Wireshark: generate fuzzers for: OSPF, BGP, DNS, BOOTP and JSON dissectors. (#533)

2 files changed, 55 insertions, 12 deletions

diff --git a/projects/wireshark/Dockerfile b/projects/wireshark/Dockerfile
index 7d5d205ae..48523ba70 100644
--- a/projects/wireshark/Dockerfile
+++ b/projects/wireshark/Dockerfile
@@ -22,6 +22,7 @@ RUN apt-get install -y make autoconf automake libtool libtool-bin \
                        libglib2.0-dev libgcrypt20-dev
 
 RUN git clone --depth=1 https://code.wireshark.org/review/wireshark
+RUN git clone --depth=1 https://bitbucket.org/jwzawadzki/wireshark-fuzzdb.git
 
 WORKDIR wireshark
 COPY build.sh $SRC/
diff --git a/projects/wireshark/build.sh b/projects/wireshark/build.sh
index 48a0af894..0b5ddbde3 100755
--- a/projects/wireshark/build.sh
+++ b/projects/wireshark/build.sh
@@ -17,12 +17,50 @@
 
 # Wireshark build.sh script inspired from projects/ffmpeg/build.sh
 
-FUZZ_DISSECTORS="ip \
-  udp"
+FUZZ_DISSECTORS="ip"
+
+FUZZ_IP_PROTO_DISSECTORS="udp ospf"
+
+FUZZ_TCP_PORT_DISSECTORS="bgp"
+# FUZZ_TCP_PORT_DISSECTORS="$FUZZ_TCP_PORT_DISSECTORS bzr"   # disabled, cause of known problem.
+# FUZZ_TCP_PORT_DISSECTORS="$FUZZ_TCP_PORT_DISSECTORS echo"  # disabled, too simple.
+
+FUZZ_UDP_PORT_DISSECTORS="dns bootp"
+# FUZZ_UDP_PORT_DISSECTORS="$FUZZ_UDP_PORT_DISSECTORS bfd"   # disabled, too simple.
+
+FUZZ_MEDIA_TYPE_DISSECTORS="json"
+
+# generate_fuzzer <fuzzer_target> <fuzzer_cflags>
+generate_fuzzer()
+{
+  local fuzzer_target="$1" fuzzer_cflags="$2" fuzzer_name
+
+  fuzzer_name="fuzzshark_$1"
+
+  # -I$SRC/wireshark is correct, wireshark don't install header files.
+  $CC $CFLAGS -I $SRC/wireshark/ `pkg-config --cflags glib-2.0` \
+      $SRC/wireshark/tools/oss-fuzzshark.c \
+      -c -o $WORK/${fuzzer_name}.o \
+      $fuzzer_cflags
+
+  $CXX $CXXFLAGS $WORK/${fuzzer_name}.o \
+      -o $OUT/${fuzzer_name} \
+      ${WIRESHARK_FUZZERS_COMMON_FLAGS}
+
+  echo -en "[libfuzzer]\nmax_len = 1024\n" > $OUT/${fuzzer_name}.options
+  if [ -d "$SAMPLES_DIR/${fuzzer_target}" ]; then
+    zip -j $OUT/${fuzzer_name}_seed_corpus.zip $SAMPLES_DIR/${fuzzer_target}/*/*.bin
+  fi
+}
 
 export WIRESHARK_INSTALL_PATH="$WORK/install"
 mkdir -p "$WIRESHARK_INSTALL_PATH"
 
+# Prepare Samples directory
+SAMPLES_DIR="$WORK/samples"
+mkdir -p "$SAMPLES_DIR"
+cp -a $SRC/wireshark-fuzzdb/samples/* "$SAMPLES_DIR"
+
 # compile static version of libs
 # XXX, with static wireshark linking each fuzzer binary is ~240 MB (just libwireshark.a is 423 MBs).
 # XXX, wireshark is not ready for including static plugins into binaries.
@@ -51,17 +89,21 @@ WIRESHARK_FUZZERS_COMMON_FLAGS="-lFuzzingEngine \
     -Wl,-Bstatic `pkg-config --libs glib-2.0` -pthread -lpcre -lgcrypt -lgpg-error -lz -Wl,-Bdynamic"
 
 for dissector in $FUZZ_DISSECTORS; do
-  fuzzer_name=fuzzshark_dissector_${dissector}
+  generate_fuzzer "${dissector}" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"
+done
 
-  # -I$SRC/wireshark is correct, wireshark don't install header files.
-  $CC $CFLAGS -I $SRC/wireshark/ `pkg-config --cflags glib-2.0` \
-      $SRC/wireshark/tools/oss-fuzzshark.c \
-      -c -o $WORK/${fuzzer_name}.o \
-      -DFUZZ_DISSECTOR_TARGET=\"$dissector\"
+for dissector in $FUZZ_IP_PROTO_DISSECTORS; do
+  generate_fuzzer "ip_proto-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"ip.proto\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\""
+done
 
-  $CXX $CXXFLAGS $WORK/${fuzzer_name}.o \
-      -o $OUT/${fuzzer_name} \
-      ${WIRESHARK_FUZZERS_COMMON_FLAGS}
+for dissector in $FUZZ_TCP_PORT_DISSECTORS; do
+  generate_fuzzer "tcp_port-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"tcp.port\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\""
+done
 
-  echo -en "[libfuzzer]\nmax_len = 1024\n" > $OUT/${fuzzer_name}.options
+for dissector in $FUZZ_UDP_PORT_DISSECTORS; do
+  generate_fuzzer "udp_port-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"udp.port\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\""
+done
+
+for dissector in $FUZZ_MEDIA_TYPE_DISSECTORS; do
+  generate_fuzzer "media_type-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"media_type\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\""
 done