Add fuzzshark to cmake/autotools.

Add fuzzshark target to make sure that oss-fuzzshark always build. Change-Id: I802b679c18023daa1475a54bae722b5e90c72a59 Reviewed-on: https://code.wireshark.org/review/24716 Petri-Dish: Jakub Zawadzki <darkjames-ws@darkjames.pl> Tested-by: Petri Dish Buildbot Reviewed-by: Gerald Combs <gerald@wireshark.org>
2017-12-06 21:10:29 +01:00 · 2017-12-06 21:10:29 +01:00 · 038aa2a616
parent 8687fca8a8
commit 038aa2a616
7 changed files with 228 additions and 21 deletions
--- a/.gitignore
+++ b/.gitignore
@ -79,6 +79,7 @@ dftest
 dumpcap
 editcap
 exntest
+fuzzshark
 install-sh
 libtool
 libtool.m4
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -2563,6 +2563,22 @@ if(BUILD_randpkt)
 	install(TARGETS randpkt RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
 endif()

+if(BUILD_fuzzshark)
+	set(fuzzshark_LIBS
+		${LIBEPAN_LIBS}
+	)
+	set(fuzzshark_FILES
+		tools/oss-fuzzshark/fuzzshark.c
+		tools/oss-fuzzshark/StandaloneFuzzTargetMain.c
+		version_info.c
+	)
+	add_executable(fuzzshark ${fuzzshark_FILES})
+	add_dependencies(fuzzshark version)
+	set_extra_executable_properties(fuzzshark "Executables")
+	target_link_libraries(fuzzshark ${fuzzshark_LIBS})
+	install(TARGETS fuzzshark RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+endif()
+
 if(BUILD_text2pcap)
 	set(text2pcap_LIBS
 		writecap
--- a/CMakeOptions.txt
+++ b/CMakeOptions.txt
@ -23,6 +23,7 @@ option(BUILD_ciscodump     "Build ciscodump" ON)
 option(BUILD_randpktdump   "Build randpktdump" ON)
 option(BUILD_udpdump       "Build udpdump" ON)
 option(BUILD_sharkd        "Build sharkd" ON)
+option(BUILD_fuzzshark     "Build fuzzshark" ON)

 option(DISABLE_WERROR    "Do not treat warnings as errors" OFF)
 option(DISABLE_FRAME_LARGER_THAN_WARNING "Disable warning if the size of a function frame is large" OFF)
--- a/Makefile.am
+++ b/Makefile.am
@ -45,11 +45,12 @@ bin_PROGRAMS = \
 	@dumpcap_bin@		\
 	@reordercap_bin@	\
 	@rawshark_bin@		\
-	@sharkd_bin@
+	@sharkd_bin@		\
+	@fuzzshark_bin@

 EXTRA_PROGRAMS = wireshark-gtk wireshark tshark tfshark capinfos captype \
 	editcap mergecap dftest randpkt text2pcap dumpcap reordercap \
-	rawshark sharkd
+	rawshark sharkd fuzzshark

 #
 # Wireshark configuration files are put in $(pkgdatadir).
@ -453,6 +454,22 @@ wireshark_gtk_LDADD = \
 	@PORTAUDIO_LIBS@
 endif

+fuzzshark_SOURCES = \
+	tools/oss-fuzzshark/fuzzshark.c \
+	tools/oss-fuzzshark/StandaloneFuzzTargetMain.c \
+	version_info.c
+
+fuzzshark_CPPFLAGS = $(AM_CPPFLAGS) $(GLIB_CFLAGS)
+
+fuzzshark_LDFLAGS = $(AM_LDFLAGS)
+
+fuzzshark_LDADD = \
+	wiretap/libwiretap.la		\
+	epan/libwireshark.la		\
+	wsutil/libwsutil.la		\
+	@GLIB_LIBS@			\
+	${EPAN_EXTRA_LIBS}
+
 tshark_SOURCES = \
 	$(SHARK_COMMON_SRC)	\
 	capture_opts.c		\
--- a/configure.ac
+++ b/configure.ac
@ -1781,6 +1781,19 @@ fi
 AC_SUBST(tfshark_bin)
 AC_SUBST(tfshark_man)

+# Enable/disable fuzzshark
+AC_ARG_ENABLE(fuzzshark,
+  AC_HELP_STRING( [--enable-fuzzshark],
+		  [build fuzzshark @<:@default=yes@:>@]),
+    fuzzshark=$enableval,enable_fuzzshark=yes)
+
+if test "x$enable_fuzzshark" = "xyes" ; then
+	fuzzshark_bin="fuzzshark\$(EXEEXT)"
+else
+	fuzzshark_bin=""
+fi
+AC_SUBST(fuzzshark_bin)
+

 dnl Use pcap-ng by default
 AC_ARG_ENABLE(pcap-ng-default,
@ -2991,6 +3004,7 @@ echo "                      Build randpkt : $enable_randpkt"
 echo "                       Build dftest : $enable_dftest"
 echo "                     Build rawshark : $enable_rawshark"
 echo "                       Build sharkd : $enable_sharkd"
+echo "                    Build fuzzshark : $enable_fuzzshark"
 echo "                  Build androiddump : $enable_androiddump"
 echo "                      Build sshdump : $enable_sshdump"
 echo "                    Build ciscodump : $enable_ciscodump"
--- a/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c
+++ b/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c
@ -0,0 +1,141 @@
+/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c r311407 (22 Aug 2017) */
+
+/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */
+
+/*
+==============================================================================
+compiler_rt License
+==============================================================================
+
+The compiler_rt library is dual licensed under both the University of Illinois
+"BSD-Like" license and the MIT license.  As a user of this code you may choose
+to use it under either license.  As a contributor, you agree to allow your code
+to be used under both.
+
+Full text of the relevant licenses is included below.
+
+==============================================================================
+
+University of Illinois/NCSA
+Open Source License
+
+Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT
+
+All rights reserved.
+
+Developed by:
+
+    LLVM Team
+
+    University of Illinois at Urbana-Champaign
+
+    http://llvm.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal with
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimers.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimers in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the names of the LLVM Team, University of Illinois at
+      Urbana-Champaign, nor the names of its contributors may be used to
+      endorse or promote products derived from this Software without specific
+      prior written permission.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE
+SOFTWARE.
+
+==============================================================================
+
+Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+==============================================================================
+Copyrights and Licenses for Third Party Software Distributed with LLVM:
+==============================================================================
+The LLVM software contains code written by third parties.  Such software will
+have its own individual LICENSE.TXT file in the directory in which it appears.
+This file will describe the copyrights, license, and restrictions which apply
+to that code.
+
+The disclaimer of warranty in the University of Illinois Open Source License
+applies to all code in the LLVM Distribution, and nothing in any of the
+other licenses gives permission to use the names of the LLVM Team or the
+University of Illinois to endorse or promote products derived from this
+Software.
+*/
+
+/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// This main() function can be linked to a fuzz target (i.e. a library
+// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())
+// instead of libFuzzer. This main() function will not perform any fuzzing
+// but will simply feed all input files one by one to the fuzz target.
+//
+// Use this file to provide reproducers for bugs when linking against libFuzzer
+// or other fuzzing engine is undesirable.
+//===----------------------------------------------------------------------===*/
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <glib.h>
+#include <wsutil/file_util.h>
+
+extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
+extern int LLVMFuzzerInitialize(int *argc, char ***argv);
+int main(int argc, char **argv) {
+  fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
+  LLVMFuzzerInitialize(&argc, &argv);
+  for (int i = 1; i < argc; i++) {
+    fprintf(stderr, "Running: %s\n", argv[i]);
+    FILE *f = ws_fopen(argv[i], "r");
+    assert(f);
+    fseek(f, 0, SEEK_END);
+    size_t len = ftell(f);
+    fseek(f, 0, SEEK_SET);
+    unsigned char *buf = (unsigned char*)g_malloc(len);
+    size_t n_read = fread(buf, 1, len, f);
+    assert(n_read == len);
+    fclose(f);
+    LLVMFuzzerTestOneInput(buf, len);
+    g_free(buf);
+    fprintf(stderr, "Done:    %s: (%zd bytes)\n", argv[i], n_read);
+  }
+}
--- a/tools/oss-fuzzshark/fuzzshark.c
+++ b/tools/oss-fuzzshark/fuzzshark.c
@ -131,6 +131,33 @@ fuzzshark_epan_new(void)
 	return epan;
 }

+static dissector_handle_t
+get_dissector_handle(const char *table, const char *target)
+{
+	dissector_handle_t fuzz_handle = NULL;
+
+	if (table != NULL && target != NULL)
+	{
+		/* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */
+		GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(table));
+		while (handle_list)
+		{
+			dissector_handle_t handle = (dissector_handle_t) handle_list->data;
+			const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle));
+
+			if (!strcmp(handle_filter_name, target))
+				fuzz_handle = handle;
+			handle_list = handle_list->next;
+		}
+	}
+	else if (target != NULL)
+	{
+		fuzz_handle = find_dissector(target);
+	}
+
+	return fuzz_handle;
+}
+
 static int
 fuzz_init(int argc _U_, char **argv)
 {
@ -142,12 +169,10 @@ fuzz_init(int argc _U_, char **argv)
 	e_prefs             *prefs_p;
 	int                  ret = EXIT_SUCCESS;

-#if defined(FUZZ_DISSECTOR_TARGET)
 	dissector_handle_t fuzz_handle = NULL;
-#endif

-	setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0);
-	setenv("G_SLICE", "always-malloc", 0);
+	g_setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0);
+	g_setenv("G_SLICE", "always-malloc", 0);

 	cmdarg_err_init(failure_warning_message, failure_message_cont);

@ -236,25 +261,17 @@ fuzz_init(int argc _U_, char **argv)
 #if defined(FUZZ_DISSECTOR_TABLE) && defined(FUZZ_DISSECTOR_TARGET)
 # define FUZZ_EPAN 1
 	fprintf(stderr, "oss-fuzzshark: configured for dissector: %s in table: %s\n", FUZZ_DISSECTOR_TARGET, FUZZ_DISSECTOR_TABLE);
-
-	/* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */
-	{
-		GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(FUZZ_DISSECTOR_TABLE));
-		while (handle_list)
-		{
-			dissector_handle_t handle = (dissector_handle_t) handle_list->data;
-			const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle));
-
-			if (!strcmp(handle_filter_name, FUZZ_DISSECTOR_TARGET))
-				fuzz_handle = handle;
-			handle_list = handle_list->next;
-		}
-	}
+	fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TABLE, FUZZ_DISSECTOR_TARGET);

 #elif defined(FUZZ_DISSECTOR_TARGET)
 # define FUZZ_EPAN 2
 	fprintf(stderr, "oss-fuzzshark: configured for dissector: %s\n", FUZZ_DISSECTOR_TARGET);
-	fuzz_handle = find_dissector(FUZZ_DISSECTOR_TARGET);
+	fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TARGET);
+
+#else
+# define FUZZ_EPAN 3
+	fprintf(stderr, "oss-fuzzshark: target not configured. Using env\n");
+	fuzz_handle = get_dissector_handle(getenv("FUZZSHARK_TABLE"), getenv("FUZZSHARK_TARGET"));
 #endif

 #ifdef FUZZ_EPAN