diff options
author | Max Dymond <cmeister2@gmail.com> | 2017-09-02 14:33:55 +0100 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2017-09-02 06:33:55 -0700 |
commit | 253df53796fd42f91ea60c039ee34271bca0b46b (patch) | |
tree | bfae5c293672684cb8ea639afdbe8ded067dbe36 /projects/curl | |
parent | 656548e737c124bd68254398e3d023b33cf3a423 (diff) | |
download | oss-fuzz-253df53796fd42f91ea60c039ee34271bca0b46b.tar.gz |
Update curl to take advantage of new native fuzzing (#810)
curl is now moving towards having native fuzzing capabilities in line
with
https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md.
It now ticks a lot of the boxes:
- It's maintained in Git
- It's built with the rest of the tests in Travis
- It has a seed corpus (currently quite basic)
- It's continuously tested on the seed corpus with ASan
- It's fast and has no OOMs
Diffstat (limited to 'projects/curl')
-rw-r--r-- | projects/curl/Dockerfile | 2 | ||||
-rwxr-xr-x | projects/curl/build.sh | 19 | ||||
-rw-r--r-- | projects/curl/curl_fuzzer.cc | 117 | ||||
-rw-r--r-- | projects/curl/project.yaml | 1 |
4 files changed, 14 insertions, 125 deletions
diff --git a/projects/curl/Dockerfile b/projects/curl/Dockerfile index aa0e82e45..1afe523bc 100644 --- a/projects/curl/Dockerfile +++ b/projects/curl/Dockerfile @@ -20,5 +20,5 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool libssl-d RUN git clone --depth 1 https://github.com/curl/curl.git WORKDIR curl -COPY build.sh curl_fuzzer.cc *.options *.dict $SRC/ +COPY build.sh *.options *.dict $SRC/ diff --git a/projects/curl/build.sh b/projects/curl/build.sh index ee5a4c9a8..1b761b29e 100755 --- a/projects/curl/build.sh +++ b/projects/curl/build.sh @@ -15,17 +15,22 @@ # ################################################################################ +echo "CC: $CC" +echo "CXX: $CXX" +echo "LIB_FUZZING_ENGINE: $LIB_FUZZING_ENGINE" +echo "CFLAGS: $CFLAGS" +echo "CXXFLAGS: $CXXFLAGS" + ./buildconf -./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null +./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null --without-ssl make -j$(nproc) # Build the fuzzer. -$CXX $CXXFLAGS $SRC/curl_fuzzer.cc -Iinclude lib/.libs/libcurl.a \ - -o $OUT/curl_fuzzer \ - -Wl,-Bstatic -lssl -lcrypto -lz -lFuzzingEngine -Wl,-Bdynamic +cd tests/fuzz +make all +make zip + +cp -v curl_fuzzer curl_fuzzer_seed_corpus.zip $OUT/ # Copy dictionary and options file to $OUT. cp $SRC/*.dict $SRC/*.options $OUT/ - -# Archive and copy to $OUT seed corpus if the build succeeded. -zip -j $OUT/curl_fuzzer_seed_corpus.zip $SRC/curl/tests/data/test* diff --git a/projects/curl/curl_fuzzer.cc b/projects/curl/curl_fuzzer.cc deleted file mode 100644 index b292e346e..000000000 --- a/projects/curl/curl_fuzzer.cc +++ /dev/null @@ -1,117 +0,0 @@ -/* -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include <errno.h> -#include <fcntl.h> -#include <netinet/in.h> -#include <stddef.h> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/select.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/types.h> -#include <unistd.h> - -#include <curl/curl.h> - -static const void *cur_data; -static int cur_size = -1; -static int server_fd = -1; -static int client_fd = -1; -static bool wrote = false; - -static void fail(const char *why) { - perror(why); - exit(1); -} - -static curl_socket_t open_sock(void *ctx, curlsocktype purpose, - struct curl_sockaddr *address) { - if (cur_size == -1) fail("not fuzzing"); - if (server_fd != -1 || client_fd != -1) fail("already connected"); - int fds[2]; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds)) fail("socketpair"); - server_fd = fds[0]; - client_fd = fds[1]; - if (write(server_fd, cur_data, cur_size) != cur_size) fail("write"); - if (shutdown(server_fd, SHUT_WR)) fail("shutdown"); - return client_fd; -} - -static int set_opt(void *ctx, curl_socket_t curlfd, curlsocktype purpose) { - return CURL_SOCKOPT_ALREADY_CONNECTED; -} - -static size_t write_callback(char *ptr, size_t size, size_t n, void *ctx) { - return size * n; -} - -static size_t read_callback(char *buf, size_t size, size_t n, void *ctx) { - if (wrote || size * n == 0) return 0; - wrote = true; - buf[0] = 'a'; - return 1; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - cur_data = Data; - cur_size = Size; - wrote = false; - CURL *curl = curl_easy_init(); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback); - curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); - curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, open_sock); - curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, set_opt); -#if defined(FUZZER_FTP) - curl_easy_setopt(curl, CURLOPT_URL, "ftp://user@localhost/file.txt"); -#elif defined(FUZZER_IMAP) - curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); - curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - curl_easy_setopt(curl, CURLOPT_URL, "imap://localhost"); -#elif defined(FUZZER_POP3) - curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); - curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - curl_easy_setopt(curl, CURLOPT_URL, "pop3://localhost"); -#elif defined(FUZZER_HTTP_UPLOAD) - curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); - curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); - curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); -#elif defined(FUZZER_HTTP2) - curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); - curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 0L); -#else - curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); - curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); -#endif - curl_easy_perform(curl); - curl_easy_cleanup(curl); - close(server_fd); - close(client_fd); - server_fd = -1; - client_fd = -1; - cur_data = NULL; - cur_size = -1; - return 0; -} diff --git a/projects/curl/project.yaml b/projects/curl/project.yaml index 86351e629..4396635e1 100644 --- a/projects/curl/project.yaml +++ b/projects/curl/project.yaml @@ -2,6 +2,7 @@ homepage: "https://curl.haxx.se/" primary_contact: "daniel@haxx.se" auto_ccs: - "daniel.haxx@gmail.com" + - "cmeister2@gmail.com" sanitizers: - address - undefined |