Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • slirp/libslirp
  • elmarco/libslirp
  • AkihiroSuda/libslirp
  • procurement/libslirp
  • sthibaul/libslirp
  • jnovy/libslirp
  • maos20008/libslirp
  • giuseppe/libslirp
  • rafaelgieschke/libslirp
  • rd235/libslirp
  • wanders/libslirp
  • 5eraph/libslirp
  • ashang/libslirp
  • Crosshairs/libslirp
  • jonpspri/libslirp
  • philmd/libslirp
  • rhafer/libslirp
  • dgilbert/libslirp
  • stweil/libslirp
  • bonzini/libslirp
  • osy/libslirp
  • dje/libslirp
  • abidh/libslirp
  • WaluigiWare64/libslirp
  • psandovalv/libslirp
  • thuth/libslirp
  • jma/libslirp
  • rjzak/libslirp
  • dingaopaicandu/libslirp
  • saar/libslirp
  • nicholasngai/libslirp
  • ignat.korchagin/libslirp
  • nashidau/libslirp
  • waldi/libslirp
  • ivanholmes/libslirp
  • pefoley21/libslirp
  • bgilbert/libslirp
  • jirislaby/libslirp
  • ozkanonur/libslirp
  • akihiko.odaki/libslirp
  • qianwww/libslirp
  • flwu/libslirp
  • seiya/libslirp
  • Arusekk/libslirp
  • kuznetsovam/libslirp
  • bscottmichel/libslirp-minimal
  • intelfx/libslirp
47 results
Show changes
Commits on Source (6)
  • Marc-André Lureau's avatar
    Start some fuzzing test · b5f4b774
    Marc-André Lureau authored and Samuel Thibault's avatar Samuel Thibault committed
    
    You can run the tests over the corpus with a "regular" build, then
    $ fuzzing/fuzz-input ../fuzzing/IN/*
    
    Or building with fuzzing enabled, and running:
    $ CFLAGS="-fsanitize=fuzzer" CC=clang CXX=clang++ meson -Db_lundef=false
    $ fuzzing/fuzz-input  ../fuzzing/IN
    
    I have an initial corpus which was generated by running fuzz-input for
    a few hours starting with qemu.pkt, which is the first packet sent by
    qemu.  Sadly, it only covers 25%... I tried to increase the coverage
    manually, see for example tftp-get-blah.pkt, but that's not so simple,
    as multiple packets may be required to setup a session etc.
    
    Neverthess, the fuzzing already found a few issues, so it might be
    worth to add it in this current form.
    
    fuzzing/oss-fuzz.sh is used by oss-fuzz, for Google fuzzing.
    (see documentation if you want to reproduce the build locally)
    
    Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
    b5f4b774
  • jeremy marchand's avatar
    First attempt at fuzzing with libFuzzer based on @elmarco work · 0e9b0ad4
    jeremy marchand authored and Samuel Thibault's avatar Samuel Thibault committed
    The slirp_fuzz_ip_header harness should be working and is a basic
    example of a custom mutator focusing on part of the input.
    The slirp_fuzz_udp harness needs a bit of work to calculate the checksum
    properly.
    The code can be built using `meson build` followed by `ninja -C build`,
    the current meson.build file is not suitable with a general usage.
    To run the fuzzing code just run `build/fuzzing/fuzz-ip-header
    fuzzing/IN -detect_leaks=0`, crash will be sent to current folder and
    new input will go directly in the `IN` folder.
    The main point to focus on to improve the fuzzing should be generating
    a better corpus.
    0e9b0ad4
  • Maelie CHAN PENG's avatar
    fuzzing: Increase coverage · 884d39ee
    Maelie CHAN PENG authored and Samuel Thibault's avatar Samuel Thibault committed
    
    - by adding trace examples
    - by separating fuzzing different headers / data
    - by adding an echo TCP server forward
    - also factorizing code along the way
    
    Also-by: default avatarJC <luffy33820@gmail.com>
    Also-by: default avatarAlisee Lafontaine <alisee.lafontaine@u-bordeaux.fr>
    884d39ee
  • Marc-André Lureau's avatar
    tcp: hack syn/ack · f045cdc9
    Marc-André Lureau authored and Samuel Thibault's avatar Samuel Thibault committed
    We don't know in advance what the trace will have received as sequence
    number, so when fuzzing tcp, just align on what the trace says
    f045cdc9
  • Samuel Thibault's avatar
    fuzz: Add ip filtering · 6f28e96e
    Samuel Thibault authored
    It's no use sending to the slirp stack the trace packets which are
    supposed to be generated by the stack. Also no use fuzzing them, then.
    6f28e96e
  • Samuel Thibault's avatar
    Add fuzzing CI · ea785a27
    Samuel Thibault authored
    ea785a27
Showing
with 29 additions and 0 deletions
......@@ -36,6 +36,22 @@ build-usan:
- ninja -C build
- (cd build && meson test) || (cat build/meson-logs/testlog.txt && exit 1)
fuzz:
parallel:
matrix:
- TARGET: [ip-header, udp, udp-h, tftp, dhcp, icmp, tcp, tcp-h, tcp-d]
script:
- CC=clang CXX=clang++ meson build -Dllvm-fuzz=true || (cat build/meson-logs/meson-log.txt && exit 1)
- ninja -C build
- build/fuzzing/fuzz-$TARGET -seed=1234 -runs=1000000 fuzzing/IN_$TARGET
artifacts:
when: on_failure
paths:
- crash-*
- leak-*
- oom-*
- timeout-*
build-mingw64:
script:
- (mkdir buildw && cd buildw && mingw64-meson --werror) || (cat buildw/meson-logs/meson-log.txt && exit 1)
......
File added
File added
File added
File added
../IN_udp/DNS_freedesktop_1-1-1-1.pcap
\ No newline at end of file
../IN_dhcp/dhcp.pkt
\ No newline at end of file
../IN_dhcp/dhcp_capture.pcap
\ No newline at end of file
../IN_icmp/icmp_capture.pcap
\ No newline at end of file
../IN_tcp/nc-10.0.2.2-8080.pcap
\ No newline at end of file
../IN_tcp/nc-ident.pcap
\ No newline at end of file
../IN_icmp/ping_10-0-2-2.pcap
\ No newline at end of file
../IN_tcp/tcp_qemucapt.pcap
\ No newline at end of file
../IN_tftp/tftp-get-blah.pkt
\ No newline at end of file
../IN_tftp/tftp_capture.pcap
\ No newline at end of file
../IN_tftp/tftp_get_libslirp-txt.pcap
\ No newline at end of file
IN_tcp
\ No newline at end of file
IN_tcp
\ No newline at end of file
File added