sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00
Code
samba-mirror/lib/fuzzing
History
Andrew Bartlett 8b06cabc7d bootstrap: Add chrpath as a required package 
This is used to test build.sh, part of the oss-fuzz integration, and so also that we
correctly build our fuzzers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 10 09:15:43 UTC 2019 on sn-devel-184
2019-12-10 09:15:43 +00:00
..
oss-fuzz
bootstrap: Add chrpath as a required package
2019-12-10 09:15:43 +00:00
afl-fuzz-main.c
lib/fuzzing: Add mode for the AFL fuzzer
2019-12-10 07:50:29 +00:00
decode_ndr_X_crash
fuzz/decode_ndr_X_crash: -f to filter crashes by regex
2019-12-10 07:50:29 +00:00
fuzz_ldap_decode.c
Add fuzzing binary for ldap_decode
2019-10-18 07:31:45 +00:00
fuzz_ldb_parse_tree.c
lib/fuzzing: Also confirm we can make a string filter from the parsed tree in fuzz_ldb_parse_tree
2019-12-10 07:50:28 +00:00
fuzz_lzxpress.c
Add fuzzing binary for lzxpress
2019-10-18 07:31:45 +00:00
fuzz_ndr_X.c
lib/fuzzer: Allow building a fuzz binary for just one interface
2019-12-10 07:50:28 +00:00
fuzz_oLschema2ldif.c
lib/fuzzing: Avoid NULL pointer de-ref from 0-length input
2019-11-18 19:39:30 +00:00
fuzz_reg_parse.c
lib/fuzzing: Tell the compiler we know we are ignoring errors in fuzz_reg_parse
2019-12-10 07:50:28 +00:00
fuzz_regfio.c
Add fuzzing binary for regfio
2019-10-18 07:31:45 +00:00
fuzz_tiniparser.c
lib/fuzzing: Free memory after successful load in fuzz_tiniparser
2019-11-18 21:02:52 +00:00
fuzzing.c
Add fuzzing support to build system
2019-08-07 06:07:28 +00:00
fuzzing.h
Add fuzzing support to build system
2019-08-07 06:07:28 +00:00
README.md
lib/fuzzing: Add mode for the AFL fuzzer
2019-12-10 07:50:29 +00:00
wscript_build
lib/fuzzing: Add mode for the AFL fuzzer
2019-12-10 07:50:29 +00:00

README.md

Fuzzing Samba

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Hongfuzz

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

buildtools/bin/waf -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer --abi-check-disable \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang configure \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

buildtools/bin/waf --targets=fuzz_tiniparser build && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

AFL (american fuzzy lop)

Configure with fuzzing

Example command line to build binaries for use with afl

buildtools/bin/waf -C --without-gettext --enable-debug --enable-developer \
	--enable-afl-fuzzer --abi-check-disable \
	CC=afl-gcc configure

Fuzzing tiniparser

Example for fuzzing tiniparser using afl-fuzz (see --help for more options):

buildtools/bin/waf --targets=fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :