head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.4 netbsd-11-0-RC3:1.1.1.4 netbsd-11-0-RC2:1.1.1.4 netbsd-11-0-RC1:1.1.1.4 perseant-exfatfs-base-20250801:1.1.1.4 netbsd-11:1.1.1.4.0.4 netbsd-11-base:1.1.1.4 libfido2-1-16-0:1.1.1.4 netbsd-10-1-RELEASE:1.1.1.3.2.1 perseant-exfatfs-base-20240630:1.1.1.4 perseant-exfatfs:1.1.1.4.0.2 perseant-exfatfs-base:1.1.1.4 netbsd-10-0-RELEASE:1.1.1.3.2.1 netbsd-10-0-RC6:1.1.1.3.2.1 netbsd-10-0-RC5:1.1.1.3.2.1 netbsd-10-0-RC4:1.1.1.3.2.1 netbsd-10-0-RC3:1.1.1.3.2.1 netbsd-10-0-RC2:1.1.1.3.2.1 netbsd-10-0-RC1:1.1.1.3.2.1 libfido2-1-13-0:1.1.1.4 netbsd-10:1.1.1.3.0.2 netbsd-10-base:1.1.1.3 libfido2-1-8-0:1.1.1.3 libfido2-1-7-0:1.1.1.3 cjep_sun2x-base1:1.1.1.2 cjep_sun2x:1.1.1.2.0.4 cjep_sun2x-base:1.1.1.2 cjep_staticlib_x-base1:1.1.1.2 cjep_staticlib_x:1.1.1.2.0.2 cjep_staticlib_x-base:1.1.1.2 libfido2-1-5-0:1.1.1.2 phil-wifi-20200421:1.1.1.1 phil-wifi:1.1.1.1.0.2 phil-wifi-20200411:1.1.1.1 phil-wifi-20200406:1.1.1.1 libfido2-f6ab2ce65745f7f3b1bee7481623de5eaac28bb0:1.1.1.1 YUBICO:1.1.1; locks; strict; comment @# @; 1.1 date 2020.03.03.00.11.43; author christos; state Exp; branches 1.1.1.1; next ; commitid C3h02fnbEJ614TYB; 1.1.1.1 date 2020.03.03.00.11.43; author christos; state Exp; branches 1.1.1.1.2.1; next 1.1.1.2; commitid C3h02fnbEJ614TYB; 1.1.1.2 date 2020.12.04.18.09.13; author christos; state Exp; branches; next 1.1.1.3; commitid NXNOgGFBKmoV8syC; 1.1.1.3 date 2021.06.17.00.38.07; author christos; state Exp; branches 1.1.1.3.2.1; next 1.1.1.4; commitid lSpmBnkrCXrM3qXC; 1.1.1.4 date 2023.08.11.22.58.18; author christos; state Exp; branches; next ; commitid J0htdkgUi8KBfqAE; 1.1.1.1.2.1 date 2020.03.03.00.11.43; author martin; state dead; branches; next 1.1.1.1.2.2; commitid X01YhRUPVUDaec4C; 1.1.1.1.2.2 date 2020.04.13.07.46.08; author martin; state Exp; branches; next ; commitid X01YhRUPVUDaec4C; 1.1.1.3.2.1 date 2023.09.05.17.11.35; author martin; state Exp; branches; next ; commitid 8EjKQJ0WqKD2xBDE; desc @@ 1.1 log @Initial revision @ text @libfido2 can be fuzzed using AFL or libFuzzer, with or without ASAN/MSAN/UBSAN. AFL is more convenient when fuzzing the path from the authenticator to libfido2 in an existing application. To do so, use preload-snoop.c with a real authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1 -DAFL=1, and use preload-fuzz.c to read device data from stdin. Examples of this approach can be found in the harnesses under fuzz/harnesses/ that fuzz the standalone examples and tools bundled with libfido2. libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c, fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses, use -DFUZZ=1 -DLIBFUZZER=1. To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of libcbor and OpenSSL built with the respective sanitiser. In order to keep memory utilisation at a manageable level, you can either enforce limits at the OS level (e.g. cgroups on Linux) or, alternatively, patch libcbor with the diff at the bottom of this file. 1. Using ASAN + UBSAN - Make sure you have libcbor built with -fsanitize=address; - Make sure you have OpenSSL built with -fsanitize=address; - Rebuild libfido2 with -DASAN=1 -DUBSAN=1. 1.1 Decide where your workspace will live $ export FAKEROOT=/home/pedro/fakeroot $ mkdir -p ${FAKEROOT}/src 1.2 Building libcbor with ASAN $ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor $ cd ${FAKEROOT}/src/libcbor Assuming libfido2 is under ${FAKEROOT}/src/libfido2: $ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README $ mkdir build $ cd build $ cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \ -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \ -DCMAKE_INSTALL_LIBDIR=lib .. $ make $ make install 1.3 Building OpenSSL with ASAN $ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl $ cd ${FAKEROOT}/src/openssl $ ./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \ --openssldir=${FAKEROOT}/openssl $ make clean $ make $ make install_sw 1.4 Building libfido2 with libFuzzer and ASAN + UBSAN $ cd ${FAKEROOT}/src/libfido2 $ mkdir build $ cd build $ cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCMAKE_BUILD_TYPE=Debug .. $ make 2. Using MSAN + UBSAN - Make sure you have libcbor built with -fsanitize=memory; - Make sure you have OpenSSL built with -fsanitize=memory; - Rebuild libfido2 with -DMSAN=1 -DUBSAN=1. 2.1 Decide where your workspace will live $ export FAKEROOT=/home/pedro/fakeroot $ mkdir -p ${FAKEROOT}/src 2.2 Building libcbor with MSAN $ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor $ cd ${FAKEROOT}/src/libcbor Assuming libfido2 is under ${FAKEROOT}/src/libfido2: $ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README $ mkdir build $ cd build $ cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \ -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \ -DCMAKE_INSTALL_LIBDIR=lib .. $ make $ make install 2.2 Building OpenSSL with MSAN $ mkdir -p ${FAKEROOT}/src $ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl $ cd ${FAKEROOT}/src/openssl $ ./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \ --openssldir=${FAKEROOT}/openssl $ make clean $ make $ make install_sw 2.3 Building libfido2 with libFuzzer and MSAN + UBSAN $ cd ${FAKEROOT}/src/libfido2 $ mkdir build $ cd build $ cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCMAKE_BUILD_TYPE=Debug .. $ make 3. Running the libFuzzer harnesses When running under ASAN, you may want to set ASAN_OPTIONS to 'allocator_may_return_null=1:detect_stack_use_after_return=1'. The recommended way to run the harnesses is: $ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \ -print_pcs=1 -print_funcs=30 -timeout=10 CORPUS_DIR You may want to use -jobs or -workers depending on the number of logical cores available for fuzzing. 4. Auxiliary scripts A set of harnesses and auxiliary scripts can be found under harnesses/. To compile coverage reports, adjust the harnesses to your setup and run 'report'. diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c index aa049a2..e294b38 100644 --- src/cbor/internal/memory_utils.c +++ src/cbor/internal/memory_utils.c @@@@ -28,7 +28,10 @@@@ bool _cbor_safe_to_multiply(size_t a, size_t b) { void* _cbor_alloc_multiple(size_t item_size, size_t item_count) { if (_cbor_safe_to_multiply(item_size, item_count)) { - return _CBOR_MALLOC(item_size * item_count); + if (item_count > 1000) { + return NULL; + } else + return _CBOR_MALLOC(item_size * item_count); } else { return NULL; } @ 1.1.1.1 log @Import Yubico's libfido2 from https://github.com/Yubico/libfido2.git @ text @@ 1.1.1.2 log @Version 1.5.0 (2020-09-01) hid_linux: return FIDO_OK if no devices are found. hid_osx: repair communication with U2F tokens, gh#166; reliability fixes. fido2-{assert,cred}: new options to explicitly toggle UP, UV. Support for configurable report lengths. New API calls: fido_cbor_info_maxcredcntlst; fido_cbor_info_maxcredidlen; fido_cred_aaguid_len; fido_cred_aaguid_ptr; fido_dev_get_touch_begin; fido_dev_get_touch_status. Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154. Allow CTAP messages up to 2048 bytes; gh#171. Ensure we only list USB devices by default. Version 1.4.0 (2020-04-15) hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1. Fall back to U2F if the key claims to, but does not support FIDO2. FIDO2 credential protection (credprot) support. New API calls: fido_cbor_info_fwversion; fido_cred_prot; fido_cred_set_prot; fido_dev_set_transport_functions; fido_set_log_handler. Support for FreeBSD. Support for C++. Support for MSYS. Fixed EdDSA and RSA self-attestation. Version 1.3.1 (2020-02-19) fix zero-ing of le1 and le2 when talking to a U2F device. dropping sk-libfido2 middleware, please find it in the openssh tree. @ text @d6 4 a9 2 authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1, and use preload-fuzz.c to read device data from stdin. d18 123 a140 1 the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below. @ 1.1.1.3 log @Import libfido2 1.7.0; changes: Version 1.7.0 (2021-03-29) - New dependency on zlib. - Fixed musl build; gh#259. - hid_win: detect devices with vendor or product IDs > 0x7fff; gh#264. - Support for FIDO 2.1 authenticator configuration. - Support for FIDO 2.1 UV token permissions. - Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. - New API calls: fido_assert_blob_len; fido_assert_blob_ptr; fido_assert_largeblob_key_len; fido_assert_largeblob_key_ptr; fido_assert_set_hmac_secret; fido_cbor_info_maxcredbloblen; fido_cred_largeblob_key_len; fido_cred_largeblob_key_ptr; fido_cred_set_blob; fido_dev_enable_entattest; fido_dev_force_pin_change; fido_dev_has_uv; fido_dev_largeblob_get; fido_dev_largeblob_get_array; fido_dev_largeblob_remove; fido_dev_largeblob_set; fido_dev_largeblob_set_array; fido_dev_set_pin_minlen; fido_dev_set_sigmask; fido_dev_supports_credman; fido_dev_supports_permissions; fido_dev_supports_uv; fido_dev_toggle_always_uv. - New fido_init flag to disable fido_dev_open's U2F fallback; gh#282. - Experimental NFC support on Linux; enable with -DNFC_LINUX. Version 1.6.0 (2020-12-22) - Fix OpenSSL 1.0 and Cygwin builds. - hid_linux: fix build on 32-bit systems. - hid_osx: allow reads from spawned threads. - Documentation and reliability fixes. - New API calls: fido_cred_authdata_raw_len; fido_cred_authdata_raw_ptr; fido_cred_sigcount; fido_dev_get_uv_retry_count; fido_dev_supports_credman. - Hardened Windows build. - Native FreeBSD and NetBSD support. - Use CTAP2 canonical CBOR when combining hmac-secret and credProtect. @ text @d6 1 a6 1 authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=ON, and d10 2 a11 2 fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these harnesses, use -DFUZZ=ON -DLIBFUZZER=ON. @ 1.1.1.3.2.1 log @Pull up following revision(s) (requested by riastradh in ticket #345): external/bsd/libfido2/dist/fuzz/clock.c up to 1.1.1.1 external/bsd/libfido2/dist/fuzz/fuzz_pcsc.c up to 1.1.1.1 external/bsd/libfido2/dist/fuzz/pcsc.c up to 1.1.1.1 external/bsd/libfido2/dist/man/check.sh up to 1.1.1.1 external/bsd/libfido2/dist/man/es384_pk_new.3 up to 1.1.1.1 external/bsd/libfido2/dist/openbsd-compat/bsd-asprintf.c up to 1.1.1.1 external/bsd/libfido2/dist/openbsd-compat/strsep.c up to 1.1.1.1 external/bsd/libfido2/dist/regress/compress.c up to 1.1.1.1 external/bsd/libfido2/dist/regress/eddsa.c up to 1.1.1.1 external/bsd/libfido2/dist/regress/es256.c up to 1.1.1.1 external/bsd/libfido2/dist/regress/es384.c up to 1.1.1.1 external/bsd/libfido2/dist/regress/rs256.c up to 1.1.1.1 external/bsd/libfido2/dist/src/fido/es384.h up to 1.1.1.1 external/bsd/libfido2/dist/src/es384.c up to 1.1.1.1 external/bsd/libfido2/dist/src/fallthrough.h up to 1.1.1.1 external/bsd/libfido2/dist/src/nfc.c up to 1.1.1.1 external/bsd/libfido2/dist/src/pcsc.c up to 1.1.1.1 external/bsd/libfido2/dist/src/rs1.c up to 1.1.1.1 external/bsd/libfido2/dist/src/time.c up to 1.1.1.1 external/bsd/libfido2/dist/src/touch.c up to 1.1.1.1 external/bsd/libfido2/dist/src/tpm.c up to 1.1.1.1 external/bsd/libfido2/dist/src/types.c up to 1.1.1.1 external/bsd/libfido2/dist/src/util.c up to 1.1.1.1 external/bsd/libfido2/dist/src/webauthn.h up to 1.1.1.1 external/bsd/libfido2/dist/windows/const.ps1 up to 1.1.1.1 external/bsd/libfido2/dist/windows/cygwin.gpg up to 1.1.1.1 external/bsd/libfido2/dist/windows/cygwin.ps1 up to 1.1.1.1 external/bsd/libfido2/dist/windows/release.ps1 up to 1.1.1.1 external/bsd/libfido2/dist/SECURITY.md up to 1.1.1.1 external/bsd/libfido2/dist/openbsd-compat/hkdf.c delete external/bsd/libfido2/dist/openbsd-compat/hkdf.h delete external/bsd/libfido2/dist/CMakeLists.txt up to 1.1.1.5 external/bsd/libfido2/dist/LICENSE up to 1.1.1.3 external/bsd/libfido2/dist/NEWS up to 1.1.1.5 external/bsd/libfido2/dist/README.adoc up to 1.1.1.5 external/bsd/libfido2/dist/examples/CMakeLists.txt up to 1.1.1.4 external/bsd/libfido2/dist/examples/README.adoc up to 1.1.1.5 external/bsd/libfido2/dist/examples/assert.c up to 1.1.1.4 external/bsd/libfido2/dist/examples/cred.c up to 1.1.1.5 external/bsd/libfido2/dist/examples/extern.h up to 1.1.1.3 external/bsd/libfido2/dist/examples/info.c up to 1.1.1.5 external/bsd/libfido2/dist/examples/manifest.c up to 1.1.1.4 external/bsd/libfido2/dist/examples/reset.c up to 1.1.1.4 external/bsd/libfido2/dist/examples/retries.c up to 1.1.1.4 external/bsd/libfido2/dist/examples/select.c up to 1.1.1.3 external/bsd/libfido2/dist/examples/setpin.c up to 1.1.1.4 external/bsd/libfido2/dist/examples/util.c up to 1.1.1.4 external/bsd/libfido2/dist/fuzz/CMakeLists.txt up to 1.1.1.4 external/bsd/libfido2/dist/fuzz/Dockerfile up to 1.1.1.4 external/bsd/libfido2/dist/fuzz/Makefile up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/README up to 1.1.1.4 external/bsd/libfido2/dist/fuzz/build-coverage up to 1.1.1.4 external/bsd/libfido2/dist/fuzz/dummy.h up to 1.1.1.3 external/bsd/libfido2/dist/fuzz/export.gnu up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/functions.txt up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/fuzz_assert.c up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/fuzz_bio.c up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/fuzz_cred.c up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/fuzz_credman.c up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/fuzz_hid.c up to 1.1.1.3 external/bsd/libfido2/dist/fuzz/fuzz_largeblob.c up to 1.1.1.2 external/bsd/libfido2/dist/fuzz/fuzz_mgmt.c up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/fuzz_netlink.c up to 1.1.1.2 external/bsd/libfido2/dist/fuzz/libfuzzer.c up to 1.1.1.3 external/bsd/libfido2/dist/fuzz/mutator_aux.c up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/mutator_aux.h up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/preload-fuzz.c up to 1.1.1.2 external/bsd/libfido2/dist/fuzz/preload-snoop.c up to 1.1.1.2 external/bsd/libfido2/dist/fuzz/report.tgz up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/summary.txt up to 1.1.1.5 external/bsd/libfido2/dist/fuzz/udev.c up to 1.1.1.2 external/bsd/libfido2/dist/fuzz/wiredata_fido2.h up to 1.1.1.3 external/bsd/libfido2/dist/fuzz/wiredata_u2f.h up to 1.1.1.2 external/bsd/libfido2/dist/fuzz/wrap.c up to 1.1.1.3 external/bsd/libfido2/dist/fuzz/wrapped.sym up to 1.1.1.4 external/bsd/libfido2/dist/man/CMakeLists.txt up to 1.1.1.5 external/bsd/libfido2/dist/man/eddsa_pk_new.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/es256_pk_new.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido2-assert.1 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido2-cred.1 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido2-token.1 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido_assert_allow_cred.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_assert_new.3 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido_assert_set_authdata.3 up to 1.1.1.4 external/bsd/libfido2/dist/man/fido_assert_verify.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_bio_dev_get_info.3 up to 1.1.1.4 external/bsd/libfido2/dist/man/fido_bio_enroll_new.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_bio_info_new.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_bio_template.3 up to 1.1.1.4 external/bsd/libfido2/dist/man/fido_cbor_info_new.3 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido_cred_exclude.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_cred_new.3 up to 1.1.1.4 external/bsd/libfido2/dist/man/fido_cred_set_authdata.3 up to 1.1.1.4 external/bsd/libfido2/dist/man/fido_cred_verify.3 up to 1.1.1.4 external/bsd/libfido2/dist/man/fido_credman_metadata_new.3 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido_dev_enable_entattest.3 up to 1.1.1.3 external/bsd/libfido2/dist/man/fido_dev_get_assert.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_dev_get_touch_begin.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_dev_info_manifest.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_dev_largeblob_get.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/fido_dev_make_cred.3 up to 1.1.1.3 external/bsd/libfido2/dist/man/fido_dev_open.3 up to 1.1.1.5 external/bsd/libfido2/dist/man/fido_dev_set_io_functions.3 up to 1.1.1.3 external/bsd/libfido2/dist/man/fido_dev_set_pin.3 up to 1.1.1.3 external/bsd/libfido2/dist/man/fido_init.3 up to 1.1.1.3 external/bsd/libfido2/dist/man/fido_strerr.3 up to 1.1.1.2 external/bsd/libfido2/dist/man/rs256_pk_new.3 up to 1.1.1.2 external/bsd/libfido2/dist/openbsd-compat/clock_gettime.c up to 1.1.1.2 external/bsd/libfido2/dist/openbsd-compat/endian_win32.c up to 1.1.1.2 external/bsd/libfido2/dist/openbsd-compat/openbsd-compat.h up to 1.1.1.4 external/bsd/libfido2/dist/regress/CMakeLists.txt up to 1.1.1.2 external/bsd/libfido2/dist/regress/assert.c up to 1.1.1.4 external/bsd/libfido2/dist/regress/cred.c up to 1.1.1.5 external/bsd/libfido2/dist/regress/dev.c up to 1.1.1.3 external/bsd/libfido2/dist/src/CMakeLists.txt up to 1.1.1.5 external/bsd/libfido2/dist/src/aes256.c up to 1.1.1.3 external/bsd/libfido2/dist/src/assert.c up to 1.3 external/bsd/libfido2/dist/src/authkey.c up to 1.1.1.3 external/bsd/libfido2/dist/src/bio.c up to 1.1.1.4 external/bsd/libfido2/dist/src/blob.c up to 1.1.1.3 external/bsd/libfido2/dist/src/blob.h up to 1.1.1.3 external/bsd/libfido2/dist/src/buf.c up to 1.1.1.3 external/bsd/libfido2/dist/src/cbor.c up to 1.1.1.5 external/bsd/libfido2/dist/src/compress.c up to 1.1.1.2 external/bsd/libfido2/dist/src/config.c up to 1.1.1.3 external/bsd/libfido2/dist/src/cred.c up to 1.3 external/bsd/libfido2/dist/src/credman.c up to 1.1.1.5 external/bsd/libfido2/dist/src/dev.c up to 1.1.1.5 external/bsd/libfido2/dist/src/diff_exports.sh up to 1.1.1.3 external/bsd/libfido2/dist/src/ecdh.c up to 1.1.1.3 external/bsd/libfido2/dist/src/eddsa.c up to 1.1.1.4 external/bsd/libfido2/dist/src/err.c up to 1.1.1.4 external/bsd/libfido2/dist/src/es256.c up to 1.1.1.4 external/bsd/libfido2/dist/src/export.gnu up to 1.1.1.5 external/bsd/libfido2/dist/src/export.llvm up to 1.1.1.5 external/bsd/libfido2/dist/src/export.msvc up to 1.1.1.5 external/bsd/libfido2/dist/src/extern.h up to 1.1.1.5 external/bsd/libfido2/dist/src/fido.h up to 1.1.1.5 external/bsd/libfido2/dist/src/hid.c up to 1.1.1.4 external/bsd/libfido2/dist/src/hid_freebsd.c up to 1.1.1.2 external/bsd/libfido2/dist/src/hid_hidapi.c up to 1.1.1.4 external/bsd/libfido2/dist/src/hid_linux.c up to 1.1.1.5 external/bsd/libfido2/dist/src/hid_netbsd.c up to 1.4 external/bsd/libfido2/dist/src/hid_openbsd.c up to 1.1.1.4 external/bsd/libfido2/dist/src/hid_osx.c up to 1.1.1.4 external/bsd/libfido2/dist/src/hid_unix.c up to 1.1.1.2 external/bsd/libfido2/dist/src/hid_win.c up to 1.1.1.4 external/bsd/libfido2/dist/src/info.c up to 1.1.1.5 external/bsd/libfido2/dist/src/io.c up to 1.1.1.5 external/bsd/libfido2/dist/src/iso7816.c up to 1.1.1.4 external/bsd/libfido2/dist/src/iso7816.h up to 1.1.1.3 external/bsd/libfido2/dist/src/largeblob.c up to 1.1.1.3 external/bsd/libfido2/dist/src/log.c up to 1.1.1.4 external/bsd/libfido2/dist/src/netlink.c up to 1.1.1.2 external/bsd/libfido2/dist/src/netlink.h up to 1.1.1.2 external/bsd/libfido2/dist/src/nfc_linux.c up to 1.1.1.2 external/bsd/libfido2/dist/src/packed.h up to 1.1.1.2 external/bsd/libfido2/dist/src/pin.c up to 1.1.1.5 external/bsd/libfido2/dist/src/random.c up to 1.1.1.2 external/bsd/libfido2/dist/src/reset.c up to 1.1.1.3 external/bsd/libfido2/dist/src/rs256.c up to 1.1.1.3 external/bsd/libfido2/dist/src/u2f.c up to 1.1.1.5 external/bsd/libfido2/dist/src/winhello.c up to 1.1.1.2 external/bsd/libfido2/dist/src/fido/bio.h up to 1.1.1.2 external/bsd/libfido2/dist/src/fido/config.h up to 1.1.1.2 external/bsd/libfido2/dist/src/fido/credman.h up to 1.1.1.3 external/bsd/libfido2/dist/src/fido/eddsa.h up to 1.1.1.2 external/bsd/libfido2/dist/src/fido/err.h up to 1.1.1.4 external/bsd/libfido2/dist/src/fido/es256.h up to 1.1.1.2 external/bsd/libfido2/dist/src/fido/param.h up to 1.1.1.4 external/bsd/libfido2/dist/src/fido/rs256.h up to 1.1.1.2 external/bsd/libfido2/dist/src/fido/types.h up to 1.1.1.5 external/bsd/libfido2/dist/tools/CMakeLists.txt up to 1.1.1.4 external/bsd/libfido2/dist/tools/assert_get.c up to 1.1.1.4 external/bsd/libfido2/dist/tools/assert_verify.c up to 1.1.1.4 external/bsd/libfido2/dist/tools/base64.c up to 1.1.1.3 external/bsd/libfido2/dist/tools/bio.c up to 1.1.1.3 external/bsd/libfido2/dist/tools/config.c up to 1.1.1.2 external/bsd/libfido2/dist/tools/cred_make.c up to 1.1.1.4 external/bsd/libfido2/dist/tools/cred_verify.c up to 1.1.1.3 external/bsd/libfido2/dist/tools/credman.c up to 1.1.1.5 external/bsd/libfido2/dist/tools/extern.h up to 1.1.1.5 external/bsd/libfido2/dist/tools/fido2-assert.c up to 1.1.1.4 external/bsd/libfido2/dist/tools/fido2-attach.sh up to 1.1.1.2 external/bsd/libfido2/dist/tools/fido2-cred.c up to 1.1.1.4 external/bsd/libfido2/dist/tools/fido2-detach.sh up to 1.1.1.2 external/bsd/libfido2/dist/tools/fido2-token.c up to 1.1.1.5 external/bsd/libfido2/dist/tools/fido2-unprot.sh up to 1.1.1.2 external/bsd/libfido2/dist/tools/include_check.sh up to 1.1.1.3 external/bsd/libfido2/dist/tools/largeblob.c up to 1.1.1.2 external/bsd/libfido2/dist/tools/pin.c up to 1.1.1.3 external/bsd/libfido2/dist/tools/test.sh up to 1.1.1.4 external/bsd/libfido2/dist/tools/token.c up to 1.1.1.5 external/bsd/libfido2/dist/tools/util.c up to 1.4 external/bsd/libfido2/dist/udev/70-u2f.rules up to 1.1.1.4 external/bsd/libfido2/dist/udev/CMakeLists.txt up to 1.1.1.2 external/bsd/libfido2/dist/udev/check.sh up to 1.1.1.2 external/bsd/libfido2/dist/udev/fidodevs up to 1.1.1.3 external/bsd/libfido2/dist/udev/genrules.awk up to 1.1.1.2 external/bsd/libfido2/dist/windows/build.ps1 up to 1.1.1.5 distrib/sets/lists/man/mi: revision 1.1763 distrib/sets/lists/debug/shl.mi: revision 1.321 external/bsd/libfido2/lib/Makefile: revision 1.11 distrib/sets/lists/comp/mi: revision 1.2447 distrib/sets/lists/comp/mi: revision 1.2448 distrib/sets/lists/base/shl.mi: revision 1.960 libfido2: Update from 1.8.0 to 1.13.0. @ text @d11 1 a11 9 harnesses, use -DCMAKE_C_FLAGS=-fsanitize=fuzzer-no-link -DFUZZ_LDFLAGS=-fsanitize=fuzzer -DFUZZ=ON. If -DFUZZ=ON is enabled, symbols listed in wrapped.sym are wrapped in the resulting shared object. The wrapper functions simulate failure according to a deterministic RNG and probabilities defined in wrap.c. Harnesses wishing to use this functionality should call prng_init() with a seed obtained from the corpus. To mutate only the seed part of a libFuzzer harness's corpora, use '-reduce_inputs=0 --fido-mutate=seed'. a16 1 N.B., the patch below is relative to libcbor 0.10.1. d19 1 a19 1 index bbea63c..3f7c9af 100644 d22 1 a22 1 @@@@ -41,7 +41,11 @@@@ size_t _cbor_safe_signaling_add(size_t a, size_t b) { d26 1 a26 1 - return _cbor_malloc(item_size * item_count); d29 2 a30 3 + } else { + return _cbor_malloc(item_size * item_count); + } @ 1.1.1.4 log @Import libfido2 1.13.0 (old one was 1.8.0) * Version 1.13.0 (2023-02-20) ** Support for linking against OpenSSL on Windows; gh#668. ** New API calls: - fido_assert_empty_allow_list; - fido_cred_empty_exclude_list. ** fido2-token: fix issue when listing large blobs. ** Improved support for different fuzzing engines. * Version 1.12.0 (2022-09-22) ** Support for COSE_ES384. ** Support for hidraw(4) on FreeBSD; gh#597. ** Improved support for FIDO 2.1 authenticators. ** New API calls: - es384_pk_free; - es384_pk_from_EC_KEY; - es384_pk_from_EVP_PKEY; - es384_pk_from_ptr; - es384_pk_new; - es384_pk_to_EVP_PKEY; - fido_cbor_info_certs_len; - fido_cbor_info_certs_name_ptr; - fido_cbor_info_certs_value_ptr; - fido_cbor_info_maxrpid_minpinlen; - fido_cbor_info_minpinlen; - fido_cbor_info_new_pin_required; - fido_cbor_info_rk_remaining; - fido_cbor_info_uv_attempts; - fido_cbor_info_uv_modality. ** Documentation and reliability fixes. * Version 1.11.0 (2022-05-03) ** Experimental PCSC support; enable with -DUSE_PCSC. ** Improved OpenSSL 3.0 compatibility. ** Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs. ** winhello: advertise "uv" instead of "clientPin". ** winhello: support hmac-secret in fido_dev_get_assert(). ** New API calls: - fido_cbor_info_maxlargeblob. ** Documentation and reliability fixes. ** Separate build and regress targets. * Version 1.10.0 (2022-01-17) ** hid_osx: handle devices with paths > 511 bytes; gh#462. ** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. ** winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. ** winhello: fallback to hid_win.c if webauthn.dll isn't available. ** New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. ** Cygwin and NetBSD build fixes. ** Documentation and reliability fixes. ** Support for TPM 2.0 attestation of COSE_ES256 credentials. * Version 1.9.0 (2021-10-27) ** Enabled NFC support on Linux. ** Added OpenSSL 3.0 compatibility. ** Removed OpenSSL 1.0 compatibility. ** Support for FIDO 2.1 "minPinLength" extension. ** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. ** Support for TPM 2.0 attestation. ** Support for device timeouts; see fido_dev_set_timeout(). ** New API calls: - es256_pk_from_EVP_PKEY; - fido_cred_attstmt_len; - fido_cred_attstmt_ptr; - fido_cred_pin_minlen; - fido_cred_set_attstmt; - fido_cred_set_pin_minlen; - fido_dev_set_pin_minlen_rpid; - fido_dev_set_timeout; - rs256_pk_from_EVP_PKEY. ** Reliability and portability fixes. ** Better handling of HID devices without identification strings; gh#381. ** Fixed detection of Windows's native webauthn API; gh#382. @ text @d11 1 a11 9 harnesses, use -DCMAKE_C_FLAGS=-fsanitize=fuzzer-no-link -DFUZZ_LDFLAGS=-fsanitize=fuzzer -DFUZZ=ON. If -DFUZZ=ON is enabled, symbols listed in wrapped.sym are wrapped in the resulting shared object. The wrapper functions simulate failure according to a deterministic RNG and probabilities defined in wrap.c. Harnesses wishing to use this functionality should call prng_init() with a seed obtained from the corpus. To mutate only the seed part of a libFuzzer harness's corpora, use '-reduce_inputs=0 --fido-mutate=seed'. a16 1 N.B., the patch below is relative to libcbor 0.10.1. d19 1 a19 1 index bbea63c..3f7c9af 100644 d22 1 a22 1 @@@@ -41,7 +41,11 @@@@ size_t _cbor_safe_signaling_add(size_t a, size_t b) { d26 1 a26 1 - return _cbor_malloc(item_size * item_count); d29 2 a30 3 + } else { + return _cbor_malloc(item_size * item_count); + } @ 1.1.1.1.2.1 log @file README was added on branch phil-wifi on 2020-04-13 07:46:08 +0000 @ text @d1 157 @ 1.1.1.1.2.2 log @Mostly merge changes from HEAD upto 20200411 @ text @a0 157 libfido2 can be fuzzed using AFL or libFuzzer, with or without ASAN/MSAN/UBSAN. AFL is more convenient when fuzzing the path from the authenticator to libfido2 in an existing application. To do so, use preload-snoop.c with a real authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1 -DAFL=1, and use preload-fuzz.c to read device data from stdin. Examples of this approach can be found in the harnesses under fuzz/harnesses/ that fuzz the standalone examples and tools bundled with libfido2. libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c, fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses, use -DFUZZ=1 -DLIBFUZZER=1. To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of libcbor and OpenSSL built with the respective sanitiser. In order to keep memory utilisation at a manageable level, you can either enforce limits at the OS level (e.g. cgroups on Linux) or, alternatively, patch libcbor with the diff at the bottom of this file. 1. Using ASAN + UBSAN - Make sure you have libcbor built with -fsanitize=address; - Make sure you have OpenSSL built with -fsanitize=address; - Rebuild libfido2 with -DASAN=1 -DUBSAN=1. 1.1 Decide where your workspace will live $ export FAKEROOT=/home/pedro/fakeroot $ mkdir -p ${FAKEROOT}/src 1.2 Building libcbor with ASAN $ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor $ cd ${FAKEROOT}/src/libcbor Assuming libfido2 is under ${FAKEROOT}/src/libfido2: $ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README $ mkdir build $ cd build $ cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \ -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \ -DCMAKE_INSTALL_LIBDIR=lib .. $ make $ make install 1.3 Building OpenSSL with ASAN $ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl $ cd ${FAKEROOT}/src/openssl $ ./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \ --openssldir=${FAKEROOT}/openssl $ make clean $ make $ make install_sw 1.4 Building libfido2 with libFuzzer and ASAN + UBSAN $ cd ${FAKEROOT}/src/libfido2 $ mkdir build $ cd build $ cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCMAKE_BUILD_TYPE=Debug .. $ make 2. Using MSAN + UBSAN - Make sure you have libcbor built with -fsanitize=memory; - Make sure you have OpenSSL built with -fsanitize=memory; - Rebuild libfido2 with -DMSAN=1 -DUBSAN=1. 2.1 Decide where your workspace will live $ export FAKEROOT=/home/pedro/fakeroot $ mkdir -p ${FAKEROOT}/src 2.2 Building libcbor with MSAN $ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor $ cd ${FAKEROOT}/src/libcbor Assuming libfido2 is under ${FAKEROOT}/src/libfido2: $ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README $ mkdir build $ cd build $ cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \ -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \ -DCMAKE_INSTALL_LIBDIR=lib .. $ make $ make install 2.2 Building OpenSSL with MSAN $ mkdir -p ${FAKEROOT}/src $ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl $ cd ${FAKEROOT}/src/openssl $ ./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \ --openssldir=${FAKEROOT}/openssl $ make clean $ make $ make install_sw 2.3 Building libfido2 with libFuzzer and MSAN + UBSAN $ cd ${FAKEROOT}/src/libfido2 $ mkdir build $ cd build $ cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ -DCMAKE_BUILD_TYPE=Debug .. $ make 3. Running the libFuzzer harnesses When running under ASAN, you may want to set ASAN_OPTIONS to 'allocator_may_return_null=1:detect_stack_use_after_return=1'. The recommended way to run the harnesses is: $ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \ -print_pcs=1 -print_funcs=30 -timeout=10 CORPUS_DIR You may want to use -jobs or -workers depending on the number of logical cores available for fuzzing. 4. Auxiliary scripts A set of harnesses and auxiliary scripts can be found under harnesses/. To compile coverage reports, adjust the harnesses to your setup and run 'report'. diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c index aa049a2..e294b38 100644 --- src/cbor/internal/memory_utils.c +++ src/cbor/internal/memory_utils.c @@@@ -28,7 +28,10 @@@@ bool _cbor_safe_to_multiply(size_t a, size_t b) { void* _cbor_alloc_multiple(size_t item_size, size_t item_count) { if (_cbor_safe_to_multiply(item_size, item_count)) { - return _CBOR_MALLOC(item_size * item_count); + if (item_count > 1000) { + return NULL; + } else + return _CBOR_MALLOC(item_size * item_count); } else { return NULL; } @