#include #include #include #include #include #include #include #include #include "violite.h" using namespace std; FILE *logfile = NULL; extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { MYSQL mysql; long flags; bool opt_cleartext = true; unsigned int opt_ssl = SSL_MODE_DISABLED; MYSQL_RES *result; if (Size < sizeof(unsigned long)) { return 0; } if (logfile == NULL) { logfile = fopen("/dev/null", "w"); } flags = * ((unsigned long *) (Data + Size - sizeof(unsigned long))); mysql_init(&mysql); mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext); mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl); mysql.options.protocol = MYSQL_PROTOCOL_FUZZ; // The fuzzing takes place on network data received from server sock_initfuzz(Data,Size - sizeof(unsigned long)); if (!mysql_real_connect(&mysql, "localhost", "root", "root", "dbname", 0, NULL, flags)) { goto out; } else { fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql)); fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql)); mysql_info(&mysql); } mysql_query(&mysql, "CREATE DATABASE fuzzbase"); if (mysql_query(&mysql, "SELECT * FROM CARS")) { goto out; } result = mysql_store_result(&mysql); if (result != NULL) { int num_fields = mysql_num_fields(result); MYSQL_FIELD *field; while((field = mysql_fetch_field(result))) { fprintf(logfile, "%s\n", field->name); } MYSQL_ROW row = mysql_fetch_row(result); unsigned long * lengths = mysql_fetch_lengths(result); while (row ) { for(int i = 0; i < num_fields; i++) { fprintf(logfile, "length %lu, %s\n", lengths[i], row[i] ? row[i] : "NULL"); } row = mysql_fetch_row(result); } mysql_free_result(result); } result = mysql_list_dbs(&mysql, NULL); if (result) { mysql_free_result(result); } result = mysql_list_tables(&mysql, NULL); if (result) { mysql_free_result(result); } result = mysql_list_fields(&mysql, "sometable", NULL); if (result) { mysql_free_result(result); } result = mysql_list_processes(&mysql); if (result) { mysql_free_result(result); } mysql_ping(&mysql); if (mysql_change_user(&mysql, "user", "password", "new_database")) { goto out; } if (mysql_query(&mysql, "INSERT INTO Fuzzers(Name) VALUES('myfuzzer')") == 0) { fprintf(logfile, "The last inserted row id is: %llu\n", mysql_insert_id(&mysql)); fprintf(logfile, "%llu affected rows\n", mysql_affected_rows(&mysql)); mysql_info(&mysql); } mysql_get_host_info(&mysql); mysql_get_proto_info(&mysql); mysql_get_server_info(&mysql); mysql_get_server_version(&mysql); mysql_dump_debug_info(&mysql); mysql_sqlstate(&mysql); mysql_stat(&mysql); out: mysql_close(&mysql); return 0; }