mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
10d69da1d3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
88 lines
2.2 KiB
Markdown
88 lines
2.2 KiB
Markdown
# Fuzzing Samba
|
|
|
|
See also https://wiki.samba.org/index.php/Fuzzing
|
|
|
|
Fuzzing supplies valid, invalid, unexpected or random data as input to a piece
|
|
of code. Instrumentation, usually compiler-implemented, is used to monitor for
|
|
exceptions such as crashes, assertions or memory corruption.
|
|
|
|
See [Wikipedia article on fuzzing](https://en.wikipedia.org/wiki/Fuzzing) for
|
|
more information.
|
|
|
|
# Honggfuzz
|
|
|
|
## Configure with fuzzing
|
|
|
|
Example command line to build binaries for use with
|
|
[honggfuzz](https://github.com/google/honggfuzz/):
|
|
|
|
```sh
|
|
./configure -C --without-gettext --enable-debug --enable-developer \
|
|
--address-sanitizer --enable-libfuzzer --abi-check-disable \
|
|
CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
|
|
LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang
|
|
```
|
|
|
|
|
|
## Fuzzing tiniparser
|
|
|
|
Example for fuzzing `tiniparser` using `honggfuzz` (see `--help` for more
|
|
options):
|
|
|
|
```sh
|
|
make bin/fuzz_tiniparser && \
|
|
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
|
|
--rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser
|
|
```
|
|
|
|
# AFL (american fuzzy lop)
|
|
|
|
## Configure with fuzzing
|
|
|
|
Example command line to build binaries for use with
|
|
[afl](http://lcamtuf.coredump.cx/afl/)
|
|
|
|
```sh
|
|
./configure -C --without-gettext --enable-debug --enable-developer \
|
|
--enable-afl-fuzzer --abi-check-disable \
|
|
CC=afl-gcc
|
|
```
|
|
|
|
## Fuzzing tiniparser
|
|
|
|
Example for fuzzing `tiniparser` using `afl-fuzz` (see `--help` for more
|
|
options):
|
|
|
|
```sh
|
|
make bin/fuzz_tiniparser build && \
|
|
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser
|
|
```
|
|
|
|
# oss-fuzz
|
|
|
|
Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an
|
|
oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's
|
|
metadata in projects/samba, the following guides will help:
|
|
|
|
## Testing locally
|
|
|
|
https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally
|
|
|
|
## Debugging oss-fuzz
|
|
|
|
See https://google.github.io/oss-fuzz/advanced-topics/debugging/
|
|
|
|
## Samba-specific hints
|
|
|
|
A typical debugging workflow is:
|
|
|
|
oss-fuzz$ python infra/helper.py shell samba
|
|
git fetch $REMOTE $BRANCH
|
|
git checkout FETCH_HEAD
|
|
lib/fuzzing/oss-fuzz/build_image.sh
|
|
compile
|
|
|
|
This will pull in any new Samba deps and build Samba's fuzzers.
|
|
|
|
# vim: set sw=8 sts=8 ts=8 tw=79 :
|