4b99c69e51
* Move fuzzers around some more * back to baby * this was missing.. * shuffeling shuffeling * shuffeling * md * cleanup * oops * Move foldername to underscore * more doc
61 lines
1.3 KiB
C
61 lines
1.3 KiB
C
#include <sqlite3.h>
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
|
|
static int callback(void *NotUsed, int argc, char **argv, char **azColName) {
|
|
int i;
|
|
for (i = 0; i < argc; i++) {
|
|
printf("%s=%s ", azColName[i], argv[i] ? argv[i] : "NULL");
|
|
}
|
|
printf("\n");
|
|
return 0;
|
|
}
|
|
|
|
int LLVMFuzzerTestOneInput(char *data, size_t len) {
|
|
sqlite3 *db;
|
|
char *err_msg = 0, query[1024];
|
|
|
|
if (data[0] % 2) {
|
|
int rc = sqlite3_open_v2("example.db", &db, SQLITE_OPEN_READONLY, 0);
|
|
if (rc != SQLITE_OK) {
|
|
fprintf(stderr, "Cannot open database: %s\n", sqlite3_errmsg(db));
|
|
sqlite3_close(db);
|
|
return 1;
|
|
}
|
|
|
|
snprintf(
|
|
query, sizeof(query),
|
|
"SELECT * FROM MyTable where user = \"user1\" and password = \"%s\"",
|
|
data);
|
|
|
|
rc = sqlite3_exec(db, query, callback, 0, &err_msg);
|
|
|
|
if (rc != SQLITE_OK) { sqlite3_free(err_msg); }
|
|
|
|
sqlite3_close(db);
|
|
|
|
} else {
|
|
snprintf(query, sizeof(query), "/usr/bin/id \"%s\"", data);
|
|
system(query);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int main(int argc, char **argv) {
|
|
char pw[16];
|
|
ssize_t len = 1;
|
|
|
|
memset(pw, 0, sizeof(pw));
|
|
if (argc > 1) {
|
|
if ((len = read(0, pw, sizeof(pw) - 1)) < 4) {
|
|
fprintf(stderr, "Error: short read from stdin\n");
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
return LLVMFuzzerTestOneInput(pw, (size_t)len + 1);
|
|
}
|