e60df21499
We use ld.bfd for the coverage builds, rather than the faster ld.gold. We run the oss-fuzz autobuild target on Ubuntu 16.04 to more closely mirror the environment provided by the Google oss-fuzz build container. On Ubuntu 16.04, when linking with ld.bfd built binaries get a RPATH, but builds in Ubuntu 18.04 and those using ld.gold get a RUNPATH. Just convert them all to RUNPATH to make the check_build.sh test (run by the oss-fuzz autobuild target) easier. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> |
||
|---|---|---|
| .. | ||
| oss-fuzz | ||
| afl-fuzz-main.c | ||
| decode_ndr_X_crash | ||
| fuzz_ldap_decode.c | ||
| fuzz_ldb_dn_explode.c | ||
| fuzz_ldb_ldif_read.c | ||
| fuzz_ldb_parse_binary_decode.c | ||
| fuzz_ldb_parse_control.c | ||
| fuzz_ldb_parse_tree.c | ||
| fuzz_lzxpress.c | ||
| fuzz_ndr_X.c | ||
| fuzz_nmblib_parse_packet.c | ||
| fuzz_oLschema2ldif.c | ||
| fuzz_reg_parse.c | ||
| fuzz_regfio.c | ||
| fuzz_tiniparser.c | ||
| fuzzing.c | ||
| fuzzing.h | ||
| README.md | ||
| wscript_build | ||
Fuzzing Samba
Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.
See Wikipedia article on fuzzing for more information.
Hongfuzz
Configure with fuzzing
Example command line to build binaries for use with honggfuzz:
buildtools/bin/waf -C --without-gettext --enable-debug --enable-developer \
--address-sanitizer --enable-libfuzzer --abi-check-disable \
CC=.../honggfuzz/hfuzz_cc/hfuzz-clang configure \
LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang
Fuzzing tiniparser
Example for fuzzing tiniparser using honggfuzz (see --help for more
options):
buildtools/bin/waf --targets=fuzz_tiniparser build && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
--rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser
AFL (american fuzzy lop)
Configure with fuzzing
Example command line to build binaries for use with afl
buildtools/bin/waf -C --without-gettext --enable-debug --enable-developer \
--enable-afl-fuzzer --abi-check-disable \
CC=afl-gcc configure
Fuzzing tiniparser
Example for fuzzing tiniparser using afl-fuzz (see --help for more
options):
buildtools/bin/waf --targets=fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser
oss-fuzz
Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:
Testing locally
https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally
Debugging oss-fuzz
See https://google.github.io/oss-fuzz/advanced-topics/debugging/
Samba-specific hints
A typical debugging workflow is:
oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile
This will pull in any new Samba deps and build Samba's fuzzers.