diff options
author | Robert Swiecki <robert@swiecki.net> | 2019-05-22 16:02:57 +0200 |
---|---|---|
committer | Robert Swiecki <robert@swiecki.net> | 2019-05-22 16:02:57 +0200 |
commit | c6e51b11c16050eebfb26c661875f325a328bb9c (patch) | |
tree | f74e6ad828ac17fc39fd5eac2d9d762a496c3de4 | |
parent | bc7dea2faca30ddf896f5e7a37ba10e3552eec9f (diff) | |
download | honggfuzz-c6e51b11c16050eebfb26c661875f325a328bb9c.tar.gz |
honggfuzz 1.9
-rw-r--r-- | Makefile | 18 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | honggfuzz.h | 2 | ||||
-rw-r--r-- | libhfcommon/files.h | 4 | ||||
-rw-r--r-- | libhfuzz/persistent.c | 3 | ||||
-rw-r--r-- | linux/pt.c | 4 | ||||
-rw-r--r-- | mac/arch.c | 21 | ||||
-rw-r--r-- | socketfuzzer.c | 13 |
8 files changed, 31 insertions, 38 deletions
@@ -403,9 +403,9 @@ report.o: libhfcommon/log.h sanitizers.o: sanitizers.h honggfuzz.h libhfcommon/util.h cmdline.h sanitizers.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h sanitizers.o: libhfcommon/log.h -socketfuzzer.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h -socketfuzzer.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h -socketfuzzer.o: libhfcommon/ns.h socketfuzzer.h +socketfuzzer.o: socketfuzzer.h honggfuzz.h libhfcommon/util.h +socketfuzzer.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h +socketfuzzer.o: libhfcommon/log.h libhfcommon/ns.h subproc.o: subproc.h honggfuzz.h libhfcommon/util.h arch.h fuzz.h subproc.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h subproc.o: libhfcommon/log.h @@ -434,10 +434,10 @@ libhfuzz/linux.o: libhfcommon/common.h libhfcommon/files.h libhfuzz/linux.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/ns.h libhfuzz/linux.o: libhfuzz/libhfuzz.h libhfuzz/memorycmp.o: libhfcommon/common.h libhfuzz/instrument.h -libhfuzz/persistent.o: libhfuzz/libhfuzz.h honggfuzz.h libhfcommon/util.h -libhfuzz/persistent.o: libhfcommon/common.h libhfcommon/files.h -libhfuzz/persistent.o: libhfcommon/common.h libhfcommon/log.h -libhfuzz/persistent.o: libhfuzz/fetch.h libhfuzz/instrument.h +libhfuzz/persistent.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h +libhfuzz/persistent.o: libhfcommon/files.h libhfcommon/common.h +libhfuzz/persistent.o: libhfcommon/log.h libhfuzz/fetch.h +libhfuzz/persistent.o: libhfuzz/instrument.h libhfuzz/libhfuzz.h linux/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h linux/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/arch.o: libhfcommon/log.h libhfcommon/ns.h linux/perf.h linux/trace.h @@ -448,8 +448,8 @@ linux/bfd.o: libhfcommon/log.h linux/perf.o: linux/perf.h honggfuzz.h libhfcommon/util.h linux/perf.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/perf.o: libhfcommon/log.h linux/pt.h -linux/pt.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/util.h -linux/pt.o: linux/pt.h honggfuzz.h +linux/pt.o: linux/pt.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h +linux/pt.o: libhfcommon/log.h linux/trace.o: linux/trace.h honggfuzz.h libhfcommon/util.h linux/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/trace.o: libhfcommon/log.h linux/bfd.h linux/unwind.h sanitizers.h @@ -24,7 +24,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte ## Code - * Latest stable version: [1.8](https://github.com/google/honggfuzz/releases) + * Latest stable version: [1.9](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) ## Requirements @@ -90,6 +90,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) * panic() in sleep-parser [#1](https://github.com/datrs/sleep-parser/issues/3) * panic() in lewton [#1](https://github.com/RustAudio/lewton/issues/27) + * panic()/DoS in Ethereum-Parity [#1](https://srlabs.de/bites/ethereum_dos/) * ... and more ## Projects utilizing Honggfuzz @@ -112,6 +113,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__FuzzM__: a gray box model-based fuzzing framework](https://github.com/collins-research/FuzzM) * [__FuzzOS__: by Mozilla Security](https://github.com/MozillaSecurity/fuzzos) * [__Android__: by OHA](https://android.googlesource.com/platform/external/honggfuzz) + * [__QDBI__: by Quarkslab](https://project.inria.fr/FranceJapanICST/files/2019/04/19-Kyoto-Fuzzing_Binaries_using_Dynamic_Instrumentation.pdf) ## Examples diff --git a/honggfuzz.h b/honggfuzz.h index 8be9b283..d0a219e6 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -38,7 +38,7 @@ #include "libhfcommon/util.h" #define PROG_NAME "honggfuzz" -#define PROG_VERSION "1.8" +#define PROG_VERSION "1.9" /* Name of the template which will be replaced with the proper name of the file */ #define _HF_FILE_PLACEHOLDER "___FILE___" diff --git a/libhfcommon/files.h b/libhfcommon/files.h index aa257d15..f535a366 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -24,13 +24,13 @@ #ifndef _HF_COMMON_FILES_H_ #define _HF_COMMON_FILES_H_ -#include "common.h" - #include <stdbool.h> #include <stdint.h> #include <sys/socket.h> #include <unistd.h> +#include "common.h" + extern ssize_t files_readFileToBufMax(const char* fileName, uint8_t* buf, size_t fileMaxSz); extern bool files_writeBufToFile( diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 4f725dc2..5e015c39 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -1,5 +1,3 @@ -#include "libhfuzz/libhfuzz.h" - #include <errno.h> #include <fcntl.h> #include <inttypes.h> @@ -21,6 +19,7 @@ #include "libhfcommon/log.h" #include "libhfuzz/fetch.h" #include "libhfuzz/instrument.h" +#include "libhfuzz/libhfuzz.h" __attribute__((weak)) int LLVMFuzzerInitialize( int* argc HF_ATTR_UNUSED, char*** argv HF_ATTR_UNUSED) { @@ -21,15 +21,15 @@ * */ -#include "libhfcommon/common.h" +#include "pt.h" #include <inttypes.h> #include <linux/perf_event.h> #include <stdio.h> +#include "libhfcommon/common.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" -#include "pt.h" #ifdef _HF_LINUX_INTEL_PT_LIB @@ -24,11 +24,19 @@ #include "arch.h" +#import <Foundation/Foundation.h> #include <ctype.h> #include <dirent.h> #include <errno.h> #include <fcntl.h> +#include <mach/i386/thread_status.h> +#include <mach/mach.h> +#include <mach/mach_types.h> +#include <mach/mach_vm.h> +#include <mach/task_info.h> #include <poll.h> +#include <pthread.h> +#include <servers/bootstrap.h> #include <signal.h> #include <stdio.h> #include <stdlib.h> @@ -49,20 +57,9 @@ #include "libhfcommon/files.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" -#include "subproc.h" - -#include <mach/i386/thread_status.h> -#include <mach/mach.h> -#include <mach/mach_types.h> -#include <mach/mach_vm.h> -#include <mach/task_info.h> -#include <pthread.h> -#include <servers/bootstrap.h> - #include "mach_exc.h" #include "mach_excServer.h" - -#import <Foundation/Foundation.h> +#include "subproc.h" /* * Interface to third_party/CrashReport_*.o diff --git a/socketfuzzer.c b/socketfuzzer.c index d941e340..29783582 100644 --- a/socketfuzzer.c +++ b/socketfuzzer.c @@ -1,3 +1,5 @@ +#include "socketfuzzer.h" + #include <errno.h> #include <fcntl.h> #include <inttypes.h> @@ -11,17 +13,12 @@ #include <string.h> #include <sys/mman.h> #include <sys/param.h> +#include <sys/socket.h> #include <sys/stat.h> #include <sys/time.h> #include <sys/types.h> -#include <time.h> -#include <unistd.h> - -#include <errno.h> -#include <string.h> -#include <sys/socket.h> -#include <sys/types.h> #include <sys/un.h> +#include <time.h> #include <unistd.h> #include "honggfuzz.h" @@ -31,8 +28,6 @@ #include "libhfcommon/ns.h" #include "libhfcommon/util.h" -#include "socketfuzzer.h" - bool fuzz_waitForExternalInput(run_t* run) { /* tell the external fuzzer to do his thing */ if (!fuzz_prepareSocketFuzzer(run)) { |