mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00

History

Sören Tempel 24468bead6 fuzzing: Initialize This adds a new subdirectory called `fuzzing/` which will contain applications for fuzzing various RIOT network modules in the future. This subdirectory is heavily inspired by the `examples/` subdirectory. The fuzzing applications use AFL as a fuzzer. Each application contains Makefiles, source code, and an input corpus used by AFL to generate input for fuzzing.	2020-04-17 17:11:15 +02:00
..
Makefile.fuzzing_common	fuzzing: Initialize	2020-04-17 17:11:15 +02:00
README.md	fuzzing: Initialize	2020-04-17 17:11:15 +02:00

Sören Tempel 24468bead6 fuzzing: Initialize

This adds a new subdirectory called `fuzzing/` which will contain
applications for fuzzing various RIOT network modules in the future.
This subdirectory is heavily inspired by the `examples/` subdirectory.

The fuzzing applications use AFL as a fuzzer. Each application contains
Makefiles, source code, and an input corpus used by AFL to generate
input for fuzzing.

2020-04-17 17:11:15 +02:00

Makefile.fuzzing_common

fuzzing: Initialize

2020-04-17 17:11:15 +02:00

README.md

fuzzing: Initialize

2020-04-17 17:11:15 +02:00

README.md

Fuzzing

Automated fuzzing tests for RIOT network applications.

Setup

The following additional dependencies are required:

afl
libasan (optional but recommended)

Invocation

Before fuzzing an application it needs to be compiled, to ease detection of unwanted behaviour (e.g. out-of-bounds buffer accesses), compiling with all-asan is highly recommended. For example:

make -C fuzzing/<application> all-asan

Afterwards invoke afl using:

make -C fuzzing/<application> fuzz

Parallel Fuzzing

Parallel fuzzing is supported through AFL_FLAGS, e.g.:

# Start first AFL instance
AFL_FLAGS="-M fuzzer01" make -C fuzzing/gnrc_tcp/ fuzz

# Start second AFL instance in a different terminal
AFL_FLAGS="-M fuzzer02" make -C fuzzing/gnrc_tcp/ fuzz