libzmq: move fuzzers to libzmq's repository (#3719)

A specific configure option and installation directory have been
added for fuzzers built with an external engine via:
https://github.com/zeromq/libzmq/pull/3885

Also clone and build libsodium, as the encryption feature is using
its safe memory APIs.

5 files changed, 15 insertions, 198 deletions

diff --git a/projects/libzmq/Dockerfile b/projects/libzmq/Dockerfile
index 552c982f5..40769f294 100644
--- a/projects/libzmq/Dockerfile
+++ b/projects/libzmq/Dockerfile
@@ -18,5 +18,6 @@ FROM gcr.io/oss-fuzz-base/base-builder
 MAINTAINER bluca@debian.org
 RUN apt-get update && apt-get install -y make autoconf automake libtool gettext pkg-config build-essential
 RUN git clone --depth 1 https://github.com/zeromq/libzmq.git
+RUN git clone --depth 1 -b stable https://github.com/jedisct1/libsodium.git
 WORKDIR libzmq
-COPY build.sh *.cc $SRC/
+COPY build.sh $SRC/
diff --git a/projects/libzmq/build.sh b/projects/libzmq/build.sh
index db574888f..8dce7ea8f 100755
--- a/projects/libzmq/build.sh
+++ b/projects/libzmq/build.sh
@@ -1,5 +1,6 @@
 #!/bin/bash -eu
 # Copyright 2020 Google Inc.
+# Copyright 2020 Luca Boccassi <bluca@debian.org>
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,16 +16,17 @@
 #
 ################################################################################
 
-# build project
-cd $SRC/libzmq
+# build project and dependencies
+cd "${SRC}/libsodium"
 ./autogen.sh
-./configure --disable-shared --disable-perf --disable-curve-keygen
-make -j$(nproc) V=1
+./configure --disable-shared
+make -j$(nproc) V=1 install DESTDIR=/tmp/zmq_install_dir
 
-# build fuzzers
-for fuzzers in $(find $SRC -name '*_fuzzer.cc'); do
-  fuzz_basename=$(basename -s .cc $fuzzers)
-  $CXX $CXXFLAGS -std=c++11 -I. \
-  $fuzzers $LIB_FUZZING_ENGINE ./src/.libs/libzmq.a  \
-  -o $OUT/$fuzz_basename
-done
+cd "${SRC}/libzmq"
+./autogen.sh
+export LDFLAGS="$(PKG_CONFIG_PATH=/tmp/zmq_install_dir/usr/local/lib/pkgconfig pkg-config --static --libs --define-prefix libsodium)"
+export CXXFLAGS="$CXXFLAGS $(PKG_CONFIG_PATH=/tmp/zmq_install_dir/usr/local/lib/pkgconfig pkg-config --static --cflags --define-prefix libsodium)"
+./configure --disable-shared --disable-perf --disable-curve-keygen PKG_CONFIG_PATH=/tmp/zmq_install_dir/usr/local/lib/pkgconfig --with-libsodium=yes --with-fuzzing-installdir=fuzzers --with-fuzzing-engine=$LIB_FUZZING_ENGINE
+make -j$(nproc) V=1 install DESTDIR=/tmp/zmq_install_dir
+
+cp /tmp/zmq_install_dir/usr/local/fuzzers/* "${OUT}"
diff --git a/projects/libzmq/decode_fuzzer.cc b/projects/libzmq/decode_fuzzer.cc
deleted file mode 100644
index ef3f86a6e..000000000
--- a/projects/libzmq/decode_fuzzer.cc
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2019 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <fuzzer/FuzzedDataProvider.h>
-
-#include <cstddef>
-#include <cstdint>
-#include <string>
-
-#include "include/zmq.h"
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  uint8_t *secret_key;
-  // As per API definition, input must be divisible by 5, so truncate it if it's not
-  size -= size % 5;
-  // As per API definition, the destination must be at least 0.8 times the input data
-  secret_key = (uint8_t *)malloc(size * 4 / 5);
-  if (!secret_key)
-    return -1;
-  std::string z85_secret_key(reinterpret_cast<const char *>(data), size);
-  zmq_z85_decode(secret_key, z85_secret_key.c_str());
-  free(secret_key);
-  return 0;
-}
diff --git a/projects/libzmq/socket_bind_fuzzer.cc b/projects/libzmq/socket_bind_fuzzer.cc
deleted file mode 100644
index c47ba17da..000000000
--- a/projects/libzmq/socket_bind_fuzzer.cc
+++ /dev/null
@@ -1,74 +0,0 @@
-// Copyright 2020 Luca Boccassi <bluca@debian.org>
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <fuzzer/FuzzedDataProvider.h>
-
-#include <cstddef>
-#include <cstdint>
-#include <string>
-#include <assert.h>
-#include <arpa/inet.h>
-#include <unistd.h>
-
-#include "include/zmq.h"
-
-// Test that the ZMTP engine handles invalid handshake when binding
-// https://rfc.zeromq.org/spec/37/
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    void *server, *ctx;
-    struct sockaddr_in ip4addr;
-    char endpoint[32];
-    size_t endpoint_len = 32, sent_bytes;
-    unsigned short port;
-    int client, rc, linger = 0;
-
-    ctx = zmq_ctx_new ();
-    assert(ctx);
-    server = zmq_socket(ctx, ZMQ_PUB);
-    assert(server);
-    rc = zmq_setsockopt (server, ZMQ_LINGER, &linger, sizeof(linger));
-    assert(rc == 0);
-    rc = zmq_bind(server, "tcp://127.0.0.1:*");
-    assert(rc == 0);
-    rc = zmq_getsockopt(server, ZMQ_LAST_ENDPOINT, endpoint, &endpoint_len);
-    assert(rc == 0);
-    rc = sscanf(endpoint, "tcp://127.0.0.1:%hu", &port);
-    assert(rc == 1);
-
-    ip4addr.sin_family = AF_INET;
-    ip4addr.sin_port = htons(port);
-    inet_pton(AF_INET, "127.0.0.1", &ip4addr.sin_addr);
-    client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-    assert(client >= 0);
-    rc = connect(client, reinterpret_cast<struct sockaddr *> (&ip4addr), sizeof(ip4addr));
-    assert(rc >= 0);
-
-    // Send as many bytes as possible, and then let the background I/O thread
-    // have some time to handle them.
-    // We should at least be able to send 33 bytes, which is the very first
-    // part of the ZMTP 3.x handshake. Otherwise something is not quite right
-    // in the localhost connection we set up.
-    sent_bytes = write(client, (const char *)data, size);
-    assert(size < 33 || sent_bytes >= 33);
-    usleep (static_cast<useconds_t> (250) * 1000);
-
-    close(client);
-
-    rc = zmq_close(server);
-    assert(rc == 0);
-    rc = zmq_ctx_term(ctx);
-    assert(rc == 0);
-
-    return 0;
-}
diff --git a/projects/libzmq/socket_connect_fuzzer.cc b/projects/libzmq/socket_connect_fuzzer.cc
deleted file mode 100644
index ee586fb38..000000000
--- a/projects/libzmq/socket_connect_fuzzer.cc
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright 2020 Luca Boccassi <bluca@debian.org>
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <fuzzer/FuzzedDataProvider.h>
-
-#include <cstddef>
-#include <cstdint>
-#include <string>
-#include <assert.h>
-#include <arpa/inet.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#include "include/zmq.h"
-
-// Test that the ZMTP engine handles invalid handshake when connecting
-// https://rfc.zeromq.org/spec/37/
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    void *client, *ctx;
-    struct sockaddr_in ip4addr;
-    socklen_t ip4addr_len = sizeof(ip4addr);
-    char endpoint[32];
-    size_t sent_bytes;
-    int server, server_accept, rc;
-
-    ip4addr.sin_family = AF_INET;
-    ip4addr.sin_port = 0;
-    inet_pton(AF_INET, "127.0.0.1", &ip4addr.sin_addr);
-    server = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-    assert(server >= 0);
-    rc = bind(server, reinterpret_cast<struct sockaddr *> (&ip4addr), sizeof(ip4addr));
-    assert(rc >= 0);
-    rc = listen (server, SOMAXCONN);
-    assert(rc == 0);
-    rc = getsockname (server, (struct sockaddr *) &ip4addr, &ip4addr_len);
-    assert(rc == 0);
-    sprintf(endpoint, "tcp://127.0.0.1:%u", ntohs(ip4addr.sin_port));
-
-    ctx = zmq_ctx_new ();
-    assert(ctx);
-    client = zmq_socket(ctx, ZMQ_SUB);
-    assert(client);
-    rc = zmq_connect(client, endpoint);
-    assert(rc == 0);
-
-    // Send as many bytes as possible, and then let the background I/O thread
-    // have some time to handle them.
-    // We should at least be able to send 33 bytes, which is the very first
-    // part of the ZMTP 3.x handshake. Otherwise something is not quite right
-    // in the localhost connection we set up.
-    server_accept = accept(server, NULL, NULL);
-    sent_bytes = write(server_accept, (const char *)data, size);
-    assert(size < 33 || sent_bytes >= 33);
-    usleep (static_cast<useconds_t> (250) * 1000);
-
-    close(server_accept);
-    close(server);
-
-    rc = zmq_close(client);
-    assert(rc == 0);
-    rc = zmq_ctx_term(ctx);
-    assert(rc == 0);
-
-    return 0;
-}