[OpenWrt-Devel] [PATCH libubox 00/20] tests, fuzzing, fixes and improvements

Petr Štetiar ynezz at true.cz
Thu Dec 19 16:58:16 EST 2019 

Hi,

this patch series adds unit tests passed through Valgrind, unit tests covered
with Clang's {Address,Leak,UndefinedBehavior}Sanitizer, fuzzing with
libFuzzer and bunch of fixes uncovered by the new tests.

Petr Štetiar (17):
  cmake: use extra compiler warnings only on gcc6+
  blobmsg/ulog: fix format string compiler warnings
  cmake: add more hardening compiler flags
  tests: add unit tests covered with Clang sanitizers
  tests: add libFuzzer based tests
  tests: add test cases for blob parsing
  test: fuzz: add blob_parse crashes
  blob: refactor attr parsing into separate function
  blob: introduce blob_parse_untrusted
  tests: use blob_parse_untrusted variant
  blob: fix OOB access in blob_check_type
  test: fuzz: add blobmsg_check_attr crashes
  tests: add test cases for blobmsg parsing
  blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
  blobmsg: fix heap buffer overflow in blobmsg_parse
  tests: fuzz: fuzz _len variants of checking methods
  blobmsg: reuse blobmsg_namelen in blobmsg_data

Tobias Schramm (3):
  Ensure blob_attr length check does not perform out of bounds reads
  Replace use of blobmsg_check_attr by blobmsg_check_attr_len
  blobmsg: add _len variants for all attribute checking methods

 CMakeLists.txt                                |  20 +-
 blob.c                                        |  98 +++++++---
 blob.h                                        |  11 +-
 blobmsg.c                                     |  89 ++++++---
 blobmsg.h                                     |  68 ++++++-
 tests/CMakeLists.txt                          |   9 +-
 tests/cram/inputs/invalid.ucert               | Bin 0 -> 362 bytes
 tests/cram/inputs/key-build.ucert             | Bin 0 -> 356 bytes
 tests/cram/test_avl.t                         |   9 +
 tests/cram/test_base64.t                      |  30 ++-
 tests/cram/test_blob_parse.t                  |  78 ++++++++
 tests/cram/test_blobmsg.t                     |  15 ++
 tests/cram/test_blobmsg_parse.t               |  65 +++++++
 tests/cram/test_jshn.t                        | 144 ++++++++++++++
 tests/cram/test_json_script.t                 |  55 ++++++
 tests/cram/test_list.t                        |  20 ++
 tests/cram/test_runqueue.t                    |  12 ++
 tests/fuzz/CMakeLists.txt                     |  18 ++
 .../71520a5c4b5ca73903216857abbad54a8002d44a  | Bin 0 -> 2 bytes
 .../c1dfd96eea8cc2b62785275bca38ac261256e278  |   1 +
 .../c42ac1c46f1d4e211c735cc7dfad4ff8391110e9  | Bin 0 -> 3 bytes
 ...h-1b8fb1be45db3aff7699100f497fb74138f3df4f | Bin 0 -> 6 bytes
 ...h-333757b203a44751d3535f24b05f467183a96d09 | Bin 0 -> 10 bytes
 ...h-4c4d2c3c9ade5da9347534e290305c3b9760f627 | Bin 0 -> 17 bytes
 ...h-5e9937b197c88bf4e7b7ee2612456cad4cb83f5b | Bin 0 -> 86 bytes
 ...h-75b146c4e6fac64d3e62236b27c64b50657bab2a | Bin 0 -> 4 bytes
 ...h-813f3e68661da09c26d4a87dbb9d5099e92be50f | Bin 0 -> 36 bytes
 ...h-98595faa58ba01d85ba4fd0b109cd3d490b45795 | Bin 0 -> 6 bytes
 ...h-d0f3aa7d60a094b021f635d4edb7807c055a4ea1 |   1 +
 ...h-df9d1243057b27bbad6211e5a23d1cb699028aa2 | Bin 0 -> 16 bytes
 ...h-e2fd5ecb3b37926743256f1083f47a07c39e10c2 | Bin 0 -> 66 bytes
 tests/fuzz/corpus/valid-blobmsg.bin           | Bin 0 -> 176 bytes
 tests/fuzz/test-fuzz.c                        | 100 ++++++++++
 tests/test-blob-parse.c                       | 175 ++++++++++++++++++
 tests/test-blobmsg-parse.c                    |  74 ++++++++
 ulog.c                                        |   3 +
 36 files changed, 1035 insertions(+), 60 deletions(-)
 create mode 100644 tests/cram/inputs/invalid.ucert
 create mode 100644 tests/cram/inputs/key-build.ucert
 create mode 100644 tests/cram/test_blob_parse.t
 create mode 100644 tests/cram/test_blobmsg_parse.t
 create mode 100644 tests/fuzz/CMakeLists.txt
 create mode 100644 tests/fuzz/corpus/71520a5c4b5ca73903216857abbad54a8002d44a
 create mode 100644 tests/fuzz/corpus/c1dfd96eea8cc2b62785275bca38ac261256e278
 create mode 100644 tests/fuzz/corpus/c42ac1c46f1d4e211c735cc7dfad4ff8391110e9
 create mode 100644 tests/fuzz/corpus/crash-1b8fb1be45db3aff7699100f497fb74138f3df4f
 create mode 100644 tests/fuzz/corpus/crash-333757b203a44751d3535f24b05f467183a96d09
 create mode 100644 tests/fuzz/corpus/crash-4c4d2c3c9ade5da9347534e290305c3b9760f627
 create mode 100644 tests/fuzz/corpus/crash-5e9937b197c88bf4e7b7ee2612456cad4cb83f5b
 create mode 100644 tests/fuzz/corpus/crash-75b146c4e6fac64d3e62236b27c64b50657bab2a
 create mode 100644 tests/fuzz/corpus/crash-813f3e68661da09c26d4a87dbb9d5099e92be50f
 create mode 100644 tests/fuzz/corpus/crash-98595faa58ba01d85ba4fd0b109cd3d490b45795
 create mode 100644 tests/fuzz/corpus/crash-d0f3aa7d60a094b021f635d4edb7807c055a4ea1
 create mode 100644 tests/fuzz/corpus/crash-df9d1243057b27bbad6211e5a23d1cb699028aa2
 create mode 100644 tests/fuzz/corpus/crash-e2fd5ecb3b37926743256f1083f47a07c39e10c2
 create mode 100644 tests/fuzz/corpus/valid-blobmsg.bin
 create mode 100644 tests/fuzz/test-fuzz.c
 create mode 100644 tests/test-blob-parse.c
 create mode 100644 tests/test-blobmsg-parse.c


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list