Hi, On Wed, Sep 07, 2022 at 06:47:59PM +0200, Erik Auerswald wrote: > On Tue, Sep 06, 2022 at 08:05:04PM +0200, Simon Josefsson wrote: > > Erik Auerswald <auers...@unix-ag.uni-kl.de> writes: > > > On 04.09.22 17:34, Erik Auerswald wrote: > > >> On 03.09.22 19:07, Erik Auerswald wrote: > > >>> On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote: > > >>>> [...] > > >>>> did you notice some fuzzing report that wasn't fixed? > > >>> [...] > > >>> * Problems found in tftp (the code did not change since the report): > > >>> > > >>> * Untrusted Pointer Dereference in getcmd() at > > >>> inetutils/src/tftp.c:878 > > >>> > > >>> https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html > > >> [...] > > >> I'll look into creating a nice reproducer instead of the one > > >> found by the fuzzer, adding a test case, and fixing the bug. > > > > > > That is harder than expected…. Is there a reason *not* to use > > > the crash input found by the fuzzer in a test for GNU Inetutils? > > > > More testing would be great! > > I expect to find the time to finalize this during the coming weekend. > I intend to use perl to write the fuzzer-generated test input provided > by AiDai into the tftp client, similar to the telnet tests you have > added for the respective crash bugs.
I am trying to use the reported input file that crashes tftp for the test. This file contains non-printable characters (i.e., it is a "binary" file). I do not want to add this binary file as-is to the git repository. Thus I want to create the contents with some widely available tool from some description, e.g., hexadecimal byte values. One possibility is printf. It seems to me as if printf(1) is not yet used in GNU Inetutils. Both the Bash builtin version and the GNU Coreutils version of printf support "\xHH" in the format string. But the Debian Almquist Shell (dash) builtin printf does not, at least not in dash version 0.5.8-2.10. The "\xHH" escape sequence is not specified by POSIX. (Perhaps I could use octal instead of hexadecimal, since that is specified by POSIX, and the printf built into dash supports it.) Thus we would need to check for a usable printf implementation first. But Autoconf does not seem to contain such a macro (I did not see "AC_PROG_PRINTF" in the documentation). Another possibility is perl. Perl is already used in GNU Inetutils, for the "bootstrap" script and for "whois". I did not see an obvious perl check in Autoconf (i.e., no "AC_PROG_PERL") in the documentation. The test script would need to test if perl is available to avoid a false positive test result with broken tftp. Other alternatives could be base64 or xxd, but those seem less common than a usable printf or perl. I have never used or even extended Autoconf, thus I do not even know how to start checking for the required funktionality. I think I'll just hack something together with printf and octal escape sequences, but I would prefer a "proper" Autoconf-based approach. Help with Autoconf would be appreciated. Br, Erik -- Portability is for people who cannot write new programs -- Linus Torvalds