libcoap: OSS-Fuzz integration (#1496)

* libcoap: OSS-Fuzz integration

* libcoap: Addressed comments by @inferno-chromium

projects/libcoap/Dockerfile

@@ -0,0 +1,23 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER bergmann@tzi.org
+RUN apt-get update && apt-get install -y make autoconf automake libtool \
+    pkg-config
+RUN git clone --depth 1 https://github.com/obgm/libcoap.git libcoap
+WORKDIR libcoap
+COPY build.sh *_target.c $SRC/

projects/libcoap/build.sh

@@ -0,0 +1,29 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+./autogen.sh && ./configure --disable-doxygen --disable-manpages \
+    && make -j$(nproc)
+
+for file in $SRC/*target.c; do
+	b=$(basename $file _target.c)
+	$CC $CFLAGS -c $file -I include/coap \
+		-o $OUT/${b}_target.o
+	$CXX $CXXFLAGS $OUT/${b}_target.o ./.libs/libcoap-2.a \
+	-lFuzzingEngine \
+	-o $OUT/${b}_fuzzer
+	rm -f $OUT/${b}_target.o
+done

projects/libcoap/pdu_parse_target.c

@@ -0,0 +1,29 @@
+/*
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <coap.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    coap_pdu_t *pdu = coap_pdu_init(0, 0, 0, size);
+    if (!pdu) return 0;
+    
+    coap_pdu_parse(COAP_PROTO_UDP, data, size, pdu);
+    coap_delete_pdu(pdu);
+    return 0;
+}

projects/libcoap/project.yaml

@@ -0,0 +1,4 @@
+homepage: "https://libcoap.net/"
+primary_contact: "bergmann@tzi.org"
+auto_ccs:
+    - "libcoap@gmail.com"