From 038aa2a616db5ba658bee25dee5e55a716d4984a Mon Sep 17 00:00:00 2001 From: Jakub Zawadzki Date: Wed, 6 Dec 2017 21:10:29 +0100 Subject: [PATCH] Add fuzzshark to cmake/autotools. Add fuzzshark target to make sure that oss-fuzzshark always build. Change-Id: I802b679c18023daa1475a54bae722b5e90c72a59 Reviewed-on: https://code.wireshark.org/review/24716 Petri-Dish: Jakub Zawadzki Tested-by: Petri Dish Buildbot Reviewed-by: Gerald Combs --- .gitignore | 1 + CMakeLists.txt | 16 ++ CMakeOptions.txt | 1 + Makefile.am | 21 ++- configure.ac | 14 ++ .../oss-fuzzshark/StandaloneFuzzTargetMain.c | 141 ++++++++++++++++++ tools/oss-fuzzshark/fuzzshark.c | 55 ++++--- 7 files changed, 228 insertions(+), 21 deletions(-) create mode 100644 tools/oss-fuzzshark/StandaloneFuzzTargetMain.c diff --git a/.gitignore b/.gitignore index 88a13c1e1a..06d4b32513 100644 --- a/.gitignore +++ b/.gitignore @@ -79,6 +79,7 @@ dftest dumpcap editcap exntest +fuzzshark install-sh libtool libtool.m4 diff --git a/CMakeLists.txt b/CMakeLists.txt index e498ecd4bc..3e864c6484 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2563,6 +2563,22 @@ if(BUILD_randpkt) install(TARGETS randpkt RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) endif() +if(BUILD_fuzzshark) + set(fuzzshark_LIBS + ${LIBEPAN_LIBS} + ) + set(fuzzshark_FILES + tools/oss-fuzzshark/fuzzshark.c + tools/oss-fuzzshark/StandaloneFuzzTargetMain.c + version_info.c + ) + add_executable(fuzzshark ${fuzzshark_FILES}) + add_dependencies(fuzzshark version) + set_extra_executable_properties(fuzzshark "Executables") + target_link_libraries(fuzzshark ${fuzzshark_LIBS}) + install(TARGETS fuzzshark RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) +endif() + if(BUILD_text2pcap) set(text2pcap_LIBS writecap diff --git a/CMakeOptions.txt b/CMakeOptions.txt index b60beeac9a..dc262ff776 100644 --- a/CMakeOptions.txt +++ b/CMakeOptions.txt @@ -23,6 +23,7 @@ option(BUILD_ciscodump "Build ciscodump" ON) option(BUILD_randpktdump "Build randpktdump" ON) option(BUILD_udpdump "Build udpdump" ON) option(BUILD_sharkd "Build sharkd" ON) +option(BUILD_fuzzshark "Build fuzzshark" ON) option(DISABLE_WERROR "Do not treat warnings as errors" OFF) option(DISABLE_FRAME_LARGER_THAN_WARNING "Disable warning if the size of a function frame is large" OFF) diff --git a/Makefile.am b/Makefile.am index 63968c3e0e..af05c5ddb2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -45,11 +45,12 @@ bin_PROGRAMS = \ @dumpcap_bin@ \ @reordercap_bin@ \ @rawshark_bin@ \ - @sharkd_bin@ + @sharkd_bin@ \ + @fuzzshark_bin@ EXTRA_PROGRAMS = wireshark-gtk wireshark tshark tfshark capinfos captype \ editcap mergecap dftest randpkt text2pcap dumpcap reordercap \ - rawshark sharkd + rawshark sharkd fuzzshark # # Wireshark configuration files are put in $(pkgdatadir). @@ -453,6 +454,22 @@ wireshark_gtk_LDADD = \ @PORTAUDIO_LIBS@ endif +fuzzshark_SOURCES = \ + tools/oss-fuzzshark/fuzzshark.c \ + tools/oss-fuzzshark/StandaloneFuzzTargetMain.c \ + version_info.c + +fuzzshark_CPPFLAGS = $(AM_CPPFLAGS) $(GLIB_CFLAGS) + +fuzzshark_LDFLAGS = $(AM_LDFLAGS) + +fuzzshark_LDADD = \ + wiretap/libwiretap.la \ + epan/libwireshark.la \ + wsutil/libwsutil.la \ + @GLIB_LIBS@ \ + ${EPAN_EXTRA_LIBS} + tshark_SOURCES = \ $(SHARK_COMMON_SRC) \ capture_opts.c \ diff --git a/configure.ac b/configure.ac index 1ea5de863d..5e5144df26 100644 --- a/configure.ac +++ b/configure.ac @@ -1781,6 +1781,19 @@ fi AC_SUBST(tfshark_bin) AC_SUBST(tfshark_man) +# Enable/disable fuzzshark +AC_ARG_ENABLE(fuzzshark, + AC_HELP_STRING( [--enable-fuzzshark], + [build fuzzshark @<:@default=yes@:>@]), + fuzzshark=$enableval,enable_fuzzshark=yes) + +if test "x$enable_fuzzshark" = "xyes" ; then + fuzzshark_bin="fuzzshark\$(EXEEXT)" +else + fuzzshark_bin="" +fi +AC_SUBST(fuzzshark_bin) + dnl Use pcap-ng by default AC_ARG_ENABLE(pcap-ng-default, @@ -2991,6 +3004,7 @@ echo " Build randpkt : $enable_randpkt" echo " Build dftest : $enable_dftest" echo " Build rawshark : $enable_rawshark" echo " Build sharkd : $enable_sharkd" +echo " Build fuzzshark : $enable_fuzzshark" echo " Build androiddump : $enable_androiddump" echo " Build sshdump : $enable_sshdump" echo " Build ciscodump : $enable_ciscodump" diff --git a/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c b/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c new file mode 100644 index 0000000000..587b34805f --- /dev/null +++ b/tools/oss-fuzzshark/StandaloneFuzzTargetMain.c @@ -0,0 +1,141 @@ +/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c r311407 (22 Aug 2017) */ + +/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */ + +/* +============================================================================== +compiler_rt License +============================================================================== + +The compiler_rt library is dual licensed under both the University of Illinois +"BSD-Like" license and the MIT license. As a user of this code you may choose +to use it under either license. As a contributor, you agree to allow your code +to be used under both. + +Full text of the relevant licenses is included below. + +============================================================================== + +University of Illinois/NCSA +Open Source License + +Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT + +All rights reserved. + +Developed by: + + LLVM Team + + University of Illinois at Urbana-Champaign + + http://llvm.org + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal with +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimers. + + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimers in the + documentation and/or other materials provided with the distribution. + + * Neither the names of the LLVM Team, University of Illinois at + Urbana-Champaign, nor the names of its contributors may be used to + endorse or promote products derived from this Software without specific + prior written permission. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE +SOFTWARE. + +============================================================================== + +Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +============================================================================== +Copyrights and Licenses for Third Party Software Distributed with LLVM: +============================================================================== +The LLVM software contains code written by third parties. Such software will +have its own individual LICENSE.TXT file in the directory in which it appears. +This file will describe the copyrights, license, and restrictions which apply +to that code. + +The disclaimer of warranty in the University of Illinois Open Source License +applies to all code in the LLVM Distribution, and nothing in any of the +other licenses gives permission to use the names of the LLVM Team or the +University of Illinois to endorse or promote products derived from this +Software. +*/ + +/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// This main() function can be linked to a fuzz target (i.e. a library +// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize()) +// instead of libFuzzer. This main() function will not perform any fuzzing +// but will simply feed all input files one by one to the fuzz target. +// +// Use this file to provide reproducers for bugs when linking against libFuzzer +// or other fuzzing engine is undesirable. +//===----------------------------------------------------------------------===*/ +#include +#include +#include + +#include +#include + +extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size); +extern int LLVMFuzzerInitialize(int *argc, char ***argv); +int main(int argc, char **argv) { + fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1); + LLVMFuzzerInitialize(&argc, &argv); + for (int i = 1; i < argc; i++) { + fprintf(stderr, "Running: %s\n", argv[i]); + FILE *f = ws_fopen(argv[i], "r"); + assert(f); + fseek(f, 0, SEEK_END); + size_t len = ftell(f); + fseek(f, 0, SEEK_SET); + unsigned char *buf = (unsigned char*)g_malloc(len); + size_t n_read = fread(buf, 1, len, f); + assert(n_read == len); + fclose(f); + LLVMFuzzerTestOneInput(buf, len); + g_free(buf); + fprintf(stderr, "Done: %s: (%zd bytes)\n", argv[i], n_read); + } +} diff --git a/tools/oss-fuzzshark/fuzzshark.c b/tools/oss-fuzzshark/fuzzshark.c index 6748785436..4cfba4fd3c 100644 --- a/tools/oss-fuzzshark/fuzzshark.c +++ b/tools/oss-fuzzshark/fuzzshark.c @@ -131,6 +131,33 @@ fuzzshark_epan_new(void) return epan; } +static dissector_handle_t +get_dissector_handle(const char *table, const char *target) +{ + dissector_handle_t fuzz_handle = NULL; + + if (table != NULL && target != NULL) + { + /* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */ + GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(table)); + while (handle_list) + { + dissector_handle_t handle = (dissector_handle_t) handle_list->data; + const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle)); + + if (!strcmp(handle_filter_name, target)) + fuzz_handle = handle; + handle_list = handle_list->next; + } + } + else if (target != NULL) + { + fuzz_handle = find_dissector(target); + } + + return fuzz_handle; +} + static int fuzz_init(int argc _U_, char **argv) { @@ -142,12 +169,10 @@ fuzz_init(int argc _U_, char **argv) e_prefs *prefs_p; int ret = EXIT_SUCCESS; -#if defined(FUZZ_DISSECTOR_TARGET) dissector_handle_t fuzz_handle = NULL; -#endif - setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0); - setenv("G_SLICE", "always-malloc", 0); + g_setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0); + g_setenv("G_SLICE", "always-malloc", 0); cmdarg_err_init(failure_warning_message, failure_message_cont); @@ -236,25 +261,17 @@ fuzz_init(int argc _U_, char **argv) #if defined(FUZZ_DISSECTOR_TABLE) && defined(FUZZ_DISSECTOR_TARGET) # define FUZZ_EPAN 1 fprintf(stderr, "oss-fuzzshark: configured for dissector: %s in table: %s\n", FUZZ_DISSECTOR_TARGET, FUZZ_DISSECTOR_TABLE); - - /* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */ - { - GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(FUZZ_DISSECTOR_TABLE)); - while (handle_list) - { - dissector_handle_t handle = (dissector_handle_t) handle_list->data; - const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle)); - - if (!strcmp(handle_filter_name, FUZZ_DISSECTOR_TARGET)) - fuzz_handle = handle; - handle_list = handle_list->next; - } - } + fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TABLE, FUZZ_DISSECTOR_TARGET); #elif defined(FUZZ_DISSECTOR_TARGET) # define FUZZ_EPAN 2 fprintf(stderr, "oss-fuzzshark: configured for dissector: %s\n", FUZZ_DISSECTOR_TARGET); - fuzz_handle = find_dissector(FUZZ_DISSECTOR_TARGET); + fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TARGET); + +#else +# define FUZZ_EPAN 3 + fprintf(stderr, "oss-fuzzshark: target not configured. Using env\n"); + fuzz_handle = get_dissector_handle(getenv("FUZZSHARK_TABLE"), getenv("FUZZSHARK_TARGET")); #endif #ifdef FUZZ_EPAN