jmg
/
freebsd-afl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

just some notes on my fuzzing FreeBSD fsck..

main
John-Mark Gurney 1 year ago
commit
fe2bf93182
5 changed files with 50 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +20
    -0
      README.md
  2. +1
    -0
      build.sh
  3. +7
    -0
      fsck_ffs/README.md
  4. +18
    -0
      fsck_ffs/build.test.cases.sh
  5. +4
    -0
      fsck_ffs/run.main.sh

+ 20
- 0
README.md View File

@@ -0,0 +1,20 @@
Fuzzing FreeBSD w/ AFL
======================

This project is used to store the various information and scripts that
I have used in fuzzing FreeBSD.

This project started when someone reported that fsck_ffs couldn't
repair a file system they had, but as we all know, file systems are
often large, and contain data the people don't want to share, making
getting test cases more difficult than most. I decided to see if
fuzzing was able to reproduce their failure, and the very first
failure was the reported, but it also managed to find some more.

Building
--------

There is a script `build.sh` that will set the compiler correctly when
building parts of the FreeBSD source tree. You do have to be careful
when doing this as there are sometimes dependencies that need to be
built as well, e.g. `libufs` for `fsck_ffs`.

+ 1
- 0
build.sh View File

@@ -0,0 +1 @@
CC=/usr/local/afl++-llvm/bin/afl-cc CXX=/usr/local/afl++-llvm/bin/afl-c++ make "$@"

+ 7
- 0
fsck_ffs/README.md View File

@@ -0,0 +1,7 @@
fsck_ffs
========

Collect stack traces for examination:
```
for i in id:000*; do echo TEST CASE "$i"; (echo run -y $i; echo bt) | gdb /usr/obj/usr/src/arm64.aarch64/sbin/fsck_ffs/fsck_ffs; done > crashes.txt
```

+ 18
- 0
fsck_ffs/build.test.cases.sh View File

@@ -0,0 +1,18 @@
size=512kb

for fstype in -O1 -O2; do
for secsize in -S512 -S4096; do
for blkfrag in "" "-b 4096 -f 512"; do
if [ ! -z "$blkfrag" ]; then
part=".b4096f512"
else
part=""
fi
fname="test.$fstype.$secsize$part.img"
truncate -s "$size" "$fname"
dev=$(mdconfig -f "$fname")
newfs $fstype $secsize $blkfrag "$dev"
mdconfig -d -u "$dev"
done
done
done

+ 4
- 0
fsck_ffs/run.main.sh View File

@@ -0,0 +1,4 @@
/usr/local/afl++-llvm/bin/afl-fuzz -i testcase_dir -o sync_dir -M fuzzer01 /usr/obj/usr/src/arm64.aarch64/sbin/fsck_ffs/fsck_ffs -y @@

#secondaries:
# /usr/local/afl++-llvm/bin/afl-fuzz -i testcase_dir -o sync_dir -S fuzzerXX /usr/obj/usr/src/arm64.aarch64/sbin/fsck_ffs/fsck_ffs -y @@

Write Preview
Loading…
Cancel
Save