Search Linux Wireless

Re: [RFC PATCH] iw: add clang-based fuzzer for scan IEs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Markus,

On Tue, Feb 11, 2020 at 11:42 PM Markus Theil
<markus.theil@xxxxxxxxxxxxx> wrote:
>
> This patch is not ready for inclusion into the repo, but only useful for
> testing purposes.
>
> Signed-off-by: Markus Theil <markus.theil@xxxxxxxxxxxxx>

A couple of minor comments:

> ---
>  Makefile    | 24 ++++++++++++++++++++----
>  fuzz.sh     |  5 +++++
>  fuzz_scan.c |  6 ++++++
>  iw.c        |  4 ++++
>  4 files changed, 35 insertions(+), 4 deletions(-)
>  create mode 100755 fuzz.sh
>  create mode 100644 fuzz_scan.c
>
> diff --git a/Makefile b/Makefile
> index 90f2251..4ba2daf 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -16,9 +16,9 @@ CFLAGS_EVAL := $(call cc-option,-Wstringop-overflow=4)
>  CFLAGS ?= -O2 -g
>  CFLAGS += -Wall -Wextra -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common \
>           -Werror-implicit-function-declaration -Wsign-compare -Wno-unused-parameter \
> -         $(CFLAGS_EVAL)
> +         $(CFLAGS_EVAL) $(EXTRA_CFLAGS)
>
> -_OBJS := $(sort $(patsubst %.c,%.o,$(wildcard *.c)))
> +_OBJS := $(filter-out iw.o fuzz_scan.o, $(sort $(patsubst %.c,%.o,$(wildcard *.c))))
>  VERSION_OBJS := $(filter-out version.o, $(_OBJS))
>  OBJS := $(VERSION_OBJS) version.o
>
> @@ -102,12 +102,28 @@ nl80211-commands.inc: nl80211.h
>         @$(NQ) ' CC  ' $@
>         $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
>
> +iw_main.o: iw.c iw.h nl80211.h nl80211-commands.inc
> +       @$(NQ) ' CC  ' $@
> +       $(Q)$(CC) $(CFLAGS) -DIW_MAIN=1 $(CPPFLAGS) -c -o $@ $<
> +
> +iw_no_main.o: iw.c iw.h nl80211.h nl80211-commands.inc
> +       @$(NQ) ' CC  ' $@
> +       $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
> +
>  ifeq ($(IW_ANDROID_BUILD),)
> -iw:    $(OBJS)
> +iw:    $(OBJS) iw_main.o
>         @$(NQ) ' CC  ' iw
> -       $(Q)$(CC) $(LDFLAGS) $(OBJS) $(LIBS) -o iw
> +       $(Q)$(CC) $(LDFLAGS) $(OBJS) iw_main.o $(LIBS) -o iw

You can use "$^" to get the full list of prerequisites instead of
spelling it out in both the rule definition and command.

I.e.

$(Q)$(CC) $(LDFLAGS) $^ $(LIBS) -o iw


There's a tool I'm aware of: https://github.com/google/AFL

Which does fuzzing by instrumenting the code under test and iterating
on input data. I'm not sure if it'll get you anything that LLVM's
built-in one won't, but it might be worth a try.

Thanks,

-- 
Julian Calaby

Email: julian.calaby@xxxxxxxxx
Profile: http://www.google.com/profiles/julian.calaby/
[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux