Name Date Size #Lines LOC

..22-Aug-2023-

CMakeLists.txtH A D22-Aug-20232.4 KiB6452

DockerfileH A D22-Aug-2023533 1311

MakefileH A D22-Aug-20232.5 KiB8059

READMEH A D22-Aug-20231.4 KiB3428

build-coverageH A D22-Aug-2023988 3218

dummy.hH A D22-Aug-20233.5 KiB9781

export.gnuH A D22-Aug-20235.9 KiB243242

functions.txtH A D22-Aug-202365.9 KiB808775

fuzz_assert.cH A D22-Aug-202311.7 KiB472370

fuzz_bio.cH A D22-Aug-202310 KiB441332

fuzz_cred.cH A D22-Aug-202312.1 KiB456369

fuzz_credman.cH A D22-Aug-20239.2 KiB406312

fuzz_hid.cH A D22-Aug-20235 KiB216167

fuzz_largeblob.cH A D22-Aug-20235.7 KiB271200

fuzz_mgmt.cH A D22-Aug-202310.8 KiB481387

fuzz_netlink.cH A D22-Aug-20237.2 KiB250202

libfuzzer.cH A D22-Aug-20233.5 KiB178137

mutator_aux.cH A D22-Aug-20235.4 KiB327251

mutator_aux.hH A D22-Aug-20232.5 KiB9762

preload-fuzz.cH A D22-Aug-20231.9 KiB10577

preload-snoop.cH A D22-Aug-20234.1 KiB218167

prng.cH A D22-Aug-20233.9 KiB11451

report.tgzH A D22-Aug-2023296 KiB

summary.txtH A D22-Aug-20237.4 KiB5250

udev.cH A D22-Aug-20236.6 KiB270220

uniform_random.cH A D22-Aug-20231.8 KiB5818

wiredata_fido2.hH A D22-Aug-202330.3 KiB634610

wiredata_u2f.hH A D22-Aug-20237.1 KiB153142

wrap.cH A D22-Aug-20237.4 KiB583500

wrapped.symH A D22-Aug-20231.4 KiB8483

README

1libfido2 can be fuzzed using AFL or libFuzzer, with or without
2ASAN/MSAN/UBSAN.
3
4AFL is more convenient when fuzzing the path from the authenticator to
5libfido2 in an existing application. To do so, use preload-snoop.c with a real
6authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=ON, and
7use preload-fuzz.c to read device data from stdin.
8
9libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
10fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these
11harnesses, use -DFUZZ=ON -DLIBFUZZER=ON.
12
13To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
14libcbor and OpenSSL built with the respective sanitiser. In order to keep
15memory utilisation at a manageable level, you can either enforce limits at
16the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
17
18diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
19index aa049a2..e294b38 100644
20--- src/cbor/internal/memory_utils.c
21+++ src/cbor/internal/memory_utils.c
22@@ -28,7 +28,10 @@ bool _cbor_safe_to_multiply(size_t a, size_t b) {
23
24 void* _cbor_alloc_multiple(size_t item_size, size_t item_count) {
25   if (_cbor_safe_to_multiply(item_size, item_count)) {
26-    return _CBOR_MALLOC(item_size * item_count);
27+    if (item_count > 1000) {
28+      return NULL;
29+    } else
30+      return _CBOR_MALLOC(item_size * item_count);
31   } else {
32     return NULL;
33   }
34