From 83f38e71b3c19e45d486a03dcf71a81de89d258d Mon Sep 17 00:00:00 2001 From: TTFISH Date: Tue, 11 Jun 2024 01:13:05 +0800 Subject: [PATCH] [cups] Migrate harness to upstream OpenPrinting project (#12036) The OpenPrinting project under the Linux Foundation has initiated the [OpenPrinting fuzzing](https://github.com/OpenPrinting/fuzzing) repository to officially maintain OSS-Fuzz testing tasks. This PR includes following updates: 1. Migration of the existing CUPS fuzzing harness to the upstream OpenPrinting/fuzzing project. 2. Updated of CUPS mailing contact list and configuration setting. All harness building related changes has been locally tested and verified. We deeply appreciate the contributions from @pkillarjun for his initial integration of the CUPS project into OSS-Fuzz and his support during this migration. However, OpenPrinting has decided to move the corpus, fuzzing harnesses, and build scripts into the repository under its organisation and maintainance. In addition, the bug reports will be firstly processed by OpenPrinting's security team and not by the initial contributor, who is not part of the organisation. These two measures will minimise the security risks and still maintaining the ability of open source fellows to participate in the development. CC @tillkamppeter @iosifache --------- Signed-off-by: TTFISH --- projects/cups/Dockerfile | 8 ++--- projects/cups/build.sh | 19 +--------- projects/cups/fuzzer/FuzzCUPS.c | 49 ------------------------- projects/cups/fuzzer/FuzzIPP.c | 59 ------------------------------- projects/cups/fuzzer/FuzzRaster.c | 56 ----------------------------- projects/cups/fuzzer/Makefile | 27 -------------- projects/cups/project.yaml | 27 ++++++++++---- 7 files changed, 25 insertions(+), 220 deletions(-) delete mode 100644 projects/cups/fuzzer/FuzzCUPS.c delete mode 100644 projects/cups/fuzzer/FuzzIPP.c delete mode 100644 projects/cups/fuzzer/FuzzRaster.c delete mode 100644 projects/cups/fuzzer/Makefile diff --git a/projects/cups/Dockerfile b/projects/cups/Dockerfile index e49e2c26b..f842fc707 100644 --- a/projects/cups/Dockerfile +++ b/projects/cups/Dockerfile @@ -14,9 +14,9 @@ # ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y autoconf libtool-bin pkg-config zlib1g-dev libavahi-client-dev libsystemd-dev +RUN apt-get update && apt-get install -y zlib1g-dev libavahi-client-dev libsystemd-dev RUN git clone --depth 1 https://github.com/OpenPrinting/cups -RUN git clone https://github.com/pkillarjun/oss-fuzz-bloat +RUN git clone --depth 1 https://github.com/OpenPrinting/fuzzing.git + COPY build.sh $SRC/ -COPY fuzzer $SRC/cups/fuzzer/ -WORKDIR $SRC/cups/ +WORKDIR $SRC/cups \ No newline at end of file diff --git a/projects/cups/build.sh b/projects/cups/build.sh index 2f0d951c1..198a57b58 100644 --- a/projects/cups/build.sh +++ b/projects/cups/build.sh @@ -14,22 +14,5 @@ # limitations under the License. # ################################################################################ -export CFLAGS="$CFLAGS -fPIE" -export CXXFLAGS="$CFLAGS -fPIE" -export LDFLAGS="$CFLAGS -fPIE" -./configure --enable-static --disable-shared -make - -pushd fuzzer/ -make -cp FuzzCUPS $OUT/FuzzCUPS -cp FuzzIPP $OUT/FuzzIPP -cp FuzzRaster $OUT/FuzzRaster -popd - -pushd $SRC/oss-fuzz-bloat/cups -cp FuzzCUPS_seed_corpus.zip $OUT/FuzzCUPS_seed_corpus.zip -cp FuzzIPP_seed_corpus.zip $OUT/FuzzIPP_seed_corpus.zip -cp FuzzRaster_seed_corpus.zip $OUT/FuzzRaster_seed_corpus.zip -popd +$SRC/fuzzing/cups/oss_fuzz_build.sh diff --git a/projects/cups/fuzzer/FuzzCUPS.c b/projects/cups/fuzzer/FuzzCUPS.c deleted file mode 100644 index fea175ae6..000000000 --- a/projects/cups/fuzzer/FuzzCUPS.c +++ /dev/null @@ -1,49 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#undef _CUPS_NO_DEPRECATED -#include "cups-private.h" -#include "ppd-private.h" -#include "raster-private.h" -#include -#include -#include -#include - -#define kMinInputLength 10 -#define kMaxInputLength 10240 - -extern int -LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{/*cups/cups/testppd.c*/ - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 1; - } - -/*Add Null byte*/ - char *DataFx; - size_t SizeFx = Size+1; - DataFx = (char *)calloc(SizeFx,sizeof(char)); - memcpy((void *)DataFx,(void *)Data,Size); - - int preferred_bits; - cups_page_header2_t header; - - memset(&header, 0, sizeof(header)); - header.Collate = CUPS_TRUE; - preferred_bits = 0; - - _cupsRasterExecPS(&header, &preferred_bits,(char*)DataFx); - - free(DataFx); - return 0; -} diff --git a/projects/cups/fuzzer/FuzzIPP.c b/projects/cups/fuzzer/FuzzIPP.c deleted file mode 100644 index 1315f1459..000000000 --- a/projects/cups/fuzzer/FuzzIPP.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include "file.h" -#include "string-private.h" -#include "ipp-private.h" -#include -#include -#include -#include - -#define kMinInputLength 10 -#define kMaxInputLength 10240 - -void LoadIPP(char *filename){ - cups_file_t *fp; - ipp_t *request; - - request = ippNew(); - fp = cupsFileOpen(filename, "r"); - - ippReadIO(fp, (ipp_iocb_t)cupsFileRead, 1, NULL, request); - - cupsFileClose(fp); - ippDelete(request); -} - -extern int -LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{/*cups/cups/fuzzipp.c*/ - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 1; - } - - char filename[256]; - - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 0; - } - - fwrite(Data, Size, 1, fp); - fclose(fp); - - LoadIPP(filename); - unlink(filename); - - return 0; -} diff --git a/projects/cups/fuzzer/FuzzRaster.c b/projects/cups/fuzzer/FuzzRaster.c deleted file mode 100644 index 4d0af619c..000000000 --- a/projects/cups/fuzzer/FuzzRaster.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include -#include - -#define kMinInputLength 10 -#define kMaxInputLength 10240 - -void LoadRES(char *filename){ - int fd; - cups_raster_t *ras; - cups_page_header2_t header; - - fd = open(filename, O_RDONLY); - - ras = cupsRasterOpen(fd, CUPS_RASTER_READ); - - cupsRasterReadHeader2(ras, &header); - - cupsRasterClose(ras); - close(fd); -} - -extern int -LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{/*cups/cups/testraster.c*/ - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 1; - } - - char filename[256]; - - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 0; - } - - fwrite(Data, Size, 1, fp); - fclose(fp); - - LoadRES(filename); - unlink(filename); - - return 0; -} diff --git a/projects/cups/fuzzer/Makefile b/projects/cups/fuzzer/Makefile deleted file mode 100644 index 4de4d2d32..000000000 --- a/projects/cups/fuzzer/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -TARGET=Fuzzing - -CUPS=FuzzCUPS -IPP=FuzzIPP -RES=FuzzRaster - -INCDIR=-I./../ -I./../cups/ -MACRO=-D_CUPS_SOURCE -D_FORTIFY_SOURCE=2 -D_REENTRANT -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_THREAD_SAFE -D_REENTRANT -EXTFLAGS=-Wall -Werror -LIBDIR=-L./../cups/ -LibFLAGS=$(LIBDIR) $(LIB_FUZZING_ENGINE) -lcups -lcupsimage -lssl -lcrypto -lz -lpthread -l:libavahi-client.a -l:libavahi-common.a -l:libdbus-1.a -lsystemd - -all: $(TARGET) - -$(TARGET): - $(CC) $(CFLAGS) $(EXTFLAGS) $(MACRO) $(INCDIR) -c $(CUPS).c - $(CC) $(CFLAGS) $(EXTFLAGS) $(MACRO) $(INCDIR) -c $(IPP).c - $(CC) $(CFLAGS) $(EXTFLAGS) $(MACRO) $(INCDIR) -c $(RES).c - - $(CXX) $(CFLAGS) -o $(CUPS) $(CUPS).o $(LibFLAGS) - $(CXX) $(CFLAGS) -o $(IPP) $(IPP).o $(LibFLAGS) - $(CXX) $(CFLAGS) -o $(RES) $(RES).o $(LibFLAGS) - -clean: - rm $(CUPS) $(IPP) $(RES) *.o - -.PHONY: all clean diff --git a/projects/cups/project.yaml b/projects/cups/project.yaml index 13fe44ff8..c2495742c 100644 --- a/projects/cups/project.yaml +++ b/projects/cups/project.yaml @@ -1,14 +1,27 @@ homepage: "https://openprinting.github.io/cups/" +main_repo: 'https://github.com/OpenPrinting/cups' +# help_url: language: c -primary_contact: "security@msweet.org" + +primary_contact: "jiongchiyu@gmail.com" auto_ccs: - - "ajsinghyadav00@gmail.com" + - "till.kamppeter@gmail.com" + - "ossfuzz@iosifache.me" + - "msweet@msweet.org" +# vendor_ccs: + +architectures: + - x86_64 + # - i386 + +sanitizers: + - address + - memory + # - undefined + fuzzing_engines: - libfuzzer - afl - honggfuzz -sanitizers: - - address - - memory - - undefined -main_repo: 'https://github.com/OpenPrinting/cups' + +# builds_per_day: 2 \ No newline at end of file