Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzz v6 #3914

Closed
wants to merge 3 commits into from
Closed

Fuzz v6 #3914

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eb9da9e
init: new file init.c to have common initialisation
catenacyber May 27, 2019
8645ccd
log: can use a file set from env variable
catenacyber May 27, 2019
aa65315
fuzz: adds five fuzz targets
catenacyber May 27, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_SRCDIR([src/suricata.c])
AC_CONFIG_MACRO_DIR(m4)
AM_INIT_AUTOMAKE
AM_INIT_AUTOMAKE([subdir-objects])

AC_LANG_C
AC_PROG_CC_C99
Expand Down Expand Up @@ -2369,6 +2369,20 @@ fi
fi
AM_CONDITIONAL([HAVE_PDFLATEX], [test "x$enable_pdflatex" != "xno"])

AC_CHECK_LIB(FuzzingEngine, main,, LIBFUZZINGENGINE="no")
if test "$LIBFUZZINGENGINE" = "no"; then
libfuzzingengine=no
fi
AM_CONDITIONAL([HAVE_LIBFUZZINGENGINE], [test "x$libfuzzingengine" != "xno"])

AC_ARG_ENABLE(fuzztargets,
AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
AS_IF([test "x$enable_fuzztargets" = "xyes"], [
AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
])


# Cargo/Rust
AC_PATH_PROG(RUSTC, rustc, "no")
if test "$RUSTC" = "no"; then
Expand Down Expand Up @@ -2418,7 +2432,6 @@ fi
else
RUST_SURICATA_LIB="../rust/target/release/${RUST_SURICATA_LIBNAME}"
fi
RUST_LDADD="${RUST_SURICATA_LIB} ${RUST_LDADD}"
CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen/c-headers"
AC_SUBST(RUST_SURICATA_LIB)
AC_SUBST(RUST_LDADD)
Expand Down
88 changes: 83 additions & 5 deletions src/Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,11 @@ noinst_HEADERS = action-globals.h \
suricata-common.h threadvars.h tree.h \
util-validate.h
bin_PROGRAMS = suricata
if BUILD_FUZZTARGETS
bin_PROGRAMS += fuzz_applayerprotodetectgetproto fuzz_applayerparserparse fuzz_siginit fuzz_confyamlloadstring fuzz_decodepcapfile fuzz_sigyamlpcap
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you update this to have a ~80 char line limit?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

endif

suricata_SOURCES = \
COMMON_SOURCES = \
alert-debuglog.c alert-debuglog.h \
alert-fastlog.c alert-fastlog.h \
alert-prelude.c alert-prelude.h \
Expand Down Expand Up @@ -282,6 +285,7 @@ host-bit.c host-bit.h \
host-queue.c host-queue.h \
host-storage.c host-storage.h \
host-timeout.c host-timeout.h \
init.c \
ippair.c ippair.h \
ippair-bit.c ippair-bit.h \
ippair-queue.c ippair-queue.h \
Expand Down Expand Up @@ -374,7 +378,6 @@ stream-tcp-list.c stream-tcp-list.h \
stream-tcp-reassemble.c stream-tcp-reassemble.h \
stream-tcp-sack.c stream-tcp-sack.h \
stream-tcp-util.c stream-tcp-util.h \
suricata.c suricata.h \
threads.c threads.h \
threads-debug.h threads-profile.h \
tm-modules.c tm-modules.h \
Expand Down Expand Up @@ -507,13 +510,88 @@ EXTRA_DIST = tests
# set the include path found by configure
AM_CPPFLAGS = $(all_includes)

suricata_SOURCES = suricata.c suricata.h $(COMMON_SOURCES)

# the library search path.
suricata_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
suricata_LDADD = $(HTP_LDADD) $(RUST_LDADD)
suricata_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)

fuzz_applayerprotodetectgetproto_SOURCES = tests/fuzz/fuzz_applayerprotodetectgetproto.c $(COMMON_SOURCES)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we unify these more? Its kind of ugly to have this list of similar blocks

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I spent some hours looking for a solution to this. Do you have any idea/pointer ? For some macro-like function for Makefile.am files...

fuzz_applayerprotodetectgetproto_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
fuzz_applayerprotodetectgetproto_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
if HAVE_LIBFUZZINGENGINE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when would we not have this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For instance, CI does not need libFuzzingEngine to build the fuzz targets with the simple driver onefile.c
I use it as well to debug and reproduce crashes

fuzz_applayerprotodetectgetproto_LDFLAGS += -lFuzzingEngine
else
fuzz_applayerprotodetectgetproto_SOURCES += tests/fuzz/onefile.c
endif
# force usage of CXX for linker
fuzz_applayerprotodetectgetproto_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_applayerprotodetectgetproto_LDFLAGS) $(LDFLAGS) -o $@

fuzz_applayerparserparse_SOURCES = tests/fuzz/fuzz_applayerparserparse.c $(COMMON_SOURCES)
fuzz_applayerparserparse_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
fuzz_applayerparserparse_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
if HAVE_LIBFUZZINGENGINE
fuzz_applayerparserparse_LDFLAGS += -lFuzzingEngine
else
fuzz_applayerparserparse_SOURCES += tests/fuzz/onefile.c
endif
fuzz_applayerparserparse_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_applayerparserparse_LDFLAGS) $(LDFLAGS) -o $@

fuzz_siginit_SOURCES = tests/fuzz/fuzz_siginit.c $(COMMON_SOURCES)
fuzz_siginit_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
fuzz_siginit_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
if HAVE_LIBFUZZINGENGINE
fuzz_siginit_LDFLAGS += -lFuzzingEngine
else
fuzz_siginit_SOURCES += tests/fuzz/onefile.c
endif
# force usage of CXX for linker
fuzz_siginit_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_siginit_LDFLAGS) $(LDFLAGS) -o $@

fuzz_confyamlloadstring_SOURCES = tests/fuzz/fuzz_confyamlloadstring.c $(COMMON_SOURCES)
fuzz_confyamlloadstring_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
fuzz_confyamlloadstring_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
if HAVE_LIBFUZZINGENGINE
fuzz_confyamlloadstring_LDFLAGS += -lFuzzingEngine
else
fuzz_confyamlloadstring_SOURCES += tests/fuzz/onefile.c
endif
# force usage of CXX for linker
fuzz_confyamlloadstring_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_confyamlloadstring_LDFLAGS) $(LDFLAGS) -o $@

fuzz_decodepcapfile_SOURCES = tests/fuzz/fuzz_decodepcapfile.c $(COMMON_SOURCES)
fuzz_decodepcapfile_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
fuzz_decodepcapfile_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
if HAVE_LIBFUZZINGENGINE
fuzz_decodepcapfile_LDFLAGS += -lFuzzingEngine
else
fuzz_decodepcapfile_SOURCES += tests/fuzz/onefile.c
endif
# force usage of CXX for linker
fuzz_decodepcapfile_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_decodepcapfile_LDFLAGS) $(LDFLAGS) -o $@

if HAVE_RUST
suricata_DEPENDENCIES = $(RUST_SURICATA_LIB)
fuzz_sigyamlpcap_SOURCES = tests/fuzz/fuzz_sigyamlpcap.c $(COMMON_SOURCES)
fuzz_sigyamlpcap_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
fuzz_sigyamlpcap_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
if HAVE_LIBFUZZINGENGINE
fuzz_sigyamlpcap_LDFLAGS += -lFuzzingEngine
else
fuzz_sigyamlpcap_SOURCES += tests/fuzz/onefile.c
endif
# force usage of CXX for linker
fuzz_sigyamlpcap_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
$(fuzz_sigyamlpcap_LDFLAGS) $(LDFLAGS) -o $@

# default CFLAGS
AM_CFLAGS = ${OPTIMIZATION_CFLAGS} ${GCC_CFLAGS} ${CLANG_CFLAGS} \
Expand Down
Loading