| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
tests/fuzzing/ap-mgmt replaced this more than a year ago, so get rid
of the now obsolete version.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Missing CONFIG_AIRTIME_POLICY=y made the offset of struct
hostapd_iface::prev_wmm different between libap.a and ap-mgmt-fuzzer.o
which resulted in odd fuzzing failures due to a memcpy to
ctx.iface->prev_wmm ending up writing on top of the ctx.hapd and in
particular, on top of ctx.hapd.iface pointer.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15013
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15014
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15015
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15017
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15019
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15020
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This fuzzing wrapper does not go through full hostapd_clean_iface() call
to free memory, so call ap_list_deinit() to avoid reporting memory leaks
from added AP list entries. This case could not be hit with
hostapd/wpa_supplicant since they perform full interface deinit on
interface removal.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14928
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
|
|
|
|
|
| |
Ignore the binary created here.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The optional "-m <multi.dat>" command line option can now be used to
specify a data file that can include multiple management frames with
each one prefixed with a 16-bit big endian length field. This allows a
single fuzzer run to be used to go through multi-frame exchanges. The
multi.dat file shows an example of this with Probe Request frame,
Authentication frame, Association Request frame, and an Action frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
|
|
|
|
|
|
| |
This increases the coverage for AP mode management frame fuzzing by
allowing number of additional Action frame code paths to be executed.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
|
|
|
|
|
|
|
| |
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
|
|
This program can be used to run fuzzing tests for areas related to AP
management frame parsing and processing.
Signed-off-by: Jouni Malinen <j@w1.fi>
|