1 /*
2 * Copyright (c) 2017-2021 Free Software Foundation, Inc.
3 *
4 * This file is part of GNU Wget.
5 *
6 * GNU Wget is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GNU Wget is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with Wget. If not, see <https://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21
22 #include <sys/types.h>
23 #include <dirent.h> // opendir, readdir
24 #include <stdint.h> // uint8_t
25 #include <stdio.h> // fmemopen
26 #include <string.h> // strncmp
27 #include <fcntl.h> // open flags
28 #include <unistd.h> // close
29 #include <setjmp.h> // longjmp, setjmp
30 #include <stdbool.h> // longjmp, setjmp
31
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 // declarations for wget internal functions
36 int main_wget(int argc, const char **argv);
37 void cleanup(void);
38 FILE *fopen_wget(const char *pathname, const char *mode);
39 FILE *fopen_wgetrc(const char *pathname, const char *mode);
40 void exit_wget(int status);
41 #ifdef __cplusplus
42 }
43 #endif
44
45 #include "fuzzer.h"
46
47 static const uint8_t *g_data;
48 static size_t g_size;
49
fopen_wget(const char * pathname,const char * mode)50 FILE *fopen_wget(const char *pathname, const char *mode)
51 {
52 return fopen("/dev/null", mode);
53 }
54
fopen_wgetrc(const char * pathname,const char * mode)55 FILE *fopen_wgetrc(const char *pathname, const char *mode)
56 {
57 #ifdef HAVE_FMEMOPEN
58 return fmemopen((void *) g_data, g_size, mode);
59 #else
60 return NULL;
61 #endif
62 }
63
64 static bool fuzzing;
65 static jmp_buf jmpbuf;
66
67 #ifdef FUZZING
exit_wget(int status)68 void exit_wget(int status)
69 {
70 longjmp(jmpbuf, 1);
71 }
72 #endif
73 #if defined HAVE_DLFCN_H
74 #include <dlfcn.h> // dlsym
75 #include <dlfcn.h>
76 #include <sys/socket.h>
77 #include <netdb.h>
78 #if defined __OpenBSD__ || defined __FreeBSD__
79 #include <netinet/in.h>
80 #endif
81 #ifndef RTLD_NEXT
82 #define RTLD_NEXT RTLD_GLOBAL
83 #endif
exit(int status)84 void exit(int status)
85 {
86 if (fuzzing) {
87 longjmp(jmpbuf, 1);
88 } else {
89 void (*libc_exit)(int) = (void(*)(int)) dlsym (RTLD_NEXT, "exit");
90 libc_exit(status);
91 }
92 }
getaddrinfo(const char * node,const char * service,const struct addrinfo * hints,struct addrinfo ** res)93 int getaddrinfo(const char *node, const char *service, const struct addrinfo *hints, struct addrinfo **res)
94 {
95 if (fuzzing) {
96 return -1;
97 }
98
99 int(*libc_getaddrinfo)(const char *, const char *, const struct addrinfo *, struct addrinfo **) =
100 (int(*)(const char *, const char *, const struct addrinfo *, struct addrinfo **)) dlsym (RTLD_NEXT, "getaddrinfo");
101
102 return libc_getaddrinfo(node, service, hints, res);
103 }
104 #endif
105
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)106 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
107 {
108 static const char *argv[] = { "wget", "-q" };
109
110 if (size > 2048) // same as max_len = ... in .options file
111 return 0;
112
113 g_data = data;
114 g_size = size;
115
116 CLOSE_STDERR
117
118 fuzzing = true;
119
120 if (setjmp(jmpbuf)) {
121 cleanup();
122 goto done;
123 }
124
125 main_wget(sizeof(argv)/sizeof(argv[0]), argv);
126
127 done:
128 fuzzing = false;
129
130 RESTORE_STDERR
131
132 return 0;
133 }
134