pa-fazil
/
android_packages_modules_Virtualization
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[avb][fuzzer] Fuzz pvmfw payload_verify for kernel without footer 

Bug: 260574387
Test: Run fuzzer.
Change-Id: Ie2ce843000976829f3f7783cca956cf5a4089bb7
This commit is contained in:
Alice Wang 2023-01-23 13:49:39 +00:00
parent 36bb7854fe
commit 1ba4f8a839
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pvmfw/avb/fuzz/Android.bp Normal file
View File

@ -0,0 +1,34 @@
// Copyright 2023, The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package {
default_applicable_licenses: ["Android-Apache-2.0"],
}
rust_fuzz {
name: "avb_kernel_without_footer_verify_fuzzer",
srcs: ["without_footer_verify_fuzzer.rs"],
rustlibs: [
"libpvmfw_avb_nostd",
],
fuzz_config: {
cc: [
"android-kvm@google.com",
],
fuzz_on_haiku_device: true,
fuzz_on_haiku_host: true,
},
}
// TODO(b/260574387): Add avb_kernel_with_footer_verify_fuzzer

28
pvmfw/avb/fuzz/without_footer_verify_fuzzer.rs Normal file
View File

@ -0,0 +1,28 @@
// Copyright 2023, The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#![allow(missing_docs)]
#![no_main]
use libfuzzer_sys::fuzz_target;
use pvmfw_avb::verify_payload;
fuzz_target!(|kernel: &[u8]| {
// This fuzzer is mostly supposed to catch the memory corruption in
// AVB footer parsing. It is unlikely that the randomly generated
// kernel can pass the kernel verification, so the value of `initrd`
// is not so important as we won't reach initrd verification with
// this fuzzer.
let _ = verify_payload(kernel, /*initrd=*/ None, &[0u8; 64]);
});