diff --git a/projects/net-snmp/Dockerfile b/projects/net-snmp/Dockerfile new file mode 100644 index 000000000..a5114b421 --- /dev/null +++ b/projects/net-snmp/Dockerfile @@ -0,0 +1,26 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER fenner@gmail.com +RUN apt-get update && apt-get install -y make autoconf libtool libssl-dev +RUN git clone --depth 1 git://git.code.sf.net/p/net-snmp/code net-snmp +WORKDIR net-snmp +COPY build.sh $SRC/ +# +# Until the project moves the fuzzers to the source tree +COPY snmp_pdu_parse_fuzzer.c $SRC/ +COPY agentx_parse_fuzzer.c $SRC/ diff --git a/projects/net-snmp/agentx_parse_fuzzer.c b/projects/net-snmp/agentx_parse_fuzzer.c new file mode 100644 index 000000000..436011208 --- /dev/null +++ b/projects/net-snmp/agentx_parse_fuzzer.c @@ -0,0 +1,47 @@ +/* + * Copyright 2018 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This fuzzer exercises the agentx PDU parsing code. + */ +#include +#include +/* We build with the agent/mibgroup/agentx dir in an -I */ +#include +#include +#include +#include + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + if (getenv("NETSNMP_DEBUGGING") != NULL) { + /* + * Turn on all debugging, to help understand what + * bits of the parser are running. + */ + snmp_enable_stderrlog(); + snmp_set_do_debugging(1); + debug_register_tokens(""); + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); + netsnmp_session session; + + session.version = AGENTX_VERSION_1; + agentx_parse(&session, pdu, (unsigned char *)data, size); + snmp_free_pdu(pdu); + return 0; +} diff --git a/projects/net-snmp/build.sh b/projects/net-snmp/build.sh new file mode 100755 index 000000000..c0c0a8f1e --- /dev/null +++ b/projects/net-snmp/build.sh @@ -0,0 +1,35 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +./configure --with-openssl=/usr --with-defaults --with-logfile="/dev/null" --with-persistent-directory="/dev/null" +# net-snmp build is not parallel-make safe; do not add -j +make + +# build fuzzers (remember to link statically) +$CC $CFLAGS -c -Iinclude $SRC/snmp_pdu_parse_fuzzer.c -o $WORK/snmp_pdu_parse_fuzzer.o +$CXX $CXXFLAGS $WORK/snmp_pdu_parse_fuzzer.o \ + -lFuzzingEngine snmplib/.libs/libnetsnmp.a \ + -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ + -o $OUT/snmp_pdu_parse_fuzzer + +$CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/agentx_parse_fuzzer.c -o $WORK/agentx_parse_fuzzer.o +$CXX $CXXFLAGS $WORK/agentx_parse_fuzzer.o \ + -lFuzzingEngine snmplib/.libs/libnetsnmp.a \ + agent/.libs/libnetsnmpagent.a \ + -Wl,-Bstatic -lcrypto -Wl,-Bdynamic -lm \ + -o $OUT/agentx_parse_fuzzer diff --git a/projects/net-snmp/project.yaml b/projects/net-snmp/project.yaml new file mode 100644 index 000000000..53055d7f8 --- /dev/null +++ b/projects/net-snmp/project.yaml @@ -0,0 +1,7 @@ +homepage: "http://www.net-snmp.org/" +primary_contact: "hardaker@users.sourceforge.net" +auto_ccs: + - "rstory@freesnmp.com" + - "fenner@gmail.com" + - "bvanassche@acm.org" + - "magfr@lysator.liu.se" diff --git a/projects/net-snmp/snmp_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_pdu_parse_fuzzer.c new file mode 100644 index 000000000..6d45552db --- /dev/null +++ b/projects/net-snmp/snmp_pdu_parse_fuzzer.c @@ -0,0 +1,44 @@ +/* + * Copyright 2018 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This fuzzer exercises the SNMP PDU parsing code, including ASN.1. + */ +#include +#include +#include +#include +#include + +int LLVMFuzzerInitialize(int *argc, char ***argv) { + if (getenv("NETSNMP_DEBUGGING") != NULL) { + /* + * Turn on all debugging, to help understand what + * bits of the parser are running. + */ + snmp_enable_stderrlog(); + snmp_set_do_debugging(1); + debug_register_tokens(""); + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + size_t bytes_remaining = size; + netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu); + + snmp_pdu_parse(pdu, (unsigned char *)data, &bytes_remaining); + snmp_free_pdu(pdu); + return 0; +}