DeforaNetworks/zzuf
3
0
Fork 0
Code Releases Activity

* Added the -i flag (for stdin fuzzing).

Browse Source
This commit is contained in:
Sam Hocevar 2006-12-29 17:22:11 +00:00 committed by sam
parent 03abccd656
commit b8d4118de5
4 changed files with 38 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/zzuf.1
View File

@ -4,7 +4,7 @@ zzuf \- multiple purpose fuzzer
.SH SYNOPSIS .SH SYNOPSIS
.B zzuf .B zzuf
[ [
.B \-vqdh .B \-vqdhi
] [ ] [
.B \-r .B \-r
.I ratio .I ratio
@ -111,6 +111,11 @@ situations.
Hide the output of the fuzzed application. This is useful if the application Hide the output of the fuzzed application. This is useful if the application
is very verbose but only its exit code is really useful to you. is very verbose but only its exit code is really useful to you.
.TP .TP
.B \-i, \-\-stdin
Fuzz the application's standard input. By default
.B zzuf
only fuzzes files.
.TP
.B \-I, \-\-include <regex> .B \-I, \-\-include <regex>
Only fuzz files whose name matches the Only fuzz files whose name matches the
.B <regex> .B <regex>

4
src/libzzuf.c
View File

@ -82,6 +82,10 @@ void _zz_init(void)
_zz_fd_init(); _zz_fd_init();
tmp = getenv("ZZUF_STDIN");
if(tmp && *tmp == '1')
_zz_register(0);
_zz_load_fd(); _zz_load_fd();
_zz_load_stream(); _zz_load_stream();

18
src/zzuf.c
View File

@ -97,6 +97,7 @@ int main(int argc, char *argv[])
/* Long option, needs arg, flag, short option */ /* Long option, needs arg, flag, short option */
{ "include", 1, NULL, 'I' }, { "include", 1, NULL, 'I' },
{ "exclude", 1, NULL, 'E' }, { "exclude", 1, NULL, 'E' },
{ "stdin", 0, NULL, 'i' },
{ "seed", 1, NULL, 's' }, { "seed", 1, NULL, 's' },
{ "ratio", 1, NULL, 'r' }, { "ratio", 1, NULL, 'r' },
{ "fork", 1, NULL, 'F' }, { "fork", 1, NULL, 'F' },
@ -107,11 +108,11 @@ int main(int argc, char *argv[])
{ "help", 0, NULL, 'h' }, { "help", 0, NULL, 'h' },
{ "version", 0, NULL, 'v' }, { "version", 0, NULL, 'v' },
}; };
int c = getopt_long(argc, argv, "I:E:s:r:F:B:T:qdhv", int c = getopt_long(argc, argv, "I:E:is:r:F:B:T:qdhv",
long_options, &option_index); long_options, &option_index);
# else # else
# define MOREINFO "Try `%s -h' for more information.\n" # define MOREINFO "Try `%s -h' for more information.\n"
int c = getopt(argc, argv, "I:E:s:r:F:B:T:qdhv"); int c = getopt(argc, argv, "I:E:is:r:F:B:T:qdhv");
# endif # endif
if(c == -1) if(c == -1)
break; break;
@ -124,6 +125,9 @@ int main(int argc, char *argv[])
case 'E': /* --exclude */ case 'E': /* --exclude */
setenv("ZZUF_EXCLUDE", optarg, 1); setenv("ZZUF_EXCLUDE", optarg, 1);
break; break;
case 'i': /* --stdin */
setenv("ZZUF_STDIN", "1", 1);
break;
case 's': /* --seed */ case 's': /* --seed */
parser = strchr(optarg, ':'); parser = strchr(optarg, ':');
seed = atoi(optarg); seed = atoi(optarg);
@ -425,10 +429,10 @@ static void version(void)
#if defined(HAVE_GETOPT_H) #if defined(HAVE_GETOPT_H)
static void usage(void) static void usage(void)
{ {
printf("Usage: zzuf [ -vqdh ] [ -r ratio ] [ -s seed | -s start:stop]\n"); printf("Usage: zzuf [ -vqdhi ] [ -r ratio ] [ -s seed | -s start:stop]\n");
printf(" [ -F children ] [ -B bytes ] [ -T seconds ]\n"); printf(" [ -F children ] [ -B bytes ] [ -T seconds ]\n");
printf(" [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n"); printf(" [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n");
printf("Run COMMAND and randomly fuzz its input files.\n"); printf("Run COMMAND and randomly fuzz its input.\n");
printf("\n"); printf("\n");
printf("Mandatory arguments to long options are mandatory for short options too.\n"); printf("Mandatory arguments to long options are mandatory for short options too.\n");
# ifdef HAVE_GETOPT_LONG # ifdef HAVE_GETOPT_LONG
@ -439,6 +443,7 @@ static void usage(void)
printf(" -B, --max-bytes <n> kill children that output more than <n> bytes\n"); printf(" -B, --max-bytes <n> kill children that output more than <n> bytes\n");
printf(" -T, --max-time <n> kill children that run for more than <n> seconds\n"); printf(" -T, --max-time <n> kill children that run for more than <n> seconds\n");
printf(" -q, --quiet do not print children's messages\n"); printf(" -q, --quiet do not print children's messages\n");
printf(" -i, --stdin fuzz standard input\n");
printf(" -I, --include <regex> only fuzz files matching <regex>\n"); printf(" -I, --include <regex> only fuzz files matching <regex>\n");
printf(" -E, --exclude <regex> do not fuzz files matching <regex>\n"); printf(" -E, --exclude <regex> do not fuzz files matching <regex>\n");
printf(" -d, --debug print debug messages\n"); printf(" -d, --debug print debug messages\n");
@ -452,6 +457,7 @@ static void usage(void)
printf(" -B <n> kill children that output more than <n> bytes\n"); printf(" -B <n> kill children that output more than <n> bytes\n");
printf(" -T <n> kill children that run for more than <n> seconds\n"); printf(" -T <n> kill children that run for more than <n> seconds\n");
printf(" -q do not print the fuzzed application's messages\n"); printf(" -q do not print the fuzzed application's messages\n");
printf(" -i fuzz standard input\n");
printf(" -I <regex> only fuzz files matching <regex>\n"); printf(" -I <regex> only fuzz files matching <regex>\n");
printf(" -E <regex> do not fuzz files matching <regex>\n"); printf(" -E <regex> do not fuzz files matching <regex>\n");
printf(" -d print debug messages\n"); printf(" -d print debug messages\n");

25
test/testsuite.sh
View File

@ -34,10 +34,16 @@ cleanup() {
rm -f /tmp/zzuf-zero-$$ rm -f /tmp/zzuf-zero-$$
rm -f /tmp/zzuf-random-$$ rm -f /tmp/zzuf-random-$$
rm -f /tmp/zzuf-text-$$ rm -f /tmp/zzuf-text-$$
echo "Temporary files removed."
else
echo "Files preserved:"
echo " /tmp/zzuf-zero-$$"
echo " /tmp/zzuf-random-$$"
echo " /tmp/zzuf-text-$$"
fi fi
} }
trap "echo ''; echo 'Aborted.'; cleanup; exit 0" 1 2 15 trap "echo ''; echo ''; echo 'Aborted.'; cleanup; exit 0" 1 2 15
seed=$(($RANDOM * $$)) seed=$(($RANDOM * $$))
ZZUF="$(dirname "$0")/../src/zzuf" ZZUF="$(dirname "$0")/../src/zzuf"
@ -52,13 +58,15 @@ echo "Using seed $seed"
echo "" echo ""
for file in /tmp/zzuf-text-$$ /tmp/zzuf-zero-$$ /tmp/zzuf-random-$$; do for file in /tmp/zzuf-text-$$ /tmp/zzuf-zero-$$ /tmp/zzuf-random-$$; do
for r in 0.0 0.00001 0.0001 0.001 0.01 0.1 1.0 10.0; do for r in 0.000000 0.00001 0.0001 0.001 0.01 0.1 1.0 10.0; do
echo "Testing zzuf on $file, ratio $r:" echo "Testing zzuf on $file, ratio $r:"
OK=1 OK=1
MD5="" MD5=""
check $seed $r "cat $file" "cat" check $seed $r "cat $file" "cat"
# don't do grep, it adds a newline at EOF! check $seed $r "cat < $file" "cat stdin"
# check $seed $r "grep -- -a \\'\\' $file" "grep -a" # We don't include grep in the testsuite because it puts a newline
# at the end of its input if it was not there initially.
#check $seed $r "grep -- -a \\'\\' $file" "grep -a"
check $seed $r "sed n $file" "sed n" check $seed $r "sed n $file" "sed n"
check $seed $r "dd bs=65536 if=$file" "dd(bs=65536)" check $seed $r "dd bs=65536 if=$file" "dd(bs=65536)"
check $seed $r "dd bs=1111 if=$file" "dd(bs=1111)" check $seed $r "dd bs=1111 if=$file" "dd(bs=1111)"
@ -74,15 +82,14 @@ for file in /tmp/zzuf-text-$$ /tmp/zzuf-zero-$$ /tmp/zzuf-random-$$; do
echo "" echo ""
done done
done done
cleanup
if [ "$FAILED" != 0 ]; then if [ "$FAILED" != 0 ]; then
echo "$FAILED tests failed out of $TESTED. Files preserved:" echo "$FAILED tests failed out of $TESTED."
echo " /tmp/zzuf-zero-$$" cleanup
echo " /tmp/zzuf-random-$$"
echo " /tmp/zzuf-text-$$"
exit 1 exit 1
fi fi
echo "All $TESTED tests OK." echo "All $TESTED tests OK."
cleanup
exit 0 exit 0