golang: add fuzzer (#8351)

Signed-off-by: AdamKorcz <adam@adalogics.com> Signed-off-by: AdamKorcz <adam@adalogics.com>
2022-08-24 23:56:42 +01:00 · 2022-08-24 23:56:42 +01:00 · 75f19e2cac
parent 4dd5afc54b
commit 75f19e2cac
4 changed files with 71 additions and 0 deletions
--- a/projects/golang/Dockerfile
+++ b/projects/golang/Dockerfile
@ -18,6 +18,7 @@ FROM gcr.io/oss-fuzz-base/base-builder-go

 RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus golang
 RUN git clone --depth 1 https://github.com/golang/go
+RUN git clone --depth 1 https://github.com/golang/net
 COPY build.sh text_fuzzer.go \
     math_big_fuzzer.go \
     fuzz_tar_reader.go \
@ -28,6 +29,8 @@ COPY build.sh text_fuzzer.go \
     x509_fuzzer.go \
     ecdsa_fuzzer.go \
     aes_fuzzer.go \
+     h2c_fuzzer.go \
+     fuzz_h2c.options \
     elf_fuzzer.go $SRC/

 WORKDIR $SRC/golang
--- a/projects/golang/build.sh
+++ b/projects/golang/build.sh
@ -93,6 +93,13 @@ compile_native_go_fuzzer tarPackage FuzzReader fuzz_std_lib_tar_reader
 cd $SRC && git clone https://github.com/AdamKorcz/instrumentation
 cd instrumentation
 go run main.go $SRC/go/src/archive/tar
+go run main.go $SRC/net
+
+cp $SRC/h2c_fuzzer.go $SRC/net/http2/h2c/
+cd $SRC/net/http2/h2c
+go mod tidy -e -go=1.16 && go mod tidy -e -go=1.17
+compile_go_fuzzer . FuzzH2c fuzz_h2c
+mv $SRC/fuzz_h2c.options $OUT/

 cd $SRC/go/src/archive/tar
 cp $SRC/fuzz_tar_reader.go ./
--- a/projects/golang/fuzz_h2c.options
+++ b/projects/golang/fuzz_h2c.options
@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 1600000
+len_control = 0
--- a/projects/golang/h2c_fuzzer.go
+++ b/projects/golang/h2c_fuzzer.go
@ -0,0 +1,58 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package h2c
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/argoproj/argo-events/eventsources/common/webhook"
+	"golang.org/x/net/http2"
+	"io"
+	"net/http"
+
+	fuzz "github.com/AdaLogics/go-fuzz-headers"
+)
+
+func FuzzH2c(data []byte) int {
+	if len(data) < 10 {
+		return 0
+	}
+	if len(data)%2 != 0 {
+		return 0
+	}
+	data1 := data[:len(data)/10]
+	data2 := data[(len(data)/10)+1:]
+	f1 := fuzz.NewConsumer(data1)
+	headerMap := make(map[string][]string)
+	err := f1.FuzzMap(&headerMap)
+	if err != nil {
+		return 0
+	}
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprint(w, "Hello world")
+	})
+	h2s := &http2.Server{
+		// ...
+	}
+	h := NewHandler(handler, h2s)
+	w := &webhook.FakeHttpWriter{}
+	r := &http.Request{
+		Body: io.NopCloser(bytes.NewReader(data2)),
+	}
+	r.Header = headerMap
+	h.ServeHTTP(w, r)
+	return 1
+}