diff options
author | Arjun <36335769+0x34d@users.noreply.github.com> | 2023-02-01 11:45:09 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-01 14:45:09 -0500 |
commit | 9be2d80b01d754481bf5cb18ac706fba817d8cd2 (patch) | |
tree | 101b50234b541389b54408268d4b7b3f3c6548a2 | |
parent | ea142163c3ff139006b563545cc00a6cb7bb7dad (diff) | |
download | rabbitmq-c-9be2d80b01d754481bf5cb18ac706fba817d8cd2.tar.gz |
for initial integration in oss-fuzz (#736)
* support of oss-fuzz
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
-rw-r--r-- | CMakeLists.txt | 26 | ||||
-rw-r--r-- | fuzz/CMakeLists.txt | 10 | ||||
-rw-r--r-- | fuzz/README.md | 30 | ||||
-rw-r--r-- | fuzz/fuzz_server.c | 92 | ||||
-rw-r--r-- | fuzz/input/fuzz_server.raw (renamed from fuzz/input/input.raw) | bin | 8 -> 8 bytes | |||
-rw-r--r-- | fuzz/input/fuzz_table.raw | bin | 0 -> 259 bytes | |||
-rw-r--r-- | fuzz/input/fuzz_url.raw | bin | 0 -> 34 bytes |
7 files changed, 69 insertions, 89 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 7b7590f..f0a0dc4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -136,8 +136,7 @@ option(BUILD_TOOLS "Build Tools (requires POPT Library)" OFF) cmake_dependent_option(BUILD_TOOLS_DOCS "Build man pages for tools (requires xmlto)" OFF "BUILD_TOOLS" OFF) option(BUILD_API_DOCS "Build Doxygen API docs" OFF) option(RUN_SYSTEM_TESTS "Run system tests (i.e. tests requiring an accessible RabbitMQ server instance on localhost)" OFF) -option(BUILD_LIBFUZZ "Build LibFuzzer" OFF) -option(BUILD_AFLFUZZ "Build AFLFuzzer" OFF) +option(BUILD_OSSFUZZ "Build OSSFUZZ" OFF) if (NOT BUILD_SHARED_LIBS AND NOT BUILD_STATIC_LIBS) message(FATAL_ERROR "One or both of BUILD_SHARED_LIBS or BUILD_STATIC_LIBS must be set to ON to build") @@ -145,25 +144,12 @@ endif() set(targets_export_name rabbitmq-targets) -if(BUILD_LIBFUZZ) - if (NOT CMAKE_C_COMPILER_ID STREQUAL "Clang") - message(FATAL_ERROR "Need clang for libFuzzer support") - endif() +if(BUILD_OSSFUZZ) if (NOT BUILD_STATIC_LIBS) - message(FATAL_ERROR "LibFuzzer can only be built against static libraries " "(set BUILD_STATIC_LIBS=ON)") + message(FATAL_ERROR "OSS-FUZZ can only be built against static libraries " "(set BUILD_STATIC_LIBS=ON)") endif () - - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link,address,undefined") - SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address,undefined") -endif () - -if(BUILD_AFLFUZZ) - if (NOT BUILD_STATIC_LIBS) - message(FATAL_ERROR "AFL-Fuzzer can only be built against static libraries " "(set BUILD_STATIC_LIBS=ON)") - endif () - - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,undefined") - SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=address,undefined") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") + SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}") endif () add_subdirectory(librabbitmq) @@ -192,7 +178,7 @@ if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME AND BUILD_TESTING) add_subdirectory(tests) endif () -if(BUILD_LIBFUZZ OR BUILD_AFLFUZZ) +if(BUILD_OSSFUZZ) add_subdirectory(fuzz) endif () diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index 7212758..06d9e78 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -6,15 +6,15 @@ include_directories( add_definitions(-DHAVE_CONFIG_H) add_definitions(-DAMQP_STATIC) -if(BUILD_LIBFUZZ) +SET(CMAKE_EXE_LINKER_FLAGS "${LIB_FUZZING_ENGINE}") + +if(BUILD_OSSFUZZ) add_executable(fuzz_url fuzz_url.c) - target_link_libraries(fuzz_url rabbitmq-static -fsanitize=fuzzer) + target_link_libraries(fuzz_url rabbitmq-static) add_executable(fuzz_table fuzz_table.c) - target_link_libraries(fuzz_table rabbitmq-static -fsanitize=fuzzer) -endif () + target_link_libraries(fuzz_table rabbitmq-static) -if(BUILD_AFLFUZZ) add_executable(fuzz_server fuzz_server.c) target_link_libraries(fuzz_server rabbitmq-static) endif () diff --git a/fuzz/README.md b/fuzz/README.md index f11e13d..815fa07 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -1,15 +1,27 @@ -#### Libfuzzer -``` -cmake -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DBUILD_LIBFUZZ=ON ../ +### OSS-Fuzz in House -./fuzz/fuzz_url -./fuzz/fuzz_table +#### Export Flags ``` - -#### AFL Fuzzer +export CC=clang +export CXX=clang++ +export CFLAGS=-fsanitize=fuzzer-no-link,address +export LIB_FUZZING_ENGINE=-fsanitize=fuzzer +export LDFLAGS=-fsanitize=address ``` -cmake -DCMAKE_C_COMPILER=afl-clang-fast -DCMAKE_BUILD_TYPE=Debug -DBUILD_AFLFUZZ=ON ../ -afl-fuzz -i afl_in -o afl_out -- ./fuzz_server 8080 @@ +#### Build cmake Fuzzer +``` +cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_OSSFUZZ=ON \ +-DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ +-DCMAKE_C_FLAGS=$CFLAGS -DCMAKE_EXE_LINKER_FLAGS=$CFLAGS \ +-DLIB_FUZZING_ENGINE=$LIB_FUZZING_ENGINE \ +../ +``` +#### Run Fuzzer +``` +mkdir coverage +./fuzz/fuzz_url coverage/ ../fuzz/input/ +./fuzz/fuzz_table coverage/ ../fuzz/input/ +./fuzz/fuzz_server coverage/ ../fuzz/input/ ``` diff --git a/fuzz/fuzz_server.c b/fuzz/fuzz_server.c index b5e4b6a..ae72d8e 100644 --- a/fuzz/fuzz_server.c +++ b/fuzz/fuzz_server.c @@ -15,30 +15,22 @@ #include <rabbitmq-c/tcp_socket.h> struct Fuzzer { + int socket; uint16_t port; - char *file; + pthread_t thread; - FILE *inFile; uint64_t size; uint8_t *buffer; - - pthread_t thread; - int socket; }; typedef struct Fuzzer Fuzzer; -static uint8_t pre_encoded_table[] = {0x00, 0x00, 0x00, 0xff, 0x07, - 0x6c, 0x6f, 0x6e, 0x67, 0x73}; +#define PORT 8080 +#define kMinInputLength 9 +#define kMaxInputLength 1024 + +void client(Fuzzer *fuzzer); void fuzzinit(Fuzzer *fuzzer) { - // File - fuzzer->inFile = fopen(fuzzer->file, "rb"); - fseek(fuzzer->inFile, 0L, SEEK_END); - fuzzer->size = ftell(fuzzer->inFile); - fseek(fuzzer->inFile, 0L, SEEK_SET); - fuzzer->buffer = (uint8_t *)calloc(fuzzer->size, sizeof(char)); - fread(fuzzer->buffer, sizeof(char), fuzzer->size, fuzzer->inFile); - // Server struct sockaddr_in server_addr; fuzzer->socket = socket(AF_INET, SOCK_STREAM, 0); server_addr.sin_family = AF_INET; @@ -50,7 +42,6 @@ void fuzzinit(Fuzzer *fuzzer) { } void *Server(void *args) { - Fuzzer *fuzzer = (Fuzzer *)args; int client; @@ -61,18 +52,42 @@ void *Server(void *args) { client = accept(fuzzer->socket, (struct sockaddr *)&clientAddr, &clientSZ); recv(client, clientData, sizeof(clientData), 0); + send(client, fuzzer->buffer, fuzzer->size, 0); - if (fuzzer->size < 9) { - send(client, pre_encoded_table, sizeof(pre_encoded_table), 0); - } else { - send(client, fuzzer->buffer, fuzzer->size, 0); - } - + shutdown(client, SHUT_RDWR); close(client); pthread_exit(NULL); } +void clean(Fuzzer *fuzzer) { + shutdown(fuzzer->socket, SHUT_RDWR); + close(fuzzer->socket); + free(fuzzer); +} + +extern int LLVMFuzzerTestOneInput(const char *data, size_t size) { + + if (size < kMinInputLength || size > kMaxInputLength) { + return 0; + } + + Fuzzer *fuzzer = (Fuzzer *)malloc(sizeof(Fuzzer)); + fuzzer->port = PORT; + + fuzzinit(fuzzer); + + pthread_create(&fuzzer->thread, NULL, Server, fuzzer); + + client(fuzzer); + + pthread_join(fuzzer->thread, NULL); + + clean(fuzzer); + + return 0; +} + void client(Fuzzer *fuzzer) { char const *hostname; int status; @@ -98,36 +113,3 @@ void client(Fuzzer *fuzzer) { amqp_destroy_connection(conn); } -void clean(Fuzzer *fuzzer) { - - free(fuzzer->buffer); - fclose(fuzzer->inFile); - - close(fuzzer->socket); - - free(fuzzer); -} - -int main(int argc, char *argv[]) { - - if (argc < 3) { - printf("Server-port,Input-file \n"); - return 0; - } - - Fuzzer *fuzzer = (Fuzzer *)malloc(sizeof(Fuzzer)); - fuzzer->port = atoi(argv[1]); - fuzzer->file = argv[2]; - - fuzzinit(fuzzer); - - pthread_create(&fuzzer->thread, NULL, Server, fuzzer); - - client(fuzzer); - - pthread_join(fuzzer->thread, NULL); - - clean(fuzzer); - - return 0; -} diff --git a/fuzz/input/input.raw b/fuzz/input/fuzz_server.raw Binary files differindex 4f2ca96..4f2ca96 100644 --- a/fuzz/input/input.raw +++ b/fuzz/input/fuzz_server.raw diff --git a/fuzz/input/fuzz_table.raw b/fuzz/input/fuzz_table.raw Binary files differnew file mode 100644 index 0000000..421d520 --- /dev/null +++ b/fuzz/input/fuzz_table.raw diff --git a/fuzz/input/fuzz_url.raw b/fuzz/input/fuzz_url.raw Binary files differnew file mode 100644 index 0000000..34a284a --- /dev/null +++ b/fuzz/input/fuzz_url.raw |