IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The /etc/default/locale file does not exists in the rpm family distros
so the do_build.sh script failed with:
./lib/fuzzing/oss-fuzz/do_build.sh: line 31: /etc/default/locale: No
such file or directory
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Apr 6 15:54:54 UTC 2021 on sn-devel-184
To compile the AFL binaries, we need every fuzzer to have a consistent
set of functions. Some fuzzers require the initialize function, so all
the rest must have an empty one.
AFL binaires are handy for testing the fuzz results in a less magical
environment than libfuzzer/honggfuzz give you.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
LLVMFuzzerTestOneInput() NEVER returns non-zero, but if it does, we might as well
know what made it do so
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 23 00:33:57 UTC 2020 on sn-devel-184
It is much harder to determine why we get messages like
Step #6: Error occured while running fuzz_reg_parse:
Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory
instead this detects the failure to use RPATH (which is
strictly required instead of the modern RUNPATH)
otherwise.
We do this by creating a new build_samba.sh after renaming
build_samba.sh to do_build.sh because this is what oss-fuzz
runs, meaning we don't need to coordinate a MR there as well.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We strictly require RPATH, so fix the comment to avoid mentioning
the modern RUNPATH which is almost but not entirely similar.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This includes a revert of commit e60df21499.
We strictly require RPATH, not the modern RUNPATH for the behaviour
we need in oss-fuzz, which is that not just the first line of dependencies
but the full set of libraries used by the program are looked for in the
'$ORIGIN/lib' directory.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 22 14:10:04 UTC 2020 on sn-devel-184
This tries to make progress towards understanding why we sometime see errors like
Step #6: Error occured while running fuzz_reg_parse:
Step #6: /workspace/out/coverage/fuzz_reg_parse: error while loading shared libraries: libavahi-common.so.3: cannot open shared object file: No such file or directory
in the previously failing coverage builds.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
It was long thought that the issue here was that no seed corpus was
provided, but actually the issue is that to obtain coverage output
just as we already know for gcc gcov, you must provide fuzzing flags
to both the compile and link phase.
Thankfully clang as a linker does not mind the strange non-linker options
from $COVERAGE_FLAGS.
REF: https://stackoverflow.com/questions/56112019/clang-does-not-generate-profraw-file-when-linking-manually
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19495#c48
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 21 23:07:37 UTC 2020 on sn-devel-184
There is a git repository at
https://gitlab.com/samba-team/samba-fuzz-seeds that contains the
seeds. When the master branch of that repository is updated, a CI job
runs that creates a zip file of all the seeds as an artifact. That zip
file is downloaded and unpacked by oss_fuzz/build_samba. The contents
of that zip are further zips that contain the seeds for each fuzzing
binary; these are placed next to the binaries in the manner that
oss-fuzz expects.
That is, beside 'fuzz_foo', we put 'fuzz_foo_seed_corpus.zip' which
contains a pile of fuzz_foo seeds.
There may be times when a new fuzz target does not have a seed corpus,
and times when a removed fuzz target leaves behind a seed corpus.
This is OK, so we don't insist on an exact match between the target
names and the zip names, only that there is some overlap.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 21 03:47:35 UTC 2020 on sn-devel-184
Also, by not tallocing at all in the too-long case, we can short
circuit quicker.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184
We parse a binding and do a few tricks with it, including turning it
into a tower and back.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We use ld.bfd for the coverage builds, rather than the faster ld.gold.
We run the oss-fuzz autobuild target on Ubuntu 16.04 to more closely
mirror the environment provided by the Google oss-fuzz build
container.
On Ubuntu 16.04, when linking with ld.bfd built binaries get a RPATH,
but builds in Ubuntu 18.04 and those using ld.gold get a RUNPATH.
Just convert them all to RUNPATH to make the check_build.sh test (run
by the oss-fuzz autobuild target) easier.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This ensures that LANG=en_US.UTF8 is set, which
Samba's build system needs to operate in UTF8 mode.
The change to use flex to generate code meant that this
difference between GitLab CI and oss-fuzz was exposed.
REF: https://github.com/google/oss-fuzz/pull/4366
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 26 03:20:46 UTC 2020 on sn-devel-184
During a previous attempt to fix the LANG= issue I changed
the script invocation to be via a shell, so the set -x et al
ensures these are always in place and we fail fast
rather than failures only being detected by lack of output.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Add search request size limits to ldap_decode calls.
The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Address sanitizer will object to a theoretically possible NULL dereference
so we can't ignore these checks in set-up.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 17 14:33:18 UTC 2020 on sn-devel-184
We simply return 0 because failure here is not a problem with the code we
are actually trying to fuzz. Without this asan is unhappy.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
We want to ensure that parse_packet() can parse a packet without
crashing, and that that parsed packet won't cause trouble further down
the line.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jan 15 21:24:31 UTC 2020 on sn-devel-184
We have had issues here in the past.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jan 12 21:21:30 UTC 2020 on sn-devel-184
The fuzzer doesn't care and it slows things down
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We need to focus the fuzzing effort on reachable code, and these IDL
are just historical artifacts, many are entirely [todo] and have
no samba client nor server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This still does not seem to be enough but it is one step towards a working
coverage build.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
An NDR pull of a function will fill in either the in. or out.
elements of this structure, but never both.
However, some structures have size_is() in the out. that reference
the in. elements. This is the reason for the --context-file option
in ndrdump.
We have a special handler in the fuzzing case embedded in the
pidl-generated output to cope with this, by filling in pointers
for elements declared [ref,in] but it relies on the in-side
(at least) of the buffer being zeroed.
So zero the buffer before we start. Sadly this means things
like valgrind can not find a use of uninitialised data, but that
is a price we have to pay.
Credit to OSS-Fuzz
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Found by the oss-fuzz CI tooling.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Dec 11 04:21:28 UTC 2019 on sn-devel-184
The advise is that a fuzz target should be as small as possible
so we split this up. Splitting up by function would build too
many fuzzers, but this should help a little.
See for example:
https://github.com/google/fuzzing/blob/master/docs/good-fuzz-target.md#large-apis
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
This helps ensure the build_samba.sh file keeps working and the fuzzers build
(because they are excluded from the main build).
This is not in the default autobuild because it uses too much
space on sn-devel (4GB).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
This is used to test build.sh, part of the oss-fuzz integration, and so also that we
correctly build our fuzzers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 10 09:15:43 UTC 2019 on sn-devel-184
This saves space on the rackspace runners in particular.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Add handler for $SANITIZER in build.sh
This allows a build with the undefined behaviour sanitizer.
Otherwise we fail the oss-fuzz CI because the UBSan build links with ASan.
Once this in in then https://github.com/google/oss-fuzz/pull/3094
can be merged to oss-fuzz.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We need to ship the stub build.sh in the oss-fuzz repo, not ours.
This is because otherwise the travis CI checks skip the build
(it thinks we are not set up yet, or have been disabled).
See https://github.com/google/oss-fuzz/pull/3094 for the PR
creating a similar file there. This is very similar to how
janus-gateway operates, so this is an accepted pattern.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We should run build_samba.sh with -eux to ensure we exit on failure,
refuse to use an unset varible and print the commands we are running.
(The suggested build.sh on the oss-fuzz side uses -eu).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
If you go:
$ ./lib/fuzzing/decode_ndr_X_crash -H HONGGFUZZ_REPORT.txt -f 'SIG[^V]' > ./crash.sh
you will get all the crashes and not the timeouts (which have SIGVTALARM).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is helpful for ensuring the fuzzers still compile in autobuild as no
library support is required.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This also avoids tree being an unused variable.
This is similar to doing an ndr_push() in ndr_fuzz_X, it
catches some of the cases where the parse is successful but
the application code could misinterpret the structure.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>