULL ? 1 : 0;
+    return enforce;
+}
+
 G_GNUC_INTERNAL gboolean
 cdata_read (cdata_t *cd, guint8 res_data, gint comptype,
             GDataInputStream *in, GCancellable *cancellable, GError **error)
@@ -545,7 +554,7 @@ cdata_read (cdata_t *cd, guint8 res_data, gint comptype,
     memcpy (&sizecsum[0], &nbytes_le, 2);
     nbytes_le = GUINT16_TO_LE (cd->nubytes);
     memcpy (&sizecsum[2], &nbytes_le, 2);
-    if (cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) {
+    if (_enforce_checksum () && cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) {
         g_set_error_literal (error, GCAB_ERROR, GCAB_ERROR_FAILED,
                              _("incorrect checksum detected"));
         return FALSE;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]