Changeset 1555


Ignore:
Timestamp:
Jan 4, 2007, 9:59:05 AM (13 years ago)
Author:
Sam Hocevar
Message:
  • Implemented -R / --refuse.
Location:
zzuf/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/doc/zzuf.1

    r1554 r1555  
    66.br
    77              [\fB\-F\fR \fIchildren\fR] [\fB\-B\fR \fIbytes\fR] [\fB\-T\fR \fIseconds\fR]
     8.br
     9              [\fB\-P\fR \fIlist\fR] [\fB\-R\fR \fIlist\fR]
    810.br
    911              [\fB\-I\fR \fIinclude\fR] [\fB\-E\fR \fIexclude\fR] \fICOMMAND\fR [\fIARGS\fR]...
     
    9698You can use '\fB-\fR' to specify ranges. For instance, to protect all bytes
    9799from '\fB\\x01\fR' to ' ', use \fB\-P \(dq\\x01- \(dq\fR.
     100
     101See also the \fB\-R\fR flag.
    98102.TP
    99103\fB\-q\fR, \fB\-\-quiet\fR
     
    108112the input files undiscernible from random data. The default fuzzing ratio
    109113is 0.004 (fuzz 0.4% of the files' bits).
     114.TP
     115\fB\-R\fR, \fB\-\-refuse\fR=\fIlist\fR
     116Refuse a list of characters by not fuzzing bytes that would otherwise be
     117changed to a character that is in \fIlist\fR. If the original byte is already
     118in \fIlist\fR, it is left unchanged.
     119
     120See the \fB\-P\fR option for a description of \fIlist\fR.
    110121.TP
    111122\fB\-s\fR, \fB\-\-seed\fR=\fIseed\fR
     
    161172.RE
    162173.PP
     174Fuzz the input of the \fBcat\fR program but do not fuzz the newline character
     175and prevent non-ASCII characters from appearing in the output:
     176.PP
     177.RS
     178.nf
     179\fB# zzuf -P \(dq\\n\(dq -R \(dq\\0-\\x1f\\x7f-\\xff\(dq cat /etc/motd\fR
     180.fi
     181.RE
     182.PP
    163183Fuzz the input of the \fBconvert\fR program, using file \fBfoo.jpeg\fR as the
    164184original input and excluding \fB.xml\fR files from fuzzing (because
  • zzuf/trunk/src/fuzz.c

    r1554 r1555  
    8787        for(j = start; j < stop; j++)
    8888        {
    89             if(_zz_protect[aligned_buf[j]])
     89            uint8_t byte = aligned_buf[j];
     90
     91            if(_zz_protect[byte])
    9092                continue;
    9193
    92             aligned_buf[j] ^= fuzz->data[j % CHUNKBYTES];
     94            byte ^= fuzz->data[j % CHUNKBYTES];
     95
     96            if(_zz_refuse[byte])
     97                continue;
     98
     99            aligned_buf[j] = byte;
    93100        }
    94101    }
  • zzuf/trunk/src/libzzuf.c

    r1554 r1555  
    4949/* Global tables */
    5050int   _zz_protect[256];
     51int   _zz_refuse[256];
    5152
    5253/* Local variables */
     
    5556
    5657/* Local prototypes */
    57 static void _zz_protect_init(char const *);
     58static void _zz_list_init(int *, char const *);
    5859static void _zz_fd_init(void);
    5960static void _zz_fd_fini(void);
     
    8283    tmp = getenv("ZZUF_PROTECT");
    8384    if(tmp && *tmp)
    84         _zz_protect_init(tmp);
     85        _zz_list_init(_zz_protect, tmp);
     86
     87    tmp = getenv("ZZUF_REFUSE");
     88    if(tmp && *tmp)
     89        _zz_list_init(_zz_refuse, tmp);
    8590
    8691    tmp = getenv("ZZUF_INCLUDE");
     
    124129
    125130/* Byte list stuff */
    126 static void _zz_protect_init(char const *list)
     131static void _zz_list_init(int *table, char const *list)
    127132{
    128133    static char const hex[] = "0123456789abcdef0123456789ABCDEF";
     
    130135    int a, b;
    131136
    132     memset(_zz_protect, 0, 256 * sizeof(int));
     137    memset(table, 0, 256 * sizeof(int));
    133138
    134139    for(tmp = list, a = b = -1; *tmp; tmp++)
     
    166171        {
    167172            while(a <= new)
    168                 _zz_protect[a++] = 1;
     173                table[a++] = 1;
    169174            a = b = -1;
    170175        }
     
    172177        {
    173178            if(a != -1)
    174                 _zz_protect[a] = 1;
     179                table[a] = 1;
    175180            a = b;
    176181            b = new;
     
    179184
    180185    if(a != -1)
    181         _zz_protect[a] = 1;
     186        table[a] = 1;
    182187    if(b != -1)
    183         _zz_protect[b] = 1;
     188        table[b] = 1;
    184189}
    185190
  • zzuf/trunk/src/libzzuf.h

    r1554 r1555  
    4040extern int   _zz_signal;
    4141
    42 /* Internal tables */
     42/* Internal tables TODO: merge them and use bitmasks */
    4343extern int   _zz_protect[256];
     44extern int   _zz_refuse[256];
    4445
    4546/* Library initialisation shit */
  • zzuf/trunk/src/zzuf.c

    r1554 r1555  
    114114            { "quiet",     0, NULL, 'q' },
    115115            { "ratio",     1, NULL, 'r' },
     116            { "refuse",    1, NULL, 'R' },
    116117            { "seed",      1, NULL, 's' },
    117118            { "signal",    0, NULL, 'S' },
     
    119120            { "version",   0, NULL, 'v' },
    120121        };
    121         int c = getopt_long(argc, argv, "B:cdE:F:hiI:P:qr:s:ST:v",
     122        int c = getopt_long(argc, argv, "B:cdE:F:hiI:P:qr:R:s:ST:v",
    122123                            long_options, &option_index);
    123124#   else
    124125#       define MOREINFO "Try `%s -h' for more information.\n"
    125         int c = getopt(argc, argv, "B:cdE:F:hiI:P:qr:s:ST:v");
     126        int c = getopt(argc, argv, "B:cdE:F:hiI:P:qr:R:s:ST:v");
    126127#   endif
    127128        if(c == -1)
     
    171172        case 'P': /* --protect */
    172173            setenv("ZZUF_PROTECT", optarg, 1);
     174            break;
     175        case 'R': /* --refuse */
     176            setenv("ZZUF_REFUSE", optarg, 1);
    173177            break;
    174178        case 'q': /* --quiet */
     
    546550static void usage(void)
    547551{
    548     printf("Usage: zzuf [ -qdic ] [ -r ratio ] [ -s seed | -s start:stop ]\n");
    549     printf("                      [ -F children ] [ -B bytes ] [ -T seconds ] [ -P protect ]\n");
    550     printf("                      [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n");
     552    printf("Usage: zzuf [ -cdiqS ] [ -r ratio ] [ -s seed | -s start:stop ]\n");
     553    printf("                       [ -F children ] [ -B bytes ] [ -T seconds ]\n");
     554    printf("                       [ -P protect ] [ -R refuse ]\n");
     555    printf("                       [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n");
    551556    printf("       zzuf -h\n");
    552557    printf("       zzuf -v\n");
     
    565570    printf("  -q, --quiet              do not print children's messages\n");
    566571    printf("  -r, --ratio <ratio>      bit fuzzing ratio (default 0.004)\n");
     572    printf("  -R, --refuse <list>      refuse bytes and characters in <list>\n");
    567573    printf("  -s, --seed <seed>        random seed (default 0)\n");
    568574    printf("      --seed <start:stop>  specify a seed range\n");
     
    582588    printf("  -q               do not print the fuzzed application's messages\n");
    583589    printf("  -r <ratio>       bit fuzzing ratio (default 0.004)\n");
     590    printf("  -R <list>        refuse bytes and characters in <list>\n");
    584591    printf("  -s <seed>        random seed (default 0)\n");
    585592    printf("     <start:stop>  specify a seed range\n");
Note: See TracChangeset for help on using the changeset viewer.