From 66181ed2e4b9f174d84e0db06ab99e5817367f73 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 26 Mar 2020 14:06:32 +0100 Subject: [PATCH 1/5] ci: enables fuzz targets in one build github workflow wih debian --- .github/workflows/builds.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 67bcea0e596b..1d3e59ca012a 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -453,7 +453,7 @@ jobs: tar zxvf - --strip-components=1 working-directory: suricata-update - run: ./autogen.sh - - run: ./configure --enable-unittests + - run: ./configure --enable-unittests --enable-fuzztargets - run: make -j2 - run: make check - name: Fetching suricata-verify From e15f3db4740c53275fbee5642e643360d5ed3420 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 26 Mar 2020 14:29:38 +0100 Subject: [PATCH 2/5] configure: right test for AFLFUZZ_PERSISTANT_MODE --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index dd053c134b97..e707d8f8ce89 100644 --- a/configure.ac +++ b/configure.ac @@ -465,9 +465,12 @@ AC_PROG_CXX AS_IF([test "x$enable_fuzztargets" = "xyes"], [ AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions]) + CFLAGS_ORIG=$CFLAGS + CFLAGS="-Werror" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])], [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])], []) + CFLAGS=$CFLAGS_ORIG AC_LANG_PUSH(C++) tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [ From 440bb4d6007560be6e431fb2087d1d28c3676872 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 26 Mar 2020 14:42:50 +0100 Subject: [PATCH 3/5] fuzz: remove decodeder fuzz target As we removed decodeder function --- src/Makefile.am | 15 +-------------- src/tests/fuzz/fuzz_decodeder.c | 32 -------------------------------- 2 files changed, 1 insertion(+), 46 deletions(-) delete mode 100644 src/tests/fuzz/fuzz_decodeder.c diff --git a/src/Makefile.am b/src/Makefile.am index 28cf620071ca..8036c0a9b7af 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -10,7 +10,7 @@ if BUILD_FUZZTARGETS bin_PROGRAMS += fuzz_applayerprotodetectgetproto \ fuzz_applayerparserparse fuzz_siginit \ fuzz_confyamlloadstring fuzz_decodepcapfile \ - fuzz_sigpcap fuzz_mimedecparseline fuzz_decodeder + fuzz_sigpcap fuzz_mimedecparseline endif COMMON_SOURCES = \ @@ -642,19 +642,6 @@ fuzz_mimedecparseline_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_mimedecparseline_LDFLAGS) $(LDFLAGS) -o $@ -nodist_fuzz_decodeder_SOURCES = tests/fuzz/fuzz_decodeder.c $(COMMON_SOURCES) -fuzz_decodeder_LDFLAGS = $(all_libraries) ${SECLDFLAGS} -fuzz_decodeder_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD) -if HAS_FUZZLDFLAGS - fuzz_decodeder_LDFLAGS += $(LIB_FUZZING_ENGINE) -else - nodist_fuzz_decodeder_SOURCES += tests/fuzz/onefile.c -endif -# force usage of CXX for linker -fuzz_decodeder_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_decodeder_LDFLAGS) $(LDFLAGS) -o $@ - # default CFLAGS AM_CFLAGS = ${OPTIMIZATION_CFLAGS} ${GCC_CFLAGS} ${CLANG_CFLAGS} \ ${SECCFLAGS} ${PCAP_CFLAGS} -DLOCAL_STATE_DIR=\"$(localstatedir)\" \ diff --git a/src/tests/fuzz/fuzz_decodeder.c b/src/tests/fuzz/fuzz_decodeder.c deleted file mode 100644 index 7fc4fb70e938..000000000000 --- a/src/tests/fuzz/fuzz_decodeder.c +++ /dev/null @@ -1,32 +0,0 @@ -/** - * @file - * @author Philippe Antoine - * fuzz target for DecodeDer - */ - - -#include "suricata-common.h" -#include "util-decode-der.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); - -static int initialized = 0; - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - if (initialized == 0) { - //Redirects logs to /dev/null - setenv("SC_LOG_OP_IFACE", "file", 0); - setenv("SC_LOG_FILE", "/dev/null", 0); - //global init - InitGlobal(); - run_mode = RUNMODE_UNITTEST; - initialized = 1; - } - uint32_t errcode = 0; - - Asn1Generic *a = DecodeDer(data, size, &errcode); - DerFree(a); - - return 0; -} From bf60959d84edcb871c6935e7959690f898bd40d0 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 26 Mar 2020 14:55:31 +0100 Subject: [PATCH 4/5] fuzz: simpler way to force usage of CXX linker --- src/Makefile.am | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 8036c0a9b7af..2b2bd03f5214 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -561,9 +561,7 @@ else nodist_fuzz_applayerprotodetectgetproto_SOURCES += tests/fuzz/onefile.c endif # force usage of CXX for linker -fuzz_applayerprotodetectgetproto_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_applayerprotodetectgetproto_LDFLAGS) $(LDFLAGS) -o $@ +nodist_EXTRA_fuzz_applayerprotodetectgetproto_SOURCES = force-cxx-linking.cxx nodist_fuzz_applayerparserparse_SOURCES = tests/fuzz/fuzz_applayerparserparse.c $(COMMON_SOURCES) fuzz_applayerparserparse_LDFLAGS = $(all_libraries) ${SECLDFLAGS} @@ -573,9 +571,8 @@ if HAS_FUZZLDFLAGS else nodist_fuzz_applayerparserparse_SOURCES += tests/fuzz/onefile.c endif -fuzz_applayerparserparse_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_applayerparserparse_LDFLAGS) $(LDFLAGS) -o $@ +# force usage of CXX for linker +nodist_EXTRA_fuzz_applayerparserparse_SOURCES = force-cxx-linking.cxx nodist_fuzz_siginit_SOURCES = tests/fuzz/fuzz_siginit.c $(COMMON_SOURCES) fuzz_siginit_LDFLAGS = $(all_libraries) ${SECLDFLAGS} @@ -586,9 +583,7 @@ else nodist_fuzz_siginit_SOURCES += tests/fuzz/onefile.c endif # force usage of CXX for linker -fuzz_siginit_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_siginit_LDFLAGS) $(LDFLAGS) -o $@ +nodist_EXTRA_fuzz_siginit_SOURCES = force-cxx-linking.cxx nodist_fuzz_confyamlloadstring_SOURCES = tests/fuzz/fuzz_confyamlloadstring.c $(COMMON_SOURCES) fuzz_confyamlloadstring_LDFLAGS = $(all_libraries) ${SECLDFLAGS} @@ -599,9 +594,7 @@ else nodist_fuzz_confyamlloadstring_SOURCES += tests/fuzz/onefile.c endif # force usage of CXX for linker -fuzz_confyamlloadstring_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_confyamlloadstring_LDFLAGS) $(LDFLAGS) -o $@ +nodist_EXTRA_fuzz_confyamlloadstring_SOURCES = force-cxx-linking.cxx nodist_fuzz_decodepcapfile_SOURCES = tests/fuzz/fuzz_decodepcapfile.c $(COMMON_SOURCES) fuzz_decodepcapfile_LDFLAGS = $(all_libraries) ${SECLDFLAGS} @@ -612,9 +605,7 @@ else nodist_fuzz_decodepcapfile_SOURCES += tests/fuzz/onefile.c endif # force usage of CXX for linker -fuzz_decodepcapfile_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_decodepcapfile_LDFLAGS) $(LDFLAGS) -o $@ +nodist_EXTRA_fuzz_decodepcapfile_SOURCES = force-cxx-linking.cxx nodist_fuzz_sigpcap_SOURCES = tests/fuzz/fuzz_sigpcap.c $(COMMON_SOURCES) fuzz_sigpcap_LDFLAGS = $(all_libraries) ${SECLDFLAGS} @@ -625,9 +616,7 @@ else nodist_fuzz_sigpcap_SOURCES += tests/fuzz/onefile.c endif # force usage of CXX for linker -fuzz_sigpcap_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_sigpcap_LDFLAGS) $(LDFLAGS) -o $@ +nodist_EXTRA_fuzz_sigpcap_SOURCES = force-cxx-linking.cxx nodist_fuzz_mimedecparseline_SOURCES = tests/fuzz/fuzz_mimedecparseline.c $(COMMON_SOURCES) fuzz_mimedecparseline_LDFLAGS = $(all_libraries) ${SECLDFLAGS} @@ -638,9 +627,7 @@ else nodist_fuzz_mimedecparseline_SOURCES += tests/fuzz/onefile.c endif # force usage of CXX for linker -fuzz_mimedecparseline_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \ - $(fuzz_mimedecparseline_LDFLAGS) $(LDFLAGS) -o $@ +nodist_EXTRA_fuzz_mimedecparseline_SOURCES = force-cxx-linking.cxx # default CFLAGS AM_CFLAGS = ${OPTIMIZATION_CFLAGS} ${GCC_CFLAGS} ${CLANG_CFLAGS} \ From 19fe8d9894207f18dbd305a5834820f3a698dc32 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 26 Mar 2020 14:44:58 +0100 Subject: [PATCH 5/5] ci: add fuzztargets and afl build test --- .github/workflows/builds.yml | 56 ++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 1d3e59ca012a..788973e514be 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -330,6 +330,62 @@ jobs: - name: Running suricata-verify run: python3 ./suricata-verify/run.py + # test build with afl and fuzztargets + ubuntu-18-04-fuzz: + name: Ubuntu 18.04 (Fuzz) + runs-on: ubuntu-18.04 + container: ubuntu:18.04 + steps: + + # Cache Rust stuff. + - name: Cache cargo registry + uses: actions/cache@v1 + with: + path: ~/.cargo/registry + key: cargo-registry + + - name: Install dependencies + run: | + apt update + apt -y install \ + afl \ + afl-clang \ + libpcre3 \ + libpcre3-dev \ + build-essential \ + autoconf \ + automake \ + git \ + libtool \ + libpcap-dev \ + libnet1-dev \ + libyaml-0-2 \ + libyaml-dev \ + libcap-ng-dev \ + libcap-ng0 \ + libmagic-dev \ + libnetfilter-queue-dev \ + libnetfilter-queue1 \ + libnfnetlink-dev \ + libnfnetlink0 \ + libhiredis-dev \ + libjansson-dev \ + libjansson-dev \ + libpython2.7 \ + make \ + rustc \ + software-properties-common \ + zlib1g \ + zlib1g-dev + - name: Install cbindgen + run: cargo install --force cbindgen + - run: echo "::add-path::$HOME/.cargo/bin" + - uses: actions/checkout@v1 + - run: git clone https://github.com/OISF/libhtp -b 0.5.x + - run: ./autogen.sh + - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --enable-fuzztargets --disable-shared + - run: AFL_HARDEN=1 make -j2 + # An Ubuntu 16.04 build using the tarball generated in the CentOS 8 # build above. ubuntu-16-04: