Fuzz ci v3

.github/workflows/builds.yml

@@ -330,6 +330,62 @@ jobs:
       - name: Running suricata-verify
         run: python3 ./suricata-verify/run.py
 
+  # test build with afl and fuzztargets
+  ubuntu-18-04-fuzz:
+    name: Ubuntu 18.04 (Fuzz)
+    runs-on: ubuntu-18.04
+    container: ubuntu:18.04
+    steps:
+
+      # Cache Rust stuff.
+      - name: Cache cargo registry
+        uses: actions/cache@v1
+        with:
+          path: ~/.cargo/registry
+          key: cargo-registry
+
+      - name: Install dependencies
+        run: |
+          apt update
+          apt -y install \
+                afl \
+                afl-clang \
+                libpcre3 \
+                libpcre3-dev \
+                build-essential \
+                autoconf \
+                automake \
+                git \
+                libtool \
+                libpcap-dev \
+                libnet1-dev \
+                libyaml-0-2 \
+                libyaml-dev \
+                libcap-ng-dev \
+                libcap-ng0 \
+                libmagic-dev \
+                libnetfilter-queue-dev \
+                libnetfilter-queue1 \
+                libnfnetlink-dev \
+                libnfnetlink0 \
+                libhiredis-dev \
+                libjansson-dev \
+                libjansson-dev \
+                libpython2.7 \
+                make \
+                rustc \
+                software-properties-common \
+                zlib1g \
+                zlib1g-dev
+      - name: Install cbindgen
+        run: cargo install --force cbindgen
+      - run: echo "::add-path::$HOME/.cargo/bin"
+      - uses: actions/checkout@v1
+      - run: git clone https://github.com/OISF/libhtp -b 0.5.x
+      - run: ./autogen.sh
+      - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ ./configure --enable-fuzztargets --disable-shared
+      - run: AFL_HARDEN=1 make -j2
+
   # An Ubuntu 16.04 build using the tarball generated in the CentOS 8
   # build above.
   ubuntu-16-04:
@@ -453,7 +509,7 @@ jobs:
               tar zxvf - --strip-components=1
         working-directory: suricata-update
       - run: ./autogen.sh
-      - run: ./configure --enable-unittests
+      - run: ./configure --enable-unittests --enable-fuzztargets
       - run: make -j2
       - run: make check
       - name: Fetching suricata-verify

configure.ac

@@ -465,9 +465,12 @@
     AC_PROG_CXX
     AS_IF([test "x$enable_fuzztargets" = "xyes"], [
         AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
+        CFLAGS_ORIG=$CFLAGS
+        CFLAGS="-Werror"
         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
                 [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
                 [])
+        CFLAGS=$CFLAGS_ORIG
         AC_LANG_PUSH(C++)
         tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS
         AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [

src/Makefile.am

@@ -10,7 +10,7 @@ if BUILD_FUZZTARGETS
     bin_PROGRAMS += fuzz_applayerprotodetectgetproto \
     fuzz_applayerparserparse fuzz_siginit \
     fuzz_confyamlloadstring fuzz_decodepcapfile \
-    fuzz_sigpcap fuzz_mimedecparseline fuzz_decodeder
+    fuzz_sigpcap fuzz_mimedecparseline
 endif
 
 COMMON_SOURCES = \
@@ -561,9 +561,7 @@ else
     nodist_fuzz_applayerprotodetectgetproto_SOURCES += tests/fuzz/onefile.c
 endif
 # force usage of CXX for linker
-fuzz_applayerprotodetectgetproto_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_applayerprotodetectgetproto_LDFLAGS) $(LDFLAGS) -o $@
+nodist_EXTRA_fuzz_applayerprotodetectgetproto_SOURCES = force-cxx-linking.cxx
 
 nodist_fuzz_applayerparserparse_SOURCES = tests/fuzz/fuzz_applayerparserparse.c $(COMMON_SOURCES)
 fuzz_applayerparserparse_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
@@ -573,9 +571,8 @@ if HAS_FUZZLDFLAGS
 else
     nodist_fuzz_applayerparserparse_SOURCES += tests/fuzz/onefile.c
 endif
-fuzz_applayerparserparse_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_applayerparserparse_LDFLAGS) $(LDFLAGS) -o $@
+# force usage of CXX for linker
+nodist_EXTRA_fuzz_applayerparserparse_SOURCES = force-cxx-linking.cxx
 
 nodist_fuzz_siginit_SOURCES = tests/fuzz/fuzz_siginit.c $(COMMON_SOURCES)
 fuzz_siginit_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
@@ -586,9 +583,7 @@ else
     nodist_fuzz_siginit_SOURCES += tests/fuzz/onefile.c
 endif
 # force usage of CXX for linker
-fuzz_siginit_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_siginit_LDFLAGS) $(LDFLAGS) -o $@
+nodist_EXTRA_fuzz_siginit_SOURCES = force-cxx-linking.cxx
 
 nodist_fuzz_confyamlloadstring_SOURCES = tests/fuzz/fuzz_confyamlloadstring.c $(COMMON_SOURCES)
 fuzz_confyamlloadstring_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
@@ -599,9 +594,7 @@ else
     nodist_fuzz_confyamlloadstring_SOURCES += tests/fuzz/onefile.c
 endif
 # force usage of CXX for linker
-fuzz_confyamlloadstring_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_confyamlloadstring_LDFLAGS) $(LDFLAGS) -o $@
+nodist_EXTRA_fuzz_confyamlloadstring_SOURCES = force-cxx-linking.cxx
 
 nodist_fuzz_decodepcapfile_SOURCES = tests/fuzz/fuzz_decodepcapfile.c $(COMMON_SOURCES)
 fuzz_decodepcapfile_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
@@ -612,9 +605,7 @@ else
     nodist_fuzz_decodepcapfile_SOURCES += tests/fuzz/onefile.c
 endif
 # force usage of CXX for linker
-fuzz_decodepcapfile_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_decodepcapfile_LDFLAGS) $(LDFLAGS) -o $@
+nodist_EXTRA_fuzz_decodepcapfile_SOURCES = force-cxx-linking.cxx
 
 nodist_fuzz_sigpcap_SOURCES = tests/fuzz/fuzz_sigpcap.c $(COMMON_SOURCES)
 fuzz_sigpcap_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
@@ -625,9 +616,7 @@ else
     nodist_fuzz_sigpcap_SOURCES += tests/fuzz/onefile.c
 endif
 # force usage of CXX for linker
-fuzz_sigpcap_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_sigpcap_LDFLAGS) $(LDFLAGS) -o $@
+nodist_EXTRA_fuzz_sigpcap_SOURCES = force-cxx-linking.cxx
 
 nodist_fuzz_mimedecparseline_SOURCES = tests/fuzz/fuzz_mimedecparseline.c $(COMMON_SOURCES)
 fuzz_mimedecparseline_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
@@ -638,22 +627,7 @@ else
     nodist_fuzz_mimedecparseline_SOURCES += tests/fuzz/onefile.c
 endif
 # force usage of CXX for linker
-fuzz_mimedecparseline_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_mimedecparseline_LDFLAGS) $(LDFLAGS) -o $@
-
-nodist_fuzz_decodeder_SOURCES = tests/fuzz/fuzz_decodeder.c $(COMMON_SOURCES)
-fuzz_decodeder_LDFLAGS = $(all_libraries) ${SECLDFLAGS}
-fuzz_decodeder_LDADD = $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD)
-if HAS_FUZZLDFLAGS
-    fuzz_decodeder_LDFLAGS += $(LIB_FUZZING_ENGINE)
-else
-    nodist_fuzz_decodeder_SOURCES += tests/fuzz/onefile.c
-endif
-# force usage of CXX for linker
-fuzz_decodeder_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-    $(LIBTOOLFLAGS) --mode=link $(CXX) $(AM_CXXFLAGS) $(CXXFLAGS) \
-    $(fuzz_decodeder_LDFLAGS) $(LDFLAGS) -o $@
+nodist_EXTRA_fuzz_mimedecparseline_SOURCES = force-cxx-linking.cxx
 
 # default CFLAGS
 AM_CFLAGS = ${OPTIMIZATION_CFLAGS} ${GCC_CFLAGS} ${CLANG_CFLAGS}            \