Building the PFF PHP Fuzzer on Mac OS X

April 8, 2009
Dan Cornell
IMG_0009

Recently I have been looking at some PHP security testing issues and I needed a fuzzer.  I found a PHP fuzzer called PFF available via the Digital Dwarf Society.  The original author’s webpage doesn’t seem to be up anymore, but the Digital Dwarf folks had a cached version of the actual code available.

The build instructions that come with the tool are:

cc pff.c -o pff -lssl

The problem with that was that on my OS X laptop (version 10.5.6) I got the following build messages and errors:

Undefined symbols:
“_BIO_f_base64”, referenced from:
_encode_base64 in cc2Np5yM.o
“_BIO_ctrl”, referenced from:
_encode_base64 in cc2Np5yM.o
_encode_base64 in cc2Np5yM.o
“_BIO_new”, referenced from:
_encode_base64 in cc2Np5yM.o
_encode_base64 in cc2Np5yM.o
“_BIO_s_mem”, referenced from:
_encode_base64 in cc2Np5yM.o
“_BIO_write”, referenced from:
_encode_base64 in cc2Np5yM.o
“_BIO_push”, referenced from:
_encode_base64 in cc2Np5yM.o
“_BIO_free_all”, referenced from:
_encode_base64 in cc2Np5yM.o
ld: symbol(s) not found
collect2: ld returned 1 exit status

Part of these issues seemed to stem from OpenSSL include/library issues, so I Googled around a bit and updated my build command to:

cc pff.c -o pff -lssl -lcrypto

That helped … a bit.  At that point my error messages had dwindled to:

pff.c: In function ‘genfilename’:
pff.c:346: warning: assignment makes pointer from integer without a cast
Undefined symbols:
“_strndup”, referenced from:
_genfilename in ccQlatXg.o
ld: symbol(s) not found
collect2: ld returned 1 exit status

Progress!  After a bit of searching, I found out that, apparently, Mac OS X doesn’t support the “strndup” function as it is a GNU-specific extension to the standard library (reference is here).  Who would have thought?

So, in the spirit of getting this to work, I updated the source code to replace the “strndup” function call with a call to “strdup.”  Then I re-ran:

cc pff.c -o pff -lssl -lcrypto

Now the build runs properly.  Success!  Also, the pff binary runs as it should so I can start fuzzing away on PHP functions.

The diff for the pff.c file is:

346c346
<      if((name = strdup(filename)) == NULL) {

>     if((name = strndup(filename,strlen(filename))) == NULL) {

I am about to mail this along to the Digital Dwarf (info@digitaldwarf.de) and SETEC/calcite (calcite@setec.org) folks but I also wanted to post the info publicly as well.  Happy PHP fuzzing!

More info on strdup, strndup and associated functions can be found here.

–Dan
dan _at_ denimgroup.com

PS – Photo is of my dog, Cody.  He’s a good boy.  (c) Dan Cornell 2008.

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Application Security Tools Information Security Security Programs Uncategorized Vulnerability Assessments Web Application Security

One Response to “Building the PFF PHP Fuzzer on Mac OS X”

  1. Textile

    I know this website provides quality based content and other material, is there any other web site which gives these information in quality?

Leave a Reply

Your email address will not be published. Required fields are marked *