Overview
Comment: | Better cleanup now that we exclude some bytes in debug printing buffer |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
75b2699549365144e4d512815d79478b |
User & Date: | rkeene on 2015-07-24 15:11:35 |
Other Links: | manifest | tags |
Context
2015-07-27
| ||
15:41 | Simplified test code for AFL and added it to the Makefile check-in: 79322b800c user: rkeene tags: trunk | |
2015-07-24
| ||
15:11 | Better cleanup now that we exclude some bytes in debug printing buffer check-in: 75b2699549 user: rkeene tags: trunk | |
15:10 | Fixed issue with NULL tags found with AFL fuzzing check-in: 74d7607e3c user: rkeene tags: trunk | |
Changes
Modified cackey.c from [a17e1982da] to [486977c92e].
︙ | ︙ | |||
220 221 222 223 224 225 226 227 228 229 230 231 232 233 | static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \ unsigned long buf_user_size; \ unsigned char *TMPBUF; \ unsigned long idx; \ int snprintf_ret; \ TMPBUF = (unsigned char *) (x); \ buf_user[0] = 0; \ buf_user_p = buf_user; \ buf_user_size = sizeof(buf_user); \ for (idx = 0; idx < (y); idx++) { \ if (buf_user_size <= 0) { \ break; \ }; \ snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \ | > | 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 | static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \ unsigned long buf_user_size; \ unsigned char *TMPBUF; \ unsigned long idx; \ int snprintf_ret; \ TMPBUF = (unsigned char *) (x); \ buf_user[0] = 0; \ buf_user[2] = 0; \ buf_user_p = buf_user; \ buf_user_size = sizeof(buf_user); \ for (idx = 0; idx < (y); idx++) { \ if (buf_user_size <= 0) { \ break; \ }; \ snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \ |
︙ | ︙ |
Modified test.c from [eb71775c47] to [7dfc56607f].
︙ | ︙ | |||
640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 | argv = argv; } #else /* CACKEY_TEST_AFL */ #include <sys/stat.h> #include <sys/types.h> #include <fcntl.h> /* Include the CACKey source */ #include "cackey.c" /* Fake a smartcard */ static int scard_inTransaction = 0; static LONG scard_protocol; PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) { CACKEY_DEBUG_PRINTF("Called"); *phContext = 42; return(SCARD_S_SUCCESS); | > > > > > > > > > > > | 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 | argv = argv; } #else /* CACKEY_TEST_AFL */ #include <sys/stat.h> #include <sys/types.h> #include <fcntl.h> static unsigned char *inputData; static unsigned long inputDataLen; /* Include the CACKey source */ #include "cackey.c" #undef CACKEY_DEBUG_PRINTF #define CACKEY_DEBUG_PRINTF(x...) /**/ #undef malloc #undef realloc #undef strdup /* Fake a smartcard */ const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci; static int scard_inTransaction = 0; static LONG scard_protocol; PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) { CACKEY_DEBUG_PRINTF("Called"); *phContext = 42; return(SCARD_S_SUCCESS); |
︙ | ︙ | |||
784 785 786 787 788 789 790 791 792 793 794 795 | } return(SCARD_S_SUCCESS); } PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) { CACKEY_DEBUG_PRINTF("Called"); if (hCard != 99) { return(SCARD_E_INVALID_HANDLE); } | > > > | > > | > > > > > > > > > > > > | > > > > > | 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 | } return(SCARD_S_SUCCESS); } PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) { CACKEY_DEBUG_PRINTF("Called"); unsigned int bytesToRead; if (hCard != 99) { return(SCARD_E_INVALID_HANDLE); } if (inputDataLen <= 1) { *pcbRecvLength = 0; return(SCARD_S_SUCCESS); } bytesToRead = (inputData[0] << 8) | inputData[1]; inputData += 2; inputDataLen -= 2; if (bytesToRead > inputDataLen) { bytesToRead = inputDataLen; } if (bytesToRead > *pcbRecvLength) { return(SCARD_E_INSUFFICIENT_BUFFER); } *pcbRecvLength = bytesToRead; memcpy(pbRecvBuffer, inputData, bytesToRead); inputData += bytesToRead; inputDataLen -= bytesToRead; return(SCARD_S_SUCCESS); } /* American Fuzzy Lop testing program */ int main(int argc, char **argv) { CK_FUNCTION_LIST_PTR pFunctionList; |
︙ | ︙ | |||
856 857 858 859 860 861 862 | CK_ULONG byte_idx; CK_OBJECT_CLASS objectClass; CK_BYTE signature[1024]; CK_ULONG signature_len; CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0}; CK_RV chk_rv; ssize_t read_ret; | | < > > > | | > | 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 | CK_ULONG byte_idx; CK_OBJECT_CLASS objectClass; CK_BYTE signature[1024]; CK_ULONG signature_len; CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0}; CK_RV chk_rv; ssize_t read_ret; char *fileName = NULL; int fd; int i; int initialized = 0; int retval = 1; fileName = argv[1]; if (fileName == NULL) { goto cleanup; } fd = open(fileName, O_RDONLY); if (fd < 0) { goto cleanup; } inputDataLen = 16384; inputData = malloc(inputDataLen); read_ret = read(fd, inputData, inputDataLen); if (read_ret < 0) { goto cleanup; } inputDataLen = read_ret; inputData = realloc(inputData, inputDataLen); close(fd); chk_rv = C_GetFunctionList(&pFunctionList); if (chk_rv != CKR_OK) { printf("C_GetFunctionList() failed."); |
︙ | ︙ | |||
1061 1062 1063 1064 1065 1066 1067 | } for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) { chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey); if (chk_rv == CKR_OK) { signature_len = sizeof(signature); | | | 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 | } for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) { chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey); if (chk_rv == CKR_OK) { signature_len = sizeof(signature); chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len); if (chk_rv == CKR_OK) { printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism); for (byte_idx = 0; byte_idx < signature_len; byte_idx++) { printf("%02x ", (unsigned int) signature[byte_idx]); } |
︙ | ︙ |