From 986016707384dc85cb5dedc279630278ea0c7793 Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Sat, 17 Jul 2021 13:10:31 +0100 Subject: [PATCH] net-snmp: two new fuzzers and request access to project (#6058) --- projects/net-snmp/Dockerfile | 3 +- projects/net-snmp/build.sh | 20 ++++----- projects/net-snmp/project.yaml | 1 + projects/net-snmp/snmp_parse_fuzzer.c | 45 +++++++++++++++++++ .../net-snmp/snmp_scoped_pdu_parse_fuzzer.c | 44 ++++++++++++++++++ 5 files changed, 99 insertions(+), 14 deletions(-) create mode 100644 projects/net-snmp/snmp_parse_fuzzer.c create mode 100644 projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c diff --git a/projects/net-snmp/Dockerfile b/projects/net-snmp/Dockerfile index c9e6a7925..e67cbb4d9 100644 --- a/projects/net-snmp/Dockerfile +++ b/projects/net-snmp/Dockerfile @@ -21,5 +21,4 @@ WORKDIR net-snmp COPY build.sh $SRC/ # # Until the project moves the fuzzers to the source tree -COPY snmp_pdu_parse_fuzzer.c $SRC/ -COPY agentx_parse_fuzzer.c $SRC/ +COPY *_fuzzer.c $SRC/ diff --git a/projects/net-snmp/build.sh b/projects/net-snmp/build.sh index b7bceda0b..3c0265d5d 100755 --- a/projects/net-snmp/build.sh +++ b/projects/net-snmp/build.sh @@ -21,15 +21,11 @@ make # build fuzzers (remember to link statically) -$CC $CFLAGS -c -Iinclude $SRC/snmp_pdu_parse_fuzzer.c -o $WORK/snmp_pdu_parse_fuzzer.o -$CXX $CXXFLAGS $WORK/snmp_pdu_parse_fuzzer.o \ - $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \ - -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ - -o $OUT/snmp_pdu_parse_fuzzer - -$CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/agentx_parse_fuzzer.c -o $WORK/agentx_parse_fuzzer.o -$CXX $CXXFLAGS $WORK/agentx_parse_fuzzer.o \ - $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \ - agent/.libs/libnetsnmpagent.a \ - -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ - -o $OUT/agentx_parse_fuzzer +for fuzzname in snmp_pdu_parse_fuzzer snmp_parse_fuzzer snmp_scoped_pdu_parse_fuzzer agentx_parse_fuzzer; do + $CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/${fuzzname}.c -o $WORK/${fuzzname}.o + $CXX $CXXFLAGS $WORK/${fuzzname}.o \ + $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \ + agent/.libs/libnetsnmpagent.a \ + -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ + -o $OUT/${fuzzname} +done diff --git a/projects/net-snmp/project.yaml b/projects/net-snmp/project.yaml index 339203860..5a27e2e7c 100644 --- a/projects/net-snmp/project.yaml +++ b/projects/net-snmp/project.yaml @@ -6,4 +6,5 @@ auto_ccs: - "fenner@gmail.com" - "bvanassche@acm.org" - "magfr@lysator.liu.se" + - "david@adalogics.com" main_repo: 'git://git.code.sf.net/p/net-snmp/code' diff --git a/projects/net-snmp/snmp_parse_fuzzer.c b/projects/net-snmp/snmp_parse_fuzzer.c new file mode 100644 index 000000000..bc247f583 --- /dev/null +++ b/projects/net-snmp/snmp_parse_fuzzer.c @@ -0,0 +1,45 @@ +/* + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. + */ +#include +#include +#include +#include +#include + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + if (getenv("NETSNMP_DEBUGGING") != NULL) { + /* + * Turn on all debugging, to help understand what + * bits of the parser are running. + */ + snmp_enable_stderrlog(); + snmp_set_do_debugging(1); + debug_register_tokens(""); + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + size_t bytes_remaining = size; + netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); + + netsnmp_session sess = { }; + snmpv3_parse(pdu, (unsigned char *)data, &bytes_remaining, NULL, &sess); + snmp_free_pdu(pdu); + return 0; +} diff --git a/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c new file mode 100644 index 000000000..d7e1957c4 --- /dev/null +++ b/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c @@ -0,0 +1,44 @@ +/* + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. + */ +#include +#include +#include +#include +#include + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + if (getenv("NETSNMP_DEBUGGING") != NULL) { + /* + * Turn on all debugging, to help understand what + * bits of the parser are running. + */ + snmp_enable_stderrlog(); + snmp_set_do_debugging(1); + debug_register_tokens(""); + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + size_t bytes_remaining = size; + netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); + + snmpv3_scopedPDU_parse(pdu, (unsigned char *)data, &bytes_remaining); + snmp_free_pdu(pdu); + return 0; +}