diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/oss-fuzzshark/FuzzerInterface.h | 147 | ||||
-rw-r--r-- | tools/oss-fuzzshark/StandaloneFuzzTargetMain.c | 126 | ||||
-rwxr-xr-x | tools/oss-fuzzshark/build.sh | 66 | ||||
-rw-r--r-- | tools/oss-fuzzshark/fuzzshark.c | 394 |
4 files changed, 8 insertions, 725 deletions
diff --git a/tools/oss-fuzzshark/FuzzerInterface.h b/tools/oss-fuzzshark/FuzzerInterface.h deleted file mode 100644 index 2208675e33..0000000000 --- a/tools/oss-fuzzshark/FuzzerInterface.h +++ /dev/null @@ -1,147 +0,0 @@ -/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerInterface.h r321218 (20 Dec 2017) */ - -/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */ - -/* -============================================================================== -compiler_rt License -============================================================================== - -The compiler_rt library is dual licensed under both the University of Illinois -"BSD-Like" license and the MIT license. As a user of this code you may choose -to use it under either license. As a contributor, you agree to allow your code -to be used under both. - -Full text of the relevant licenses is included below. - -============================================================================== - -University of Illinois/NCSA -Open Source License - -Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT - -All rights reserved. - -Developed by: - - LLVM Team - - University of Illinois at Urbana-Champaign - - http://llvm.org - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal with -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimers. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimers in the - documentation and/or other materials provided with the distribution. - - * Neither the names of the LLVM Team, University of Illinois at - Urbana-Champaign, nor the names of its contributors may be used to - endorse or promote products derived from this Software without specific - prior written permission. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE -SOFTWARE. - -============================================================================== - -Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT - -SPDX-License-Identifier: MIT - -============================================================================== -Copyrights and Licenses for Third Party Software Distributed with LLVM: -============================================================================== -The LLVM software contains code written by third parties. Such software will -have its own individual LICENSE.TXT file in the directory in which it appears. -This file will describe the copyrights, license, and restrictions which apply -to that code. - -The disclaimer of warranty in the University of Illinois Open Source License -applies to all code in the LLVM Distribution, and nothing in any of the -other licenses gives permission to use the names of the LLVM Team or the -University of Illinois to endorse or promote products derived from this -Software. -*/ -//===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===// -// -// The LLVM Compiler Infrastructure -// -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -// -//===----------------------------------------------------------------------===// -// Define the interface between libFuzzer and the library being tested. -//===----------------------------------------------------------------------===// - -// NOTE: the libFuzzer interface is thin and in the majority of cases -// you should not include this file into your target. In 95% of cases -// all you need is to define the following function in your file: -// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); - -// WARNING: keep the interface in C. - -#ifndef LLVM_FUZZER_INTERFACE_H -#define LLVM_FUZZER_INTERFACE_H - -#include <stddef.h> -#include <stdint.h> - -#ifdef __cplusplus -extern "C" { -#endif // __cplusplus - -// Mandatory user-provided target function. -// Executes the code under test with [Data, Data+Size) as the input. -// libFuzzer will invoke this function *many* times with different inputs. -// Must return 0. -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); - -// Optional user-provided initialization function. -// If provided, this function will be called by libFuzzer once at startup. -// It may read and modify argc/argv. -// Must return 0. -int LLVMFuzzerInitialize(int *argc, char ***argv); - -// Optional user-provided custom mutator. -// Mutates raw data in [Data, Data+Size) inplace. -// Returns the new size, which is not greater than MaxSize. -// Given the same Seed produces the same mutation. -size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize, - unsigned int Seed); - -// Optional user-provided custom cross-over function. -// Combines pieces of Data1 & Data2 together into Out. -// Returns the new size, which is not greater than MaxOutSize. -// Should produce the same mutation given the same Seed. -size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, - const uint8_t *Data2, size_t Size2, - uint8_t *Out, size_t MaxOutSize, - unsigned int Seed); - -// Experimental, may go away in future. -// libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator. -// Mutates raw data in [Data, Data+Size) inplace. -// Returns the new size, which is not greater than MaxSize. -size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); - -#ifdef __cplusplus -} // extern "C" -#endif // __cplusplus - -#endif // LLVM_FUZZER_INTERFACE_H diff --git a/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c b/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c deleted file mode 100644 index cf29561cf5..0000000000 --- a/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c +++ /dev/null @@ -1,126 +0,0 @@ -/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c r311407 (22 Aug 2017) */ - -/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */ - -/* -============================================================================== -compiler_rt License -============================================================================== - -The compiler_rt library is dual licensed under both the University of Illinois -"BSD-Like" license and the MIT license. As a user of this code you may choose -to use it under either license. As a contributor, you agree to allow your code -to be used under both. - -Full text of the relevant licenses is included below. - -============================================================================== - -University of Illinois/NCSA -Open Source License - -Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT - -All rights reserved. - -Developed by: - - LLVM Team - - University of Illinois at Urbana-Champaign - - http://llvm.org - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal with -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimers. - - * Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimers in the - documentation and/or other materials provided with the distribution. - - * Neither the names of the LLVM Team, University of Illinois at - Urbana-Champaign, nor the names of its contributors may be used to - endorse or promote products derived from this Software without specific - prior written permission. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE -SOFTWARE. - -============================================================================== - -Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT - -SPDX-License-Identifier: MIT - -============================================================================== -Copyrights and Licenses for Third Party Software Distributed with LLVM: -============================================================================== -The LLVM software contains code written by third parties. Such software will -have its own individual LICENSE.TXT file in the directory in which it appears. -This file will describe the copyrights, license, and restrictions which apply -to that code. - -The disclaimer of warranty in the University of Illinois Open Source License -applies to all code in the LLVM Distribution, and nothing in any of the -other licenses gives permission to use the names of the LLVM Team or the -University of Illinois to endorse or promote products derived from this -Software. -*/ - -/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===// -// -// The LLVM Compiler Infrastructure -// -// This file is distributed under the University of Illinois Open Source -// License. See LICENSE.TXT for details. -// -//===----------------------------------------------------------------------===// -// This main() function can be linked to a fuzz target (i.e. a library -// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize()) -// instead of libFuzzer. This main() function will not perform any fuzzing -// but will simply feed all input files one by one to the fuzz target. -// -// Use this file to provide reproducers for bugs when linking against libFuzzer -// or other fuzzing engine is undesirable. -//===----------------------------------------------------------------------===*/ -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> - -#include <glib.h> -#include <wsutil/file_util.h> - -#include "FuzzerInterface.h" - -int main(int argc, char **argv) { - fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1); - LLVMFuzzerInitialize(&argc, &argv); - for (int i = 1; i < argc; i++) { - fprintf(stderr, "Running: %s\n", argv[i]); - FILE *f = ws_fopen(argv[i], "r"); - assert(f); - fseek(f, 0, SEEK_END); - long len = ftell(f); - assert(len >= 0); - fseek(f, 0, SEEK_SET); - unsigned char *buf = (unsigned char*)g_malloc((size_t)len); - size_t n_read = fread(buf, 1, len, f); - assert(n_read == (size_t)len); - fclose(f); - LLVMFuzzerTestOneInput(buf, len); - g_free(buf); - fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read); - } -} diff --git a/tools/oss-fuzzshark/build.sh b/tools/oss-fuzzshark/build.sh index ff74dda222..bc86cdc057 100755 --- a/tools/oss-fuzzshark/build.sh +++ b/tools/oss-fuzzshark/build.sh @@ -3,70 +3,20 @@ # # SPDX-License-Identifier: GPL-2.0-or-later -# List of dissectors compiled below, which should be turned off. -# This is done to avoid single fuzzer (like IP) to call UDP protocols, which can go back to IP, and so on.. -# While doing so might find some bugs, but it's likely to be the problem for too big corpus in oss-fuzzer -# (see: https://github.com/google/oss-fuzz/issues/1087). -# + udplite - it's sharing most of code with UDP. -DISSECTOR_LIST='"ip", "udp", "udplite", "ospf", "bgp", "dhcp", "json"' - -FUZZ_DISSECTORS="ip" - -FUZZ_IP_PROTO_DISSECTORS="udp ospf" - -FUZZ_TCP_PORT_DISSECTORS="bgp" -# FUZZ_TCP_PORT_DISSECTORS="$FUZZ_TCP_PORT_DISSECTORS bzr" # disabled, cause of known problem. -# FUZZ_TCP_PORT_DISSECTORS="$FUZZ_TCP_PORT_DISSECTORS echo" # disabled, too simple. - -FUZZ_UDP_PORT_DISSECTORS="dns dhcp" -# FUZZ_UDP_PORT_DISSECTORS="$FUZZ_UDP_PORT_DISSECTORS bfd" # disabled, too simple. - -FUZZ_MEDIA_TYPE_DISSECTORS="json" - # TODO: support specifing targets in args. Google oss-fuzz specifies 'all'. -# generate_fuzzer <fuzzer_target> <fuzzer_cflags> -generate_fuzzer() -{ - local fuzzer_target="$1" fuzzer_cflags="$2" fuzzer_name - - fuzzer_name="fuzzshark_$1" +# TODO update oss-fuzz configuration to build with OSS_FUZZ=1? This is necessary +# to build the fuzzshark_* targets for oss-fuzz. +cmake -DOSS_FUZZ=1 . - $CC $CFLAGS -I $WIRESHARK_INSTALL_PATH/include/wireshark/ `pkg-config --cflags glib-2.0` \ - $SRC/wireshark/tools/oss-fuzzshark/fuzzshark.c \ - -c -o $WORK/${fuzzer_name}.o \ - $fuzzer_cflags -DFUZZ_DISSECTOR_LIST="$DISSECTOR_LIST" - - $CXX $CXXFLAGS $WORK/${fuzzer_name}.o \ - -o $OUT/${fuzzer_name} \ - ${WIRESHARK_FUZZERS_COMMON_FLAGS} +cmake --build . --target all-fuzzers +for file in run/fuzzshark_*; do + fuzzer_name="${file##*/}" + fuzzer_target="${fuzzer_name#fuzzshark_}" + mv "$file" "$OUT/" echo -en "[libfuzzer]\nmax_len = 1024\n" > $OUT/${fuzzer_name}.options if [ -d "$SAMPLES_DIR/${fuzzer_target}" ]; then zip -j $OUT/${fuzzer_name}_seed_corpus.zip $SAMPLES_DIR/${fuzzer_target}/*/*.bin fi -} - -WIRESHARK_FUZZERS_COMMON_FLAGS="-lFuzzingEngine \ - -L"$WIRESHARK_INSTALL_PATH/lib" -lwireshark -lwiretap -lwsutil \ - -Wl,-Bstatic `pkg-config --libs glib-2.0` -pthread -lpcre -lgcrypt -lgpg-error -lz -Wl,-Bdynamic" - -for dissector in $FUZZ_DISSECTORS; do - generate_fuzzer "${dissector}" -DFUZZ_DISSECTOR_TARGET=\"$dissector\" -done - -for dissector in $FUZZ_IP_PROTO_DISSECTORS; do - generate_fuzzer "ip_proto-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"ip.proto\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" -done - -for dissector in $FUZZ_TCP_PORT_DISSECTORS; do - generate_fuzzer "tcp_port-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"tcp.port\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" -done - -for dissector in $FUZZ_UDP_PORT_DISSECTORS; do - generate_fuzzer "udp_port-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"udp.port\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" -done - -for dissector in $FUZZ_MEDIA_TYPE_DISSECTORS; do - generate_fuzzer "media_type-${dissector}" "-DFUZZ_DISSECTOR_TABLE=\"media_type\" -DFUZZ_DISSECTOR_TARGET=\"$dissector\"" done diff --git a/tools/oss-fuzzshark/fuzzshark.c b/tools/oss-fuzzshark/fuzzshark.c deleted file mode 100644 index e31d8219a5..0000000000 --- a/tools/oss-fuzzshark/fuzzshark.c +++ /dev/null @@ -1,394 +0,0 @@ -/* oss-fuzzshark.c - * - * Fuzzer variant of Wireshark for oss-fuzz - * - * Wireshark - Network traffic analyzer - * By Gerald Combs <gerald@wireshark.org> - * Copyright 1998 Gerald Combs - * - * SPDX-License-Identifier: GPL-2.0-or-later - */ - -#include <config.h> - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <limits.h> - -#include <glib.h> - -#include <epan/epan.h> - -#include <wsutil/cmdarg_err.h> -#include <wsutil/crash_info.h> -#include <wsutil/filesystem.h> -#include <wsutil/privileges.h> -#include <wsutil/report_message.h> -#include <version_info.h> - -#include <wiretap/wtap.h> - -#include <epan/color_filters.h> -#include <epan/timestamp.h> -#include <epan/prefs.h> -#include <epan/column.h> -#include <epan/print.h> -#include <epan/epan_dissect.h> -#include <epan/disabled_protos.h> - -#ifdef HAVE_PLUGINS -#include <wsutil/plugins.h> -#endif - -#include "FuzzerInterface.h" - -#define EPAN_INIT_FAIL 2 - -static column_info fuzz_cinfo; -static epan_t *fuzz_epan; -static epan_dissect_t *fuzz_edt; - -/* - * General errors and warnings are reported with an console message - * in oss-fuzzshark. - */ -static void -failure_warning_message(const char *msg_format, va_list ap) -{ - fprintf(stderr, "oss-fuzzshark: "); - vfprintf(stderr, msg_format, ap); - fprintf(stderr, "\n"); -} - -/* - * Open/create errors are reported with an console message in oss-fuzzshark. - */ -static void -open_failure_message(const char *filename, int err, gboolean for_writing) -{ - fprintf(stderr, "oss-fuzzshark: "); - fprintf(stderr, file_open_error_message(err, for_writing), filename); - fprintf(stderr, "\n"); -} - -/* - * Read errors are reported with an console message in oss-fuzzshark. - */ -static void -read_failure_message(const char *filename, int err) -{ - cmdarg_err("An error occurred while reading from the file \"%s\": %s.", filename, g_strerror(err)); -} - -/* - * Write errors are reported with an console message in oss-fuzzshark. - */ -static void -write_failure_message(const char *filename, int err) -{ - cmdarg_err("An error occurred while writing to the file \"%s\": %s.", filename, g_strerror(err)); -} - -/* - * Report additional information for an error in command-line arguments. - */ -static void -failure_message_cont(const char *msg_format, va_list ap) -{ - vfprintf(stderr, msg_format, ap); - fprintf(stderr, "\n"); -} - -static int -fuzzshark_pref_set(const char *name, const char *value) -{ - char pref[4096]; - char *errmsg = NULL; - - prefs_set_pref_e ret; - - g_snprintf(pref, sizeof(pref), "%s:%s", name, value); - - ret = prefs_set_pref(pref, &errmsg); - g_free(errmsg); - - return (ret == PREFS_SET_OK); -} - -static const nstime_t * -fuzzshark_get_frame_ts(struct packet_provider_data *prov _U_, guint32 frame_num _U_) -{ - static nstime_t empty; - - return ∅ -} - -static epan_t * -fuzzshark_epan_new(void) -{ - static const struct packet_provider_funcs funcs = { - fuzzshark_get_frame_ts, - NULL, - NULL, - NULL - }; - - return epan_new(NULL, &funcs); -} - -static dissector_handle_t -get_dissector_handle(const char *table, const char *target) -{ - dissector_handle_t fuzz_handle = NULL; - - if (table != NULL && target != NULL) - { - /* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */ - GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(table)); - while (handle_list) - { - dissector_handle_t handle = (dissector_handle_t) handle_list->data; - const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle)); - - if (!strcmp(handle_filter_name, target)) - fuzz_handle = handle; - handle_list = handle_list->next; - } - } - else if (target != NULL) - { - fuzz_handle = find_dissector(target); - } - - return fuzz_handle; -} - -static void -fuzz_prefs_apply(void) -{ - /* Turn off fragmentation for some protocols */ - fuzzshark_pref_set("ip.defragment", "FALSE"); - fuzzshark_pref_set("ipv6.defragment", "FALSE"); - fuzzshark_pref_set("wlan.defragment", "FALSE"); - fuzzshark_pref_set("tcp.desegment_tcp_streams", "FALSE"); - - /* Notify all registered modules that have had any of their preferences changed. */ - prefs_apply_all(); -} - -static int -fuzz_init(int argc _U_, char **argv) -{ - GString *comp_info_str; - GString *runtime_info_str; - char *init_progfile_dir_error; - - char *err_msg = NULL; - e_prefs *prefs_p; - int ret = EXIT_SUCCESS; - size_t i; - - const char *fuzz_target = -#if defined(FUZZ_DISSECTOR_TARGET) - FUZZ_DISSECTOR_TARGET; -#else - getenv("FUZZSHARK_TARGET"); -#endif - - const char *disabled_dissector_list[] = - { -#ifdef FUZZ_DISSECTOR_LIST - FUZZ_DISSECTOR_LIST , -#endif - "snort" - }; - - dissector_handle_t fuzz_handle = NULL; - - /* In oss-fuzz running environment g_get_home_dir() fails: - * (process:1): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (0) - * (process:1): GLib-CRITICAL **: g_once_init_leave: assertion 'result != 0' failed - * - * Avoid GLib-CRITICAL by setting some XDG environment variables. - */ - g_setenv("XDG_CACHE_HOME", "/not/existing/directory", 0); /* g_get_user_cache_dir() */ - g_setenv("XDG_CONFIG_HOME", "/not/existing/directory", 0); /* g_get_user_config_dir() */ - g_setenv("XDG_DATA_HOME", "/not/existing/directory", 0); /* g_get_user_data_dir() */ - - g_setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0); - g_setenv("G_SLICE", "always-malloc", 0); - - cmdarg_err_init(failure_warning_message, failure_message_cont); - - /* - * Get credential information for later use, and drop privileges - * before doing anything else. - * Let the user know if anything happened. - */ - init_process_policies(); -#if 0 /* disable setresgid(), it fails with -EINVAL https://github.com/google/oss-fuzz/pull/532#issuecomment-294515463 */ - relinquish_special_privs_perm(); -#endif - - /* - * Attempt to get the pathname of the executable file. - */ - init_progfile_dir_error = init_progfile_dir(argv[0]); - if (init_progfile_dir_error != NULL) - fprintf(stderr, "fuzzshark: Can't get pathname of oss-fuzzshark program: %s.\n", init_progfile_dir_error); - - /* Get the compile-time version information string */ - comp_info_str = get_compiled_version_info(NULL, epan_get_compiled_version_info); - - /* Get the run-time version information string */ - runtime_info_str = get_runtime_version_info(epan_get_runtime_version_info); - - /* Add it to the information to be reported on a crash. */ - ws_add_crash_info("OSS Fuzzshark (Wireshark) %s\n" - "\n" - "%s" - "\n" - "%s", - get_ws_vcs_version_info(), - comp_info_str->str, - runtime_info_str->str); - g_string_free(comp_info_str, TRUE); - g_string_free(runtime_info_str, TRUE); - - init_report_message(failure_warning_message, failure_warning_message, - open_failure_message, read_failure_message, write_failure_message); - - timestamp_set_type(TS_RELATIVE); - timestamp_set_precision(TS_PREC_AUTO); - timestamp_set_seconds_type(TS_SECONDS_DEFAULT); - - wtap_init(TRUE); - - /* Register all dissectors; we must do this before checking for the - "-G" flag, as the "-G" flag dumps information registered by the - dissectors, and we must do it before we read the preferences, in - case any dissectors register preferences. */ - if (!epan_init(NULL, NULL, FALSE)) - { - ret = EPAN_INIT_FAIL; - goto clean_exit; - } - - /* Load libwireshark settings from the current profile. */ - prefs_p = epan_load_settings(); - - if (!color_filters_init(&err_msg, NULL)) - { - fprintf(stderr, "%s\n", err_msg); - g_free(err_msg); - } - - for (i = 0; i < G_N_ELEMENTS(disabled_dissector_list); i++) - { - const char *item = disabled_dissector_list[i]; - - /* XXX, need to think how to disallow chains like: IP -> .... -> IP, - * best would be to disable dissector always, but allow it during initial call. */ - if (fuzz_target == NULL || strcmp(fuzz_target, item)) - { - fprintf(stderr, "oss-fuzzshark: disabling: %s\n", item); - proto_disable_proto_by_name(item); - } - } - - fuzz_prefs_apply(); - - /* Build the column format array */ - build_column_format_array(&fuzz_cinfo, prefs_p->num_cols, TRUE); - -#if defined(FUZZ_DISSECTOR_TABLE) && defined(FUZZ_DISSECTOR_TARGET) -# define FUZZ_EPAN 1 - fprintf(stderr, "oss-fuzzshark: configured for dissector: %s in table: %s\n", fuzz_target, FUZZ_DISSECTOR_TABLE); - fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TABLE, fuzz_target); - -#elif defined(FUZZ_DISSECTOR_TARGET) -# define FUZZ_EPAN 2 - fprintf(stderr, "oss-fuzzshark: configured for dissector: %s\n", fuzz_target); - fuzz_handle = get_dissector_handle(NULL, fuzz_target); - -#else -# define FUZZ_EPAN 3 - fprintf(stderr, "oss-fuzzshark: env for dissector: %s\n", fuzz_target); - fuzz_handle = get_dissector_handle(getenv("FUZZSHARK_TABLE"), fuzz_target); -#endif - -#ifdef FUZZ_EPAN - g_assert(fuzz_handle != NULL); - register_postdissector(fuzz_handle); -#endif - - fuzz_epan = fuzzshark_epan_new(); - fuzz_edt = epan_dissect_new(fuzz_epan, TRUE, FALSE); - - return 0; -clean_exit: - wtap_cleanup(); - free_progdirs(); - return ret; -} - -#ifdef FUZZ_EPAN -int -LLVMFuzzerTestOneInput(const guint8 *buf, size_t real_len) -{ - static guint32 framenum = 0; - epan_dissect_t *edt = fuzz_edt; - - guint32 len = (guint32) real_len; - - wtap_rec rec; - frame_data fdlocal; - - memset(&rec, 0, sizeof(rec)); - - rec.rec_type = REC_TYPE_PACKET; - rec.rec_header.packet_header.caplen = len; - rec.rec_header.packet_header.len = len; - - /* whdr.pkt_encap = WTAP_ENCAP_ETHERNET; */ - rec.rec_header.packet_header.pkt_encap = G_MAXINT16; - rec.presence_flags = WTAP_HAS_TS | WTAP_HAS_CAP_LEN; /* most common flags... */ - - frame_data_init(&fdlocal, ++framenum, &rec, /* offset */ 0, /* cum_bytes */ 0); - /* frame_data_set_before_dissect() not needed */ - epan_dissect_run(edt, WTAP_FILE_TYPE_SUBTYPE_UNKNOWN, &rec, tvb_new_real_data(buf, len, len), &fdlocal, NULL /* &fuzz_cinfo */); - frame_data_destroy(&fdlocal); - - epan_dissect_reset(edt); - return 0; -} - -#else -# error "Missing fuzz target." -#endif - -int -LLVMFuzzerInitialize(int *argc, char ***argv) -{ - int ret; - - ret = fuzz_init(*argc, *argv); - if (ret != 0) - exit(ret); - - return 0; -} - -/* - * Editor modelines - http://www.wireshark.org/tools/modelines.html - * - * Local variables: - * c-basic-offset: 8 - * tab-width: 8 - * indent-tabs-mode: t - * End: - * - * vi: set shiftwidth=8 tabstop=8 noexpandtab: - * :indentSize=8:tabSize=8:noTabs=false: - */ |