FTP archive directory /NetBSD/NetBSD-release-10/src/external/bsd/libfido2/dist/fuzz/

Welcome to ftp.nluug.nl
Current directory: /NetBSD/NetBSD-release-10/src/external/bsd/libfido2/dist/fuzz/

Current bandwidth utilization 2217.04 Mbit/s

Contents of README:

libfido2 can be fuzzed using AFL or libFuzzer, with or without
ASAN/MSAN/UBSAN.

AFL is more convenient when fuzzing the path from the authenticator to
libfido2 in an existing application. To do so, use preload-snoop.c with a real
authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=ON, and
use preload-fuzz.c to read device data from stdin.

libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these
harnesses, use -DCMAKE_C_FLAGS=-fsanitize=fuzzer-no-link
-DFUZZ_LDFLAGS=-fsanitize=fuzzer -DFUZZ=ON.

If -DFUZZ=ON is enabled, symbols listed in wrapped.sym are wrapped in the
resulting shared object. The wrapper functions simulate failure according to a
deterministic RNG and probabilities defined in wrap.c. Harnesses wishing to
use this functionality should call prng_init() with a seed obtained from the
corpus. To mutate only the seed part of a libFuzzer harness's corpora,
use '-reduce_inputs=0 --fido-mutate=seed'.

To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
libcbor and OpenSSL built with the respective sanitiser. In order to keep
memory utilisation at a manageable level, you can either enforce limits at
the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
N.B., the patch below is relative to libcbor 0.10.1.

diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
index bbea63c..3f7c9af 100644
--- src/cbor/internal/memory_utils.c
+++ src/cbor/internal/memory_utils.c
@@ -41,7 +41,11 @@ size_t _cbor_safe_signaling_add(size_t a, size_t b) {
 
 void* _cbor_alloc_multiple(size_t item_size, size_t item_count) {
   if (_cbor_safe_to_multiply(item_size, item_count)) {
-    return _cbor_malloc(item_size * item_count);
+    if (item_count &gt; 1000) {
+      return NULL;
+    } else {
+      return _cbor_malloc(item_size * item_count);
+    }
   } else {
     return NULL;
   }

 Name                                                      Last modified      Size  
 Parent Directory                                                               -   
 CVS/                                                      06-Sep-2023 05:09    -   
 CMakeLists.txt                                            06-Sep-2023 05:09  2.8K  
 Dockerfile                                                06-Sep-2023 05:09  634   
 Makefile                                                  06-Sep-2023 05:09  2.9K  
 README                                                    06-Sep-2023 05:09  1.9K  
 build-coverage                                            06-Sep-2023 05:09  1.1K  
 clock.c                                                   05-Sep-2023 19:11  1.8K  
 dummy.h                                                   06-Sep-2023 05:09  7.5K  
 export.gnu                                                06-Sep-2023 05:09  6.8K  
 functions.txt                                             06-Sep-2023 05:09   79K  
 fuzz_assert.c                                             06-Sep-2023 05:09   13K  
 fuzz_bio.c                                                06-Sep-2023 05:09   10K  
 fuzz_cred.c                                               06-Sep-2023 05:09   13K  
 fuzz_credman.c                                            06-Sep-2023 05:09  9.3K  
 fuzz_hid.c                                                06-Sep-2023 05:09  5.9K  
 fuzz_largeblob.c                                          06-Sep-2023 05:09  5.7K  
 fuzz_mgmt.c                                               06-Sep-2023 05:09   12K  
 fuzz_netlink.c                                            06-Sep-2023 05:09  3.3K  
 fuzz_pcsc.c                                               05-Sep-2023 19:11  6.2K  
 libfuzzer.c                                               06-Sep-2023 05:09  4.6K  
 mutator_aux.c                                             06-Sep-2023 05:09  5.5K  
 mutator_aux.h                                             06-Sep-2023 05:09  2.9K  
 pcsc.c                                                    05-Sep-2023 19:11  3.9K  
 preload-fuzz.c                                            06-Sep-2023 05:09  1.9K  
 preload-snoop.c                                           06-Sep-2023 05:09  4.1K  
 prng.c                                                    04-Dec-2020 19:09  3.9K  
 report.tgz                                                06-Sep-2023 05:09  349K  
 summary.txt                                               06-Sep-2023 05:09  9.5K  
 udev.c                                                    06-Sep-2023 05:09  6.6K  
 uniform_random.c                                          03-Mar-2020 01:11  1.8K  
 wiredata_fido2.h                                          06-Sep-2023 05:09   34K  
 wiredata_u2f.h                                            06-Sep-2023 05:09  7.2K  
 wrap.c                                                    06-Sep-2023 05:09  9.1K  
 wrapped.sym                                               06-Sep-2023 05:09  1.7K

NLUUG - Open Systems. Open Standards
Become a member and get discounts on conferences and more, see the NLUUG website!