Fix fopen/stdin issues with fuzzing

* fuzz/wget_options_fuzzer.c: Add fopen_wget() and fopen_wgetrc() * src/utils.c: Use fopen_wgetrc() for config files, don't read from stdin when fuzzing * src/wget.h: Define fopen as fopen_wget when fuzzing, define fopen_wgetrc as fopen when not fuzzing
2025-02-28 21:00:25 +08:00 · 2018-04-17 23:01:59 +02:00 · 2018-04-17 23:01:59 +02:00 · 66b416b6cd
commit 66b416b6cd
parent fdd86aada9
3 changed files with 32 additions and 2 deletions
--- a/fuzz/wget_options_fuzzer.c
+++ b/fuzz/wget_options_fuzzer.c
@ -80,6 +80,7 @@ DIR *opendir(const char *name)
 */
 }

+/*
 FILE *fopen(const char *pathname, const char *mode)
 {
 	FILE *(*libc_fopen)(const char *, const char *) =
@ -105,6 +106,7 @@ FILE *fopen(const char *pathname, const char *mode)

 	return libc_fopen(pathname, mode);
 }
+*/

 void exit(int status)
 {
@ -119,6 +121,16 @@ void exit(int status)
 #endif
 #endif

+FILE *fopen_wget(const char *pathname, const char *mode)
+{
+	return fopen("/dev/null", mode);
+}
+
+FILE *fopen_wgetrc(const char *pathname, const char *mode)
+{
+	return fmemopen((void *) g_data, g_size, mode);
+}
+
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
 //	static const char *argv[] = { "wget", "-q", "--no-config", "--config", "d41d8cd98f00b204e9800998ecf8427e" };
--- a/src/utils.c
+++ b/src/utils.c
@ -848,9 +848,11 @@ fopen_stat(const char *fname, const char *mode, file_stats_t *fstats)
  FILE *fp;
  struct stat fdstats;

-  fp = fopen (fname, mode);
-#ifdef TESTING
+#if defined FUZZING && defined TESTING
+  fp = fopen_wgetrc (fname, mode);
  return fp;
+#else
+  fp = fopen (fname, mode);
 #endif
  if (fp == NULL)
  {
@ -1277,6 +1279,7 @@ wget_read_file (const char *file)

  /* Some magic in the finest tradition of Perl and its kin: if FILE
     is "-", just use stdin.  */
+#ifndef FUZZING
  if (HYPHENP (file))
    {
      fd = fileno (stdin);
@ -1285,6 +1288,7 @@ wget_read_file (const char *file)
         redirected from a regular file, mmap() will still work.  */
    }
  else
+#endif
    fd = open (file, O_RDONLY);
  if (fd < 0)
    return NULL;
--- a/src/wget.h
+++ b/src/wget.h
@ -393,4 +393,18 @@ typedef enum
 #  define UNIQ_SEP '.'
 # endif /* ndef __VMS */

+#if defined FUZZING && defined TESTING
+/* Rename fopen so we can have our own version in fuzz/main.c to
+   not create random files. */
+#  define fopen(fp, mode) fopen_wget(fp, mode)
+
+/* In run_wgetrc() we call fopen_wgetrc() instead of fopen, so we can catch
+   the call in our fuzzers. */
+FILE *fopen_wget(const char *pathname, const char *mode);
+FILE *fopen_wgetrc(const char *pathname, const char *mode);
+#else
+/* When not fuzzing, we want to call fopen() instead of fopen_wgetrc() */
+#  define fopen_wgetrc(fp) fopen(fp)
+#endif /* FUZZING && TESTING */
+
 #endif /* WGET_H */