From 8b64577c3bb4d5dd60e4939223550f2f2002284b Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 22 May 2017 15:31:23 +0200 Subject: build: Add fuzzer using AFL --- build/fuzz/main.c | 44 ++++++++++++++++++++++++++++++++++++ build/fuzz/rpc.in/transcript | Bin 0 -> 146 bytes build/fuzz/rpc_fuzzer.c | 52 +++++++++++++++++++++++++++++++++++++++++++ build/fuzz/run-afl.sh | 46 ++++++++++++++++++++++++++++++++++++++ build/fuzz/transcript | Bin 0 -> 5694933 bytes 5 files changed, 142 insertions(+) create mode 100644 build/fuzz/main.c create mode 100644 build/fuzz/rpc.in/transcript create mode 100644 build/fuzz/rpc_fuzzer.c create mode 100755 build/fuzz/run-afl.sh create mode 100644 build/fuzz/transcript (limited to 'build') diff --git a/build/fuzz/main.c b/build/fuzz/main.c new file mode 100644 index 0000000..6029430 --- /dev/null +++ b/build/fuzz/main.c @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +int main(int argc, char **argv) +{ + int ret; + unsigned char buf[64*1024]; + + ret = fread(buf, 1, sizeof(buf), stdin); + if (ret <= 0) + return 0; + + return LLVMFuzzerTestOneInput(buf, ret); +} diff --git a/build/fuzz/rpc.in/transcript b/build/fuzz/rpc.in/transcript new file mode 100644 index 0000000..c3d37db Binary files /dev/null and b/build/fuzz/rpc.in/transcript differ diff --git a/build/fuzz/rpc_fuzzer.c b/build/fuzz/rpc_fuzzer.c new file mode 100644 index 0000000..3bef578 --- /dev/null +++ b/build/fuzz/rpc_fuzzer.c @@ -0,0 +1,52 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include "config.h" +#include "test.h" + +#include "library.h" +#include "mock.h" +#include "rpc.h" + +#include +#include + +static p11_virtual base; + +#ifdef __cplusplus +extern "C" +#endif +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + p11_buffer buffer; + + mock_module_init (); + p11_library_init (); + + p11_buffer_init (&buffer, 0); + + p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL); + base.funcs.C_Initialize (&base.funcs, NULL); + + p11_buffer_add (&buffer, data, size); + assert (!p11_buffer_failed (&buffer)); + + p11_rpc_server_handle (&base.funcs, &buffer, &buffer); + + return 0; +} diff --git a/build/fuzz/run-afl.sh b/build/fuzz/run-afl.sh new file mode 100755 index 0000000..95c6c43 --- /dev/null +++ b/build/fuzz/run-afl.sh @@ -0,0 +1,46 @@ +#!/bin/sh +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +srcdir="${srcdir:-.}" +export LD_LIBRARY_PATH=${srcdir}/../../lib/.libs/ + +cat ${srcdir}/../../config.log|grep afl-gcc >/dev/null 2>&1 +if test $? != 0;then + echo "compile first library as:" + echo "CC=afl-gcc ./configure" + exit 1 +fi + +if test -z "$1";then + echo "Usage: $0 test-case" + echo "Example: $0 gnutls_x509_parser_fuzzer" + exit 1 +fi + +rm -f $1 +CFLAGS="-g -O2" CC=afl-gcc make $1 || exit 1 + +TEST=$(echo $1|sed s/_fuzzer//) + +TMPOUT=${TEST}.$$.out +mkdir -p ${TMPOUT} +afl-fuzz -i ${TEST}.in -o ${TMPOUT} -- ./${TEST}_fuzzer + +echo "output was stored in $TMPOUT" + +exit 0 diff --git a/build/fuzz/transcript b/build/fuzz/transcript new file mode 100644 index 0000000..32c786a Binary files /dev/null and b/build/fuzz/transcript differ -- cgit v1.1