github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-01-30 14:20:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,912 Commits 2 Branches 31 Tags 32 MiB
26a50942d8
Commit Graph

3912 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Rühsen
26a50942d8 * src/netrc.c (parse_netrc_fp): Fix two memleaks 2018-04-28 20:50:30 +02:00
Tim Rühsen
a1c9018797 Add new fuzzer for the .netrc parser 
* fuzz/wget_netrc_fuzzer.c: New fuzzer
* fuzz/wget_netrc_fuzzer.dict: Fuzzer dictionary
* fuzz/wget_netrc_fuzzer.in: Initial corpora
* src/ftp.c (getftp): Amend call to search_netrc()
* src/http.c (initialize_request): Likewise
* src/netrc.c: Cleanup, prepare code for fuzzing
* src/netrc.h: Cleanup
 2018-04-28 20:49:57 +02:00
Tim Rühsen
734d0aee15 * src/utils.c (match_tail): Fix unsigned integer overflow 2018-04-27 12:56:25 +02:00
Tim Rühsen
7de006bade Add new fuzzer for the Set-Cookie parser 
* fuzz/Makefile.am: Add wget_cookie_fuzzer
* fuzz/wget_cookie_fuzzer.c: New fuzzer
* fuzz/wget_cookie_fuzzer.dict: Fuzzers dictionary
* fuzz/wget_cookie_fuzzer.in: Initial corpora
 2018-04-27 12:56:25 +02:00
Tim Rühsen
78838d761f Fix buffer overflow in CSS parser 
* src/css-url.c (get_uri_string): Check input length
* fuzz/wget_css_fuzzer.repro/buffer-overflow-6600180399865856:
  Add reproducer corpus

Fixes OSS-Fuzz issue #8033.
This is a long standing bug affecting all versions <= 1.19.4.
 2018-04-26 22:40:28 +02:00
Tim Rühsen
cb47f3aaa4 Fix buffer overflow in CSS parser 
* src/css-url.c (get_urls_css): Check input string length
* fuzz/wget_css_fuzzer.repro/negative-size-param-5724866467594240:
  Add reproducer corpus

Fixes OSS-Fuzz issue #8032.
This is a long standing bug affecting all versions <= 1.19.4.
 2018-04-26 21:25:28 +02:00
Tim Rühsen
acfd9b4d56 Exclude fuzz corpora from tarball 
* fuzz/Makefile.am: Do not include corpora in tarball
* fuzz/main.c: SKIP if corpora directory isn't found (make check)

The fuzz corpora are thousands of files, not needed for a standard build
from a distribution tarball. The reproducers of former issues are being
included for regression testing.
 2018-04-26 16:18:01 +02:00
Tim Rühsen
ceb5d2d794 * tests/Makefile.am: Add -I/src to AM_CPPFLAGS 2018-04-26 16:17:10 +02:00
Tim Rühsen
939dbb0ebb Add CSS slowness reproducer (fixed) 
* fuzz/wget_css_fuzzer.repro/slowness-6275836549267456: New file

This file created an extreme CPU usage with the old CSS parser.
 2018-04-26 16:07:46 +02:00
Tim Rühsen
caa08d7470 Update CSS grammar from 1.x to 2.2 
* src/css-tokens.h: Add enums and fixate values
* src/css.l: Include config.h,
  ignore several compiler warnings,
  update the grammar to CSS 2.2

Fixes OSS-Fuzz issue #8010 (slowness issue).
This is a long standing bug affecting all versions <= 1.19.4.

Some crafted CSS input was extremely slow / CPU wasting, so it could
be used as a DOS attack against website scanning.

The code/grammar changes were backported from Wget2.x.
 2018-04-26 13:10:39 +02:00
Tim Rühsen
76fb1fe6f6 * src/res.c (add_path): Fix memleak (parsing robots.txt) 
Fixes OSS-Fuzz issue #8005.
This is a long standing bug affecting all versions <= 1.19.4.
 2018-04-25 11:33:38 +02:00
Tim Rühsen
fe6d1247ad * src/ftp-ls.c (ftp_parse_winnt_ls): Fix integer overflow 
Fixes OSS-Fuzz issue #7999.
This is a long standing bug affecting all versions <= 1.19.4.
 2018-04-25 09:37:29 +02:00
Tim Rühsen
02325168ca Add new fuzzer for the URL parser 
* fuzz/Makefile.am: Add wget_url_fuzzer
* fuzz/wget_url_fuzzer.c: New fuzzer
* fuzz/wget_url_fuzzer.in: Initial corpora
 2018-04-24 21:36:06 +02:00
Tim Rühsen
93e5a97f25 Add new fuzzer for robots.txt parsing 
* fuzz/Makefile.am: Add wget_robots_fuzzer
* fuzz/wget_robots_fuzzer.c: New fuzzer
* fuzz/wget_robots_fuzzer.in: Initial corpora
 2018-04-24 11:47:49 +02:00
Tim Rühsen
36482a21ea * fuzz/README.md: Add CFLAGS for undefined sanitizer 2018-04-24 11:30:06 +02:00
Tim Rühsen
7ee3ad1c48 * src/ftp-ls.c (ftp_parse_winnt_ls): Fix integer overflow 2018-04-24 11:11:47 +02:00
Tim Rühsen
79c1f333dc * src/ftp-ls.c (ftp_parse_vms_ls): Fix integer overflow by left shift 2018-04-24 11:05:52 +02:00
Tim Rühsen
d8365b0607 * src/ftp-ls.c (ftp_parse_unix_ls): Fix integer overflow in date parsing 2018-04-24 10:55:29 +02:00
Tim Rühsen
b0f802c46c * src/ftp-ls.c (ftp_parse_winnt_ls): Fix heap-buffer-overflow 
Fixes OSS-Fuzz issue #7931.
This is a long standing bug affecting all versions <= 1.19.4.
 2018-04-22 12:45:51 +02:00
Tim Rühsen
96c64a859d * src/ftp-ls.c (ftp_parse_winnt_ls): Fix heap-buffer-overflow 
Fixes OSS-Fuzz issue #7930.
This is a long standing bug affecting all versions <= 1.19.4.
 2018-04-22 11:33:35 +02:00
Tim Rühsen
2269cc2f1b * fuzz/wget_ftpls_fuzzer.in: Update corpora 2018-04-22 00:29:47 +02:00
Tim Rühsen
7d3da08537 * src/ftp-ls.c (eat_carets): Fix heap-buffer-overflow 2018-04-21 23:48:01 +02:00
Tim Rühsen
2b61c46183 * src/ftp-ls.c (ftp_parse_winnt_ls): Fix memleak 2018-04-21 22:52:01 +02:00
Tim Rühsen
f0d715b264 * src/ftp-ls.c (ftp_parse_vms_ls): Fix heap-buffer-overflow 2018-04-21 22:47:17 +02:00
Tim Rühsen
b3ff8ce3d5 * src/ftp-ls.c (ftp_parse_vms_ls): Fix heap-buffer-overflow 2018-04-21 22:45:03 +02:00
Tim Rühsen
c7014fbaea * src/ftp-ls.c (ftp_parse_vms_ls): Fix memleak 2018-04-21 22:42:30 +02:00
Tim Rühsen
407cd5f23b Add new fuzzer for the FTP listing parsers 
* fuzz/Makefile.am: Add wget_ftpls_fuzzer
* fuzz/wget_ftpls_fuzzer.c: New fuzzer
* fuzz/wget_ftpls_fuzzer.dict: Fuzzer dictionary
* fuzz/wget_ftpls_fuzzer.in/starter: Starting corpus
* src/ftp-ls.c: Parsing function take FILE * as argument,
  new function ftp_parse_ls_fp()
* src/ftp.c: Remove static from freefileinfo()
* src/ftp.h: Add ftp_parse_ls_fp() and freefileinfo()
 2018-04-21 19:24:25 +02:00
Tim Rühsen
fbc5f3736e * fuzz/run-clang.sh: Remove -detect_leaks=0 from fuzzer command line 2018-04-21 18:22:37 +02:00
Tim Rühsen
7ecfe3ef70 * src/main.c (main): Fix memleak for fuzzing/testing 2018-04-21 18:21:52 +02:00
Tim Rühsen
7e635d173e * src/init.c: Fix fuzzing in case ~/.wgetrc doesn't exist 2018-04-21 16:33:45 +02:00
Tim Rühsen
e83dd5b0aa Fix fuzzer build for C++ 
* fuzz/wget_css_fuzzer.c: Include wget.h outside 'extern "C"',
  undef fopen_wgetrc directly after wget.h
* fuzz/wget_html_fuzzer.c: Likewise
 2018-04-20 23:59:58 +02:00
Tim Rühsen
0b02993e39 * fuzz/Makefile.am: Add -I/lib to oss-fuzz builds 2018-04-20 23:28:12 +02:00
Tim Rühsen
23b0275feb Add new HTML parser fuzzer 
* fuzz/Makefile.am: Add wget_html_fuzzer
* fuzz/wget_html_fuzzer.c: New fuzzer
* fuzz/wget_html_fuzzer.dict: HTML dictionary for fuzzing
* fuzz/wget_html_fuzzer.in: Initial corpora
* src/html-url.c: Add new function get_urls_html_fm()
* src/html-url.h: Add ne function get_urls_html_fm()
* src/wget.h: Fix define for fopen_wgetrc()
 2018-04-20 22:33:58 +02:00
Tim Rühsen
77c31d301b * fuzz/wget_css_fuzzer.c: Fix build 2018-04-20 20:06:50 +02:00
Tim Rühsen
30bd99f3f5 * fuzz/wget_css_fuzzer.in/*: Update fuzzer corpora 2018-04-20 20:04:59 +02:00
Tim Rühsen
c9a091ae45 * src/css-url.c (get_uri_string): Fix buffer overflow (read) 2018-04-20 11:37:52 +02:00
Tim Rühsen
7a5db30b01 * src/iri.h: Fix C++ compile error 2018-04-20 10:17:55 +02:00
Tim Rühsen
9d899d7bb7 * src/http.c: Download and scan CSS files in spider mode 2018-04-19 23:05:06 +02:00
Tim Rühsen
d25d036fba * src/css-url.c (get_urls_css): Call yylex_destroy() to reset CSS scanner 2018-04-19 23:05:06 +02:00
Tim Rühsen
c1a368af89 Add new fuzzer wget_css_fuzzer.c 
* fuzz/Makefile.am: Add wget_css_fuzzer.c
* fuzz/wget_css_fuzzer.c: New fuzzer
 2018-04-19 23:05:06 +02:00
Tim Rühsen
ff3c7733b7 * src/html-url.h: Include needed header files 2018-04-18 20:41:08 +02:00
Tim Rühsen
cc7f15a529 * wget_options_fuzzer.in/*: Update fuzzer corpora 2018-04-18 16:46:44 +02:00
Tim Rühsen
ae6390e6a4 * fuzz/README.md: Add CXXFLAGS and more configure options 2018-04-18 16:43:51 +02:00
Tim Rühsen
3ae58dae13 Fix oss-fuzz issue with exit() 
* src/wget.h: Define exit() as exit_wget()
* fuzz/wget_options_fuzzer.c: Implement exit_wget() and cleanup
 2018-04-18 13:26:10 +02:00
Tim Rühsen
bb03572c2a * fuzz/wget_options_fuzzer.c: Declare fopen_* as C functions 2018-04-17 23:35:42 +02:00
Tim Rühsen
66b416b6cd Fix fopen/stdin issues with fuzzing 
* fuzz/wget_options_fuzzer.c: Add fopen_wget() and fopen_wgetrc()
* src/utils.c: Use fopen_wgetrc() for config files,
  don't read from stdin when fuzzing
* src/wget.h: Define fopen as fopen_wget when fuzzing,
  define fopen_wgetrc as fopen when not fuzzing
 2018-04-17 23:02:04 +02:00
Tim Rühsen
fdd86aada9 * configure.ac: AC_DEFINE FUZZING if --enable-fuzzing was given 2018-04-17 15:55:58 +02:00
Tim Rühsen
ce90ed78b6 * fuzz/wget_options_fuzzer.c: Write fuzzer crash reports 2018-04-17 12:41:34 +02:00
Tim Rühsen
3c4a6506a5 * src/log.c: Don't check_redirect_output() when fuzzing 2018-04-17 12:40:47 +02:00
Tim Rühsen
fbb4cd231e * src/main.c (promt_for_password): Avoid getpass() when fuzzing 2018-04-17 12:15:18 +02:00