[gcab/wip/hughsie/future: 13/18] Allow skipping the checksum when fuzzing
- From: Richard Hughes <rhughes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gcab/wip/hughsie/future: 13/18] Allow skipping the checksum when fuzzing
- Date: Wed, 13 Dec 2017 23:03:27 +0000 (UTC)
commit 3fd4ec4cc9adfd3d48522c8660e740fea68e97c0
Author: Richard Hughes <richard hughsie com>
Date: Wed Dec 13 15:48:43 2017 +0000
Allow skipping the checksum when fuzzing
It's easy enough to fix the checksum for a malicious file, so we shouldn't just
rely on this to catch corruption.
README.md | 13 +++++++++++++
libgcab/cabinet.c | 11 ++++++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ad24af8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+GCab
+====
+
+A GObject library to create cabinet files
+
+Fuzzing
+-------
+
+ CC=afl-gcc meson --default-library=static ../
+ AFL_HARDEN=1 ninja
+ export GCAB_SKIP_CHECKSUM=1
+ afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings ./gcab --list-details @@
+ afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings2 ./gcab --directory=/tmp --extract @@
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
index 09e5572..90a296e 100644
--- a/libgcab/cabinet.c
+++ b/libgcab/cabinet.c
@@ -513,6 +513,15 @@ cdata_finish (cdata_t *cd, GError **error)
"zlib failed: %s", zError (zret));
}
+static gint
+_enforce_checksum (void)
+{
+ static gint enforce = -1;
+ if (enforce == -1)
+ enforce = g_getenv ("GCAB_SKIP_CHECKSUM") == NULL ? 1 : 0;
+ return enforce;
+}
+
G_GNUC_INTERNAL gboolean
cdata_read (cdata_t *cd, guint8 res_data, gint comptype,
GDataInputStream *in, GCancellable *cancellable, GError **error)
@@ -545,7 +554,7 @@ cdata_read (cdata_t *cd, guint8 res_data, gint comptype,
memcpy (&sizecsum[0], &nbytes_le, 2);
nbytes_le = GUINT16_TO_LE (cd->nubytes);
memcpy (&sizecsum[2], &nbytes_le, 2);
- if (cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) {
+ if (_enforce_checksum () && cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) {
g_set_error_literal (error, GCAB_ERROR, GCAB_ERROR_FAILED,
_("incorrect checksum detected"));
return FALSE;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]