[Toybox] [PATCH] file: harden against invalid input.

enh enh at google.com
Thu Nov 12 14:11:23 PST 2020


I promised months ago I'd fix this, and there was a (not visible to the
public but filed by a member of the public) bug filed against Android in
the meantime, but judged No Security Impact because "toybox is not a
security boundary". Anyway, it seemed high time I learned about fuzzing
command-line tools with AFL++, so here we are.

With these patches (and starting from the ELF files in test/files/elf),
toybox file survived ~24hours against AFL++. Amusingly it corrupted the
ELF files hard enough that it also managed to find a bug in the code
for MS-DOS executables, which is the motivation for the final hunk in
this patch.

Bug: http://b/159065007
Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./file @@
---
 toys/posix/file.c | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-file-harden-against-invalid-input.patch
Type: text/x-patch
Size: 4156 bytes
Desc: not available
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20201112/cca87161/attachment.bin>


More information about the Toybox mailing list