diff options
author | DavidKorczynski <david@adalogics.com> | 2021-07-29 17:42:39 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-29 17:42:39 +0100 |
commit | e3ad773061c79c08a90cbb93db987c57c8f66f9d (patch) | |
tree | bfef8e2280d2582e2d9eeb9730945124af970d6a /projects/net-snmp | |
parent | 8eb04554765201beacdc2a3eb98f6b725d222b75 (diff) | |
download | oss-fuzz-e3ad773061c79c08a90cbb93db987c57c8f66f9d.tar.gz |
net-snmp: migrate fuzzers upstream. (#6113)
* net-snmp: migrate fuzzers upstream.
* fix correct upstream link.
Diffstat (limited to 'projects/net-snmp')
-rw-r--r-- | projects/net-snmp/Dockerfile | 5 | ||||
-rw-r--r-- | projects/net-snmp/agentx_parse_fuzzer.c | 47 | ||||
-rwxr-xr-x | projects/net-snmp/build.sh | 19 | ||||
-rw-r--r-- | projects/net-snmp/parse_octet_hint_fuzzer.c | 52 | ||||
-rw-r--r-- | projects/net-snmp/read_objid_fuzzer.c | 46 | ||||
-rw-r--r-- | projects/net-snmp/snmp_mib_fuzzer.c | 60 | ||||
-rw-r--r-- | projects/net-snmp/snmp_parse_fuzzer.c | 45 | ||||
-rw-r--r-- | projects/net-snmp/snmp_parse_oid_fuzzer.c | 50 | ||||
-rw-r--r-- | projects/net-snmp/snmp_pdu_parse_fuzzer.c | 44 | ||||
-rw-r--r-- | projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c | 44 |
10 files changed, 7 insertions, 405 deletions
diff --git a/projects/net-snmp/Dockerfile b/projects/net-snmp/Dockerfile index e67cbb4d9..72dfa667d 100644 --- a/projects/net-snmp/Dockerfile +++ b/projects/net-snmp/Dockerfile @@ -16,9 +16,6 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf libtool libssl-dev -RUN git clone --depth 1 git://git.code.sf.net/p/net-snmp/code net-snmp +RUN git clone https://github.com/net-snmp/net-snmp net-snmp WORKDIR net-snmp COPY build.sh $SRC/ -# -# Until the project moves the fuzzers to the source tree -COPY *_fuzzer.c $SRC/ diff --git a/projects/net-snmp/agentx_parse_fuzzer.c b/projects/net-snmp/agentx_parse_fuzzer.c deleted file mode 100644 index 436011208..000000000 --- a/projects/net-snmp/agentx_parse_fuzzer.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This fuzzer exercises the agentx PDU parsing code. - */ -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -/* We build with the agent/mibgroup/agentx dir in an -I */ -#include <protocol.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); - netsnmp_session session; - - session.version = AGENTX_VERSION_1; - agentx_parse(&session, pdu, (unsigned char *)data, size); - snmp_free_pdu(pdu); - return 0; -} diff --git a/projects/net-snmp/build.sh b/projects/net-snmp/build.sh index 2a0f061f3..158c99ddf 100755 --- a/projects/net-snmp/build.sh +++ b/projects/net-snmp/build.sh @@ -20,19 +20,12 @@ # net-snmp build is not parallel-make safe; do not add -j make -# build fuzzers (remember to link statically) -fuzzers=( - agentx_parse - parse_octet_hint - read_objid - snmp_mib - snmp_parse - snmp_parse_oid - snmp_pdu_parse - snmp_scoped_pdu_parse -) -for fuzzname in "${fuzzers[@]}"; do - $CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/${fuzzname}_fuzzer.c -o $WORK/${fuzzname}_fuzzer.o +# build fuzzers and link statically +fuzzers=$(find ./fuzzing -name "*_fuzzer.c") +suffix="_fuzzer\.c" +for fuzzer in ${fuzzers}; do + fuzzname=$(basename -- ${fuzzer%$suffix}) + $CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx ./fuzzing/${fuzzname}_fuzzer.c -o $WORK/${fuzzname}_fuzzer.o $CXX $CXXFLAGS $WORK/${fuzzname}_fuzzer.o \ $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \ agent/.libs/libnetsnmpagent.a \ diff --git a/projects/net-snmp/parse_octet_hint_fuzzer.c b/projects/net-snmp/parse_octet_hint_fuzzer.c deleted file mode 100644 index 0495f3b5f..000000000 --- a/projects/net-snmp/parse_octet_hint_fuzzer.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <assert.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> -#include <string.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *hint, *value; - int value_start, new_val_len; - unsigned char *new_val; - - hint = strndup((const char *)data, size); - value_start = strlen(hint); - assert(value_start <= size); - value = strndup((const char *)data + value_start, size - value_start); - parse_octet_hint(hint, value, &new_val, &new_val_len); - free(new_val); - free(hint); - free(value); - return 0; -} diff --git a/projects/net-snmp/read_objid_fuzzer.c b/projects/net-snmp/read_objid_fuzzer.c deleted file mode 100644 index 1d49508b9..000000000 --- a/projects/net-snmp/read_objid_fuzzer.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - oid *objid = malloc(MAX_OID_LEN * sizeof(oid)); - size_t objidlen = MAX_OID_LEN; - char *input; - - input = strndup((const char *)data, size); - read_objid(input, objid, &objidlen); - free(objid); - free(input); - return 0; -} diff --git a/projects/net-snmp/snmp_mib_fuzzer.c b/projects/net-snmp/snmp_mib_fuzzer.c deleted file mode 100644 index ccac14a9f..000000000 --- a/projects/net-snmp/snmp_mib_fuzzer.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> -#include <unistd.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int SecmodInMsg_CB(struct snmp_secmod_incoming_params *sp1) { - return SNMPERR_SUCCESS; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - char *filename; - if (asprintf(&filename, "/tmp/fuzzed-mib.%d", getpid()) == -1) { - return 0; - } - - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 0; - } - fwrite(data, size, 1, fp); - fclose(fp); - - // Read the file - read_mib(filename); - - unlink(filename); - free(filename); - return 0; -} diff --git a/projects/net-snmp/snmp_parse_fuzzer.c b/projects/net-snmp/snmp_parse_fuzzer.c deleted file mode 100644 index bc247f583..000000000 --- a/projects/net-snmp/snmp_parse_fuzzer.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. - */ -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - size_t bytes_remaining = size; - netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); - - netsnmp_session sess = { }; - snmpv3_parse(pdu, (unsigned char *)data, &bytes_remaining, NULL, &sess); - snmp_free_pdu(pdu); - return 0; -} diff --git a/projects/net-snmp/snmp_parse_oid_fuzzer.c b/projects/net-snmp/snmp_parse_oid_fuzzer.c deleted file mode 100644 index 2b069f7f8..000000000 --- a/projects/net-snmp/snmp_parse_oid_fuzzer.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int SecmodInMsg_CB(struct snmp_secmod_incoming_params *sp1) { - return SNMPERR_SUCCESS; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - oid *root = malloc(MAX_OID_LEN * sizeof(oid)); - size_t rootlen; - char *input; - - input = strndup((const char *)data, size); - snmp_parse_oid((const char *)input, root, &rootlen); - free(root); - free(input); - return 0; -} diff --git a/projects/net-snmp/snmp_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_pdu_parse_fuzzer.c deleted file mode 100644 index 6d45552db..000000000 --- a/projects/net-snmp/snmp_pdu_parse_fuzzer.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. - */ -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - size_t bytes_remaining = size; - netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); - - snmp_pdu_parse(pdu, (unsigned char *)data, &bytes_remaining); - snmp_free_pdu(pdu); - return 0; -} diff --git a/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c deleted file mode 100644 index d7e1957c4..000000000 --- a/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. - */ -#include <net-snmp/net-snmp-config.h> -#include <net-snmp/net-snmp-includes.h> -#include <stddef.h> -#include <stdint.h> -#include <stdlib.h> - -int LLVMFuzzerInitialize(int *argc, char ***argv) { - if (getenv("NETSNMP_DEBUGGING") != NULL) { - /* - * Turn on all debugging, to help understand what - * bits of the parser are running. - */ - snmp_enable_stderrlog(); - snmp_set_do_debugging(1); - debug_register_tokens(""); - } - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - size_t bytes_remaining = size; - netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); - - snmpv3_scopedPDU_parse(pdu, (unsigned char *)data, &bytes_remaining); - snmp_free_pdu(pdu); - return 0; -} |