sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
f4ff9a0794
samba-mirror/lib/fuzzing
History
Andrew Bartlett f4ff9a0794 lib/fuzzing: Also confirm we can make a string filter from the parsed tree in fuzz_ldb_parse_tree 
This also avoids tree being an unused variable.

This is similar to doing an ndr_push() in ndr_fuzz_X, it
catches some of the cases where the parse is successful but
the application code could misinterpret the structure.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-10 07:50:28 +00:00
..
oss-fuzz lib/fuzzing/oss-fuzz: copy required libraries to the build target 2019-11-20 23:19:36 +00:00
decode_ndr_X_crash fuzzing/decode_ndr_X: read crashes from a HONGGFUZZ report 2019-12-10 07:50:28 +00:00
fuzz_ldap_decode.c Add fuzzing binary for ldap_decode 2019-10-18 07:31:45 +00:00
fuzz_ldb_parse_tree.c lib/fuzzing: Also confirm we can make a string filter from the parsed tree in fuzz_ldb_parse_tree 2019-12-10 07:50:28 +00:00
fuzz_lzxpress.c Add fuzzing binary for lzxpress 2019-10-18 07:31:45 +00:00
fuzz_ndr_X.c lib/fuzzer: Allow building a fuzz binary for just one interface 2019-12-10 07:50:28 +00:00
fuzz_oLschema2ldif.c lib/fuzzing: Avoid NULL pointer de-ref from 0-length input 2019-11-18 19:39:30 +00:00
fuzz_reg_parse.c lib/fuzzing: Tell the compiler we know we are ignoring errors in fuzz_reg_parse 2019-12-10 07:50:28 +00:00
fuzz_regfio.c Add fuzzing binary for regfio 2019-10-18 07:31:45 +00:00
fuzz_tiniparser.c lib/fuzzing: Free memory after successful load in fuzz_tiniparser 2019-11-18 21:02:52 +00:00
fuzzing.c Add fuzzing support to build system 2019-08-07 06:07:28 +00:00
fuzzing.h Add fuzzing support to build system 2019-08-07 06:07:28 +00:00
README.md lib/fuzzing: Add oss-fuzz info to README.md 2019-11-21 00:45:33 +00:00
wscript_build lib/fuzzer: Allow building a fuzz binary for just one interface 2019-12-10 07:50:28 +00:00

README.md

Fuzzing Samba

Fuzzing supplies valid, invalid, unexpected or random data as input to a piece of code. Instrumentation, usually compiler-implemented, is used to monitor for exceptions such as crashes, assertions or memory corruption.

See Wikipedia article on fuzzing for more information.

Configure with fuzzing

Example command line to build binaries for use with honggfuzz:

buildtools/bin/waf -C --without-gettext --enable-debug --enable-developer \
	--address-sanitizer --enable-libfuzzer \
	CC=.../honggfuzz/hfuzz_cc/hfuzz-clang configure \
	LINK_CC=.../honggfuzz/hfuzz_cc/hfuzz-clang

Fuzzing tiniparser

Example for fuzzing tiniparser using honggfuzz (see --help for more options):

buildtools/bin/waf --targets=fuzz_tiniparser build && \
.../honggfuzz/honggfuzz --sanitizers --timeout 3 --max_file_size 256 \
  --rlimit_rss 100 -f .../tiniparser-corpus -- bin/fuzz_tiniparser

oss-fuzz

Samba can be fuzzed by Google's oss-fuzz system. Assuming you have an oss-fuzz checkout from https://github.com/google/oss-fuzz with Samba's metadata in projects/samba, the following guides will help:

Testing locally

https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally

Debugging oss-fuzz

See https://google.github.io/oss-fuzz/advanced-topics/debugging/

Samba-specific hints

A typical debugging workflow is:

oss-fuzz$ python infra/helper.py shell samba git fetch $REMOTE $BRANCH git checkout FETCH_HEAD lib/fuzzing/oss-fuzz/build_image.sh compile

This will pull in any new Samba deps and build Samba's fuzzers.

vim: set sw=8 sts=8 ts=8 tw=79 :