diff options
author | jwzawadzki <jbwzawadzki@gmail.com> | 2017-04-18 23:05:54 +0200 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2017-04-18 14:05:54 -0700 |
commit | 1829a50342bd076424294941973d4502a11d4702 (patch) | |
tree | 63df165df2e3e3f8b2363ef62abd29fa74e516cf /projects/wireshark | |
parent | 9ffc7cc9b5e8a383b4ca9d7b528722ba40f95b25 (diff) | |
download | oss-fuzz-1829a50342bd076424294941973d4502a11d4702.tar.gz |
Wireshark: generate fuzzers for: OSPF, BGP, DNS, BOOTP and JSON dissectors. (#533)
Diffstat (limited to 'projects/wireshark')
-rw-r--r-- | projects/wireshark/Dockerfile | 1 | ||||
-rwxr-xr-x | projects/wireshark/build.sh | 66 |
2 files changed, 55 insertions, 12 deletions
diff --git a/projects/wireshark/Dockerfile b/projects/wireshark/Dockerfile index 7d5d205ae..48523ba70 100644 --- a/projects/wireshark/Dockerfile +++ b/projects/wireshark/Dockerfile @@ -22,6 +22,7 @@ RUN apt-get install -y make autoconf automake libtool libtool-bin \ libglib2.0-dev libgcrypt20-dev RUN git clone --depth=1 https://code.wireshark.org/review/wireshark +RUN git clone --depth=1 https://bitbucket.org/jwzawadzki/wireshark-fuzzdb.git WORKDIR wireshark COPY build.sh $SRC/ diff --git a/projects/wireshark/build.sh b/projects/wireshark/build.sh index 48a0af894..0b5ddbde3 100755 --- a/projects/wireshark/build.sh +++ b/projects/wireshark/build.sh @@ -17,12 +17,50 @@ # Wireshark build.sh script inspired from projects/ffmpeg/build.sh -FUZZ_DISSECTORS="ip \ - udp" +FUZZ_DISSECTORS="ip" + +FUZZ_IP_PROTO_DISSECTORS="udp ospf" + +FUZZ_TCP_PORT_DISSECTORS="bgp" +# FUZZ_TCP_PORT_DISSECTORS="$FUZZ_TCP_PORT_DISSECTORS bzr" # disabled, cause of known problem. +# FUZZ_TCP_PORT_DISSECTORS="$FUZZ_TCP_PORT_DISSECTORS echo" # disabled, too simple. + +FUZZ_UDP_PORT_DISSECTORS="dns bootp" +# FUZZ_UDP_PORT_DISSECTORS="$FUZZ_UDP_PORT_DISSECTORS bfd" # disabled, too simple. + +FUZZ_MEDIA_TYPE_DISSECTORS="json" + +# generate_fuzzer <fuzzer_target> <fuzzer_cflags> +generate_fuzzer() +{ + local fuzzer_target="$1" fuzzer_cflags="$2" fuzzer_name + + fuzzer_name="fuzzshark_$1" + + # -I$SRC/wireshark is correct, wireshark don't install header files. + $CC $CFLAGS -I $SRC/wireshark/ `pkg-config --cflags glib-2.0` \ + $SRC/wireshark/tools/oss-fuzzshark.c \ + -c -o $WORK/${fuzzer_name}.o \ + $fuzzer_cflags + + $CXX $CXXFLAGS $WORK/${fuzzer_name}.o \ + -o $OUT/${fuzzer_name} \ + ${WIRESHARK_FUZZERS_COMMON_FLAGS} + + echo -en "[libfuzzer]\nmax_len = 1024\n" > $OUT/${fuzzer_name}.options + if [ -d "$SAMPLES_DIR/${fuzzer_target}" ]; then + zip -j $OUT/${fuzzer_name}_seed_corpus.zip $SAMPLES_DIR/${fuzzer_target}/*/*.bin + fi +} export WIRESHARK_INSTALL_PATH="$WORK/install" mkdir -p "$WIRESHARK_INSTALL_PATH" +# Prepare Samples directory +SAMPLES_DIR="$WORK/samples" +mkdir -p "$SAMPLES_DIR" +cp -a $SRC/wireshark-fuzzdb/samples/* "$SAMPLES_DIR" + # compile static version of libs # XXX, with static wireshark linking each fuzzer binary is ~240 MB (just libwireshark.a is 423 MBs). # XXX, wireshark is not ready for including static plugins into binaries. @@ -51,17 +89,21 @@ WIRESHARK_FUZZERS_COMMON_FLAGS="-lFuzzingEngine \ -Wl,-Bstatic `pkg-config --libs glib-2.0` -pthread -lpcre -lgcrypt -lgpg-error -lz -Wl,-Bdynamic" for dissector in $FUZZ_DISSECTORS; do - fuzzer_name=fuzzshark_dissector_${dissector} + generate_fuzzer "${dissector}" -DFUZZ_DISSECTOR_TARGET=\"$dissector\" +done - # -I$SRC/wireshark is correct, wireshark don't install header files. - $CC $CFLAGS -I $SRC/wireshark/ `pkg-config --cflags glib-2.0` \ - $SRC/wireshark/tools/oss-fuzzshark.c \ - -c -o $WORK/${fuzzer_name}.o \ - -DFUZZ_DISSECTOR_TARGET=\"$dissector\" +for dissector in $FUZZ_IP_PROTO_DISSECTORS; do + generate_fuzzer "ip_proto-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"ip.proto\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" +done - $CXX $CXXFLAGS $WORK/${fuzzer_name}.o \ - -o $OUT/${fuzzer_name} \ - ${WIRESHARK_FUZZERS_COMMON_FLAGS} +for dissector in $FUZZ_TCP_PORT_DISSECTORS; do + generate_fuzzer "tcp_port-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"tcp.port\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" +done - echo -en "[libfuzzer]\nmax_len = 1024\n" > $OUT/${fuzzer_name}.options +for dissector in $FUZZ_UDP_PORT_DISSECTORS; do + generate_fuzzer "udp_port-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"udp.port\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" +done + +for dissector in $FUZZ_MEDIA_TYPE_DISSECTORS; do + generate_fuzzer "media_type-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"media_type\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" done |