diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-12-01 12:21:04 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-01 12:21:04 +0100 |
| commit | 02e7e3c23b29002267a89ae74e51c2285bb27da1 (patch) | |
| tree | e81044cad57a397a940f278ac53f6aec3be0fc92 /fuzz/Makefile.am | |
| parent | afb5c3e6bad82ebd265ab12254ac7c6e067a791b (diff) | |
Add a new fuzzer for QUIC (#1800)
QUIC packets are encrypted/obfuscated; that means that we need to
decrypt them before parsing the real (TLS) message.
Fuzzing is not effective here, since a random buffer is hardly a valid
encrypted QUIC packet.
Add a new fuzzer, testing *decrypted* QUIC packets.
Add a basic corpus.
Fix a few bugs already found by this fuzzer.
Diffstat (limited to 'fuzz/Makefile.am')
| -rw-r--r-- | fuzz/Makefile.am | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index ed680892b..2e80ec205 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,4 +1,4 @@ -bin_PROGRAMS = fuzz_process_packet fuzz_process_packet_with_main fuzz_ndpi_reader fuzz_ndpi_reader_with_main +bin_PROGRAMS = fuzz_process_packet fuzz_process_packet_with_main fuzz_ndpi_reader fuzz_ndpi_reader_with_main fuzz_quic_get_crypto_data fuzz_quic_get_crypto_data_with_main fuzz_process_packet_SOURCES = fuzz_process_packet.c fuzz_process_packet_CFLAGS = @@ -44,9 +44,45 @@ fuzz_ndpi_reader_with_main_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_ndpi_reader_with_main_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_quic_get_crypto_data_SOURCES = fuzz_quic_get_crypto_data.c +fuzz_quic_get_crypto_data_CFLAGS = -I../example/ +fuzz_quic_get_crypto_data_LDADD = ../example/libndpiReader.a ../src/lib/libndpi.a +fuzz_quic_get_crypto_data_LDFLAGS = $(PCAP_LIB) $(ADDITIONAL_LIBS) $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_quic_get_crypto_data_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_quic_get_crypto_data_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_quic_get_crypto_data_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_quic_get_crypto_data_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + +fuzz_quic_get_crypto_data_with_main_SOURCES = fuzz_quic_get_crypto_data.c +fuzz_quic_get_crypto_data_with_main_CFLAGS = -I../example/ -DBUILD_MAIN +fuzz_quic_get_crypto_data_with_main_LDADD = ../src/lib/libndpi.a +fuzz_quic_get_crypto_data_with_main_LDFLAGS = ../example/libndpiReader.a $(PCAP_LIB) $(ADDITIONAL_LIBS) $(LIBS) +# force usage of CXX for linker +fuzz_quic_get_crypto_data_with_main_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_quic_get_crypto_data_with_main_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + + # required for Google oss-fuzz # see https://github.com/google/oss-fuzz/tree/master/projects/ndpi testpcaps := $(wildcard ../tests/pcap/*.pcap*) fuzz_ndpi_reader_seed_corpus.zip: $(testpcaps) zip -r fuzz_ndpi_reader_seed_corpus.zip $(testpcaps) + +files_corpus_fuzz_quic_get_crypto_data := $(wildcard corpus/fuzz_quic_get_crypto_data/*) + +fuzz_quic_get_crypto_data_seed_corpus.zip: $(files_corpus_fuzz_quic_get_crypto_data) + zip -r fuzz_quic_get_crypto_data_seed_corpus.zip $(files_corpus_fuzz_quic_get_crypto_data) + +corpus: fuzz_quic_get_crypto_data_seed_corpus.zip + +distdir: + find . -type d | xargs -I'{}' mkdir -p '$(distdir)/{}' + find . -type f -name '*.c' \ + -o -name '*.am' \ + -o -name '*.bin' | xargs -I'{}' cp '{}' '$(distdir)/{}' |