github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2024-12-30 23:10:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
4,039 Commits 2 Branches 31 Tags 32 MiB
bac6fbab6c
Commit Graph

4039 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Rühsen
f0d715b264 * src/ftp-ls.c (ftp_parse_vms_ls): Fix heap-buffer-overflow 2018-04-21 22:47:17 +02:00
Tim Rühsen
b3ff8ce3d5 * src/ftp-ls.c (ftp_parse_vms_ls): Fix heap-buffer-overflow 2018-04-21 22:45:03 +02:00
Tim Rühsen
c7014fbaea * src/ftp-ls.c (ftp_parse_vms_ls): Fix memleak 2018-04-21 22:42:30 +02:00
Tim Rühsen
407cd5f23b Add new fuzzer for the FTP listing parsers 
* fuzz/Makefile.am: Add wget_ftpls_fuzzer
* fuzz/wget_ftpls_fuzzer.c: New fuzzer
* fuzz/wget_ftpls_fuzzer.dict: Fuzzer dictionary
* fuzz/wget_ftpls_fuzzer.in/starter: Starting corpus
* src/ftp-ls.c: Parsing function take FILE * as argument,
  new function ftp_parse_ls_fp()
* src/ftp.c: Remove static from freefileinfo()
* src/ftp.h: Add ftp_parse_ls_fp() and freefileinfo()
 2018-04-21 19:24:25 +02:00
Tim Rühsen
fbc5f3736e * fuzz/run-clang.sh: Remove -detect_leaks=0 from fuzzer command line 2018-04-21 18:22:37 +02:00
Tim Rühsen
7ecfe3ef70 * src/main.c (main): Fix memleak for fuzzing/testing 2018-04-21 18:21:52 +02:00
Tim Rühsen
7e635d173e * src/init.c: Fix fuzzing in case ~/.wgetrc doesn't exist 2018-04-21 16:33:45 +02:00
Tim Rühsen
e83dd5b0aa Fix fuzzer build for C++ 
* fuzz/wget_css_fuzzer.c: Include wget.h outside 'extern "C"',
  undef fopen_wgetrc directly after wget.h
* fuzz/wget_html_fuzzer.c: Likewise
 2018-04-20 23:59:58 +02:00
Tim Rühsen
0b02993e39 * fuzz/Makefile.am: Add -I/lib to oss-fuzz builds 2018-04-20 23:28:12 +02:00
Tim Rühsen
23b0275feb Add new HTML parser fuzzer 
* fuzz/Makefile.am: Add wget_html_fuzzer
* fuzz/wget_html_fuzzer.c: New fuzzer
* fuzz/wget_html_fuzzer.dict: HTML dictionary for fuzzing
* fuzz/wget_html_fuzzer.in: Initial corpora
* src/html-url.c: Add new function get_urls_html_fm()
* src/html-url.h: Add ne function get_urls_html_fm()
* src/wget.h: Fix define for fopen_wgetrc()
 2018-04-20 22:33:58 +02:00
Tim Rühsen
77c31d301b * fuzz/wget_css_fuzzer.c: Fix build 2018-04-20 20:06:50 +02:00
Tim Rühsen
30bd99f3f5 * fuzz/wget_css_fuzzer.in/*: Update fuzzer corpora 2018-04-20 20:04:59 +02:00
Tim Rühsen
c9a091ae45 * src/css-url.c (get_uri_string): Fix buffer overflow (read) 2018-04-20 11:37:52 +02:00
Tim Rühsen
7a5db30b01 * src/iri.h: Fix C++ compile error 2018-04-20 10:17:55 +02:00
Tim Rühsen
9d899d7bb7 * src/http.c: Download and scan CSS files in spider mode 2018-04-19 23:05:06 +02:00
Tim Rühsen
d25d036fba * src/css-url.c (get_urls_css): Call yylex_destroy() to reset CSS scanner 2018-04-19 23:05:06 +02:00
Tim Rühsen
c1a368af89 Add new fuzzer wget_css_fuzzer.c 
* fuzz/Makefile.am: Add wget_css_fuzzer.c
* fuzz/wget_css_fuzzer.c: New fuzzer
 2018-04-19 23:05:06 +02:00
Tim Rühsen
ff3c7733b7 * src/html-url.h: Include needed header files 2018-04-18 20:41:08 +02:00
Tim Rühsen
cc7f15a529 * wget_options_fuzzer.in/*: Update fuzzer corpora 2018-04-18 16:46:44 +02:00
Tim Rühsen
ae6390e6a4 * fuzz/README.md: Add CXXFLAGS and more configure options 2018-04-18 16:43:51 +02:00
Tim Rühsen
3ae58dae13 Fix oss-fuzz issue with exit() 
* src/wget.h: Define exit() as exit_wget()
* fuzz/wget_options_fuzzer.c: Implement exit_wget() and cleanup
 2018-04-18 13:26:10 +02:00
Tim Rühsen
bb03572c2a * fuzz/wget_options_fuzzer.c: Declare fopen_* as C functions 2018-04-17 23:35:42 +02:00
Tim Rühsen
66b416b6cd Fix fopen/stdin issues with fuzzing 
* fuzz/wget_options_fuzzer.c: Add fopen_wget() and fopen_wgetrc()
* src/utils.c: Use fopen_wgetrc() for config files,
  don't read from stdin when fuzzing
* src/wget.h: Define fopen as fopen_wget when fuzzing,
  define fopen_wgetrc as fopen when not fuzzing
 2018-04-17 23:02:04 +02:00
Tim Rühsen
fdd86aada9 * configure.ac: AC_DEFINE FUZZING if --enable-fuzzing was given 2018-04-17 15:55:58 +02:00
Tim Rühsen
ce90ed78b6 * fuzz/wget_options_fuzzer.c: Write fuzzer crash reports 2018-04-17 12:41:34 +02:00
Tim Rühsen
3c4a6506a5 * src/log.c: Don't check_redirect_output() when fuzzing 2018-04-17 12:40:47 +02:00
Tim Rühsen
fbb4cd231e * src/main.c (promt_for_password): Avoid getpass() when fuzzing 2018-04-17 12:15:18 +02:00
Tim Rühsen
3ceb6e5630 Fix double fclose() with -d while fuzzing 
* src/ftp.c (ftp_loop_internal): Set warc_tmp to NULL after ffclose()
* src/init.c (cleanup): Set output_stream to NULL after fclose()
* src/log.c (log_close): Set global stream vars to NULL after closing
* src/recur.c (retrieve_tree): Set rejectedlog to NULL after closing
* src/warc.c (warc_close): Set stream vars to NULL after closing
 2018-04-17 11:59:54 +02:00
Tim Rühsen
eaf167aaaa * src/main.c (main): Don't background if TESTING 2018-04-17 11:50:36 +02:00
Tim Rühsen
7d5de64fc9 * src/init.c (initialize): Return error, don't exit() 2018-04-17 11:42:43 +02:00
Tim Rühsen
70042265be * src/init.c (cmd_use_askpass): Return false on error 2018-04-16 23:04:53 +02:00
Tim Rühsen
64758655c4 * src/utils.c (compile_posix_regex): Hard-code string to regcomp 
regcomp() may be too cpu + memory intensive for fuzzing.
See https://sourceware.org/glibc/wiki/Security%20Exceptions
 2018-04-16 22:04:54 +02:00
Tim Rühsen
e737c4b10e Fix 2 more memleaks 
* src/init.c (initialize): Use global var for wgetrc filename
* src/iri.c (find_locale): Return strdup'ed locale string
* src/options.h (struct options): Add wgetrcfile
 2018-04-16 22:02:11 +02:00
Tim Rühsen
05a8c064e9 * src/init.c (cleanup): Set output_stream to NULL after closing 2018-04-16 13:22:29 +02:00
Tim Rühsen
01002a168a Fix homedir memory leaks 
* src/hsts.c: Use opt.homedir
* src/init.c: Likewise
* src/main.c: Likewise
* src/netrc.c: Likewise
* src/options.h (struct options): Add homedir
 2018-04-16 13:19:03 +02:00
Tim Rühsen
73fd57585c * src/main.c (main): Free opt.encoding_remote properly 2018-04-16 12:21:52 +02:00
Tim Rühsen
7963260e76 * src/host.c (wait_ares): Free ptimer 2018-04-16 11:58:18 +02:00
Tim Rühsen
99a7039def * src/init.c (cleanup): Free regex objects properly 2018-04-16 11:57:39 +02:00
Tim Rühsen
d7e3acb2cc * src/init.c (cleanup): Never call cleanup() twice 2018-04-16 09:58:51 +02:00
Tim Rühsen
e0860dd1ff * src/init.c (cmd_bytes_sum): Fix integer over- and underflow 2018-04-16 09:58:51 +02:00
Tim Rühsen
15ef79f808 * src/main.c (save_hsts): Free hsts_store after closing 2018-04-16 09:58:51 +02:00
Tim Rühsen
79385a29fd Use strtol() instead of selfmade function 
* src/init.c (cmd_number): Use strtol() instead of selfmade function
* bootstrap.conf: Add strtol gnulib module
 2018-04-16 09:58:51 +02:00
Tim Rühsen
55da9f71f0 * src/hsts.c (hsts_hash_func): Allow integer overflow 2018-04-16 09:58:51 +02:00
Tim Rühsen
bec9816f40 * init.c (cmd_spec_mirror): Fix uninitialzed stack variable 2018-04-16 09:58:51 +02:00
Tim Rühsen
b86294e1c9 * src/init.c (cleanup): Free more variables 2018-04-16 09:58:51 +02:00
Tim Rühsen
7e1e5f3959 * wget_options_fuzzer.in: Add corpora directory 2018-04-16 09:58:51 +02:00
Tim Rühsen
4a6336d551 * fuzz/wget_options_fuzzer.c: Suppress error messages from wget 2018-04-16 09:58:51 +02:00
Tim Rühsen
328438e69b * src/utils.c (fopen_stat): Early return to allow fuzzing/fmemopen 2018-04-16 09:58:51 +02:00
Tim Rühsen
36f029d2f0 * src/init.c (initialize): Free mem before exit() 2018-04-16 09:58:51 +02:00
Tim Rühsen
a4402120ad Add OSS-Fuzz infrastruture 
* Makefile.am: Add fuzz/ to SUBDIRS
* cfg.mk: Fix 'make syntax-check'
* configure.ac: Add --enable-fuzzing
* fuzz/Makefile.am: New file
* fuzz/README.md: New file
* fuzz/fuzzer.h: New file
* fuzz/get_all_corpora: New file
* fuzz/get_ossfuzz_corpora: New file
* fuzz/glob_crash.c: New file
* fuzz/main.c: New file
* fuzz/run-afl.sh: New file
* fuzz/run-clang.sh: New file
* fuzz/view-coverage.sh: New file
* fuzz/wget_options_fuzzer.c: New file
* fuzz/wget_options_fuzzer.dict: New file
* src/init.c (cleanup): Free more resources
* src/main.c (init_switches): Initialize only once,
  (print_usage): Don't print if TESTING is defined
* src/utils.h: Include wget.h
 2018-04-16 09:58:51 +02:00