Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 613130

Summary: app-forensics/zzuf-0.15 does not fuzz/change any bits for char devices
Product: Gentoo Linux Reporter: Marijn Schouten (RETIRED) <hkbst>
Component: Current packagesAssignee: Sergei Trofimovich (RETIRED) <slyfox>
Status: RESOLVED UPSTREAM    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/samhocevar/zzuf/issues/19
Whiteboard:
Package list:
Runtime testing required: ---

Description Marijn Schouten (RETIRED) gentoo-dev 2017-03-18 17:43:45 UTC 
When trying yo replicate the tutorial from the homepage (http://caca.zoy.org/wiki/zzuf/tutorial1), I could not get zzuf to fuzz any bits of the input:

$ zzuf hexdump -vn 32 /dev/zero 
0000000 0000 0000 0000 0000 0000 0000 0000 0000
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020

so I tried more bits and higher fuzz ratio:

$ zzuf -r0.5 hexdump -vn 128 /dev/zero 
0000000 0000 0000 0000 0000 0000 0000 0000 0000
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0000 0000
0000030 0000 0000 0000 0000 0000 0000 0000 0000
0000040 0000 0000 0000 0000 0000 0000 0000 0000
0000050 0000 0000 0000 0000 0000 0000 0000 0000
0000060 0000 0000 0000 0000 0000 0000 0000 0000
0000070 0000 0000 0000 0000 0000 0000 0000 0000
0000080

$ emerge --info
Portage 2.3.5 (python 3.4.6-final-0, default/linux/amd64/13.0/no-multilib, gcc-5.4.0, glibc-2.24-r1, 4.4.48-gentoo x86_64)
=================================================================
System uname: Linux-4.4.48-gentoo-x86_64-Intel-R-_Core-TM-_i5-6200U_CPU_@_2.30GHz-with-gentoo-2.3
KiB Mem:     8053872 total,   1713652 free
KiB Swap:   16123900 total,  16123140 free
Timestamp of repository gentoo: Sat, 18 Mar 2017 11:00:01 +0000
sh bash 4.4_p12
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.4_p12::gentoo
dev-lang/perl:            5.24.1-r1::gentoo
dev-lang/python:          2.7.13::gentoo, 3.4.6::gentoo, 3.6.0::gentoo
dev-util/cmake:           3.7.2::gentoo
dev-util/pkgconfig:       0.29.1::gentoo
sys-apps/baselayout:      2.3::gentoo
sys-apps/openrc:          0.24.1::gentoo
sys-apps/sandbox:         2.10-r4::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r2::gentoo
sys-devel/automake:       1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15-r2::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo, 2.27::gentoo
sys-devel/gcc:            4.9.3::gentoo, 4.9.4::gentoo, 5.4.0-r3::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.10::gentoo (virtual/os-headers)
sys-libs/glibc:           2.24-r1::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j9"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X acl alsa amd64 berkdb bindist bzip2 cairo cjk cli consolekit cracklib crypt cxx dbus dri egl emacs flac fontconfig fortran gdbm gles gnutls gpm iconv icu ipv6 jpeg jpeg2k lapack libressl modules ncurses networkmanager nls nptl nss ogg openmp otr pam pcre pdf png policykit postscript qml qt3support qt5 readline seccomp session ssl startup-notification svg tcpd tiff tk truetype udev unicode vorbis wayland webp xattr xcb xft xpm xscreensaver zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="gnutls" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby24" USERLAND="GNU" VIDEO_CARDS="intel i965" XFCE_PLUGINS="brightness clock multiload-nandhp power trash" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2017-03-19 11:40:09 UTC 
> zzuf -r0.5 hexdump -vn 128 /dev/zero

Unfortunately zzuf does not handle nicely pipes and char devices.
zzuf assumes ftell() will return sensible thing on FILE* streams
as zzuf does fuzzed/unfuzzed buffer bookkeeping.

Unfortunately fread()/ftell() is not consistent for "/dev/zero"
either (as it's a char device):

$ cat a.c
  #include <stdio.h>

  int main() {
    FILE * f = fopen("/dev/zero", "r");
    char b[15];

    long o1 = ftell (f);
    fread (b, 1, sizeof (b), f);
    long o2 = ftell (f);

    printf ("advanced at = %lu [%li/%li]\n", o2 - o1, o1, o2);
    return 0;
  }
$ gcc a.c -o a && ./a 
  advanced at = 18446744073709551615 [0/-1]

zzuf has a few FIXME around this case:

  src/libzzuf/lib-stream.c:        /* FIXME: ftell() will return -1 on a pipe such as stdin */ \
  src/libzzuf/lib-stream.c:        /* FIXME: ftell() will return -1 on a pipe such as stdin */ \
  src/libzzuf/lib-stream.c:        /* FIXME: ftell() will return -1 on a pipe such as stdin */ \
  src/libzzuf/lib-stream.c:        /* FIXME: ftell() will return -1 on a pipe such as stdin */ \

I guess tutorial used to work on older libc or kernel.

To workaround it i suggest creating normal file instead of /dev/zero
and use it instead:

    $ dd if=/dev/zero of=dz bs=1024 count=100
    $ zzuf -r0.5 hexdump -vn 128 dz
    0000000 a0c0 b020 40ad c207 148a 1b30 2183 691a
    0000010 2811 0705 0030 0170 0843 c862 456d 1ae4
    0000020 2161 8362 a196 d782 0bd4 80c4 eb92 281c
    0000030 2458 0320 4182 63ee 5028 9741 161c 1229
    0000040 2953 2541 27f0 0390 6624 c559 0018 0ba4
    0000050 bb50 0a82 1a28 2000 0928 8e04 9228 0a82
    0000060 1c44 0440 5a02 62b4 8312 00e5 830b 842c
    0000070 4206 8529 01d7 2522 0140 01aa 9119 2644
    0000080