[pidgin] Initial integration (#5871)

* [teleport] Initial integration

* Minor update to run tests again

* [pidgin] Initial integration

* Refactoring

* add a utils fuzzer.

* fix fuzzer name.

* extend utils fuzzer.

* further extend utils fuzzer.

* updated the pidgin utils fuzzer.

* add my email to the proejct list.

* Improve xml fuzzer

* Clean up

* update utils fuzzer to target more markup functions.

* use latest version of pidgin.

* updated the build script.

Co-authored-by: davkor <david@adalogics.com>

5 files changed, 303 insertions, 0 deletions

diff --git a/projects/pidgin/Dockerfile b/projects/pidgin/Dockerfile
new file mode 100644
index 000000000..aa93e960d
--- /dev/null
+++ b/projects/pidgin/Dockerfile
@@ -0,0 +1,38 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        make autoconf automake libtool pkg-config \
+        zlib1g-dev zlib1g-dev:i386 liblzma-dev liblzma-dev:i386 \
+        wget intltool  sasl2-bin python3-pip
+RUN pip3 install -U meson ninja
+
+RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/glib
+RUN git clone --depth 1 https://gitlab.gnome.org/GNOME/libxml2.git
+RUN wget https://sourceforge.net/projects/pidgin/files/Pidgin/2.14.5/pidgin-2.14.5.tar.bz2
+RUN wget ftp://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz
+
+RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus
+RUN git clone --depth 1 https://github.com/google/fuzzing
+
+WORKDIR $SRC
+
+COPY build.sh \	
+     pidgin_xml_fuzzer.c \
+     pidgin_utils_fuzzer.c \
+     $SRC/
diff --git a/projects/pidgin/build.sh b/projects/pidgin/build.sh
new file mode 100644
index 000000000..33bcf367e
--- /dev/null
+++ b/projects/pidgin/build.sh
@@ -0,0 +1,127 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Place to keep dependencies for static linking
+DEPS=/deps
+mkdir ${DEPS}
+
+
+# Build libffi
+cd $SRC
+tar xvfz libffi-3.2.1.tar.gz
+cd libffi-3.2.1
+./configure --disable-shared
+make -j$(nproc)
+export LIBFFI_LIBS="-L/src/libffi-3.2.1 libraries/ -lffi"
+cp ./x86_64-unknown-linux-gnu/.libs/libffi.a ${DEPS}/
+
+
+# Build libxml2
+cd $SRC/libxml2
+./autogen.sh \
+    --disable-shared \
+    --without-debug \
+    --without-ftp \
+    --without-http \
+    --without-legacy \
+    --without-python
+make -j$(nproc)
+make install
+cp .libs/libxml2.a ${DEPS}/
+
+
+# Build glib
+cd $SRC/glib
+GLIB_BUILD=$WORK/meson
+rm -rf $GLIB_BUILD
+mkdir $GLIB_BUILD
+meson $GLIB_BUILD \
+  -Db_lundef=false \
+  -Ddefault_library=static \
+  -Dlibmount=disabled
+ninja -C $GLIB_BUILD
+ninja -C $GLIB_BUILD install
+
+cp ${GLIB_BUILD}/gobject/libgobject-2.0.a ${DEPS}/
+cp ${GLIB_BUILD}/gmodule/libgmodule-2.0.a ${DEPS}/
+cp ${GLIB_BUILD}/glib/libglib-2.0.a ${DEPS}/
+
+
+# Build Pidgin
+cd $SRC 
+tar -xf pidgin-2.14.5.tar.bz2
+mv pidgin-2.14.5 pidgin
+cd pidgin
+./configure --disable-consoleui \
+            --disable-shared \
+            --disable-screensaver \
+            --disable-sm \
+            --disable-gtkspell \
+            --disable-gevolution \
+            --enable-gnutls=no \
+            --disable-gstreamer \
+            --disable-vv \
+            --disable-idn \
+            --disable-meanwhile \
+            --disable-avahi \
+            --disable-dbus \
+            --disable-perl \
+            --disable-tcl \
+            --disable-cyrus-sasl \
+            --disable-gtkui \
+            --enable-nss=no
+make -j$(nproc)
+
+
+# Build fuzzers
+readonly FUZZERS=( \
+  pidgin_xml_fuzzer
+  pidgin_utils_fuzzer
+)
+
+cd libpurple
+cp $SRC/*fuzzer.c .
+
+for fuzzer in "${FUZZERS[@]}"; do
+  $CC $CFLAGS -DHAVE_CONFIG_H \
+    -I. \
+    -I.. \
+    -I${SRC}/glib \
+    -I${SRC}/glib/glib \
+    -I${SRC}/glib/gmodule \
+    -I${GLIB_BUILD} \
+    -I${GLIB_BUILD}/glib \
+    -I/usr/lib/x86_64-linux-gnu/glib-2.0/include \
+    -I/src/pidgin/libpurple/protocols/jabber \
+    -I/usr/local/include/libxml2 \
+    -c $fuzzer.c \
+    -o $fuzzer.o
+
+  $CC $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.o \
+    -o $OUT/$fuzzer \
+    /src/pidgin/libpurple/protocols/jabber/.libs/libjabber.a \
+    ./.libs/libpurple.a \
+    ${DEPS}/libxml2.a \
+    ${DEPS}/libgobject-2.0.a \
+    ${DEPS}/libgmodule-2.0.a \
+    ${DEPS}/libglib-2.0.a \
+    ${DEPS}/libffi.a \
+    -lresolv -lz -llzma
+done
+
+zip $OUT/pidgin_xml_fuzzer_seed_corpus.zip $SRC/go-fuzz-corpus/xml/corpus/*
+cp $SRC/fuzzing/dictionaries/xml.dict $OUT/pidgin_xml_fuzzer.dict
diff --git a/projects/pidgin/pidgin_utils_fuzzer.c b/projects/pidgin/pidgin_utils_fuzzer.c
new file mode 100644
index 000000000..ce386bb77
--- /dev/null
+++ b/projects/pidgin/pidgin_utils_fuzzer.c
@@ -0,0 +1,78 @@
+/*
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "util.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  char *nstr = (char *)malloc(size + 1);
+  if (nstr == NULL) {
+    return 0;
+  }
+  memcpy(nstr, data, size);
+  nstr[size] = '\0';
+
+  guchar *tmp = NULL;
+  gsize retlen;
+
+  if (size % 2 == 0 && strlen(nstr) > 0) {
+    tmp = purple_base16_decode(nstr, &retlen);
+    if (tmp != NULL) {
+      g_free(tmp);
+    }
+  }
+
+  tmp = NULL;
+  tmp = purple_quotedp_decode(nstr, &retlen);
+  if (tmp != NULL) {
+    g_free(tmp);
+  }
+
+  char *tmp2 = NULL;
+  tmp2 = purple_mime_decode_field(nstr);
+  if (tmp2 != NULL) {
+    free(tmp2);
+  }
+
+  purple_str_to_time(nstr, TRUE, NULL, NULL, NULL);
+
+  gchar *xhtml = NULL;
+  gchar *plaintext = NULL;
+  purple_markup_html_to_xhtml(nstr, &xhtml, &plaintext);
+
+  if (xhtml != NULL) {
+    g_free(xhtml);
+  }
+
+  if (plaintext != NULL) {
+    g_free(plaintext);
+  }
+
+  char *tmp3 = purple_markup_strip_html(nstr);
+  if (tmp3 != NULL) {
+    free(tmp3);
+  }
+
+  purple_markup_is_rtl(nstr);
+
+  free(nstr);
+  return 0;
+}
diff --git a/projects/pidgin/pidgin_xml_fuzzer.c b/projects/pidgin/pidgin_xml_fuzzer.c
new file mode 100644
index 000000000..a91034a5e
--- /dev/null
+++ b/projects/pidgin/pidgin_xml_fuzzer.c
@@ -0,0 +1,55 @@
+/*
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "xmlnode.h"
+#include "caps.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  char *malicious_xml = (char *)malloc(size + 1);
+  if (malicious_xml == NULL) {
+    return 0;
+  }
+  memcpy(malicious_xml, data, size);
+  malicious_xml[size] = '\0';
+
+  xmlnode *isc = xmlnode_from_str(malicious_xml, size+1);
+  if (isc != NULL) {    
+    xmlnode_set_attrib(isc, "name", "query");
+    
+    // Parse Jabber caps
+    JabberCapsClientInfo *info = jabber_caps_parse_client_info(isc);
+    gchar *got_hash = jabber_caps_calculate_hash(info, ("sha1"));
+
+    // Insert a child
+    xmlnode *child = xmlnode_new_child(isc, "query");
+    xmlnode_insert_child(isc, child);
+
+    // Get data
+    char *retrieved_data = xmlnode_get_data(isc);
+    char *retrieved_data_unescaped = xmlnode_get_data_unescaped(isc);
+
+    xmlnode_free(isc);
+  }
+
+  free(malicious_xml);
+  return 0;
+}
\ No newline at end of file
diff --git a/projects/pidgin/project.yaml b/projects/pidgin/project.yaml
index d94a2688d..1990dae4c 100644
--- a/projects/pidgin/project.yaml
+++ b/projects/pidgin/project.yaml
@@ -1,2 +1,7 @@
 homepage: "https://www.pidgin.im/"
 primary_contact: "gary.kramlich@gmail.com"
+language: c
+auto_ccs:
+  - Adam@adalogics.com
+  - david@adalogics.com
+main_repo: 'https://sourceforge.net/projects/pidgin/files/Pidgin/2.14.4/pidgin-2.14.4.tar.bz2'