2 * Copyright (c) 2003-2007 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD$");
29 * This was inspired by an ISO fuzz tester written by Michal Zalewski
30 * and posted to the "vulnwatch" mailing list on March 17, 2005:
31 * http://seclists.org/vulnwatch/2005/q1/0088.html
33 * This test simply reads each archive image into memory, pokes
34 * random values into it and runs it through libarchive. It tries
35 * to damage about 1% of each file and repeats the exercise 100 times
38 * Unlike most other tests, this test does not verify libarchive's
39 * responses other than to ensure that libarchive doesn't crash.
41 * Due to the deliberately random nature of this test, it may be hard
42 * to reproduce failures. Because this test deliberately attempts to
43 * induce crashes, there's little that can be done in the way of
44 * post-failure diagnostics.
47 /* Because this works for any archive, we can just re-use the archives
48 * developed for other tests. */
50 int uncompress; /* If 1, decompress the file before fuzzing. */
55 test_fuzz(const struct files *filesets)
62 for (n = 0; filesets[n].names != NULL; ++n) {
63 const size_t buffsize = 30000000;
64 struct archive_entry *ae;
66 char *rawimage = NULL, *image = NULL, *tmp = NULL;
67 size_t size = 0, oldsize = 0;
70 extract_reference_files(filesets[n].names);
71 if (filesets[n].uncompress) {
73 /* Use format_raw to decompress the data. */
74 assert((a = archive_read_new()) != NULL);
75 assertEqualIntA(a, ARCHIVE_OK,
76 archive_read_support_filter_all(a));
77 assertEqualIntA(a, ARCHIVE_OK,
78 archive_read_support_format_raw(a));
79 r = archive_read_open_filenames(a, filesets[n].names, 16384);
80 if (r != ARCHIVE_OK) {
82 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
83 skipping("Cannot uncompress fileset");
85 skipping("Cannot uncompress %s", filesets[n].names[0]);
89 assertEqualIntA(a, ARCHIVE_OK,
90 archive_read_next_header(a, &ae));
91 rawimage = malloc(buffsize);
92 size = archive_read_data(a, rawimage, buffsize);
93 assertEqualIntA(a, ARCHIVE_EOF,
94 archive_read_next_header(a, &ae));
95 assertEqualInt(ARCHIVE_OK,
96 archive_read_free(a));
98 if (filesets[n].names[0] == NULL || filesets[n].names[1] == NULL) {
99 failure("Internal buffer is not big enough for "
100 "uncompressed test files");
102 failure("Internal buffer is not big enough for "
103 "uncompressed test file: %s", filesets[n].names[0]);
105 if (!assert(size < buffsize)) {
110 for (i = 0; filesets[n].names[i] != NULL; ++i)
112 tmp = slurpfile(&size, filesets[n].names[i]);
113 rawimage = (char *)realloc(rawimage, oldsize + size);
114 memcpy(rawimage + oldsize, tmp, size);
118 if (!assert(rawimage != NULL))
124 image = malloc(size);
125 assert(image != NULL);
128 srand((unsigned)time(NULL));
130 for (i = 0; i < 100; ++i) {
132 int j, numbytes, trycnt;
134 /* Fuzz < 1% of the bytes in the archive. */
135 memcpy(image, rawimage, size);
138 numbytes = (int)(rand() % q);
139 for (j = 0; j < numbytes; ++j)
140 image[rand() % size] = (char)rand();
142 /* Save the messed-up image to a file.
143 * If we crash, that file will be useful. */
144 for (trycnt = 0; trycnt < 3; trycnt++) {
145 f = fopen("after.test.failure.send.this.file."
146 "to.libarchive.maintainers.with.system.details", "wb");
149 #if defined(_WIN32) && !defined(__CYGWIN__)
151 * Sometimes previous close operation does not completely
152 * end at this time. So we should take a wait while
153 * the operation running.
158 assertEqualInt((size_t)size, fwrite(image, 1, (size_t)size, f));
161 assert((a = archive_read_new()) != NULL);
162 assertEqualIntA(a, ARCHIVE_OK,
163 archive_read_support_filter_all(a));
164 assertEqualIntA(a, ARCHIVE_OK,
165 archive_read_support_format_all(a));
167 if (0 == archive_read_open_memory(a, image, size)) {
168 while(0 == archive_read_next_header(a, &ae)) {
169 while (0 == archive_read_data_block(a,
170 &blk, &blk_size, &blk_offset))
173 archive_read_close(a);
175 archive_read_free(a);
182 DEFINE_TEST(test_fuzz_ar)
184 static const char *fileset1[] = {
185 "test_read_format_ar.ar",
188 static const struct files filesets[] = {
195 DEFINE_TEST(test_fuzz_cab)
197 static const char *fileset1[] = {
201 static const struct files filesets[] = {
208 DEFINE_TEST(test_fuzz_cpio)
210 static const char *fileset1[] = {
211 "test_read_format_cpio_bin_be.cpio",
214 static const char *fileset2[] = {
215 /* Test RPM unwrapper */
216 "test_read_format_cpio_svr4_gzip_rpm.rpm",
219 static const struct files filesets[] = {
227 DEFINE_TEST(test_fuzz_iso9660)
229 static const char *fileset1[] = {
233 static const struct files filesets[] = {
234 {0, fileset1}, /* Exercise compress decompressor. */
241 DEFINE_TEST(test_fuzz_lzh)
243 static const char *fileset1[] = {
247 static const struct files filesets[] = {
254 DEFINE_TEST(test_fuzz_mtree)
256 static const char *fileset1[] = {
257 "test_read_format_mtree.mtree",
260 static const struct files filesets[] = {
267 DEFINE_TEST(test_fuzz_rar)
269 static const char *fileset1[] = {
270 /* Uncompressed RAR test */
271 "test_read_format_rar.rar",
274 static const char *fileset2[] = {
275 /* RAR file with binary data */
276 "test_read_format_rar_binary_data.rar",
279 static const char *fileset3[] = {
280 /* Best Compressed RAR test */
281 "test_read_format_rar_compress_best.rar",
284 static const char *fileset4[] = {
285 /* Normal Compressed RAR test */
286 "test_read_format_rar_compress_normal.rar",
289 static const char *fileset5[] = {
290 /* Normal Compressed Multi LZSS blocks RAR test */
291 "test_read_format_rar_multi_lzss_blocks.rar",
294 static const char *fileset6[] = {
295 /* RAR with no EOF header */
296 "test_read_format_rar_noeof.rar",
299 static const char *fileset7[] = {
300 /* Best Compressed RAR file with both PPMd and LZSS blocks */
301 "test_read_format_rar_ppmd_lzss_conversion.rar",
304 static const char *fileset8[] = {
305 /* RAR with subblocks */
306 "test_read_format_rar_subblock.rar",
309 static const char *fileset9[] = {
310 /* RAR with Unicode filenames */
311 "test_read_format_rar_unicode.rar",
314 static const char *fileset10[] = {
315 "test_read_format_rar_multivolume.part0001.rar",
316 "test_read_format_rar_multivolume.part0002.rar",
317 "test_read_format_rar_multivolume.part0003.rar",
318 "test_read_format_rar_multivolume.part0004.rar",
321 static const struct files filesets[] = {
337 DEFINE_TEST(test_fuzz_tar)
339 static const char *fileset1[] = {
340 "test_compat_bzip2_1.tbz",
343 static const char *fileset2[] = {
344 "test_compat_gtar_1.tar",
347 static const char *fileset3[] = {
348 "test_compat_gzip_1.tgz",
351 static const char *fileset4[] = {
352 "test_compat_gzip_2.tgz",
355 static const char *fileset5[] = {
356 "test_compat_tar_hardlink_1.tar",
359 static const char *fileset6[] = {
360 "test_compat_xz_1.txz",
363 static const char *fileset7[] = {
364 "test_read_format_gtar_sparse_1_17_posix10_modified.tar",
367 static const char *fileset8[] = {
368 "test_read_format_tar_empty_filename.tar",
371 static const char *fileset9[] = {
372 "test_compat_lzop_1.tar.lzo",
375 static const struct files filesets[] = {
376 {0, fileset1}, /* Exercise bzip2 decompressor. */
379 {0, fileset3}, /* Exercise gzip decompressor. */
380 {0, fileset4}, /* Exercise gzip decompressor. */
382 {0, fileset6}, /* Exercise xz decompressor. */
385 {0, fileset9}, /* Exercise lzo decompressor. */
391 DEFINE_TEST(test_fuzz_zip)
393 static const char *fileset1[] = {
394 "test_compat_zip_1.zip",
397 static const char *fileset2[] = {
398 "test_read_format_zip.zip",
401 static const struct files filesets[] = {