debian/0000755000000000000000000000000011733051342007165 5ustar debian/docs0000644000000000000000000000002411733051342010034 0ustar AUTHORS NEWS README debian/source/0000755000000000000000000000000011733051342010465 5ustar debian/source/format0000644000000000000000000000001411733051342011673 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000001340511733051342011042 0ustar fuzz (0.6-14) unstable; urgency=low * debian/control - (Build-Depends): Rm dpkg-dev; not needed with debhelper 9. - (Standards-Version): Update to 3.9.3.1. * debian/copyright - Update to format 1.0. * debian/rules - Enable all hardening flags. - Use DEB_*_MAINT_* variables. -- Jari Aalto Fri, 23 Mar 2012 06:36:25 -0400 fuzz (0.6-13) unstable; urgency=low * debian/compat - Update to 9 * debian/control - (Build-Depends): Update to debhelper 9, dpkg-dev 1.16.1. * debian/copyright - (X-*Bugs,Vcs): Add new headers. * debian/rules - Remove unneeded targets. - Use hardened CFLAGS. http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags -- Jari Aalto Sat, 11 Feb 2012 18:52:14 -0500 fuzz (0.6-12) unstable; urgency=low * debian/copyright - (Format): Update URL (lintian). * fuzz.c - Restore original file (FTBFS; Closes: #643125). -- Jari Aalto Tue, 27 Sep 2011 11:51:32 +0300 fuzz (0.6-11) unstable; urgency=low * debian/compat - Update to 8. * debian/control - (Build-Depends): debhelper 8. - (Standards-Version): 3.9.2. * debian/copyright - (Format-Specification): Point URL to official DEP5. - Update layout. * debian/patches - (20): New. Display warning that --chroot needs also option --user (Closes: #605515). -- Jari Aalto Thu, 21 Apr 2011 18:07:36 +0300 fuzz (0.6-10) unstable; urgency=low * debian/rules: Define target binary-arch for 'debuild -B' (FTBFS; Closes: #563194). -- Jari Aalto Fri, 01 Jan 2010 18:09:07 +0200 fuzz (0.6-9) unstable; urgency=low * New maintainer (Closes: #519376). - Move to format: 3.0 (quilt). * debian/copyright - (X-Homepage-Freshmeat): New. * debian/control - (Standards-Version): Update to 3.8.3 - (Build-Depends): Update libreadline-dev to 6 (Closes: #553759). Update debhelper to 7.1 due to overrides in debian/rules. - (Depends): Add ${misc:Depends} for debhelper. - (Homepage): update to Freshmeat. - (Vcs-*): add URLs. * debian/copyrigt: - Use FSF URL (FSF recommendation). * debian/patches - (10): Add patch to to mention absolute path, order options alphabetically (Closes: #183046). - (11): Add patch to clarify --newlines in manpage (Closes: #183045). * debian/rules - Remove rules obsoleted by dh(1). * debian/source/format - New file. -- Jari Aalto Tue, 29 Dec 2009 13:10:15 +0200 fuzz (0.6-8) unstable; urgency=low * QA upload. * Set maintainer to Debian QA Group . * Acknowledge Non-maintainer uploads. * Add compat file. * debian/control: - Bump debhelper version from 2 to 7. - Bump Standards-Version to 3.8.1 + Add Homepage field * Completely rewritten debian/rules. * Fix debian/watch (Closes: #450159, #529111). * Rename fuzz.docs to docs. * debian/copyright: - Update to new format (http://wiki.debian.org/Proposals/CopyrightFormat). -- Iulian Udrea Sun, 17 May 2009 17:00:43 +0100 fuzz (0.6-7.3) unstable; urgency=low * NMU. * debian/control: Remove unnecessary autotool dependencies. (Closes: #376439) -- Eric Dorland Sat, 19 Aug 2006 02:38:04 -0400 fuzz (0.6-7.2) unstable; urgency=low * NMU * Change dependency to libreadline5-dev (Closes: #326362) -- Don Armstrong Tue, 3 Jan 2006 01:13:39 -0800 fuzz (0.6-7.1) unstable; urgency=high * Non-maintainer upload * Security patch ported from stable - Matt Zimmerman Sun, 4 May 2003 20:32:10 -0400 - Non-maintainer upload by the Security Team - Create temporary file securely using mkstemp (Closes: #183047) -- David Schleef Thu, 15 May 2003 11:57:27 -0700 fuzz (0.6-7) unstable; urgency=low * Upgrade to standards-version 3.5.7. * Fix Build-Depends for sh (which doesn't have libreadline4-dev). -- Thomas Smith Sat, 21 Sep 2002 12:33:17 -0500 fuzz (0.6-6) unstable; urgency=low * Fix speling mistake in description (Zimmerman Spelling Crusade) (Closes: Bug#124653). * Up standards-version to 3.5.6 * Got rid of Emacs user settings at end of changelog file (how'd they get there? I've only used vim...), fixing a lintian error. -- Thomas Smith Tue, 18 Dec 2001 20:53:24 -0500 fuzz (0.6-5) unstable; urgency=low * Honor DEB_BUILD_OPTIONS * This is probably going to be the first fuzz in the official archive. Closes: bug#80263. -- Thomas Smith Sat, 3 Mar 2001 17:02:42 -0500 fuzz (0.6-4) unstable; urgency=low * apply patch from Josip Rodin, my Application Manager. this: - changes the description in control - changes the rules file for simplicity and correctness * add build-depends: libreadline4-dev so that package is built consistently * fixed CFLAGS so my earlier ugly hack to remove -g is unneeded. -- Thomas Smith Thu, 25 Jan 2001 17:12:58 -0500 fuzz (0.6-3) unstable; urgency=low * Got a sponsor. Thanks, Adrian! * tried fixing build-depends (added autoconf and automake) * removed -g flag from compile to comply with standards * removed INSTALL from docs * Close the wnpp bug (Closes: bug#80263) -- Thomas Smith Wed, 24 Jan 2001 17:42:48 -0500 fuzz (0.6-2) unstable; urgency=low * various cleanups in debian/. * give pointer to a copy of the GPL in copyright. -- Thomas Smith Fri, 19 Jan 2001 22:14:51 -0500 fuzz (0.6-1) unstable; urgency=low * Initial Release. * First .deb by Thomas Smith.. whoop dee doo -- Thomas Smith Sat, 23 Dec 2000 22:09:25 -0500 debian/copyright0000644000000000000000000000274411733051342011127 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0 Upstream-Name: fuzz Upstream-Contact: Ben Woodard Source: http://freshmeat.net/projects/fuzz X-Source: http://sourceforge.net/projects/fuzz X-Upstream-Bugs: https://sourceforge.net/tracker/?group_id=323&atid=100323 X-Upstream-Vcs: https://sourceforge.net/projects/fuzz/develop X-Comment: Dead upstream. Files: * Copyright: 1999 Ben Woodard & VA Linux Systems. License: GPL-2+ Files: getopt.* Copyright: 1987-1998 Free Software Foundation, Inc. License: GPL-2+ Files: debian/* Copyright: 2009-2012 Jari Aalto 2009 Iulian Udrea 2000 Thomas Smith License: GPL-2+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . . On Debian systems the full text of the GNU General Public License can be found in the "/usr/share/common-licenses/GPL-2" file. debian/compat0000644000000000000000000000000211733051342010363 0ustar 9 debian/control0000644000000000000000000000150611733051342010572 0ustar Source: fuzz Section: devel Priority: optional Maintainer: Jari Aalto Build-Depends: debhelper (>= 9), libreadline-dev (>= 6) Standards-Version: 3.9.3.1 Vcs-Browser: http://git.debian.org/?p=collab-maint/fuzz.git Vcs-Git: git://git.debian.org/git/collab-maint/fuzz.git Homepage: http://freshmeat.net/projects/fuzz Package: fuzz Architecture: any Depends: ${misc:Depends}, ${shlibs:Depends} Description: stress-test programs by giving them random input The fuzz generator is designed to attack certain kinds of software and expose one particular kind of bug common in software. This is the situation where the programmer implicitly makes some assumptions about the data stream that the program will be parsing. If the data stream is substantially different then the program might not be able to deal with it. debian/rules0000755000000000000000000000030111733051342010237 0ustar #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed %: dh $@ # End of file debian/watch0000644000000000000000000000006011733051342010212 0ustar version=3 http://sf.net/fuzz/fuzz-(.*)\.tar\.gz debian/patches/0000755000000000000000000000000011733051342010614 5ustar debian/patches/10-fuzz.1-manpage-fixes.patch0000644000000000000000000001626711733051342015746 0ustar From 524ea7097e80b59647971b947eb927cb1ae14f2d Mon Sep 17 00:00:00 2001 From: Jari Aalto Date: Tue, 29 Dec 2009 13:03:36 +0200 Subject: [PATCH] fuzz.1: order options alphabetically, add absolute path note Signed-off-by: Jari Aalto --- fuzz.1 | 151 ++++++++++++++++++++++++++++++++++++++++------------------------ 1 files changed, 94 insertions(+), 57 deletions(-) diff --git a/fuzz.1 b/fuzz.1 index 83e64e6..b1d2731 100644 --- a/fuzz.1 +++ b/fuzz.1 @@ -1,60 +1,50 @@ .TH FUZZ 1 "November 3, 1999" .UC 1 + .SH NAME fuzz \- stress test programs + .SH SYNOPSIS .B fuzz [\-t|\-\-timeout timeinsecs] [\-p|\-\-printable] [\-n|\-\-newlines] -[\-l|\-\-length totlen] [\-m|\-\-maxline maxlinelen] -[\-r|\-\-runcount numruns] [\-b|\-\-bytes] [\-c|\-\-chroot] -[\-u|\-\-user username] [\-a|\-\-args] [\-o|\-\-omitdata] +[\-l|\-\-length totlen] [\-m|\-\-maxline maxlinelen] +[\-r|\-\-runcount numruns] [\-b|\-\-bytes] [\-c|\-\-chroot] +[\-u|\-\-user username] [\-a|\-\-args] [\-o|\-\-omitdata] [\-e|\-\-execute filename] [\-x|\-\-maxargs numargs] [\-d|\-\-dontask] -[\-y|\-\-mararglen arglen] [\-V|\-\-version] [\-i|\-\-priority] target +[\-y|\-\-mararglen arglen] [\-V|\-\-version] [\-i|\-\-priority] target targetarg... + .SH DESCRIPTION .BR fuzz is a program designed to find bugs in other programs. It does this by doing a form of black box testing. It does this by running the target -program multiple times and passing it random input. Right now this can +program multiple times and passing it random input. Right now this can come from one of two places, stdin and the command line -arguments. Testing completes whenever the program either the requested +arguments. Testing completes whenever the program either the requested number of runs finishes successufully or the program crashes. Any arguments following the target program are passed directly to the -target program. +target program. + +NOTE: If the program is not in PATH, it must be referred to using +absolute path. + .SS OPTIONS + .TP -.I "\-t, \-\-timeout TIME" -This sets the number of seconds that the fuzz will wait for the other -program before it assumes that the program is hung. The default value -is 120 seconds. This is sensing of when a program is hung is not -entirely reliable. See the -.BR BUGS +.I "\-a, \-\-args" +In addition to passing random data via stdin, pass random command line +arguments. This simply sets the number or random arguments to be +passed to 256. See the +.BR BUGS section. -.TP -.I "\-p, \-\-printable" -This limits both the stdin and the command line arguments to only -printable characters. By default fuzz passes fully random -bytes into the target program. -.TP -.I "\-n, \-\-newlines" -Include random newlines in the input stream. -.TP -.I "\-l, \-\-length LENGTH" -The length in bytes of the data stream to pass through stdin into the -target program. The default length is 100K. -.TP -.I "\-m, \-\-maxline MAXLINELEN" -Specify the maximum line length within the random data stream passed -into stdin. -.TP -.I "\-r, \-\-runcount RUNCOUNT" -The number of times to run the target program. The default is 10,000. + .TP .I "\-b, \-\-bytes" In addition to counting through the number of runs. Count through the bytes being sent through stdin to the program. This option really serves no purpose other than making something interesting to watch. + .TP .I "\-c, \-\-chroot" Since there is no telling what a program will do when given random @@ -64,6 +54,56 @@ that the fuzz be run as root. It will drop privlages before it runs the test program. This option is best used in conjunction with the \-\-user option. This often times requires that a program is statically linked. + +.TP +.I "\-d, \-\-dontask" +In the cases where the target program is for sure part of a package and the +packaging information will provide the needed version information then you +can use this option to avoid being asked what the version is. + +.TP +.I "\-i, \-\-priority" +Run at a specified priority. + +.TP +.I "\-l, \-\-length LENGTH" +The length in bytes of the data stream to pass through stdin into the +target program. The default length is 100K. + +.TP +.I "\-m, \-\-maxline MAXLINELEN" +Specify the maximum line length within the random data stream passed +into stdin. + +.TP +.I "\-n, \-\-newlines" +Include random newlines in the input stream. + +.TP +.I "\-o, \-\-omitdata" +Some programs don't take input from stdin. They only take input from +the command line arguments. If this is the case simply use the +\-\-omitdata option. + +.TP +.I "\-p, \-\-printable" +This limits both the stdin and the command line arguments to only +printable characters. By default fuzz passes fully random +bytes into the target program. + +.TP +.I "\-r, \-\-runcount RUNCOUNT" +The number of times to run the target program. The default is 10,000. + +.TP +.I "\-t, \-\-timeout TIME" +This sets the number of seconds that the fuzz will wait for the other +program before it assumes that the program is hung. The default value +is 120 seconds. This is sensing of when a program is hung is not +entirely reliable. See the +.BR BUGS +section. + .TP .I "\-u, \-\-user USERNAME" Since there is no telling what a program will do when given random @@ -72,51 +112,48 @@ that it is easy to find and repair anything that may have been scribbled across your file system. This option was designed to be used in conjuntion with the \-\-chroot option and will only work if fuzz is run as root. + .TP -.I "\-a, \-\-args" -In addition to passing random data via stdin, pass random command line -arguments. This simply sets the number or random arguments to be -passed to 256. See the -.BR BUGS -section. -.TP -.I "\-o, \-\-omitdata" -Some programs don't take input from stdin. They only take input from -the command line arguments. If this is the case simply use the -\-\-omitdata option. +.I "\-V, \-\-version" +Print the version of fuzz and exit. + .TP .I "\-x. \-\-maxargs NUMARGS" -This is to set the maximum number of arguments that are passed to each +This is to set the maximum number of arguments that are passed to each invocation of the target program. + .TP .I "\-y, \-\-maxarglen ARGLEN" Sets the maximum length of an arguments passed to the target program. -.TP -.I "\-V, \-\-version" -Print the version of fuzz and exit. -.TP -.I "\-i, \-\-priority" -Run at a specified priority. -.TP -.I "\-d, \-\-dontask" -In the cases where the target program is for sure part of a package and the -packaging information will provide the needed version information then you -can use this option to avoid being asked what the version is. + .SH EXAMPLES + +Check grep: + .RS fuzz grep foo .RE + +Run program with different user: + +.RS +fuzz \-\-chroot \-\-user nobody cpio \-i +.RE + +When program is not in path, use absolute patch to access it: + .RS -fuzz -c -u nobody cpio -i +fuzz ./src/myprogram .RE + .SH BUGS The random arg functions doesn't work very well right now. The arguments passed are so random that the program usually just prints out the usage message and then terminates. This will become much more useful later when we are mating data sets with the intention of maximizing code coverage. + .SH AUTHORS .nf Ben Woodard .fi - -- 1.6.5 debian/patches/20-fuzz.c--option-chroot.patch0000644000000000000000000000145311733051342016155 0ustar From 7647451ba3e50d4d23fdbb682929551b2dae6dc8 Mon Sep 17 00:00:00 2001 From: Jari Aalto Date: Thu, 21 Apr 2011 18:19:12 +0300 Subject: [PATCH] fuzz.c: With --chroot, check option --user Organization: Private Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Signed-off-by: Jari Aalto --- fuzz.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/fuzz.c b/fuzz.c index ff21ae7..0b7146a 100644 --- a/fuzz.c +++ b/fuzz.c @@ -325,6 +325,8 @@ int main(int argc, char **argv){ //make sure this isn't being run as root. if(getuid()==0){ fprintf(stderr,"*** Don't run this program as root! ***\n"); + if (chr) + fprintf(stderr," Need option --user USER with --chroot\n"); usage(); } -- 1.7.4.1 debian/patches/10-fuzz.1-manpage-fixes=11-newlines.patch0000644000000000000000000000210411733051342020010 0ustar From f0b1a07815cb526f841a056839e706e58934c94d Mon Sep 17 00:00:00 2001 From: Jari Aalto Date: Tue, 29 Dec 2009 12:57:19 +0200 Subject: [PATCH] fuzz.1: add arg to --newlines option Signed-off-by: Jari Aalto --- fuzz.1 | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fuzz.1 b/fuzz.1 index a32ba96..75fce2b 100644 --- a/fuzz.1 +++ b/fuzz.1 @@ -6,7 +6,7 @@ fuzz \- stress test programs .SH SYNOPSIS .B fuzz -[\-t|\-\-timeout timeinsecs] [\-p|\-\-printable] [\-n|\-\-newlines] +[\-t|\-\-timeout timeinsecs] [\-p|\-\-printable] [\-n|\-\-newlines N] [\-l|\-\-length totlen] [\-m|\-\-maxline maxlinelen] [\-r|\-\-runcount numruns] [\-b|\-\-bytes] [\-c|\-\-chroot] [\-u|\-\-user username] [\-a|\-\-args] [\-o|\-\-omitdata] @@ -76,8 +76,8 @@ Specify the maximum line length within the random data stream passed into stdin. .TP -.I "\-n, \-\-newlines" -Include random newlines in the input stream. +.I "\-n, \-\-newlines" N +Include random N newlines in the input stream. .TP .I "\-o, \-\-omitdata" -- 1.6.5 debian/patches/series0000644000000000000000000000014711733051342012033 0ustar 10-fuzz.1-manpage-fixes.patch 10-fuzz.1-manpage-fixes=11-newlines.patch 20-fuzz.c--option-chroot.patch