net-snmp: two new fuzzers and request access to project (#6058)

2021-07-17 13:10:31 +01:00 · 2021-07-17 13:10:31 +01:00 · 9860167073
parent b1e5ef81c0
commit 9860167073
5 changed files with 99 additions and 14 deletions
--- a/projects/net-snmp/Dockerfile
+++ b/projects/net-snmp/Dockerfile
@ -21,5 +21,4 @@ WORKDIR net-snmp
 COPY build.sh $SRC/
 #
 # Until the project moves the fuzzers to the source tree
-COPY snmp_pdu_parse_fuzzer.c $SRC/
-COPY agentx_parse_fuzzer.c $SRC/
+COPY *_fuzzer.c $SRC/
--- a/projects/net-snmp/build.sh
+++ b/projects/net-snmp/build.sh
@ -21,15 +21,11 @@
 make

 # build fuzzers (remember to link statically)
-$CC $CFLAGS -c -Iinclude $SRC/snmp_pdu_parse_fuzzer.c -o $WORK/snmp_pdu_parse_fuzzer.o
-$CXX $CXXFLAGS $WORK/snmp_pdu_parse_fuzzer.o \
-      $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \
-      -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \
-      -o $OUT/snmp_pdu_parse_fuzzer
-
-$CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/agentx_parse_fuzzer.c -o $WORK/agentx_parse_fuzzer.o
-$CXX $CXXFLAGS $WORK/agentx_parse_fuzzer.o \
-      $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \
-      agent/.libs/libnetsnmpagent.a \
-      -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \
-      -o $OUT/agentx_parse_fuzzer
+for fuzzname in snmp_pdu_parse_fuzzer snmp_parse_fuzzer snmp_scoped_pdu_parse_fuzzer agentx_parse_fuzzer; do
+  $CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/${fuzzname}.c -o $WORK/${fuzzname}.o
+  $CXX $CXXFLAGS $WORK/${fuzzname}.o \
+        $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \
+        agent/.libs/libnetsnmpagent.a \
+        -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \
+        -o $OUT/${fuzzname}
+done
--- a/projects/net-snmp/project.yaml
+++ b/projects/net-snmp/project.yaml
@ -6,4 +6,5 @@ auto_ccs:
   - "fenner@gmail.com"
   - "bvanassche@acm.org"
   - "magfr@lysator.liu.se"
+   - "david@adalogics.com"
 main_repo: 'git://git.code.sf.net/p/net-snmp/code'
--- a/projects/net-snmp/snmp_parse_fuzzer.c
+++ b/projects/net-snmp/snmp_parse_fuzzer.c
@ -0,0 +1,45 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This fuzzer exercises the SNMP PDU parsing code, including ASN.1.
+ */
+#include <net-snmp/net-snmp-config.h>
+#include <net-snmp/net-snmp-includes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+    if (getenv("NETSNMP_DEBUGGING") != NULL) {
+        /*
+         * Turn on all debugging, to help understand what
+         * bits of the parser are running.
+         */
+        snmp_enable_stderrlog();
+        snmp_set_do_debugging(1);
+        debug_register_tokens("");
+    }
+    return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    size_t bytes_remaining = size;
+    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
+
+    netsnmp_session sess = { };
+    snmpv3_parse(pdu, (unsigned char *)data, &bytes_remaining, NULL, &sess);
+    snmp_free_pdu(pdu);
+    return 0;
+}
--- a/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c
+++ b/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c
@ -0,0 +1,44 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This fuzzer exercises the SNMP PDU parsing code, including ASN.1.
+ */
+#include <net-snmp/net-snmp-config.h>
+#include <net-snmp/net-snmp-includes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+    if (getenv("NETSNMP_DEBUGGING") != NULL) {
+        /*
+         * Turn on all debugging, to help understand what
+         * bits of the parser are running.
+         */
+        snmp_enable_stderrlog();
+        snmp_set_do_debugging(1);
+        debug_register_tokens("");
+    }
+    return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    size_t bytes_remaining = size;
+    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
+
+    snmpv3_scopedPDU_parse(pdu, (unsigned char *)data, &bytes_remaining);
+    snmp_free_pdu(pdu);
+    return 0;
+}