-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial fuzzing support and fixes #11
Conversation
@sosthene-nitrokey Any ideas how to fix that?
|
I appear to have the same issue on my side with opcard. Looking at it it's probably an issue of incompatible lllvm version. Current nightly rust uses LLVM 15, but most distros ship an older version (even Arch is on 14). The fix seems to be using the |
The proper way to invoke it would probably be cargo-binutils, but I'm not sure if it's worth it adding it to the pipeline image |
Yes, this worked for me, thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the empty lib.rs required?
|
||
use libfuzzer_sys::fuzz_target; | ||
|
||
fuzz_target!(|data: &[u8]| { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we want to be chain multiple commands within one round of fuzzing. Otherwise many code paths can't be explored, for example for authentication, and modification/deletion. You can use Arbitrary
to get a vec of commands.
Also does Oath need authentication for some command? I think it would be very hard for the fuzzer find the correct password so it should probably be in a seed corpus.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Multiple commands - yes, that's already in the list. Will check your implementation with Arbitrary.
- No need for authentication by default.
- Removed the empty
lib.rs
.
While fuzzing is currently shallow due to causes you have mentioned, it already found problems within the binary parser, which I expect will be the only one found here.
Refactor: rename assertfn -> ensure Remove empty lib.rs Remove obsolete comments
Merging the current state, as it is required for the daily use at the moment. To be continued in the next PRs, as described earlier. |
Add initial fuzzing support and fixes found during its executions.
Corpus generated with the pynitrokey API tests (not included here). Each input file contains single command only at this point. No new errors found after 20 minutes, with 11 jobs set. A fork of Flexiber was used, which had the crashing
todo()
replaced with returning Error code.Future work / to discuss:
disable not tested commands (as mentioned)skippedassertfn
?Inspired by the opcard-rs fuzzing implementation.
Fixes #8