Commit Graph

68 Commits

Author SHA1 Message Date
Darshit Shah
f973f4857a * Update copyright year to 2024 2024-02-19 18:33:43 +05:30
Tim Rühsen
24e876357a * fuzz/*: Use grep >/dev/null instead of grep -q 2023-02-17 13:46:58 +01:00
Tim Rühsen
4223996930 Update copyright years 2023-02-17 13:46:58 +01:00
Tim Rühsen
9835085544 * fuzz/Makefile.am: Add -lz to fuzzer libs 2022-09-24 18:41:31 +02:00
Darshit Shah
be936bda56 * Update Copyright years 2022-02-26 15:49:52 +01:00
Tim Rühsen
f354529708 fuzz/*.in: Update fuzzer corpora 2021-12-22 19:49:24 +01:00
Tim Rühsen
c81042295e Switch fuzzing build from C++ to C
* Makefile.am (oss-fuzz): Build with $CC instead of $CXX.
* README.md: Remove CXX and CXXFLAGS exports.
2021-12-21 19:20:52 +01:00
Tim Rühsen
170896a76a * fuzz/wget_read_hunk_fuzzer.c: Add explicit cast for C++ compilation 2021-05-22 16:48:19 +02:00
Tim Rühsen
d4431a0b97 * fuzz/wget_ntlm_fuzzer.c: Add explicit cast for C++ compilation 2021-05-22 16:48:14 +02:00
Tim Rühsen
5fe8d26904 Improve wget_options_fuzzer
* fuzz/fuzzer.h: Ignore -Wunused-parameter.
* fuzz/wget_options_fuzzer.c: Let getaddrinfo() fail in while fuzzing.
* fuzz/wget_options_fuzzer.in/*: Update corpora from OSS-Fuzz.
2021-05-02 19:43:06 +02:00
Darshit Shah
cf788d60e4 Use a LOG_COMPILER for running fuzz tests
This prevents needing a special case in the fuzz tests to detect
valgrind usage and a new exec. Instead, we simply detect the environment
in a shell script and start the test with valgrind in the first place.

* fuzz/test-runner.sh: New script for running the fuzz tests
* fuzz/main.c (main): Remove code for re-running under valgrind
* fuzz/Makefile.am: Set the LOG_COMPILER to test-runner.sh and remember
  to add it to the list of extra files for packaging
2021-03-16 21:48:13 +01:00
Darshit Shah
5a7f2f7e87 Run make update-copyright 2021-01-01 12:31:01 +01:00
Tim Rühsen
103aaf7740 Add NTLM fuzzer
* configure.ac: Create WITH_NTLM conditional.
* fuzz/Makefile.am: Add wget_ntlm_fuzzer.
* fuzz/wget_ntlm_fuzzer.c: New file.
* fuzz/wget_ntlm_fuzzer.in/*: Initial fuzz corpora.
2020-03-06 18:52:37 +01:00
Tim Rühsen
238074e2b8 Add code coverage reporting
* configure.ac: Add AX_CODE_COVERAGE.
* Makefile.am: Add rules 'check-coverage' and 'fuzz-coverage'.
* fuzz/Makefile.am: Amend LDADD, AM_CFLAGS and AM_CPPFLAGS.
* src/Makefile.am: Amend LDADD, AM_CFLAGS and AM_CPPFLAGS.

This add a new configure option, --enable-code-coverage.

With this option enabled, generate test code coverage with
  make code-coverage
and generate coverage for the fuzz test corpora with
  make fuzz-coverage
2020-03-05 20:24:07 +01:00
Tim Rühsen
c1a46e9a3b * fuzz/wget_progress_fuzzer.in/*: Add fuzzer corpora 2020-01-10 13:56:39 +01:00
Tim Rühsen
34573bdf46 Add new fuzzer for the progress bar code
* Makefile.am: Add wget_progress_fuzzer.
* wget_progress_fuzzer.c: New file.
2020-01-10 13:56:39 +01:00
Darshit Shah
221f1ba3ef Update copyright year to 2020 2020-01-10 12:56:08 +01:00
Tim Rühsen
03a8e59d85 * fuzz/README.md: Add --enable-assert to fuzzing build 2019-12-27 13:41:20 +01:00
Tim Rühsen
ed135257b2 * fuzz/README.md: Update clang instructions 2019-12-27 13:39:11 +01:00
Tim Rühsen
777049389f * fuzz/wget_read_hunk_fuzzer.c: Use cast to fix C++ error 2019-11-24 16:33:34 +01:00
Darshit Shah
60dc09b507 Revert " Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header"
I accidentally commited this patch.

This reverts commit 4ce2f93600.
2019-05-30 11:19:46 +02:00
sulfastor
4ce2f93600 Hi, Thank you again Darshit for your response. The RejectHeaderField rule rejects ANY header
of the header field while RejectHeader rejects ONLY the specified full header.
	Since we wanted to be sure a header field is not sent to the server we wrote this rule.

	* doc/wget.texi: Added --disable-header documentation.
        * fuzz/wget_options_fuzzer.dict: Update with --disable-header inputs.
        * src/http.c (disabled_header): Checks for disabled headers
	(request_set_header): Doesn't let header to be set if disabled
	(gethttp): frees disabled header to let overriding
        * src/init.c (cmd_dis_header), (check_user_disabled_header) added new option disabled_headers.
        * src/main.c: added new option --disable-header, added help description
        * src/options.h: added new option --disable-header
	* src/utils.h (vec_remove_header)
	* src/utils.c (vec_remove_header) removes all header instances from vector
        * testenv/Makefile.am: Added new test files
        * testenv/server/http/http_server.py: Added new rule RejectHeaderField
        * testenv/conf/reject_header_field.py: Added new rule RejectHeaderField
        * testenv/README: Added help description for new rule
        * testenv/Test-disable-default-headers.py: Test without using --header
        * testenv/Test-disable-headers-after.py: Test using --header before --disable-header
        * testenv/Test-disable-headers-before.py: Test using --header after --disable-header

Signed-off-by: sulfastor <torresmoisesa@gmail.com>, adham elkarn <adhamelkarn@hotmail.com>
2019-05-30 10:01:24 +02:00
Tim Rühsen
7da620c7ce * fuzz/main.c: Fix paths for WIN32 2019-05-07 17:05:32 +02:00
Tim Rühsen
6edf7a30b6 * fuzz/*.in/*: Update corpora from OSS-fuzz 2019-04-26 14:47:17 +02:00
Tim Rühsen
c34e9a8c47 * fuzz/get_ossfuzz_corpora: Remove -f from unzip, mkdir *.in/ 2019-04-26 14:14:12 +02:00
Tim Rühsen
4c89c85a28 * fuzz/main.c (test_all_from): Fix indentation 2019-03-26 09:42:50 +01:00
Tim Rühsen
5d87635c66 Fix corner case in processing server response
* src/http.c (response_head_terminator): Don't access uninitialized data
* fuzz/wget_read_hunk_fuzzer.c: Sync response_head_terminator()
2019-03-25 16:05:56 +01:00
Tim Rühsen
4046cd2a71 Add new fuzzer wget_read_hunk_fuzzer.c
* fuzz/Makefile.am: Add wget_read_hunk_fuzzer
* fuzz/wget_read_hunk_fuzzer.c: New file
* fuzz/wget_read_hunk_fuzzer.in/*: Fuzz corpora
* src/connect.c: Add connect_cleanup()
* src/connect.h: Add prototype for connect_cleanup()
2019-03-25 14:57:07 +01:00
Tim Rühsen
ae6636a28f * fuzz/wget_netrc_fuzzer.c: Fix fuzzer 2019-03-03 17:05:58 +01:00
Tim Rühsen
acef0fb4c6 * fuzz/wget_ftpls_fuzzer.c: Fix fuzzer 2019-03-03 17:05:44 +01:00
Tim Rühsen
8d8abcffdf Fix fuzz/ tests for OpenBSD
* fuzz/wget_*_fuzzer.c: Take care when calling exit()
2019-02-19 17:18:49 +01:00
Tim Rühsen
93d21e4217 * fuzz/Makefile.am: Remove hard-coded gcc flags 2019-02-19 15:52:58 +01:00
Tim Rühsen
07f9fbd0b3 Fix STDERR closing/restoring in fuzzers
* fuzz/fuzzer.h: Add CLOSE_STDERR and RESTORE_STDERR
* fuzz/wget_*_fuzzer.c: Use CLOSE_STDERR and RESTORE_STDERR
2019-02-19 15:50:34 +01:00
Tim Rühsen
1098de2b49 Do not hard-code -ldl in fuzz/Makefile.am
* configure.ac: Search for dlopen and add library to $FUZZ_LIBS
* fuzz/Makefile.am: Link with $FUZZ_LIBS instead of -ldl

This fixes linking on BSD systems.

Reported-by: Nam Nguyen
2019-02-19 15:11:04 +01:00
Darshit Shah
8b975e83d3 Update copyright statements 2019-02-10 11:50:17 +01:00
Tim Rühsen
af16b0f38f * fuzz/Makefile.am: Fix order of libraries for linking 2018-12-27 20:48:36 +01:00
Tim Rühsen
3d518f125c * fuzz/*_fuzzer.in/*: Update fuzzer corpora 2018-10-14 15:15:49 +02:00
Tim Rühsen
333746f787 * fuzz/Makefile.am: Remove libtool LTLIB... from LDADD 2018-06-13 20:16:46 +02:00
Tim Rühsen
c88500fca8 * fuzz/get_ossfuzz_corpora: Speed up corpora download 2018-05-10 19:33:59 +02:00
Tim Rühsen
cdaee00259 * fuzz/*_fuzzer.in: Update corpora from OSS-Fuzz 2018-05-09 11:45:22 +02:00
Tim Rühsen
ad2471425f * fuzz/get_ossfuzz_corpora: Fix path 2018-05-09 11:44:18 +02:00
Tim Rühsen
a1c9018797 Add new fuzzer for the .netrc parser
* fuzz/wget_netrc_fuzzer.c: New fuzzer
* fuzz/wget_netrc_fuzzer.dict: Fuzzer dictionary
* fuzz/wget_netrc_fuzzer.in: Initial corpora
* src/ftp.c (getftp): Amend call to search_netrc()
* src/http.c (initialize_request): Likewise
* src/netrc.c: Cleanup, prepare code for fuzzing
* src/netrc.h: Cleanup
2018-04-28 20:49:57 +02:00
Tim Rühsen
7de006bade Add new fuzzer for the Set-Cookie parser
* fuzz/Makefile.am: Add wget_cookie_fuzzer
* fuzz/wget_cookie_fuzzer.c: New fuzzer
* fuzz/wget_cookie_fuzzer.dict: Fuzzers dictionary
* fuzz/wget_cookie_fuzzer.in: Initial corpora
2018-04-27 12:56:25 +02:00
Tim Rühsen
78838d761f Fix buffer overflow in CSS parser
* src/css-url.c (get_uri_string): Check input length
* fuzz/wget_css_fuzzer.repro/buffer-overflow-6600180399865856:
  Add reproducer corpus

Fixes OSS-Fuzz issue #8033.
This is a long standing bug affecting all versions <= 1.19.4.
2018-04-26 22:40:28 +02:00
Tim Rühsen
cb47f3aaa4 Fix buffer overflow in CSS parser
* src/css-url.c (get_urls_css): Check input string length
* fuzz/wget_css_fuzzer.repro/negative-size-param-5724866467594240:
  Add reproducer corpus

Fixes OSS-Fuzz issue #8032.
This is a long standing bug affecting all versions <= 1.19.4.
2018-04-26 21:25:28 +02:00
Tim Rühsen
acfd9b4d56 Exclude fuzz corpora from tarball
* fuzz/Makefile.am: Do not include corpora in tarball
* fuzz/main.c: SKIP if corpora directory isn't found (make check)

The fuzz corpora are thousands of files, not needed for a standard build
from a distribution tarball. The reproducers of former issues are being
included for regression testing.
2018-04-26 16:18:01 +02:00
Tim Rühsen
939dbb0ebb Add CSS slowness reproducer (fixed)
* fuzz/wget_css_fuzzer.repro/slowness-6275836549267456: New file

This file created an extreme CPU usage with the old CSS parser.
2018-04-26 16:07:46 +02:00
Tim Rühsen
02325168ca Add new fuzzer for the URL parser
* fuzz/Makefile.am: Add wget_url_fuzzer
* fuzz/wget_url_fuzzer.c: New fuzzer
* fuzz/wget_url_fuzzer.in: Initial corpora
2018-04-24 21:36:06 +02:00
Tim Rühsen
93e5a97f25 Add new fuzzer for robots.txt parsing
* fuzz/Makefile.am: Add wget_robots_fuzzer
* fuzz/wget_robots_fuzzer.c: New fuzzer
* fuzz/wget_robots_fuzzer.in: Initial corpora
2018-04-24 11:47:49 +02:00
Tim Rühsen
36482a21ea * fuzz/README.md: Add CFLAGS for undefined sanitizer 2018-04-24 11:30:06 +02:00