1 /*
2 * Copyright (c) 2017-2019, 2021 Free Software Foundation, Inc.
3 *
4 * This file is part of GNU Wget.
5 *
6 * GNU Wget is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GNU Wget is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Wget. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21
22 #include <sys/types.h>
23 #include <dirent.h> // opendir, readdir
24 #include <stdint.h> // uint8_t
25 #include <stdio.h> // fmemopen
26 #include <string.h> // strncmp
27 #include <stdlib.h> // free
28 #include <fcntl.h> // open flags
29 #include <unistd.h> // close
30 #include <setjmp.h> // longjmp, setjmp
31 #include <assert.h> // assert
32
33 #include "wget.h"
34
35 #undef fopen_wgetrc
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 #include "http-ntlm.h"
41
42 // declarations for wget internal functions
43 int main_wget(int argc, const char **argv);
44 void cleanup(void);
45 FILE *fopen_wget(const char *pathname, const char *mode);
46 FILE *fopen_wgetrc(const char *pathname, const char *mode);
47 void exit_wget(int status);
48 #ifdef __cplusplus
49 }
50 #endif
51
52 #include "fuzzer.h"
53
fopen_wget(const char * pathname,const char * mode)54 FILE *fopen_wget(const char *pathname, const char *mode)
55 {
56 (void) pathname;
57 return fopen("/dev/null", mode);
58 }
59
fopen_wgetrc(const char * pathname,const char * mode)60 FILE *fopen_wgetrc(const char *pathname, const char *mode)
61 {
62 (void) pathname;
63 (void) mode;
64 return NULL;
65 }
66
67 #ifdef FUZZING
exit_wget(int status)68 void exit_wget(int status)
69 {
70 (void) status;
71 }
72 #endif
73
74
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)75 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
76 {
77 if (size > 128) // same as max_len = ... in .options file
78 return 0;
79
80 // CLOSE_STDERR
81
82 struct ntlmdata *ntlm = (struct ntlmdata *) calloc(1, sizeof(struct ntlmdata));
83 char *data0 = (char *) malloc(size + 4 + 1);
84 bool ready;
85
86 assert(ntlm && data0);
87
88 memcpy(data0, "NTLM", 4);
89 memcpy(data0 + 4, data, size);
90 data0[size + 4] = 0;
91
92 if (ntlm_input(ntlm, data0))
93 free(ntlm_output(ntlm, data0 + 4, data0 + 4, &ready));
94
95 free(data0);
96 free(ntlm);
97
98 // RESTORE_STDERR
99
100 return 0;
101 }
102