mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-12-24 05:53:49 +01:00
24468bead6
This adds a new subdirectory called `fuzzing/` which will contain applications for fuzzing various RIOT network modules in the future. This subdirectory is heavily inspired by the `examples/` subdirectory. The fuzzing applications use AFL as a fuzzer. Each application contains Makefiles, source code, and an input corpus used by AFL to generate input for fuzzing.
36 lines
911 B
Markdown
36 lines
911 B
Markdown
# Fuzzing
|
|
|
|
Automated fuzzing tests for RIOT network applications.
|
|
|
|
## Setup
|
|
|
|
The following additional dependencies are required:
|
|
|
|
* [afl][afl homepage]
|
|
* [libasan][sanitizers github] (optional but recommended)
|
|
|
|
## Invocation
|
|
|
|
Before fuzzing an application it needs to be compiled, to ease detection
|
|
of unwanted behaviour (e.g. out-of-bounds buffer accesses), compiling
|
|
with `all-asan` is highly recommended. For example:
|
|
|
|
make -C fuzzing/<application> all-asan
|
|
|
|
Afterwards invoke afl using:
|
|
|
|
make -C fuzzing/<application> fuzz
|
|
|
|
### Parallel Fuzzing
|
|
|
|
Parallel fuzzing is supported through `AFL_FLAGS`, e.g.:
|
|
|
|
# Start first AFL instance
|
|
AFL_FLAGS="-M fuzzer01" make -C fuzzing/gnrc_tcp/ fuzz
|
|
|
|
# Start second AFL instance in a different terminal
|
|
AFL_FLAGS="-M fuzzer02" make -C fuzzing/gnrc_tcp/ fuzz
|
|
|
|
[sanitizers github]: https://github.com/google/sanitizers
|
|
[afl homepage]: http://lcamtuf.coredump.cx/afl/
|