Add net-snmp project (#1277)

* Initial infrastructure for net-snmp in the AutoFuzz project * Add a fuzzer based on what Google sent us Storing this here until we have a more complete design for storing fuzzers in the net-snmp source tree. * calloc PDU so we can use the standard pdu free, to avoid false leaks * Only turn on debugging when $NETSNMP_DEBUGGING is set in the environment The debugging is useful to help replicate the problem, but not useful when simply running the fuzzer, so let the user choose it by settng $NETSNMP_DEBUGGING in their environment when running the replication. * Add agentx_parse_fuzzer * Build agentx_parse_fuzzer * Add copyright notice, copy boilerplate from init * Don't make a copy, just pass the data in directly. (Also, don't use C++-style comment, the regression test in the net-snmp codebase will be C.)
2018-03-29 10:13:49 -04:00 · 2018-03-29 10:13:49 -04:00 · a0ed5dafbf
parent 4f7d1e874f
commit a0ed5dafbf
5 changed files with 159 additions and 0 deletions
--- a/projects/net-snmp/Dockerfile
+++ b/projects/net-snmp/Dockerfile
@ -0,0 +1,26 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER fenner@gmail.com
+RUN apt-get update && apt-get install -y make autoconf libtool libssl-dev
+RUN git clone --depth 1 git://git.code.sf.net/p/net-snmp/code net-snmp
+WORKDIR net-snmp
+COPY build.sh $SRC/
+#
+# Until the project moves the fuzzers to the source tree
+COPY snmp_pdu_parse_fuzzer.c $SRC/
+COPY agentx_parse_fuzzer.c $SRC/
--- a/projects/net-snmp/agentx_parse_fuzzer.c
+++ b/projects/net-snmp/agentx_parse_fuzzer.c
@ -0,0 +1,47 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This fuzzer exercises the agentx PDU parsing code.
+ */
+#include <net-snmp/net-snmp-config.h>
+#include <net-snmp/net-snmp-includes.h>
+/* We build with the agent/mibgroup/agentx dir in an -I */
+#include <protocol.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+    if (getenv("NETSNMP_DEBUGGING") != NULL) {
+        /*
+         * Turn on all debugging, to help understand what
+         * bits of the parser are running.
+         */
+        snmp_enable_stderrlog();
+        snmp_set_do_debugging(1);
+        debug_register_tokens("");
+    }
+    return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
+    netsnmp_session session;
+
+    session.version = AGENTX_VERSION_1;
+    agentx_parse(&session, pdu, (unsigned char *)data, size);
+    snmp_free_pdu(pdu);
+    return 0;
+}
--- a/projects/net-snmp/build.sh
+++ b/projects/net-snmp/build.sh
@ -0,0 +1,35 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+./configure --with-openssl=/usr --with-defaults --with-logfile="/dev/null" --with-persistent-directory="/dev/null"
+# net-snmp build is not parallel-make safe; do not add -j
+make
+
+# build fuzzers (remember to link statically)
+$CC $CFLAGS -c -Iinclude $SRC/snmp_pdu_parse_fuzzer.c -o $WORK/snmp_pdu_parse_fuzzer.o
+$CXX $CXXFLAGS $WORK/snmp_pdu_parse_fuzzer.o \
+      -lFuzzingEngine snmplib/.libs/libnetsnmp.a \
+      -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \
+      -o $OUT/snmp_pdu_parse_fuzzer
+
+$CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/agentx_parse_fuzzer.c -o $WORK/agentx_parse_fuzzer.o
+$CXX $CXXFLAGS $WORK/agentx_parse_fuzzer.o \
+      -lFuzzingEngine snmplib/.libs/libnetsnmp.a \
+      agent/.libs/libnetsnmpagent.a \
+      -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \
+      -o $OUT/agentx_parse_fuzzer
--- a/projects/net-snmp/project.yaml
+++ b/projects/net-snmp/project.yaml
@ -0,0 +1,7 @@
+homepage: "http://www.net-snmp.org/"
+primary_contact: "hardaker@users.sourceforge.net"
+auto_ccs:
+   - "rstory@freesnmp.com"
+   - "fenner@gmail.com"
+   - "bvanassche@acm.org"
+   - "magfr@lysator.liu.se"
--- a/projects/net-snmp/snmp_pdu_parse_fuzzer.c
+++ b/projects/net-snmp/snmp_pdu_parse_fuzzer.c
@ -0,0 +1,44 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This fuzzer exercises the SNMP PDU parsing code, including ASN.1.
+ */
+#include <net-snmp/net-snmp-config.h>
+#include <net-snmp/net-snmp-includes.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+    if (getenv("NETSNMP_DEBUGGING") != NULL) {
+        /*
+         * Turn on all debugging, to help understand what
+         * bits of the parser are running.
+         */
+        snmp_enable_stderrlog();
+        snmp_set_do_debugging(1);
+        debug_register_tokens("");
+    }
+    return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    size_t bytes_remaining = size;
+    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
+
+    snmp_pdu_parse(pdu, (unsigned char *)data, &bytes_remaining);
+    snmp_free_pdu(pdu);
+    return 0;
+}