Check-in [75b2699549]
Overview
Comment:Better cleanup now that we exclude some bytes in debug printing buffer
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:75b2699549365144e4d512815d79478b6a1bb2e0
User & Date: rkeene on 2015-07-24 15:11:35
Other Links: manifest | tags
Context
2015-07-27
15:41
Simplified test code for AFL and added it to the Makefile check-in: 79322b800c user: rkeene tags: trunk
2015-07-24
15:11
Better cleanup now that we exclude some bytes in debug printing buffer check-in: 75b2699549 user: rkeene tags: trunk
15:10
Fixed issue with NULL tags found with AFL fuzzing check-in: 74d7607e3c user: rkeene tags: trunk
Changes

Modified cackey.c from [a17e1982da] to [486977c92e].

   220    220   	static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
   221    221   	unsigned long buf_user_size; \
   222    222   	unsigned char *TMPBUF; \
   223    223   	unsigned long idx; \
   224    224   	int snprintf_ret; \
   225    225   	TMPBUF = (unsigned char *) (x); \
   226    226   	buf_user[0] = 0; \
          227  +	buf_user[2] = 0; \
   227    228   	buf_user_p = buf_user; \
   228    229   	buf_user_size = sizeof(buf_user); \
   229    230   	for (idx = 0; idx < (y); idx++) { \
   230    231   		if (buf_user_size <= 0) { \
   231    232   			break; \
   232    233   		}; \
   233    234   		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \

Modified test.c from [eb71775c47] to [7dfc56607f].

   640    640   	argv = argv;
   641    641   }
   642    642   #else /* CACKEY_TEST_AFL */
   643    643   #include <sys/stat.h>
   644    644   #include <sys/types.h>
   645    645   #include <fcntl.h>
   646    646   
          647  +static unsigned char *inputData;
          648  +static unsigned long inputDataLen;
          649  +
   647    650   /* Include the CACKey source */
   648    651   #include "cackey.c"
          652  +
          653  +#undef CACKEY_DEBUG_PRINTF
          654  +#define CACKEY_DEBUG_PRINTF(x...) /**/
          655  +#undef malloc
          656  +#undef realloc
          657  +#undef strdup
   649    658   
   650    659   /* Fake a smartcard */
          660  +const SCARD_IO_REQUEST g_rgSCardT0Pci, g_rgSCardT1Pci;
   651    661   static int scard_inTransaction = 0;
   652    662   static LONG scard_protocol;
          663  +
   653    664   
   654    665   PCSC_API LONG SCardEstablishContext(DWORD dwScope, LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext) {
   655    666   	CACKEY_DEBUG_PRINTF("Called");
   656    667   
   657    668   	*phContext = 42;
   658    669   
   659    670   	return(SCARD_S_SUCCESS);
................................................................................
   784    795   	}
   785    796   
   786    797   	return(SCARD_S_SUCCESS);
   787    798   }
   788    799   
   789    800   PCSC_API LONG SCardTransmit(SCARDHANDLE hCard, const SCARD_IO_REQUEST *pioSendPci, LPCBYTE pbSendBuffer, DWORD cbSendLength, SCARD_IO_REQUEST *pioRecvPci, LPBYTE pbRecvBuffer, LPDWORD pcbRecvLength) {
   790    801   	CACKEY_DEBUG_PRINTF("Called");
          802  +	unsigned int bytesToRead;
   791    803   
   792    804   	if (hCard != 99) {
   793    805   		return(SCARD_E_INVALID_HANDLE);
   794    806   	}
   795    807   
   796         -	pbRecvBuffer[0] = 0x90;
   797         -	pbRecvBuffer[1] = 0x00;
          808  +	if (inputDataLen <= 1) {
          809  +		*pcbRecvLength = 0;
   798    810   
   799         -	*pcbRecvLength = 2;
          811  +		return(SCARD_S_SUCCESS);
          812  +	}
          813  +
          814  +	bytesToRead = (inputData[0] << 8) | inputData[1];
          815  +
          816  +	inputData    += 2;
          817  +	inputDataLen -= 2;
          818  +
          819  +	if (bytesToRead > inputDataLen) {
          820  +		bytesToRead = inputDataLen;
          821  +	}
          822  +
          823  +	if (bytesToRead > *pcbRecvLength) {
          824  +		return(SCARD_E_INSUFFICIENT_BUFFER);
          825  +	}
          826  +
          827  +	*pcbRecvLength = bytesToRead;
          828  +
          829  +	memcpy(pbRecvBuffer, inputData, bytesToRead);
          830  +
          831  +	inputData += bytesToRead;
          832  +	inputDataLen -= bytesToRead;
   800    833   
   801    834   	return(SCARD_S_SUCCESS);
   802    835   }
   803    836   
   804    837   /* American Fuzzy Lop testing program */
   805    838   int main(int argc, char **argv) {
   806    839   	CK_FUNCTION_LIST_PTR pFunctionList;
................................................................................
   856    889   	CK_ULONG byte_idx;
   857    890   	CK_OBJECT_CLASS objectClass;
   858    891   	CK_BYTE signature[1024];
   859    892   	CK_ULONG signature_len;
   860    893   	CK_MECHANISM mechanism = {CKM_RSA_PKCS, NULL, 0};
   861    894   	CK_RV chk_rv;
   862    895   	ssize_t read_ret;
   863         -	char data[8192], *fileName = NULL;
   864         -	unsigned long data_len;
          896  +	char *fileName = NULL;
   865    897   	int fd;
   866    898   	int i;
   867    899   	int initialized = 0;
   868    900   	int retval = 1;
   869    901   
   870    902   	fileName = argv[1];
   871    903   	if (fileName == NULL) {
................................................................................
   873    905   	}
   874    906   
   875    907   	fd = open(fileName, O_RDONLY);
   876    908   	if (fd < 0) {
   877    909   		goto cleanup;
   878    910   	}
   879    911   
   880         -	read_ret = read(fd, data, sizeof(data));
          912  +	inputDataLen = 16384;
          913  +	inputData = malloc(inputDataLen);
          914  +
          915  +	read_ret = read(fd, inputData, inputDataLen);
   881    916   	if (read_ret < 0) {
   882    917   		goto cleanup;
   883    918   	}
   884    919   
   885         -	data_len = read_ret;
          920  +	inputDataLen = read_ret;
          921  +	inputData = realloc(inputData, inputDataLen);
   886    922   
   887    923   	close(fd);
   888    924   
   889    925   	chk_rv = C_GetFunctionList(&pFunctionList);
   890    926   	if (chk_rv != CKR_OK) {
   891    927   		printf("C_GetFunctionList() failed.");
   892    928   
................................................................................
  1061   1097   	}
  1062   1098   
  1063   1099   	for (currPrivKey = privateKeyObjects_root; *currPrivKey != CK_INVALID_HANDLE; currPrivKey++) {
  1064   1100   		chk_rv = C_SignInit(hSession, &mechanism, *currPrivKey);
  1065   1101   		if (chk_rv == CKR_OK) {
  1066   1102   			signature_len = sizeof(signature);
  1067   1103   
  1068         -			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) data, data_len, (CK_BYTE_PTR) &signature, &signature_len);
         1104  +			chk_rv = C_Sign(hSession, (CK_BYTE_PTR) "Test", 4, (CK_BYTE_PTR) &signature, &signature_len);
  1069   1105   			if (chk_rv == CKR_OK) {
  1070   1106   				printf("[%04lu/%02lx] Signature: ", (unsigned long) *currPrivKey, (unsigned long) mechanism.mechanism);
  1071   1107   
  1072   1108   				for (byte_idx = 0; byte_idx < signature_len; byte_idx++) {
  1073   1109   					printf("%02x ", (unsigned int) signature[byte_idx]);
  1074   1110   				}
  1075   1111