1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib/fuzzing
Douglas Bagnall 3a840553cf lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b6a584170)
2024-06-10 13:24:16 +00:00
..
oss-fuzz lib/fuzzing: Fix code spelling 2023-10-25 22:23:37 +00:00
patches lib/fuzzing: adjust access-check seed patch 2023-09-26 23:45:35 +00:00
afl-fuzz-main.c fuzz:afl main: run the initialisation function 2021-03-16 17:09:32 +00:00
decode_ndr_X_crash lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename 2024-06-10 13:24:16 +00:00
fuzz_cli_credentials_parse_string.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_conditional_ace_blob.c fuzz: allow max size conditional ACE round-trip failure 2023-12-22 00:51:13 +00:00
fuzz_dcerpc_parse_binding.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldap_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_comparison_fold.c fuzz: add fuzzer for ldb_comparison_fold 2023-08-08 04:39:39 +00:00
fuzz_ldb_dn_explode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_ldif_read.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_binary_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_control.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_tree.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_decompress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ndr_X.c librpc:ndr: Introduce ‘ndr_flags_type’ type 2023-11-01 20:10:45 +00:00
fuzz_nmblib_parse_packet.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_oLschema2ldif.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_parse_lpq_entry.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_reg_parse.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_regfio.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sddl_access_check.c lib/fuzzing: adapt fuzz_sddl_access_check for claims 2023-09-26 23:45:35 +00:00
fuzz_sddl_conditional_ace.c libcli/security: Optionally disallow device‐specific attributes and operators where they are not applicable 2023-11-09 08:00:30 +00:00
fuzz_sddl_parse.c fuzzing: fuzz_sddl_parse forgives bad utf-8 2023-09-26 23:45:36 +00:00
fuzz_security_token_vs_descriptor.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sess_crypt_blob.c fuzz: add fuzzer for sess_crypt_blob 2023-08-08 04:39:39 +00:00
fuzz_stable_sort_r.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_stable_sort.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_tiniparser.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzzing.c
fuzzing.h lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
README.md lib/fuzzing/README.md: don't use waf directly 2022-03-29 22:32:32 +00:00
wscript_build lib/fuzzing: Fix code spelling 2023-12-08 02:28:33 +00:00

Fuzzing Samba

See also https://wiki.samba.org/index.php/Fuzzing

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Honggfuzz

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

./configure -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer --abi-check-disable \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

make bin/fuzz_tiniparser && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

AFL (american fuzzy lop)

Configure with fuzzing

Example command line to build binaries for use with afl

./configure -C --without-gettext --enable-debug --enable-developer \
	--enable-afl-fuzzer --abi-check-disable \
	CC=afl-gcc

Fuzzing tiniparser

Example for fuzzing tiniparser using afl-fuzz (see --help for more options):

make bin/fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :