diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-06-29 19:02:44 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-06-29 19:07:59 +0200 |
| commit | 4a6c525db845fc8f6564ce18963b91d153a5a354 (patch) | |
| tree | 78b1d73db04724404f198397a2fe6d8a475a1212 /fuzz | |
| parent | 93a4a4387af951a4680061bf4e1effa87fa65406 (diff) | |
Improved fuzz_ndpi_reader which supports now SMP/MT w/o race-coniditions.
./tests/do.sh can supports SMP/MT via environment variables.
Removed -fno-sanitize=shift as well, was fixed by 317d3ffd.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/Makefile.am | 14 | ||||
| -rw-r--r-- | fuzz/fuzz_ndpi_reader.c | 69 |
2 files changed, 74 insertions, 9 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 0b7304cf5..bdefa337b 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,4 +1,4 @@ -bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader +bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_with_main fuzz_process_packet_SOURCES = fuzz_process_packet.c fuzz_process_packet_CFLAGS = @@ -6,8 +6,6 @@ fuzz_process_packet_LDFLAGS = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) if HAS_FUZZLDFLAGS fuzz_process_packet_CFLAGS += $(LIB_FUZZING_ENGINE) fuzz_process_packet_LDFLAGS += $(LIB_FUZZING_ENGINE) -#else -# fuzz_process_packet_SOURCES += onefile.c endif # force usage of CXX for linker fuzz_process_packet_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -20,14 +18,20 @@ fuzz_ndpi_reader_LDFLAGS = ../example/libndpiReader.a ../src/lib/libndpi.a $(PCA if HAS_FUZZLDFLAGS fuzz_ndpi_reader_CFLAGS += $(LIB_FUZZING_ENGINE) fuzz_ndpi_reader_LDFLAGS += $(LIB_FUZZING_ENGINE) -#else -# fuzz_ndpi_reader_SOURCES += onefile.c endif # force usage of CXX for linker fuzz_ndpi_reader_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_ndpi_reader_LDFLAGS) $(LDFLAGS) -o $@ +fuzz_ndpi_reader_with_main_SOURCES = fuzz_ndpi_reader.c +fuzz_ndpi_reader_with_main_CFLAGS = -I../example/ -DBUILD_MAIN +fuzz_ndpi_reader_with_main_LDFLAGS = ../example/libndpiReader.a ../src/lib/libndpi.a $(PCAP_LIB) $(ADDITIONAL_LIBS) +# force usage of CXX for linker +fuzz_ndpi_reader_with_main_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_ndpi_reader_with_main_LDFLAGS) $(LDFLAGS) -o $@ + # required for Google oss-fuzz # see https://github.com/google/oss-fuzz/tree/master/projects/ndpi testpcaps := $(wildcard ../tests/pcap/*.pcap) diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index 7de3d45f4..32318718f 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -21,13 +21,13 @@ int bufferToFile(const char * name, const uint8_t *Data, size_t Size) { FILE * fd; if (remove(name) != 0) { if (errno != ENOENT) { - printf("failed remove, errno=%d\n", errno); + perror("remove failed"); return -1; } } fd = fopen(name, "wb"); if (fd == NULL) { - printf("failed open, errno=%d\n", errno); + perror("open failed"); return -2; } if (fwrite (Data, 1, Size, fd) != Size) { @@ -45,6 +45,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { int r; char errbuf[PCAP_ERRBUF_SIZE]; NDPI_PROTOCOL_BITMASK all; + char * pcap_path = tempnam("/tmp", "fuzz-ndpi-reader"); if (prefs == NULL) { prefs = calloc(sizeof(struct ndpi_workflow_prefs), 1); @@ -57,10 +58,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { prefs->max_ndpi_flows = 1024; prefs->quiet_mode = 0; } - bufferToFile("/tmp/fuzz.pcap", Data, Size); + bufferToFile(pcap_path, Data, Size); - pkts = pcap_open_offline("/tmp/fuzz.pcap", errbuf); + pkts = pcap_open_offline(pcap_path, errbuf); if (pkts == NULL) { + remove(pcap_path); + free(pcap_path); return 0; } struct ndpi_workflow * workflow = ndpi_workflow_init(prefs, pkts); @@ -87,5 +90,63 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { ndpi_workflow_free(workflow); pcap_close(pkts); + remove(pcap_path); + free(pcap_path); + return 0; } + +#ifdef BUILD_MAIN +int main(int argc, char ** argv) +{ + FILE * pcap_file; + long pcap_file_size; + uint8_t * pcap_buffer; + int test_retval; + + if (argc != 2) { + fprintf(stderr, "usage: %s: [pcap-file]\n", + (argc > 0 ? argv[0] : "fuzz_ndpi_reader_with_main")); + return 1; + } + + pcap_file = fopen(argv[1], "r"); + if (pcap_file == NULL) { + perror("fopen failed"); + return 1; + } + + if (fseek(pcap_file, 0, SEEK_END) != 0) { + perror("fseek(SEEK_END) failed"); + return 1; + } + + pcap_file_size = ftell(pcap_file); + if (pcap_file_size < 0) { + perror("ftell failed"); + return 1; + } + + if (fseek(pcap_file, 0, SEEK_SET) != 0) { + perror("fseek(0, SEEK_SET) failed"); + return 1; + } + + pcap_buffer = malloc(pcap_file_size); + if (pcap_buffer == NULL) { + perror("malloc failed"); + return 1; + } + + if (fread(pcap_buffer, sizeof(*pcap_buffer), pcap_file_size, pcap_file) != pcap_file_size) { + perror("fread failed"); + return 1; + } + + test_retval = LLVMFuzzerTestOneInput(pcap_buffer, pcap_file_size); + fclose(pcap_file); + free(pcap_buffer); + + return test_retval; +} +#endif |