Bug 1400513 - u2f-hid-rs: fuzzers should use a deterministic cmd byte r=jcj

Summary: We're currently using the thread_rng to derive a cmd byte for the U2F protocol fuzzers. That of course should rather be derived deterministically from the input handed to the fuzzing target. Bug #: 1400513 Differential Revision: https://phabricator.services.mozilla.com/D61
2017-09-17 20:07:32 +02:00 · 2017-09-17 20:07:32 +02:00 · cd9cddcc94
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/3031b026f0eb80bc03d05be97b3cef550913a3d4
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/3031b026f0eb80bc03d05be97b3cef550913a3d4
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/3e28ec02ceb803efa105dc82fcfc9cb4014d7ced
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/3e28ec02ceb803efa105dc82fcfc9cb4014d7ced
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/60c1a897bef5145eb977461d13f789e1ddfa4a69
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/60c1a897bef5145eb977461d13f789e1ddfa4a69
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/7dc504e4505d6b4d3465aeb7bdf59702676a54cd
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/7dc504e4505d6b4d3465aeb7bdf59702676a54cd
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/7f960b178bcf3adf082da7c632b4e1366ba22274
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/7f960b178bcf3adf082da7c632b4e1366ba22274
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/a05810d808f44249ae8ecfeadc59e5d8f7e55fb8
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/a05810d808f44249ae8ecfeadc59e5d8f7e55fb8
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/a22d2b1daa9483abc026fa2f75290aa51be59ca9
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read/a22d2b1daa9483abc026fa2f75290aa51be59ca9
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read_write/62b74bc0ad2433f77a007b95eaf964ea719d21e2
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read_write/62b74bc0ad2433f77a007b95eaf964ea719d21e2
--- a/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read_write/afcb12f9dddb1ed0bb06d6372e91b2707cd764d1
+++ b/dom/webauthn/u2f-hid-rs/fuzz/corpus/u2f_read_write/afcb12f9dddb1ed0bb06d6372e91b2707cd764d1
--- a/dom/webauthn/u2f-hid-rs/fuzz/fuzz_targets/u2f_read.rs
+++ b/dom/webauthn/u2f-hid-rs/fuzz/fuzz_targets/u2f_read.rs
@ -4,10 +4,8 @@

 #![no_main]
 #[macro_use] extern crate libfuzzer_sys;
-extern crate rand;
 extern crate u2fhid;

-use rand::{thread_rng, Rng};
 use std::{cmp, io};

 use u2fhid::{CID_BROADCAST, HID_RPT_SIZE};
@ -59,7 +57,10 @@ impl<'a> U2FDevice for TestDevice<'a> {
 }

 fuzz_target!(|data: &[u8]| {
-    let mut dev = TestDevice::new(data);
-    let cmd = thread_rng().gen::<u8>();
-    let _ = sendrecv(&mut dev, cmd, data);
+    if data.len() > 0 {
+        let cmd = data[0];
+        let data = &data[1..];
+        let mut dev = TestDevice::new(data);
+        let _ = sendrecv(&mut dev, cmd, data);
+    }
 });
--- a/dom/webauthn/u2f-hid-rs/fuzz/fuzz_targets/u2f_read_write.rs
+++ b/dom/webauthn/u2f-hid-rs/fuzz/fuzz_targets/u2f_read_write.rs
@ -4,10 +4,8 @@

 #![no_main]
 #[macro_use] extern crate libfuzzer_sys;
-extern crate rand;
 extern crate u2fhid;

-use rand::{thread_rng, Rng};
 use std::{cmp, io};

 use u2fhid::{CID_BROADCAST, HID_RPT_SIZE};
@ -60,8 +58,11 @@ impl U2FDevice for TestDevice {
 }

 fuzz_target!(|data: &[u8]| {
-    let mut dev = TestDevice::new();
-    let cmd = thread_rng().gen::<u8>();
-    let res = sendrecv(&mut dev, cmd, data);
-    assert_eq!(data, &res.unwrap()[..]);
+    if data.len() > 0 {
+        let cmd = data[0];
+        let data = &data[1..];
+        let mut dev = TestDevice::new();
+        let res = sendrecv(&mut dev, cmd, data);
+        assert_eq!(data, &res.unwrap()[..]);
+    }
 });