--- /dev/null
+FILE(GLOB test_cases "test-*.c")
+
+MACRO(ADD_FUZZER_TEST name)
+ ADD_EXECUTABLE(${name} ${name}.c)
+ TARGET_COMPILE_OPTIONS(${name} PRIVATE -g -O1 -fno-omit-frame-pointer -fsanitize=fuzzer,address,leak,undefined)
+ TARGET_INCLUDE_DIRECTORIES(${name} PRIVATE ${PROJECT_SOURCE_DIR})
+ TARGET_LINK_OPTIONS(${name} PRIVATE -stdlib=libc++ -fsanitize=fuzzer,address,leak,undefined)
+ TARGET_LINK_LIBRARIES(${name} uci)
+ ADD_TEST(
+ NAME ${name}
+ COMMAND ${name} -max_len=256 -timeout=10 -max_total_time=300 -dict=${CMAKE_CURRENT_SOURCE_DIR}/dict/uci.dict ${CMAKE_CURRENT_SOURCE_DIR}/corpus
+ )
+ENDMACRO(ADD_FUZZER_TEST)
+
+FOREACH(test_case ${test_cases})
+ GET_FILENAME_COMPONENT(test_case ${test_case} NAME_WE)
+ ADD_FUZZER_TEST(${test_case})
+ENDFOREACH(test_case)
--- /dev/null
+
+config dnsmasq
+ option domainneeded '1'
+ option boguspriv '1'
+ option filterwin2k '0'
+ option localise_queries '1'
+ option rebind_protection '1'
+ option rebind_localhost '1'
+ option local '/lan/'
+ option domain 'lan'
+ option expandhosts '1'
+ option nonegcache '0'
+ option authoritative '1'
+ option readethers '1'
+ option leasefile '/tmp/dhcp.leases'
+ option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
+ option nonwildcard '1'
+ option localservice '1'
+
+config dhcp 'lan'
+ option interface 'lan'
+ option start '100'
+ option limit '150'
+ option leasetime '12h'
+ option dhcpv6 'server'
+ option ra 'server'
+ option ra_slaac '1'
+ list ra_flags 'managed-config'
+ list ra_flags 'other-config'
+
+config dhcp 'wan'
+ option interface 'wan'
+ option ignore '1'
+
+config odhcpd 'odhcpd'
+ option maindhcp '0'
+ option leasefile '/tmp/hosts/odhcpd'
+ option leasetrigger '/usr/sbin/odhcpd-update'
+ option loglevel '4'
+
+config host
+ option name 'foo'
+ option ip '192.168.1.90'
+ option mac '20:de:ad:be:ef:99'
+
+config host
+ option name 'moo-ap01'
+ option ip '192.168.1.2'
+ option mac '00:dd:8d:f7:e6:6f'
--- /dev/null
+config defaults
+ option syn_flood 1
+ option input ACCEPT
+ option output ACCEPT
+ option forward REJECT
+# Uncomment this line to disable ipv6 rules
+# option disable_ipv6 1
+
+config zone
+ option name lan
+ list network 'lan'
+ option input ACCEPT
+ option output ACCEPT
+ option forward ACCEPT
+
+config zone
+ option name wan
+ list network 'wan'
+ list network 'wan6'
+ option input REJECT
+ option output ACCEPT
+ option forward REJECT
+ option masq 1
+ option mtu_fix 1
+
+config forwarding
+ option src lan
+ option dest wan
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+ option name Allow-DHCP-Renew
+ option src wan
+ option proto udp
+ option dest_port 68
+ option target ACCEPT
+ option family ipv4
+
+# Allow IPv4 ping
+config rule
+ option name Allow-Ping
+ option src wan
+ option proto icmp
+ option icmp_type echo-request
+ option family ipv4
+ option target ACCEPT
+
+config rule
+ option name Allow-IGMP
+ option src wan
+ option proto igmp
+ option family ipv4
+ option target ACCEPT
+
+# Allow DHCPv6 replies
+# see https://dev.openwrt.org/ticket/10381
+config rule
+ option name Allow-DHCPv6
+ option src wan
+ option proto udp
+ option src_ip fc00::/6
+ option dest_ip fc00::/6
+ option dest_port 546
+ option family ipv6
+ option target ACCEPT
+
+config rule
+ option name Allow-MLD
+ option src wan
+ option proto icmp
+ option src_ip fe80::/10
+ list icmp_type '130/0'
+ list icmp_type '131/0'
+ list icmp_type '132/0'
+ list icmp_type '143/0'
+ option family ipv6
+ option target ACCEPT
+
+# Allow essential incoming IPv6 ICMP traffic
+config rule
+ option name Allow-ICMPv6-Input
+ option src wan
+ option proto icmp
+ list icmp_type echo-request
+ list icmp_type echo-reply
+ list icmp_type destination-unreachable
+ list icmp_type packet-too-big
+ list icmp_type time-exceeded
+ list icmp_type bad-header
+ list icmp_type unknown-header-type
+ list icmp_type router-solicitation
+ list icmp_type neighbour-solicitation
+ list icmp_type router-advertisement
+ list icmp_type neighbour-advertisement
+ option limit 1000/sec
+ option family ipv6
+ option target ACCEPT
+
+# Allow essential forwarded IPv6 ICMP traffic
+config rule
+ option name Allow-ICMPv6-Forward
+ option src wan
+ option dest *
+ option proto icmp
+ list icmp_type echo-request
+ list icmp_type echo-reply
+ list icmp_type destination-unreachable
+ list icmp_type packet-too-big
+ list icmp_type time-exceeded
+ list icmp_type bad-header
+ list icmp_type unknown-header-type
+ option limit 1000/sec
+ option family ipv6
+ option target ACCEPT
+
+config rule
+ option name Allow-IPSec-ESP
+ option src wan
+ option dest lan
+ option proto esp
+ option target ACCEPT
+
+config rule
+ option name Allow-ISAKMP
+ option src wan
+ option dest lan
+ option dest_port 500
+ option proto udp
+ option target ACCEPT
+
+# allow interoperability with traceroute classic
+# note that traceroute uses a fixed port range, and depends on getting
+# back ICMP Unreachables. if we're operating in DROP mode, it won't
+# work so we explicitly REJECT packets on these ports.
+config rule
+ option name Support-UDP-Traceroute
+ option src wan
+ option dest_port 33434:33689
+ option proto udp
+ option family ipv4
+ option target REJECT
+ option enabled false
+
+# include a file with users custom iptables rules
+config include
+ option path /etc/firewall.user
+
+
+### EXAMPLE CONFIG SECTIONS
+# do not allow a specific ip to access wan
+#config rule
+# option src lan
+# option src_ip 192.168.45.2
+# option dest wan
+# option proto tcp
+# option target REJECT
+
+# block a specific mac on wan
+#config rule
+# option dest wan
+# option src_mac 00:11:22:33:44:66
+# option target REJECT
+
+# block incoming ICMP traffic on a zone
+#config rule
+# option src lan
+# option proto ICMP
+# option target DROP
+
+# port redirect port coming in on wan to lan
+#config redirect
+# option src wan
+# option src_dport 80
+# option dest lan
+# option dest_ip 192.168.16.235
+# option dest_port 80
+# option proto tcp
+
+# port redirect of remapped ssh port (22001) on wan
+#config redirect
+# option src wan
+# option src_dport 22001
+# option dest lan
+# option dest_port 22
+# option proto tcp
+
+### FULL CONFIG SECTIONS
+#config rule
+# option src lan
+# option src_ip 192.168.45.2
+# option src_mac 00:11:22:33:44:55
+# option src_port 80
+# option dest wan
+# option dest_ip 194.25.2.129
+# option dest_port 120
+# option proto tcp
+# option target REJECT
+
+#config redirect
+# option src lan
+# option src_ip 192.168.45.2
+# option src_mac 00:11:22:33:44:55
+# option src_port 1024
+# option src_dport 80
+# option dest_ip 194.25.2.129
+# option dest_port 120
+# option proto tcp
--- /dev/null
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "uci.h"
+
+static void fuzz_uci_import(const uint8_t *input, size_t size)
+{
+ int r;
+ int fd;
+ FILE *fs = NULL;
+ struct uci_context *ctx = NULL;
+ struct uci_package *package = NULL;
+
+ fd = open("/dev/shm", O_TMPFILE | O_RDWR, S_IRUSR | S_IWUSR);
+ if (fd < 0) {
+ perror("unable to create temp file");
+ exit(-1);
+ }
+
+ r = write(fd, input, size);
+ if (r < 0) {
+ perror("unable to write()");
+ exit(-1);
+ }
+
+ fs = fdopen(fd, "r");
+ if (fs == NULL) {
+ perror("unable to fdopen()");
+ exit(-1);
+ }
+
+ fseek(fs, 0L, SEEK_SET);
+
+ ctx = uci_alloc_context();
+ if (ctx == NULL) {
+ perror("unable to uci_alloc_context()");
+ exit(-1);
+ }
+
+ uci_import(ctx, fs, NULL, &package, false);
+ uci_free_context(ctx);
+ close(fd);
+ fclose(fs);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t size)
+{
+ fuzz_uci_import(input, size);
+ return 0;
+}
projects / project / uci.git / commitdiff