Update curl to take advantage of new native fuzzing (#810)

curl is now moving towards having native fuzzing capabilities in line with https://github.com/google/oss-fuzz/blob/master/docs/ideal_integration.md. It now ticks a lot of the boxes: - It's maintained in Git - It's built with the rest of the tests in Travis - It has a seed corpus (currently quite basic) - It's continuously tested on the seed corpus with ASan - It's fast and has no OOMs
author: Max Dymond <cmeister2@gmail.com> 2017-09-02 14:33:55 +0100
committer: Abhishek Arya <inferno@chromium.org> 2017-09-02 06:33:55 -0700
commit: 253df53796fd42f91ea60c039ee34271bca0b46b (patch)
tree: bfae5c293672684cb8ea639afdbe8ded067dbe36 /projects/curl
parent: 656548e737c124bd68254398e3d023b33cf3a423 (diff)
download: oss-fuzz-253df53796fd42f91ea60c039ee34271bca0b46b.tar.gz
4 files changed, 14 insertions, 125 deletions
diff --git a/projects/curl/Dockerfile b/projects/curl/Dockerfile
index aa0e82e45..1afe523bc 100644
--- a/projects/curl/Dockerfile
+++ b/projects/curl/Dockerfile
@@ -20,5 +20,5 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool libssl-d
 
 RUN git clone --depth 1 https://github.com/curl/curl.git
 WORKDIR curl
-COPY build.sh curl_fuzzer.cc *.options *.dict $SRC/
+COPY build.sh *.options *.dict $SRC/
 
diff --git a/projects/curl/build.sh b/projects/curl/build.sh
index ee5a4c9a8..1b761b29e 100755
--- a/projects/curl/build.sh
+++ b/projects/curl/build.sh
@@ -15,17 +15,22 @@
 #
 ################################################################################
 
+echo "CC: $CC"
+echo "CXX: $CXX"
+echo "LIB_FUZZING_ENGINE: $LIB_FUZZING_ENGINE"
+echo "CFLAGS: $CFLAGS"
+echo "CXXFLAGS: $CXXFLAGS"
+
 ./buildconf
-./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null
+./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null --without-ssl
 make -j$(nproc)
 
 # Build the fuzzer.
-$CXX $CXXFLAGS $SRC/curl_fuzzer.cc -Iinclude lib/.libs/libcurl.a \
-  -o $OUT/curl_fuzzer \
-  -Wl,-Bstatic -lssl -lcrypto -lz -lFuzzingEngine -Wl,-Bdynamic
+cd tests/fuzz
+make all
+make zip
+
+cp -v curl_fuzzer curl_fuzzer_seed_corpus.zip $OUT/
 
 # Copy dictionary and options file to $OUT.
 cp $SRC/*.dict $SRC/*.options $OUT/
-
-# Archive and copy to $OUT seed corpus if the build succeeded.
-zip -j $OUT/curl_fuzzer_seed_corpus.zip $SRC/curl/tests/data/test*
diff --git a/projects/curl/curl_fuzzer.cc b/projects/curl/curl_fuzzer.cc
deleted file mode 100644
index b292e346e..000000000
--- a/projects/curl/curl_fuzzer.cc
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
-# Copyright 2016 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-*/
-
-#include <errno.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <curl/curl.h>
-
-static const void *cur_data;
-static int cur_size = -1;
-static int server_fd = -1;
-static int client_fd = -1;
-static bool wrote = false;
-
-static void fail(const char *why) {
-  perror(why);
-  exit(1);
-}
-
-static curl_socket_t open_sock(void *ctx, curlsocktype purpose,
-                               struct curl_sockaddr *address) {
-  if (cur_size == -1) fail("not fuzzing");
-  if (server_fd != -1 || client_fd != -1) fail("already connected");
-  int fds[2];
-  if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds)) fail("socketpair");
-  server_fd = fds[0];
-  client_fd = fds[1];
-  if (write(server_fd, cur_data, cur_size) != cur_size) fail("write");
-  if (shutdown(server_fd, SHUT_WR)) fail("shutdown");
-  return client_fd;
-}
-
-static int set_opt(void *ctx, curl_socket_t curlfd, curlsocktype purpose) {
-  return CURL_SOCKOPT_ALREADY_CONNECTED;
-}
-
-static size_t write_callback(char *ptr, size_t size, size_t n, void *ctx) {
-  return size * n;
-}
-
-static size_t read_callback(char *buf, size_t size, size_t n, void *ctx) {
-  if (wrote || size * n == 0) return 0;
-  wrote = true;
-  buf[0] = 'a';
-  return 1;
-}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  cur_data = Data;
-  cur_size = Size;
-  wrote = false;
-  CURL *curl = curl_easy_init();
-  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
-  curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
-  curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, open_sock);
-  curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, set_opt);
-#if defined(FUZZER_FTP)
-  curl_easy_setopt(curl, CURLOPT_URL, "ftp://user@localhost/file.txt");
-#elif defined(FUZZER_IMAP)
-  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
-  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
-  curl_easy_setopt(curl, CURLOPT_URL, "imap://localhost");
-#elif defined(FUZZER_POP3)
-  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
-  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
-  curl_easy_setopt(curl, CURLOPT_URL, "pop3://localhost");
-#elif defined(FUZZER_HTTP_UPLOAD)
-  curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/");
-  curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
-  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
-#elif defined(FUZZER_HTTP2)
-  curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/");
-  curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
-  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
-  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 0L);
-#else
-  curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/");
-  curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
-#endif
-  curl_easy_perform(curl);
-  curl_easy_cleanup(curl);
-  close(server_fd);
-  close(client_fd);
-  server_fd = -1;
-  client_fd = -1;
-  cur_data = NULL;
-  cur_size = -1;
-  return 0;
-}
diff --git a/projects/curl/project.yaml b/projects/curl/project.yaml
index 86351e629..4396635e1 100644
--- a/projects/curl/project.yaml
+++ b/projects/curl/project.yaml
@@ -2,6 +2,7 @@ homepage: "https://curl.haxx.se/"
 primary_contact: "daniel@haxx.se"
 auto_ccs:
   - "daniel.haxx@gmail.com"
+  - "cmeister2@gmail.com"
 sanitizers:
   - address
   - undefined
author	Max Dymond <cmeister2@gmail.com>	2017-09-02 14:33:55 +0100
committer	Abhishek Arya <inferno@chromium.org>	2017-09-02 06:33:55 -0700
commit	253df53796fd42f91ea60c039ee34271bca0b46b (patch)
tree	bfae5c293672684cb8ea639afdbe8ded067dbe36 /projects/curl
parent	656548e737c124bd68254398e3d023b33cf3a423 (diff)
download	oss-fuzz-253df53796fd42f91ea60c039ee34271bca0b46b.tar.gz