fuzzdb.c (1708B)
1 #include "util.c" 2 #include <stdlib.h> 3 #include <unistd.h> 4 #include <stdint.h> 5 #include <fcntl.h> 6 #define AES256 1 7 #ifndef RAW_DB 8 #include "tiny-AES-c/aes.c" 9 #endif 10 #include "tiny-AES-c/aes.h" 11 ssize_t my_read(int fd, void *buf, size_t count); 12 #define read my_read 13 #define open(...) 0 14 #ifdef RAW_DB 15 #define AES_init_ctx_iv(...) 16 #define AES_CBC_decrypt_buffer(...) 17 #define AES_CBC_encrypt_buffer(...) 18 #endif 19 #include "db.c" 20 #undef read 21 #undef open 22 23 uint8_t keybuf[AES_BLOCKLEN + AES_KEYLEN] = { 24 0xc7, 0x14, 0x90, 0xfc, 0x24, 0xaa, 0x3d, 0x19, 0xe1, 0x12, 0x82, 0xda, 0x77, 0x03, 0x2d, 0xd9, 0xcd, 0xb3, 0x31, 0x03, 0xc8, 0xd3, 0xda, 0x46, 0x29, 0xc7, 0x1c, 0x1b, 0xe7, 0xf8, 0x06, 0xa7, 0x0b, 0x3c, 0x1c, 0x17, 0x74, 0xf0, 0xd5, 0x34, 0x1b, 0xe3, 0x24, 0xef, 0xde, 0xac, 0x9d, 0x9e 25 }; 26 27 ssize_t len; 28 ssize_t buf_pos; 29 char *src = NULL; 30 31 __AFL_FUZZ_INIT(); 32 33 void dummy_cb(struct token *token, void *data) 34 { 35 char buffer[256]; 36 memcpy(buffer, token->key.data, token->key.end - token->key.data); 37 memcpy(buffer, token->desc.data, token->desc.end - token->desc.data); 38 memcpy(buffer, token->issuer.data, token->issuer.end - token->issuer.data); 39 } 40 41 ssize_t my_read(int fd, void *buf, size_t count) 42 { 43 (void)fd; 44 45 ssize_t n; 46 if (count < len - buf_pos) 47 n = count; 48 else 49 n = len - buf_pos; 50 51 memcpy(buf, src + buf_pos, n); 52 return n; 53 } 54 55 int main(void) 56 { 57 __AFL_INIT(); 58 unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; 59 while (__AFL_LOOP(10000)) { 60 struct AES_ctx aes; 61 len = __AFL_FUZZ_TESTCASE_LEN; 62 src = realloc(src, len + 1); 63 buf_pos = 0; 64 memcpy(src, buf, len); 65 src[len] = '\0'; 66 if (db_open_read(NULL, &aes, keybuf) < 0) 67 continue; 68 db_foreach(0, &aes, dummy_cb, NULL); 69 } 70 71 return 0; 72 }