Allow skipping the checksum when fuzzing

It's easy enough to fix the checksum for a malicious file, so we shouldn't just
rely on this to catch corruption.

2 files changed, 23 insertions, 1 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ad24af8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+GCab
+====
+
+A GObject library to create cabinet files
+
+Fuzzing
+-------
+
+    CC=afl-gcc meson --default-library=static ../
+    AFL_HARDEN=1 ninja
+    export GCAB_SKIP_CHECKSUM=1
+    afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings ./gcab --list-details @@
+    afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings2 ./gcab --directory=/tmp --extract @@
diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c
index 221a6eb..eca63b0 100644
--- a/libgcab/cabinet.c
+++ b/libgcab/cabinet.c
@@ -518,6 +518,15 @@ cdata_finish (cdata_t *cd, GError **error)
                      "zlib failed: %s", zError (zret));
 }
 
+static gint
+_enforce_checksum (void)
+{
+    static gint enforce = -1;
+    if (enforce == -1)
+        enforce = g_getenv ("GCAB_SKIP_CHECKSUM") == NULL ? 1 : 0;
+    return enforce;
+}
+
 G_GNUC_INTERNAL gboolean
 cdata_read (cdata_t *cd, guint8 res_data, gint comptype,
             GDataInputStream *in, GCancellable *cancellable, GError **error)
@@ -550,7 +559,7 @@ cdata_read (cdata_t *cd, guint8 res_data, gint comptype,
     memcpy (&sizecsum[0], &nbytes_le, 2);
     nbytes_le = GUINT16_TO_LE (cd->nubytes);
     memcpy (&sizecsum[2], &nbytes_le, 2);
-    if (cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) {
+    if (_enforce_checksum () && cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) {
         g_set_error_literal (error, GCAB_ERROR, GCAB_ERROR_FAILED,
                              _("incorrect checksum detected"));
         return FALSE;