History

Sören Tempel 24468bead6 fuzzing: Initialize

This adds a new subdirectory called `fuzzing/` which will contain
applications for fuzzing various RIOT network modules in the future.
This subdirectory is heavily inspired by the `examples/` subdirectory.

The fuzzing applications use AFL as a fuzzer. Each application contains
Makefiles, source code, and an input corpus used by AFL to generate
input for fuzzing.

2020-04-17 17:11:15 +02:00

Makefile.fuzzing_common

fuzzing: Initialize

2020-04-17 17:11:15 +02:00

README.md

fuzzing: Initialize

2020-04-17 17:11:15 +02:00

README.md

Fuzzing

Automated fuzzing tests for RIOT network applications.

Setup

The following additional dependencies are required:

afl
libasan (optional but recommended)

Invocation

Before fuzzing an application it needs to be compiled, to ease detection of unwanted behaviour (e.g. out-of-bounds buffer accesses), compiling with all-asan is highly recommended. For example:

make -C fuzzing/<application> all-asan

Afterwards invoke afl using:

make -C fuzzing/<application> fuzz

Parallel Fuzzing

Parallel fuzzing is supported through AFL_FLAGS, e.g.:

# Start first AFL instance
AFL_FLAGS="-M fuzzer01" make -C fuzzing/gnrc_tcp/ fuzz

# Start second AFL instance in a different terminal
AFL_FLAGS="-M fuzzer02" make -C fuzzing/gnrc_tcp/ fuzz