From b8d4118de592ad0d0af6a7e2e03fdf83f1a3a020 Mon Sep 17 00:00:00 2001 From: Sam Hocevar Date: Fri, 29 Dec 2006 17:22:11 +0000 Subject: [PATCH] * Added the -i flag (for stdin fuzzing). --- doc/zzuf.1 | 7 ++++++- src/libzzuf.c | 4 ++++ src/zzuf.c | 18 ++++++++++++------ test/testsuite.sh | 25 ++++++++++++++++--------- 4 files changed, 38 insertions(+), 16 deletions(-) diff --git a/doc/zzuf.1 b/doc/zzuf.1 index 102d92c..4232fb9 100644 --- a/doc/zzuf.1 +++ b/doc/zzuf.1 @@ -4,7 +4,7 @@ zzuf \- multiple purpose fuzzer .SH SYNOPSIS .B zzuf [ -.B \-vqdh +.B \-vqdhi ] [ .B \-r .I ratio @@ -111,6 +111,11 @@ situations. Hide the output of the fuzzed application. This is useful if the application is very verbose but only its exit code is really useful to you. .TP +.B \-i, \-\-stdin +Fuzz the application's standard input. By default +.B zzuf +only fuzzes files. +.TP .B \-I, \-\-include Only fuzz files whose name matches the .B diff --git a/src/libzzuf.c b/src/libzzuf.c index 723578a..fe6f305 100644 --- a/src/libzzuf.c +++ b/src/libzzuf.c @@ -82,6 +82,10 @@ void _zz_init(void) _zz_fd_init(); + tmp = getenv("ZZUF_STDIN"); + if(tmp && *tmp == '1') + _zz_register(0); + _zz_load_fd(); _zz_load_stream(); diff --git a/src/zzuf.c b/src/zzuf.c index 411cea6..2aca9a2 100644 --- a/src/zzuf.c +++ b/src/zzuf.c @@ -97,6 +97,7 @@ int main(int argc, char *argv[]) /* Long option, needs arg, flag, short option */ { "include", 1, NULL, 'I' }, { "exclude", 1, NULL, 'E' }, + { "stdin", 0, NULL, 'i' }, { "seed", 1, NULL, 's' }, { "ratio", 1, NULL, 'r' }, { "fork", 1, NULL, 'F' }, @@ -107,11 +108,11 @@ int main(int argc, char *argv[]) { "help", 0, NULL, 'h' }, { "version", 0, NULL, 'v' }, }; - int c = getopt_long(argc, argv, "I:E:s:r:F:B:T:qdhv", + int c = getopt_long(argc, argv, "I:E:is:r:F:B:T:qdhv", long_options, &option_index); # else # define MOREINFO "Try `%s -h' for more information.\n" - int c = getopt(argc, argv, "I:E:s:r:F:B:T:qdhv"); + int c = getopt(argc, argv, "I:E:is:r:F:B:T:qdhv"); # endif if(c == -1) break; @@ -124,6 +125,9 @@ int main(int argc, char *argv[]) case 'E': /* --exclude */ setenv("ZZUF_EXCLUDE", optarg, 1); break; + case 'i': /* --stdin */ + setenv("ZZUF_STDIN", "1", 1); + break; case 's': /* --seed */ parser = strchr(optarg, ':'); seed = atoi(optarg); @@ -425,10 +429,10 @@ static void version(void) #if defined(HAVE_GETOPT_H) static void usage(void) { - printf("Usage: zzuf [ -vqdh ] [ -r ratio ] [ -s seed | -s start:stop]\n"); - printf(" [ -F children ] [ -B bytes ] [ -T seconds ]\n"); - printf(" [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n"); - printf("Run COMMAND and randomly fuzz its input files.\n"); + printf("Usage: zzuf [ -vqdhi ] [ -r ratio ] [ -s seed | -s start:stop]\n"); + printf(" [ -F children ] [ -B bytes ] [ -T seconds ]\n"); + printf(" [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n"); + printf("Run COMMAND and randomly fuzz its input.\n"); printf("\n"); printf("Mandatory arguments to long options are mandatory for short options too.\n"); # ifdef HAVE_GETOPT_LONG @@ -439,6 +443,7 @@ static void usage(void) printf(" -B, --max-bytes kill children that output more than bytes\n"); printf(" -T, --max-time kill children that run for more than seconds\n"); printf(" -q, --quiet do not print children's messages\n"); + printf(" -i, --stdin fuzz standard input\n"); printf(" -I, --include only fuzz files matching \n"); printf(" -E, --exclude do not fuzz files matching \n"); printf(" -d, --debug print debug messages\n"); @@ -452,6 +457,7 @@ static void usage(void) printf(" -B kill children that output more than bytes\n"); printf(" -T kill children that run for more than seconds\n"); printf(" -q do not print the fuzzed application's messages\n"); + printf(" -i fuzz standard input\n"); printf(" -I only fuzz files matching \n"); printf(" -E do not fuzz files matching \n"); printf(" -d print debug messages\n"); diff --git a/test/testsuite.sh b/test/testsuite.sh index b4cc1b5..86920e7 100755 --- a/test/testsuite.sh +++ b/test/testsuite.sh @@ -34,10 +34,16 @@ cleanup() { rm -f /tmp/zzuf-zero-$$ rm -f /tmp/zzuf-random-$$ rm -f /tmp/zzuf-text-$$ + echo "Temporary files removed." + else + echo "Files preserved:" + echo " /tmp/zzuf-zero-$$" + echo " /tmp/zzuf-random-$$" + echo " /tmp/zzuf-text-$$" fi } -trap "echo ''; echo 'Aborted.'; cleanup; exit 0" 1 2 15 +trap "echo ''; echo ''; echo 'Aborted.'; cleanup; exit 0" 1 2 15 seed=$(($RANDOM * $$)) ZZUF="$(dirname "$0")/../src/zzuf" @@ -52,13 +58,15 @@ echo "Using seed $seed" echo "" for file in /tmp/zzuf-text-$$ /tmp/zzuf-zero-$$ /tmp/zzuf-random-$$; do - for r in 0.0 0.00001 0.0001 0.001 0.01 0.1 1.0 10.0; do + for r in 0.000000 0.00001 0.0001 0.001 0.01 0.1 1.0 10.0; do echo "Testing zzuf on $file, ratio $r:" OK=1 MD5="" check $seed $r "cat $file" "cat" -# don't do grep, it adds a newline at EOF! -# check $seed $r "grep -- -a \\'\\' $file" "grep -a" + check $seed $r "cat < $file" "cat stdin" + # We don't include grep in the testsuite because it puts a newline + # at the end of its input if it was not there initially. + #check $seed $r "grep -- -a \\'\\' $file" "grep -a" check $seed $r "sed n $file" "sed n" check $seed $r "dd bs=65536 if=$file" "dd(bs=65536)" check $seed $r "dd bs=1111 if=$file" "dd(bs=1111)" @@ -74,15 +82,14 @@ for file in /tmp/zzuf-text-$$ /tmp/zzuf-zero-$$ /tmp/zzuf-random-$$; do echo "" done done -cleanup if [ "$FAILED" != 0 ]; then - echo "$FAILED tests failed out of $TESTED. Files preserved:" - echo " /tmp/zzuf-zero-$$" - echo " /tmp/zzuf-random-$$" - echo " /tmp/zzuf-text-$$" + echo "$FAILED tests failed out of $TESTED." + cleanup exit 1 fi echo "All $TESTED tests OK." + +cleanup exit 0