diff options
author | Richard Hughes <richard@hughsie.com> | 2017-12-13 15:48:43 +0000 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2017-12-14 13:11:42 +0000 |
commit | 1da391c3f762ff2413c688e1cc02515269fd155f (patch) | |
tree | a3fe01976b6b3b57ea0e025f72bdb9e5011702b7 | |
parent | d1829b627bbb3b81420728def33f6ae290ffb0fe (diff) | |
download | gcab-1da391c3f762ff2413c688e1cc02515269fd155f.tar.gz |
Allow skipping the checksum when fuzzing
It's easy enough to fix the checksum for a malicious file, so we shouldn't just
rely on this to catch corruption.
-rw-r--r-- | README.md | 13 | ||||
-rw-r--r-- | libgcab/cabinet.c | 11 |
2 files changed, 23 insertions, 1 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..ad24af8 --- /dev/null +++ b/README.md @@ -0,0 +1,13 @@ +GCab +==== + +A GObject library to create cabinet files + +Fuzzing +------- + + CC=afl-gcc meson --default-library=static ../ + AFL_HARDEN=1 ninja + export GCAB_SKIP_CHECKSUM=1 + afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings ./gcab --list-details @@ + afl-fuzz -m 300 -i ../tests/fuzzing/ -o findings2 ./gcab --directory=/tmp --extract @@ diff --git a/libgcab/cabinet.c b/libgcab/cabinet.c index 221a6eb..eca63b0 100644 --- a/libgcab/cabinet.c +++ b/libgcab/cabinet.c @@ -518,6 +518,15 @@ cdata_finish (cdata_t *cd, GError **error) "zlib failed: %s", zError (zret)); } +static gint +_enforce_checksum (void) +{ + static gint enforce = -1; + if (enforce == -1) + enforce = g_getenv ("GCAB_SKIP_CHECKSUM") == NULL ? 1 : 0; + return enforce; +} + G_GNUC_INTERNAL gboolean cdata_read (cdata_t *cd, guint8 res_data, gint comptype, GDataInputStream *in, GCancellable *cancellable, GError **error) @@ -550,7 +559,7 @@ cdata_read (cdata_t *cd, guint8 res_data, gint comptype, memcpy (&sizecsum[0], &nbytes_le, 2); nbytes_le = GUINT16_TO_LE (cd->nubytes); memcpy (&sizecsum[2], &nbytes_le, 2); - if (cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) { + if (_enforce_checksum () && cd->checksum != compute_checksum (sizecsum, sizeof(sizecsum), datacsum)) { g_set_error_literal (error, GCAB_ERROR, GCAB_ERROR_FAILED, _("incorrect checksum detected")); return FALSE; |