1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
samba-mirror/lib/fuzzing
Andrew Bartlett e36a4149d8 librpc/idl: Remove DCOM and WMI IDL
As hinted in f2416493c0 the DCOM and WMI
IDL is now unused.  These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.

We do not need to continue this waste, and these can be restored
if this effort is ever to start again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:32 +00:00
..
oss-fuzz lib:fuzzing: Fix code spelling 2023-04-03 03:56:35 +00:00
patches lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds 2023-07-19 03:31:30 +00:00
afl-fuzz-main.c fuzz:afl main: run the initialisation function 2021-03-16 17:09:32 +00:00
decode_ndr_X_crash decode_ndr_X_crash: always find pipe in honggfuzz file 2020-01-12 19:50:37 +00:00
fuzz_cli_credentials_parse_string.c fuzz: fix multiple comment headers 2021-07-05 04:16:34 +00:00
fuzz_dcerpc_parse_binding.c fuzz: fix multiple comment headers 2021-07-05 04:16:34 +00:00
fuzz_ldap_decode.c CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode 2020-05-04 02:59:32 +00:00
fuzz_ldb_dn_explode.c fuzz: fix multiple comment headers 2021-07-05 04:16:34 +00:00
fuzz_ldb_ldif_read.c fuzz: fix multiple comment headers 2021-07-05 04:16:34 +00:00
fuzz_ldb_parse_binary_decode.c fuzz: fix multiple comment headers 2021-07-05 04:16:34 +00:00
fuzz_ldb_parse_control.c fuzz: add a LLVMFuzzerInitialize() to all fuzzers 2021-03-16 17:09:32 +00:00
fuzz_ldb_parse_tree.c lib/fuzzing: Fix argument order to ldb_filter_from_tree in fuzz_ldb_parse_tree 2019-12-11 04:21:28 +00:00
fuzz_lzxpress_compress.c fuzz: add fuzz_lzxpress_compress 2022-05-12 02:22:35 +00:00
fuzz_lzxpress_huffman_compress.c fuzz: add fuzz_lzxpress_huffman_compress 2022-12-01 22:56:39 +00:00
fuzz_lzxpress_huffman_decompress.c fuzz: add fuzz_lzxpress_huffman_decompress 2022-12-01 22:56:39 +00:00
fuzz_lzxpress_huffman_round_trip.c fuzz: add fuzz_lzxpress_huffman_round_trip 2022-12-01 22:56:39 +00:00
fuzz_lzxpress_round_trip.c fuzz: fix lzxpress plain round-trip fuzzer 2022-12-19 22:32:35 +00:00
fuzz_lzxpress.c Add fuzzing binary for lzxpress 2019-10-18 07:31:45 +00:00
fuzz_ndr_X.c lib:fuzzing: Fix code spelling 2023-04-03 03:56:35 +00:00
fuzz_nmblib_parse_packet.c fuzz: add a LLVMFuzzerInitialize() to all fuzzers 2021-03-16 17:09:32 +00:00
fuzz_oLschema2ldif.c fuzz_oLschema2ldif: check multiple possible NULLs 2020-01-17 14:33:18 +00:00
fuzz_parse_lpq_entry.c fuzz: add fuzz_parse_lpq_entry 2021-07-05 04:16:34 +00:00
fuzz_reg_parse.c lib/fuzzing: Tell the compiler we know we are ignoring errors in fuzz_reg_parse 2019-12-10 07:50:28 +00:00
fuzz_regfio.c Add fuzzing binary for regfio 2019-10-18 07:31:45 +00:00
fuzz_sddl_access_check.c lib/fuzzing: adapt fuzz_sddl_access_check for AD variant 2023-07-19 03:31:30 +00:00
fuzz_sddl_parse.c lib/fuzzing: add fuzzer for sddl_parse 2023-04-28 02:15:36 +00:00
fuzz_security_token_vs_descriptor.c lib/fuzzing: adapt fuzz_security_token_vs_descriptor for AD variant 2023-07-19 03:31:30 +00:00
fuzz_stable_sort_r.c fuzz: add fuzzers for stable_sort 2022-12-01 22:56:39 +00:00
fuzz_stable_sort.c fuzz: add fuzzers for stable_sort 2022-12-01 22:56:39 +00:00
fuzz_tiniparser.c lib/fuzzing: Free memory after successful load in fuzz_tiniparser 2019-11-18 21:02:52 +00:00
fuzzing.c
fuzzing.h
README.md lib/fuzzing/README.md: don't use waf directly 2022-03-29 22:32:32 +00:00
wscript_build librpc/idl: Remove DCOM and WMI IDL 2023-07-28 10:48:32 +00:00

Fuzzing Samba

See also https://wiki.samba.org/index.php/Fuzzing

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Honggfuzz

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

./configure -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer --abi-check-disable \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

make bin/fuzz_tiniparser && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

AFL (american fuzzy lop)

Configure with fuzzing

Example command line to build binaries for use with afl

./configure -C --without-gettext --enable-debug --enable-developer \
	--enable-afl-fuzzer --abi-check-disable \
	CC=afl-gcc

Fuzzing tiniparser

Example for fuzzing tiniparser using afl-fuzz (see --help for more options):

make bin/fuzz_tiniparser build && \
afl-fuzz -m 200 -i inputdir -o outputdir -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :