1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib/fuzzing
Joseph Sutton a396b705c8 librpc:ndr: Introduce ‘ndr_flags_type’ type
Instead of ‘int’ or ‘uint32_t’, neither of which convey much meaning,
consistently use a newly added type to hold NDR_ flags.

Update the NDR 4.0.0 ABI.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
..
oss-fuzz lib/fuzzing: Fix code spelling 2023-10-25 22:23:37 +00:00
patches lib/fuzzing: adjust access-check seed patch 2023-09-26 23:45:35 +00:00
afl-fuzz-main.c fuzz:afl main: run the initialisation function 2021-03-16 17:09:32 +00:00
decode_ndr_X_crash decode_ndr_X_crash: always find pipe in honggfuzz file 2020-01-12 19:50:37 +00:00
fuzz_cli_credentials_parse_string.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_conditional_ace_blob.c lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26 23:45:35 +00:00
fuzz_dcerpc_parse_binding.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldap_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_comparison_fold.c fuzz: add fuzzer for ldb_comparison_fold 2023-08-08 04:39:39 +00:00
fuzz_ldb_dn_explode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_ldif_read.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_binary_decode.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_control.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ldb_parse_tree.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_compress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_decompress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_huffman_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress_round_trip.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_lzxpress.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_ndr_X.c librpc:ndr: Introduce ‘ndr_flags_type’ type 2023-11-01 20:10:45 +00:00
fuzz_nmblib_parse_packet.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_oLschema2ldif.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_parse_lpq_entry.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_reg_parse.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_regfio.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sddl_access_check.c lib/fuzzing: adapt fuzz_sddl_access_check for claims 2023-09-26 23:45:35 +00:00
fuzz_sddl_conditional_ace.c lib/fuzzing: fuzz SDDL conditional ACEs 2023-09-26 23:45:35 +00:00
fuzz_sddl_parse.c fuzzing: fuzz_sddl_parse forgives bad utf-8 2023-09-26 23:45:36 +00:00
fuzz_security_token_vs_descriptor.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_sess_crypt_blob.c fuzz: add fuzzer for sess_crypt_blob 2023-08-08 04:39:39 +00:00
fuzz_stable_sort_r.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_stable_sort.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzz_tiniparser.c lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
fuzzing.c
fuzzing.h lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t* 2023-08-08 04:39:38 +00:00
README.md lib/fuzzing/README.md: don't use waf directly 2022-03-29 22:32:32 +00:00
wscript_build lib/fuzzing: fuzz_conditional_ace_blob 2023-09-26 23:45:35 +00:00

Fuzzing Samba

See also https://wiki.samba.org/index.php/Fuzzing

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Honggfuzz

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

./configure -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer --abi-check-disable \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

make bin/fuzz_tiniparser && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

AFL (american fuzzy lop)

Configure with fuzzing

Example command line to build binaries for use with afl

./configure -C --without-gettext --enable-debug --enable-developer \
	--enable-afl-fuzzer --abi-check-disable \
	CC=afl-gcc

Fuzzing tiniparser

Example for fuzzing tiniparser using afl-fuzz (see --help for more options):

make bin/fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :