2019-04-04 01:23:07 +03:00
# Fuzzing Samba
2020-10-15 04:07:10 +03:00
See also https://wiki.samba.org/index.php/Fuzzing
2019-04-04 01:23:07 +03:00
Fuzzing supplies valid, invalid, unexpected or random data as input to a piece
of code. Instrumentation, usually compiler-implemented, is used to monitor for
exceptions such as crashes, assertions or memory corruption.
See [Wikipedia article on fuzzing ](https://en.wikipedia.org/wiki/Fuzzing ) for
more information.
2020-10-15 04:07:10 +03:00
# Honggfuzz
2019-04-04 01:23:07 +03:00
## Configure with fuzzing
Example command line to build binaries for use with
[honggfuzz ](https://github.com/google/honggfuzz/ ):
```sh
2022-03-28 13:49:24 +03:00
./configure -C --without-gettext --enable-debug --enable-developer \
2019-12-04 11:23:06 +03:00
--address-sanitizer --enable-libfuzzer --abi-check-disable \
2022-03-28 13:49:24 +03:00
CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
2019-04-04 01:23:07 +03:00
LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang
```
## Fuzzing tiniparser
Example for fuzzing `tiniparser` using `honggfuzz` (see `--help` for more
options):
```sh
2022-03-28 13:49:24 +03:00
make bin/fuzz_tiniparser & & \
2019-04-04 01:23:07 +03:00
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
--rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser
```
2019-12-04 11:23:06 +03:00
# AFL (american fuzzy lop)
## Configure with fuzzing
Example command line to build binaries for use with
[afl ](http://lcamtuf.coredump.cx/afl/ )
```sh
2022-03-28 13:49:24 +03:00
./configure -C --without-gettext --enable-debug --enable-developer \
2019-12-04 11:23:06 +03:00
--enable-afl-fuzzer --abi-check-disable \
2022-03-28 13:49:24 +03:00
CC=afl-gcc
2019-12-04 11:23:06 +03:00
```
## Fuzzing tiniparser
Example for fuzzing `tiniparser` using `afl-fuzz` (see `--help` for more
options):
```sh
2022-03-28 13:49:24 +03:00
make bin/fuzz_tiniparser build & & \
2019-12-04 11:23:06 +03:00
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser
```
2019-11-21 00:21:54 +03:00
# oss-fuzz
Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an
oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's
metadata in projects/samba, the following guides will help:
## Testing locally
https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally
## Debugging oss-fuzz
See https://google.github.io/oss-fuzz/advanced-topics/debugging/
## Samba-specific hints
A typical debugging workflow is:
oss-fuzz$ python infra/helper.py shell samba
git fetch $REMOTE $BRANCH
git checkout FETCH_HEAD
lib/fuzzing/oss-fuzz/build_image.sh
compile
This will pull in any new Samba deps and build Samba's fuzzers.
2019-04-04 01:23:07 +03:00
# vim: set sw=8 sts=8 ts=8 tw=79 :
