2 * Copyright (c) 2003-2007 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD$");
29 * This was inspired by an ISO fuzz tester written by Michal Zalewski
30 * and posted to the "vulnwatch" mailing list on March 17, 2005:
31 * http://seclists.org/vulnwatch/2005/q1/0088.html
33 * This test simply reads each archive image into memory, pokes
34 * random values into it and runs it through libarchive. It tries
35 * to damage about 1% of each file and repeats the exercise 100 times
38 * Unlike most other tests, this test does not verify libarchive's
39 * responses other than to ensure that libarchive doesn't crash.
41 * Due to the deliberately random nature of this test, it may be hard
42 * to reproduce failures. Because this test deliberately attempts to
43 * induce crashes, there's little that can be done in the way of
44 * post-failure diagnostics.
47 /* Because this works for any archive, we can just re-use the archives
48 * developed for other tests. */
50 int uncompress; /* If 1, decompress the file before fuzzing. */
55 test_fuzz(const struct files *filesets)
61 const char *skip_fuzz_tests;
63 skip_fuzz_tests = getenv("SKIP_TEST_FUZZ");
64 if (skip_fuzz_tests != NULL) {
65 skipping("Skipping fuzz tests due to SKIP_TEST_FUZZ "
66 "environment variable");
70 for (n = 0; filesets[n].names != NULL; ++n) {
71 const size_t buffsize = 30000000;
72 struct archive_entry *ae;
74 char *rawimage = NULL, *image = NULL, *tmp = NULL;
75 size_t size = 0, oldsize = 0;
78 extract_reference_files(filesets[n].names);
79 if (filesets[n].uncompress) {
81 /* Use format_raw to decompress the data. */
82 assert((a = archive_read_new()) != NULL);
83 assertEqualIntA(a, ARCHIVE_OK,
84 archive_read_support_filter_all(a));
85 assertEqualIntA(a, ARCHIVE_OK,
86 archive_read_support_format_raw(a));
87 r = archive_read_open_filenames(a, filesets[n].names, 16384);
88 if (r != ARCHIVE_OK) {
90 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
91 skipping("Cannot uncompress fileset");
93 skipping("Cannot uncompress %s", filesets[n].names[0]);
97 assertEqualIntA(a, ARCHIVE_OK,
98 archive_read_next_header(a, &ae));
99 rawimage = malloc(buffsize);
100 size = archive_read_data(a, rawimage, buffsize);
101 assertEqualIntA(a, ARCHIVE_EOF,
102 archive_read_next_header(a, &ae));
103 assertEqualInt(ARCHIVE_OK,
104 archive_read_free(a));
106 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
107 failure("Internal buffer is not big enough for "
108 "uncompressed test files");
110 failure("Internal buffer is not big enough for "
111 "uncompressed test file: %s", filesets[n].names[0]);
113 if (!assert(size < buffsize)) {
119 for (i = 0; filesets[n].names[i] != NULL; ++i)
122 tmp = slurpfile(&size, "%s",
123 filesets[n].names[i]);
124 newraw = realloc(rawimage, oldsize + size);
125 if (!assert(newraw != NULL))
133 memcpy(rawimage + oldsize, tmp, size);
144 image = malloc(size);
145 assert(image != NULL);
152 assert(rawimage != NULL);
154 srand((unsigned)time(NULL));
156 for (i = 0; i < 1000; ++i) {
158 int j, numbytes, trycnt;
160 /* Fuzz < 1% of the bytes in the archive. */
161 memcpy(image, rawimage, size);
165 numbytes = (int)(rand() % q);
166 for (j = 0; j < numbytes; ++j)
167 image[rand() % size] = (char)rand();
169 /* Save the messed-up image to a file.
170 * If we crash, that file will be useful. */
171 for (trycnt = 0; trycnt < 3; trycnt++) {
172 f = fopen("after.test.failure.send.this.file."
173 "to.libarchive.maintainers.with.system.details", "wb");
176 #if defined(_WIN32) && !defined(__CYGWIN__)
178 * Sometimes previous close operation does not completely
179 * end at this time. So we should take a wait while
180 * the operation running.
186 assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f));
189 // Try to read all headers and bodies.
190 assert((a = archive_read_new()) != NULL);
191 assertEqualIntA(a, ARCHIVE_OK,
192 archive_read_support_filter_all(a));
193 assertEqualIntA(a, ARCHIVE_OK,
194 archive_read_support_format_all(a));
196 if (0 == archive_read_open_memory(a, image, size)) {
197 while(0 == archive_read_next_header(a, &ae)) {
198 while (0 == archive_read_data_block(a,
199 &blk, &blk_size, &blk_offset))
202 archive_read_close(a);
204 archive_read_free(a);
206 // Just list headers, skip bodies.
207 assert((a = archive_read_new()) != NULL);
208 assertEqualIntA(a, ARCHIVE_OK,
209 archive_read_support_filter_all(a));
210 assertEqualIntA(a, ARCHIVE_OK,
211 archive_read_support_format_all(a));
213 if (0 == archive_read_open_memory(a, image, size)) {
214 while(0 == archive_read_next_header(a, &ae)) {
216 archive_read_close(a);
218 archive_read_free(a);
225 DEFINE_TEST(test_fuzz_ar)
227 static const char *fileset1[] = {
228 "test_read_format_ar.ar",
231 static const struct files filesets[] = {
238 DEFINE_TEST(test_fuzz_cab)
240 static const char *fileset1[] = {
244 static const struct files filesets[] = {
251 DEFINE_TEST(test_fuzz_cpio)
253 static const char *fileset1[] = {
254 "test_read_format_cpio_bin_be.cpio",
257 static const char *fileset2[] = {
258 "test_read_format_cpio_bin_le.cpio",
261 static const char *fileset3[] = {
262 /* Test RPM unwrapper */
263 "test_read_format_cpio_svr4_gzip_rpm.rpm",
266 static const struct files filesets[] = {
275 DEFINE_TEST(test_fuzz_iso9660)
277 static const char *fileset1[] = {
281 static const struct files filesets[] = {
282 {0, fileset1}, /* Exercise compress decompressor. */
289 DEFINE_TEST(test_fuzz_lzh)
291 static const char *fileset1[] = {
295 static const struct files filesets[] = {
302 DEFINE_TEST(test_fuzz_mtree)
304 static const char *fileset1[] = {
305 "test_read_format_mtree.mtree",
308 static const struct files filesets[] = {
315 DEFINE_TEST(test_fuzz_rar)
317 static const char *fileset1[] = {
318 /* Uncompressed RAR test */
319 "test_read_format_rar.rar",
322 static const char *fileset2[] = {
323 /* RAR file with binary data */
324 "test_read_format_rar_binary_data.rar",
327 static const char *fileset3[] = {
328 /* Best Compressed RAR test */
329 "test_read_format_rar_compress_best.rar",
332 static const char *fileset4[] = {
333 /* Normal Compressed RAR test */
334 "test_read_format_rar_compress_normal.rar",
337 static const char *fileset5[] = {
338 /* Normal Compressed Multi LZSS blocks RAR test */
339 "test_read_format_rar_multi_lzss_blocks.rar",
342 static const char *fileset6[] = {
343 /* RAR with no EOF header */
344 "test_read_format_rar_noeof.rar",
347 static const char *fileset7[] = {
348 /* Best Compressed RAR file with both PPMd and LZSS blocks */
349 "test_read_format_rar_ppmd_lzss_conversion.rar",
352 static const char *fileset8[] = {
353 /* RAR with subblocks */
354 "test_read_format_rar_subblock.rar",
357 static const char *fileset9[] = {
358 /* RAR with Unicode filenames */
359 "test_read_format_rar_unicode.rar",
362 static const char *fileset10[] = {
363 "test_read_format_rar_multivolume.part0001.rar",
364 "test_read_format_rar_multivolume.part0002.rar",
365 "test_read_format_rar_multivolume.part0003.rar",
366 "test_read_format_rar_multivolume.part0004.rar",
369 static const struct files filesets[] = {
385 DEFINE_TEST(test_fuzz_tar)
387 static const char *fileset1[] = {
388 "test_compat_bzip2_1.tbz",
391 static const char *fileset2[] = {
392 "test_compat_gtar_1.tar",
395 static const char *fileset3[] = {
396 "test_compat_gzip_1.tgz",
399 static const char *fileset4[] = {
400 "test_compat_gzip_2.tgz",
403 static const char *fileset5[] = {
404 "test_compat_tar_hardlink_1.tar",
407 static const char *fileset6[] = {
408 "test_compat_xz_1.txz",
411 static const char *fileset7[] = {
412 "test_read_format_gtar_sparse_1_17_posix10_modified.tar",
415 static const char *fileset8[] = {
416 "test_read_format_tar_empty_filename.tar",
419 #if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
420 static const char *fileset9[] = {
421 "test_compat_lzop_1.tar.lzo",
425 #if HAVE_ZSTD_H && HAVE_LIBZSTD
426 static const char *fileset10[] = {
427 "test_compat_zstd_1.tar.zst",
431 static const struct files filesets[] = {
432 {0, fileset1}, /* Exercise bzip2 decompressor. */
435 {0, fileset3}, /* Exercise gzip decompressor. */
436 {0, fileset4}, /* Exercise gzip decompressor. */
438 {0, fileset6}, /* Exercise xz decompressor. */
441 #if HAVE_LIBLZO2 && HAVE_LZO_LZO1X_H && HAVE_LZO_LZOCONF_H
442 {0, fileset9}, /* Exercise lzo decompressor. */
444 #if HAVE_ZSTD_H && HAVE_LIBZSTD
445 {0, fileset10}, /* Excercise zstd decompressor. */
452 DEFINE_TEST(test_fuzz_zip)
454 static const char *fileset1[] = {
455 "test_compat_zip_1.zip",
458 static const char *fileset2[] = {
459 "test_compat_zip_2.zip",
462 static const char *fileset3[] = {
463 "test_compat_zip_3.zip",
466 static const char *fileset4[] = {
467 "test_compat_zip_4.zip",
470 static const char *fileset5[] = {
471 "test_compat_zip_5.zip",
474 static const char *fileset6[] = {
475 "test_compat_zip_6.zip",
478 static const char *fileset7[] = {
479 "test_read_format_zip.zip",
482 static const char *fileset8[] = {
483 "test_read_format_zip_comment_stored_1.zip",
486 static const char *fileset9[] = {
487 "test_read_format_zip_comment_stored_2.zip",
490 static const char *fileset10[] = {
491 "test_read_format_zip_encryption_data.zip",
494 static const char *fileset11[] = {
495 "test_read_format_zip_encryption_header.zip",
498 static const char *fileset12[] = {
499 "test_read_format_zip_encryption_partially.zip",
502 static const char *fileset13[] = {
503 "test_read_format_zip_filename_cp866.zip",
506 static const char *fileset14[] = {
507 "test_read_format_zip_filename_cp932.zip",
510 static const char *fileset15[] = {
511 "test_read_format_zip_filename_koi8r.zip",
514 static const char *fileset16[] = {
515 "test_read_format_zip_filename_utf8_jp.zip",
518 static const char *fileset17[] = {
519 "test_read_format_zip_filename_utf8_ru.zip",
522 static const char *fileset18[] = {
523 "test_read_format_zip_filename_utf8_ru2.zip",
526 static const char *fileset19[] = {
527 "test_read_format_zip_length_at_end.zip",
530 static const char *fileset20[] = {
531 "test_read_format_zip_mac_metadata.zip",
534 static const char *fileset21[] = {
535 "test_read_format_zip_malformed1.zip",
538 static const char *fileset22[] = {
539 "test_read_format_zip_msdos.zip",
542 static const char *fileset23[] = {
543 "test_read_format_zip_nested.zip",
546 static const char *fileset24[] = {
547 "test_read_format_zip_nofiletype.zip",
550 static const char *fileset25[] = {
551 "test_read_format_zip_padded1.zip",
554 static const char *fileset26[] = {
555 "test_read_format_zip_padded2.zip",
558 static const char *fileset27[] = {
559 "test_read_format_zip_padded3.zip",
562 static const char *fileset28[] = {
563 "test_read_format_zip_symlink.zip",
566 static const char *fileset29[] = {
567 "test_read_format_zip_traditional_encryption_data.zip",
570 static const char *fileset30[] = {
571 "test_read_format_zip_ux.zip",
574 static const char *fileset31[] = {
575 "test_read_format_zip_winzip_aes128.zip",
578 static const char *fileset32[] = {
579 "test_read_format_zip_winzip_aes256.zip",
582 static const char *fileset33[] = {
583 "test_read_format_zip_winzip_aes256_large.zip",
586 static const char *fileset34[] = {
587 "test_read_format_zip_winzip_aes256_stored.zip",
590 static const char *fileset35[] = {
591 "test_read_format_zip_zip64a.zip",
594 static const char *fileset36[] = {
595 "test_read_format_zip_zip64b.zip",
599 static const struct files filesets[] = {