From a42a5a42f79cc886d752de1645638e24c600c4d0 Mon Sep 17 00:00:00 2001
From: Michael Hanselmann <public@hansmi.ch>
Date: Thu, 4 Apr 2019 02:26:26 +0200
Subject: [PATCH] Add fuzzing binary for regfio

Checksums are better ignored during fuzzing, hence a flag is added to
the regfio parser to disable checksums.

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
---
 lib/fuzzing/fuzz_regfio.c | 68 +++++++++++++++++++++++++++++++++++++++
 lib/fuzzing/wscript_build |  7 ++++
 2 files changed, 75 insertions(+)
 create mode 100644 lib/fuzzing/fuzz_regfio.c

diff --git a/lib/fuzzing/fuzz_regfio.c b/lib/fuzzing/fuzz_regfio.c
new file mode 100644
index 000000000000..c4ced88801b0
--- /dev/null
+++ b/lib/fuzzing/fuzz_regfio.c
@@ -0,0 +1,68 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Windows NT registry I/O library
+ * Copyright (C) Michael Hanselmann 2019
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "fuzzing/fuzzing.h"
+#include "system/filesys.h"
+#include "lib/util/fault.h"
+#include "registry/reg_objects.h"
+#include "registry/regfio.h"
+
+static FILE *fp;
+static char filename[128];
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	fp = tmpfile();
+
+	(void)snprintf(filename, sizeof(filename), "/proc/self/fd/%d", fileno(fp));
+
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
+{
+	REGF_FILE* regfile;
+	REGF_NK_REC *nk, *subkey;
+
+	rewind(fp);
+	(void)fwrite(buf, len, 1, fp);
+	(void)fflush(fp);
+
+	regfile = regfio_open(filename, O_RDONLY, 0600);
+	if (!regfile) {
+		goto out;
+	}
+
+	regfile->ignore_checksums = true;
+
+	nk = regfio_rootkey(regfile);
+	if (nk != NULL) {
+		nk->subkey_index = 0;
+		while ((subkey = regfio_fetch_subkey(regfile, nk))) {
+		}
+	}
+
+out:
+	if (regfile != NULL) {
+		regfio_close(regfile);
+	}
+
+	return 0;
+}
diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build
index e24f6b028c56..2427c5dcdce6 100644
--- a/lib/fuzzing/wscript_build
+++ b/lib/fuzzing/wscript_build
@@ -25,3 +25,10 @@ bld.SAMBA_BINARY('fuzz_reg_parse',
                  install=False,
                  enabled=bld.env.enable_libfuzzer,
                  )
+
+bld.SAMBA_BINARY('fuzz_regfio',
+                 source='fuzz_regfio.c',
+                 deps='fuzzing samba3-util smbconf REGFIO',
+                 install=False,
+                 enabled=bld.env.enable_libfuzzer,
+                 )
-- 
2.34.1