honggfuzz 1.9

google · May 22, 2019 · c6e51b1 · c6e51b1
1 parent bc7dea2
commit c6e51b1
Show file tree

Hide file tree

Showing 8 changed files with 31 additions and 38 deletions.
diff --git a/Makefile b/Makefile
@@ -403,9 +403,9 @@ report.o: libhfcommon/log.h
 sanitizers.o: sanitizers.h honggfuzz.h libhfcommon/util.h cmdline.h
 sanitizers.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
 sanitizers.o: libhfcommon/log.h
-socketfuzzer.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h
-socketfuzzer.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h
-socketfuzzer.o: libhfcommon/ns.h socketfuzzer.h
+socketfuzzer.o: socketfuzzer.h honggfuzz.h libhfcommon/util.h
+socketfuzzer.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
+socketfuzzer.o: libhfcommon/log.h libhfcommon/ns.h
 subproc.o: subproc.h honggfuzz.h libhfcommon/util.h arch.h fuzz.h
 subproc.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
 subproc.o: libhfcommon/log.h
@@ -434,10 +434,10 @@ libhfuzz/linux.o: libhfcommon/common.h libhfcommon/files.h
 libhfuzz/linux.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/ns.h
 libhfuzz/linux.o: libhfuzz/libhfuzz.h
 libhfuzz/memorycmp.o: libhfcommon/common.h libhfuzz/instrument.h
-libhfuzz/persistent.o: libhfuzz/libhfuzz.h honggfuzz.h libhfcommon/util.h
-libhfuzz/persistent.o: libhfcommon/common.h libhfcommon/files.h
-libhfuzz/persistent.o: libhfcommon/common.h libhfcommon/log.h
-libhfuzz/persistent.o: libhfuzz/fetch.h libhfuzz/instrument.h
+libhfuzz/persistent.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h
+libhfuzz/persistent.o: libhfcommon/files.h libhfcommon/common.h
+libhfuzz/persistent.o: libhfcommon/log.h libhfuzz/fetch.h
+libhfuzz/persistent.o: libhfuzz/instrument.h libhfuzz/libhfuzz.h
 linux/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h
 linux/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
 linux/arch.o: libhfcommon/log.h libhfcommon/ns.h linux/perf.h linux/trace.h
@@ -448,8 +448,8 @@ linux/bfd.o: libhfcommon/log.h
 linux/perf.o: linux/perf.h honggfuzz.h libhfcommon/util.h
 linux/perf.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
 linux/perf.o: libhfcommon/log.h linux/pt.h
-linux/pt.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/util.h
-linux/pt.o: linux/pt.h honggfuzz.h
+linux/pt.o: linux/pt.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h
+linux/pt.o: libhfcommon/log.h
 linux/trace.o: linux/trace.h honggfuzz.h libhfcommon/util.h
 linux/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
 linux/trace.o: libhfcommon/log.h linux/bfd.h linux/unwind.h sanitizers.h

diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte
 
 ## Code
 
-  * Latest stable version: [1.8](https://github.com/google/honggfuzz/releases)
+  * Latest stable version: [1.9](https://github.com/google/honggfuzz/releases)
   * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG)
 
 ## Requirements
@@ -90,6 +90,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof
     * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262)
     * panic() in sleep-parser [#1](https://github.com/datrs/sleep-parser/issues/3)
     * panic() in lewton [#1](https://github.com/RustAudio/lewton/issues/27)
+    * panic()/DoS in Ethereum-Parity [#1](https://srlabs.de/bites/ethereum_dos/)
   * ... and more
 
 ## Projects utilizing Honggfuzz
@@ -112,6 +113,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof
   * [__FuzzM__: a gray box model-based fuzzing framework](https://github.com/collins-research/FuzzM)
   * [__FuzzOS__: by Mozilla Security](https://github.com/MozillaSecurity/fuzzos)
   * [__Android__: by OHA](https://android.googlesource.com/platform/external/honggfuzz)
+  * [__QDBI__: by Quarkslab](https://project.inria.fr/FranceJapanICST/files/2019/04/19-Kyoto-Fuzzing_Binaries_using_Dynamic_Instrumentation.pdf)
 
 ## Examples
 

diff --git a/honggfuzz.h b/honggfuzz.h
@@ -38,7 +38,7 @@
 #include "libhfcommon/util.h"
 
 #define PROG_NAME "honggfuzz"
-#define PROG_VERSION "1.8"
+#define PROG_VERSION "1.9"
 
 /* Name of the template which will be replaced with the proper name of the file */
 #define _HF_FILE_PLACEHOLDER "___FILE___"

diff --git a/libhfcommon/files.h b/libhfcommon/files.h
@@ -24,13 +24,13 @@
 #ifndef _HF_COMMON_FILES_H_
 #define _HF_COMMON_FILES_H_
 
-#include "common.h"
-
 #include <stdbool.h>
 #include <stdint.h>
 #include <sys/socket.h>
 #include <unistd.h>
 
+#include "common.h"
+
 extern ssize_t files_readFileToBufMax(const char* fileName, uint8_t* buf, size_t fileMaxSz);
 
 extern bool files_writeBufToFile(

diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c
@@ -1,5 +1,3 @@
-#include "libhfuzz/libhfuzz.h"
-
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
@@ -21,6 +19,7 @@
 #include "libhfcommon/log.h"
 #include "libhfuzz/fetch.h"
 #include "libhfuzz/instrument.h"
+#include "libhfuzz/libhfuzz.h"
 
 __attribute__((weak)) int LLVMFuzzerInitialize(
     int* argc HF_ATTR_UNUSED, char*** argv HF_ATTR_UNUSED) {

diff --git a/linux/pt.c b/linux/pt.c
@@ -21,15 +21,15 @@
  *
  */
 
-#include "libhfcommon/common.h"
+#include "pt.h"
 
 #include <inttypes.h>
 #include <linux/perf_event.h>
 #include <stdio.h>
 
+#include "libhfcommon/common.h"
 #include "libhfcommon/log.h"
 #include "libhfcommon/util.h"
-#include "pt.h"
 
 #ifdef _HF_LINUX_INTEL_PT_LIB
 

diff --git a/mac/arch.c b/mac/arch.c
@@ -24,11 +24,19 @@
 
 #include "arch.h"
 
+#import <Foundation/Foundation.h>
 #include <ctype.h>
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <mach/i386/thread_status.h>
+#include <mach/mach.h>
+#include <mach/mach_types.h>
+#include <mach/mach_vm.h>
+#include <mach/task_info.h>
 #include <poll.h>
+#include <pthread.h>
+#include <servers/bootstrap.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -49,20 +57,9 @@
 #include "libhfcommon/files.h"
 #include "libhfcommon/log.h"
 #include "libhfcommon/util.h"
-#include "subproc.h"
-
-#include <mach/i386/thread_status.h>
-#include <mach/mach.h>
-#include <mach/mach_types.h>
-#include <mach/mach_vm.h>
-#include <mach/task_info.h>
-#include <pthread.h>
-#include <servers/bootstrap.h>
-
 #include "mach_exc.h"
 #include "mach_excServer.h"
-
-#import <Foundation/Foundation.h>
+#include "subproc.h"
 
 /*
  * Interface to third_party/CrashReport_*.o

diff --git a/socketfuzzer.c b/socketfuzzer.c
@@ -1,3 +1,5 @@
+#include "socketfuzzer.h"
+
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
@@ -11,17 +13,12 @@
 #include <string.h>
 #include <sys/mman.h>
 #include <sys/param.h>
+#include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/types.h>
-#include <time.h>
-#include <unistd.h>
-
-#include <errno.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/types.h>
 #include <sys/un.h>
+#include <time.h>
 #include <unistd.h>
 
 #include "honggfuzz.h"
@@ -31,8 +28,6 @@
 #include "libhfcommon/ns.h"
 #include "libhfcommon/util.h"
 
-#include "socketfuzzer.h"
-
 bool fuzz_waitForExternalInput(run_t* run) {
     /* tell the external fuzzer to do his thing */
     if (!fuzz_prepareSocketFuzzer(run)) {