From 9f0d1335b4f04e37ac38f14a8406de1f77b25e97 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 12 Dec 2016 08:09:49 -0500 Subject: Migrated fuzzers from the oss-repo to here. Also added a new private_key_parser fuzzer. --- fuzz/README.md | 4 ++ fuzz/gnutls_client_fuzzer.cc | 73 ++++++++++++++++++++++++++++++++ fuzz/gnutls_private_key_parser_fuzzer.cc | 41 ++++++++++++++++++ fuzz/gnutls_x509_parser_fuzzer.cc | 47 ++++++++++++++++++++ 4 files changed, 165 insertions(+) create mode 100644 fuzz/README.md create mode 100644 fuzz/gnutls_client_fuzzer.cc create mode 100644 fuzz/gnutls_private_key_parser_fuzzer.cc create mode 100644 fuzz/gnutls_x509_parser_fuzzer.cc diff --git a/fuzz/README.md b/fuzz/README.md new file mode 100644 index 0000000000..c215f75d0d --- /dev/null +++ b/fuzz/README.md @@ -0,0 +1,4 @@ +# Fuzzers + +These are fuzzers designed for use with `libFuzzer`. Currently they are +primarily run on Google's OSS-Fuzz (https://github.com/google/oss-fuzz/). diff --git a/fuzz/gnutls_client_fuzzer.cc b/fuzz/gnutls_client_fuzzer.cc new file mode 100644 index 0000000000..b155ca5edf --- /dev/null +++ b/fuzz/gnutls_client_fuzzer.cc @@ -0,0 +1,73 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include +#include +#include +#include +#include + +#include + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + int res; + gnutls_session_t session; + gnutls_certificate_credentials_t xcred; + + int socket_fds[2]; + res = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds); + assert(res >= 0); + ssize_t send_res = send(socket_fds[1], data, size, 0); + assert(send_res == size); + res = shutdown(socket_fds[1], SHUT_WR); + assert(res == 0); + + res = gnutls_init(&session, GNUTLS_CLIENT); + assert(res >= 0); + + res = gnutls_certificate_allocate_credentials(&xcred); + assert(res >= 0); + res = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + assert(res >= 0); + + res = gnutls_set_default_priority(session); + assert(res >= 0); + + gnutls_transport_set_int(session, socket_fds[0]); + + do { + res = gnutls_handshake(session); + } while (res < 0 && gnutls_error_is_fatal(res) == 0); + if (res >= 0) { + while (true) { + char buf[16384]; + res = gnutls_record_recv(session, buf, sizeof(buf)); + if (res <= 0) { + break; + } + } + } + + close(socket_fds[0]); + close(socket_fds[1]); + gnutls_deinit(session); + gnutls_certificate_free_credentials(xcred); + return 0; +} diff --git a/fuzz/gnutls_private_key_parser_fuzzer.cc b/fuzz/gnutls_private_key_parser_fuzzer.cc new file mode 100644 index 0000000000..63d8163fa7 --- /dev/null +++ b/fuzz/gnutls_private_key_parser_fuzzer.cc @@ -0,0 +1,41 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include + +#include +#include + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + gnutls_datum_t raw; + gnutls_x509_privkey_t key; + int ret; + + raw.data = (unsigned char *)data; + raw.size = size; + + ret = gnutls_x509_privkey_init(&key); + assert(ret >= 0); + + ret = gnutls_x509_privkey_import(key, &raw, GNUTLS_X509_FMT_DER); + + gnutls_x509_privkey_deinit(key); + return 0; +} diff --git a/fuzz/gnutls_x509_parser_fuzzer.cc b/fuzz/gnutls_x509_parser_fuzzer.cc new file mode 100644 index 0000000000..28dc3397fc --- /dev/null +++ b/fuzz/gnutls_x509_parser_fuzzer.cc @@ -0,0 +1,47 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include + +#include +#include + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + gnutls_datum_t raw; + gnutls_datum_t out; + gnutls_x509_crt_t crt; + int ret; + + raw.data = (unsigned char *)data; + raw.size = size; + + ret = gnutls_x509_crt_init(&crt); + assert(ret >= 0); + + ret = gnutls_x509_crt_import(crt, &raw, GNUTLS_X509_FMT_DER); + if (ret >= 0) { + ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out); + assert(ret >= 0); + gnutls_free(out.data); + } + + gnutls_x509_crt_deinit(crt); + return 0; +} -- cgit v1.2.1