1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Add fuzzing support to build system

LibFuzzer, Honggfuzz and other programs implement simple interfaces for
fuzzing appropriately prepared code. Samba contains quite a lot of
parsing code, often a good target for fuzzing.

With this change the build system is amended to support building fuzzing
binaries (added in later changes).

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Michael Hanselmann 2019-04-04 00:23:07 +02:00 committed by Andrew Bartlett
parent aab1712478
commit dd5f8732d8
7 changed files with 106 additions and 0 deletions

View File

@ -938,6 +938,11 @@ def SETUP_CONFIGURE_CACHE(conf, enable):
@conf
def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
if Options.options.address_sanitizer or Options.options.enable_libfuzzer:
# Sanitizers can rely on symbols undefined at library link time and the
# symbols used for fuzzers are only defined by compiler wrappers.
return
if not sys.platform.startswith("openbsd"):
# we don't want any libraries or modules to rely on runtime
# resolution of symbols

View File

@ -129,6 +129,9 @@ def options(opt):
action="store_true",
dest='undefined_sanitizer',
default=False)
gr.add_option('--enable-libfuzzer',
help=("Build fuzzing binaries (requires compiler options for libFuzzer or compiler wrapper such as honggfuzz/hfuzz-cc)"),
action="store_true", dest='enable_libfuzzer', default=False)
gr.add_option('--abi-check',
help=("Check ABI signatures for libraries"),
@ -590,6 +593,10 @@ struct foo bar = { .y = 'X', .x = 1 };
eprintf("bla", "bar")
''', define='HAVE__VA_ARGS__MACRO')
conf.env.enable_libfuzzer = Options.options.enable_libfuzzer
if conf.env.enable_libfuzzer:
conf.DEFINE('ENABLE_LIBFUZZER', 1)
conf.SAMBA_BUILD_ENV()

35
lib/fuzzing/README.md Normal file
View File

@ -0,0 +1,35 @@
# Fuzzing Samba
Fuzzing supplies valid, invalid, unexpected or random data as input to a piece
of code. Instrumentation, usually compiler-implemented, is used to monitor for
exceptions such as crashes, assertions or memory corruption.
See [Wikipedia article on fuzzing](https://en.wikipedia.org/wiki/Fuzzing) for
more information.
## Configure with fuzzing
Example command line to build binaries for use with
[honggfuzz](https://github.com/google/honggfuzz/):
```sh
buildtools/bin/waf -C --without-gettext --enable-debug --enable-developer \
--address-sanitizer --enable-libfuzzer \
CC=.../honggfuzz/hfuzz_cc/hfuzz-clang configure \
LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang
```
## Fuzzing tiniparser
Example for fuzzing `tiniparser` using `honggfuzz` (see `--help` for more
options):
```sh
buildtools/bin/waf --targets=fuzz_tiniparser build && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
--rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser
```
# vim: set sw=8 sts=8 ts=8 tw=79 :

21
lib/fuzzing/fuzzing.c Normal file
View File

@ -0,0 +1,21 @@
/*
Unix SMB/CIFS implementation.
Fuzzing utility functions
Copyright (C) Michael Hanselmann 2019
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "fuzzing/fuzzing.h"

30
lib/fuzzing/fuzzing.h Normal file
View File

@ -0,0 +1,30 @@
/*
Unix SMB/CIFS implementation.
Fuzzing utility functions
Copyright (C) Michael Hanselmann 2019
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _SAMBA_FUZZING_H
#define _SAMBA_FUZZING_H
#include <stddef.h>
#include <stdint.h>
/* Prototypes for fuzzing interface */
int LLVMFuzzerInitialize(int *argc, char ***argv);
int LLVMFuzzerTestOneInput(uint8_t * buf, size_t len);
#endif /* _SAMBA_FUZZING_H */

View File

@ -0,0 +1,7 @@
#!/usr/bin/env python
bld.SAMBA_SUBSYSTEM('fuzzing',
source='fuzzing.c',
deps='talloc',
enabled=bld.env.enable_libfuzzer,
)

View File

@ -150,6 +150,7 @@ bld.RECURSE('dfs_server')
bld.RECURSE('file_server')
bld.RECURSE('lib/krb5_wrap')
bld.RECURSE('packaging')
bld.RECURSE('lib/fuzzing')
bld.RECURSE('testsuite/headers')