diff options
author | Jakub Zawadzki <darkjames-ws@darkjames.pl> | 2017-12-06 21:10:29 +0100 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2017-12-07 23:26:52 +0000 |
commit | 038aa2a616db5ba658bee25dee5e55a716d4984a (patch) | |
tree | a32b974aab37a1d9d6548348d68d3f94874269cb /tools | |
parent | 8687fca8a821f95075e8c365c7422f157845787b (diff) |
Add fuzzshark to cmake/autotools.
Add fuzzshark target to make sure that oss-fuzzshark always build.
Change-Id: I802b679c18023daa1475a54bae722b5e90c72a59
Reviewed-on: https://code.wireshark.org/review/24716
Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/oss-fuzzshark/StandaloneFuzzTargetMain.c | 141 | ||||
-rw-r--r-- | tools/oss-fuzzshark/fuzzshark.c | 55 |
2 files changed, 177 insertions, 19 deletions
diff --git a/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c b/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c new file mode 100644 index 0000000000..587b34805f --- /dev/null +++ b/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c @@ -0,0 +1,141 @@ +/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c r311407 (22 Aug 2017) */ + +/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */ + +/* +============================================================================== +compiler_rt License +============================================================================== + +The compiler_rt library is dual licensed under both the University of Illinois +"BSD-Like" license and the MIT license. As a user of this code you may choose +to use it under either license. As a contributor, you agree to allow your code +to be used under both. + +Full text of the relevant licenses is included below. + +============================================================================== + +University of Illinois/NCSA +Open Source License + +Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT + +All rights reserved. + +Developed by: + + LLVM Team + + University of Illinois at Urbana-Champaign + + http://llvm.org + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal with +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimers. + + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimers in the + documentation and/or other materials provided with the distribution. + + * Neither the names of the LLVM Team, University of Illinois at + Urbana-Champaign, nor the names of its contributors may be used to + endorse or promote products derived from this Software without specific + prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE +SOFTWARE. + +============================================================================== + +Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +============================================================================== +Copyrights and Licenses for Third Party Software Distributed with LLVM: +============================================================================== +The LLVM software contains code written by third parties. Such software will +have its own individual LICENSE.TXT file in the directory in which it appears. +This file will describe the copyrights, license, and restrictions which apply +to that code. + +The disclaimer of warranty in the University of Illinois Open Source License +applies to all code in the LLVM Distribution, and nothing in any of the +other licenses gives permission to use the names of the LLVM Team or the +University of Illinois to endorse or promote products derived from this +Software. +*/ + +/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// This main() function can be linked to a fuzz target (i.e. a library +// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize()) +// instead of libFuzzer. This main() function will not perform any fuzzing +// but will simply feed all input files one by one to the fuzz target. +// +// Use this file to provide reproducers for bugs when linking against libFuzzer +// or other fuzzing engine is undesirable. +//===----------------------------------------------------------------------===*/ +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> + +#include <glib.h> +#include <wsutil/file_util.h> + +extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size); +extern int LLVMFuzzerInitialize(int *argc, char ***argv); +int main(int argc, char **argv) { + fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1); + LLVMFuzzerInitialize(&argc, &argv); + for (int i = 1; i < argc; i++) { + fprintf(stderr, "Running: %s\n", argv[i]); + FILE *f = ws_fopen(argv[i], "r"); + assert(f); + fseek(f, 0, SEEK_END); + size_t len = ftell(f); + fseek(f, 0, SEEK_SET); + unsigned char *buf = (unsigned char*)g_malloc(len); + size_t n_read = fread(buf, 1, len, f); + assert(n_read == len); + fclose(f); + LLVMFuzzerTestOneInput(buf, len); + g_free(buf); + fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read); + } +} diff --git a/tools/oss-fuzzshark/fuzzshark.c b/tools/oss-fuzzshark/fuzzshark.c index 6748785436..4cfba4fd3c 100644 --- a/tools/oss-fuzzshark/fuzzshark.c +++ b/tools/oss-fuzzshark/fuzzshark.c @@ -131,6 +131,33 @@ fuzzshark_epan_new(void) return epan; } +static dissector_handle_t +get_dissector_handle(const char *table, const char *target) +{ + dissector_handle_t fuzz_handle = NULL; + + if (table != NULL && target != NULL) + { + /* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */ + GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(table)); + while (handle_list) + { + dissector_handle_t handle = (dissector_handle_t) handle_list->data; + const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle)); + + if (!strcmp(handle_filter_name, target)) + fuzz_handle = handle; + handle_list = handle_list->next; + } + } + else if (target != NULL) + { + fuzz_handle = find_dissector(target); + } + + return fuzz_handle; +} + static int fuzz_init(int argc _U_, char **argv) { @@ -142,12 +169,10 @@ fuzz_init(int argc _U_, char **argv) e_prefs *prefs_p; int ret = EXIT_SUCCESS; -#if defined(FUZZ_DISSECTOR_TARGET) dissector_handle_t fuzz_handle = NULL; -#endif - setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0); - setenv("G_SLICE", "always-malloc", 0); + g_setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0); + g_setenv("G_SLICE", "always-malloc", 0); cmdarg_err_init(failure_warning_message, failure_message_cont); @@ -236,25 +261,17 @@ fuzz_init(int argc _U_, char **argv) #if defined(FUZZ_DISSECTOR_TABLE) && defined(FUZZ_DISSECTOR_TARGET) # define FUZZ_EPAN 1 fprintf(stderr, "oss-fuzzshark: configured for dissector: %s in table: %s\n", FUZZ_DISSECTOR_TARGET, FUZZ_DISSECTOR_TABLE); - - /* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */ - { - GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(FUZZ_DISSECTOR_TABLE)); - while (handle_list) - { - dissector_handle_t handle = (dissector_handle_t) handle_list->data; - const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle)); - - if (!strcmp(handle_filter_name, FUZZ_DISSECTOR_TARGET)) - fuzz_handle = handle; - handle_list = handle_list->next; - } - } + fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TABLE, FUZZ_DISSECTOR_TARGET); #elif defined(FUZZ_DISSECTOR_TARGET) # define FUZZ_EPAN 2 fprintf(stderr, "oss-fuzzshark: configured for dissector: %s\n", FUZZ_DISSECTOR_TARGET); - fuzz_handle = find_dissector(FUZZ_DISSECTOR_TARGET); + fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TARGET); + +#else +# define FUZZ_EPAN 3 + fprintf(stderr, "oss-fuzzshark: target not configured. Using env\n"); + fuzz_handle = get_dissector_handle(getenv("FUZZSHARK_TABLE"), getenv("FUZZSHARK_TARGET")); #endif #ifdef FUZZ_EPAN |