Overview
Comment: | Better cleanup now that we exclude some bytes in debug printing buffer |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | 75b2699549365144e4d512815d79478b6a1bb2e0 |
User & Date: | rkeene on 2015-07-24 15:11:35 |
Other Links: | manifest | tags |
Context
2015-07-27
| ||
15:41 | Simplified test code for AFL and added it to the Makefile check-in: 79322b800c user: rkeene tags: trunk | |
2015-07-24
| ||
15:11 | Better cleanup now that we exclude some bytes in debug printing buffer check-in: 75b2699549 user: rkeene tags: trunk | |
15:10 | Fixed issue with NULL tags found with AFL fuzzing check-in: 74d7607e3c user: rkeene tags: trunk | |
Changes
Modified cackey.c from [a17e1982da] to [486977c92e].
220 220 static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \ 221 221 unsigned long buf_user_size; \ 222 222 unsigned char *TMPBUF; \ 223 223 unsigned long idx; \ 224 224 int snprintf_ret; \ 225 225 TMPBUF = (unsigned char *) (x); \ 226 226 buf_user[0] = 0; \ 227 + buf_user[2] = 0; \ 227 228 buf_user_p = buf_user; \ 228 229 buf_user_size = sizeof(buf_user); \ 229 230 for (idx = 0; idx < (y); idx++) { \ 230 231 if (buf_user_size <= 0) { \ 231 232 break; \ 232 233 }; \ 233 234 snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \
Modified test.c from [eb71775c47] to [7dfc56607f].
640 640 argv = argv; 641 641 } 642 642 #else /* CACKEY_TEST_AFL */ 643 643 #include <sys/stat.h> 644 644 #include <sys/types.h> 645 645 #include <fcntl.h> 646 646 647 +static unsigned char *inputData; 648 +static unsigned long inputDataLen; 649 + 647 650 /* Include the CACKey source */ 648 651 #include "cackey.c" 652 + 653 +#undef CACKEY_DEBUG_PRINTF 654 +#define CACKEY_DEBUG_PRINTF(x...) /**/ 655 +#undef malloc 656 +#undef realloc 657 +#undef strdup 649 658 650 659 /* Fake a smartcard */ 660 +const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci; 651 661 static int scard_inTransaction = 0; 652 662 static LONG scard_protocol; 663 + 653 664 654 665 PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) { 655 666 CACKEY_DEBUG_PRINTF("Called"); 656 667 657 668 *phContext = 42; 658 669 659 670 return(SCARD_S_SUCCESS); ................................................................................ 784 795 } 785 796 786 797 return(SCARD_S_SUCCESS); 787 798 } 788 799 789 800 PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) { 790 801 CACKEY_DEBUG_PRINTF("Called"); 802 + unsigned int bytesToRead; 791 803 792 804 if (hCard != 99) { 793 805 return(SCARD_E_INVALID_HANDLE); 794 806 } 795 807 796 - pbRecvBuffer[0] = 0x90; 797 - pbRecvBuffer[1] = 0x00; 808 + if (inputDataLen <= 1) { 809 + *pcbRecvLength = 0; 798 810 799 - *pcbRecvLength = 2; 811 + return(SCARD_S_SUCCESS); 812 + } 813 + 814 + bytesToRead = (inputData[0] << 8) | inputData[1]; 815 + 816 + inputData += 2; 817 + inputDataLen -= 2; 818 + 819 + if (bytesToRead > inputDataLen) { 820 + bytesToRead = inputDataLen; 821 + } 822 + 823 + if (bytesToRead > *pcbRecvLength) { 824 + return(SCARD_E_INSUFFICIENT_BUFFER); 825 + } 826 + 827 + *pcbRecvLength = bytesToRead; 828 + 829 + memcpy(pbRecvBuffer, inputData, bytesToRead); 830 + 831 + inputData += bytesToRead; 832 + inputDataLen -= bytesToRead; 800 833 801 834 return(SCARD_S_SUCCESS); 802 835 } 803 836 804 837 /* American Fuzzy Lop testing program */ 805 838 int main(int argc, char **argv) { 806 839 CK_FUNCTION_LIST_PTR pFunctionList; ................................................................................ 856 889 CK_ULONG byte_idx; 857 890 CK_OBJECT_CLASS objectClass; 858 891 CK_BYTE signature[1024]; 859 892 CK_ULONG signature_len; 860 893 CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0}; 861 894 CK_RV chk_rv; 862 895 ssize_t read_ret; 863 - char data[8192], *fileName = NULL; 864 - unsigned long data_len; 896 + char *fileName = NULL; 865 897 int fd; 866 898 int i; 867 899 int initialized = 0; 868 900 int retval = 1; 869 901 870 902 fileName = argv[1]; 871 903 if (fileName == NULL) { ................................................................................ 873 905 } 874 906 875 907 fd = open(fileName, O_RDONLY); 876 908 if (fd < 0) { 877 909 goto cleanup; 878 910 } 879 911 880 - read_ret = read(fd, data, sizeof(data)); 912 + inputDataLen = 16384; 913 + inputData = malloc(inputDataLen); 914 + 915 + read_ret = read(fd, inputData, inputDataLen); 881 916 if (read_ret < 0) { 882 917 goto cleanup; 883 918 } 884 919 885 - data_len = read_ret; 920 + inputDataLen = read_ret; 921 + inputData = realloc(inputData, inputDataLen); 886 922 887 923 close(fd); 888 924 889 925 chk_rv = C_GetFunctionList(&pFunctionList); 890 926 if (chk_rv != CKR_OK) { 891 927 printf("C_GetFunctionList() failed."); 892 928 ................................................................................ 1061 1097 } 1062 1098 1063 1099 for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) { 1064 1100 chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey); 1065 1101 if (chk_rv == CKR_OK) { 1066 1102 signature_len = sizeof(signature); 1067 1103 1068 - chk_rv = C_Sign(hSession, (CK_BYTE_PTR) data, data_len, (CK_BYTE_PTR) &signature, &signature_len); 1104 + chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len); 1069 1105 if (chk_rv == CKR_OK) { 1070 1106 printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism); 1071 1107 1072 1108 for (byte_idx = 0; byte_idx < signature_len; byte_idx++) { 1073 1109 printf("%02x ", (unsigned int) signature[byte_idx]); 1074 1110 } 1075 1111