[ntpsec] initial integration (#8134)

Signed-off-by: 0x34d <ajsinghyadav00@gmail.com> Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
2022-09-18 16:20:06 +05:30 · 2022-09-18 16:20:06 +05:30 · dc7ece55e7
parent c370184983
commit dc7ece55e7
9 changed files with 317 additions and 0 deletions
--- a/projects/ntpsec/Dockerfile
+++ b/projects/ntpsec/Dockerfile
@ -0,0 +1,23 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y autoconf automake build-essential bison libssl-dev libcap-dev libseccomp-dev libavahi-compat-libdnssd-dev pps-tools python3-dev
+RUN git clone https://gitlab.com/NTPsec/ntpsec
+RUN git clone https://github.com/0x34d/oss-fuzz-bloat
+COPY build.sh $SRC/
+COPY fuzz/ $SRC/ntpsec/fuzz/
+WORKDIR $SRC/ntpsec/
--- a/projects/ntpsec/build.sh
+++ b/projects/ntpsec/build.sh
@ -0,0 +1,31 @@
+#!/bin/bash -eu
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd fuzz
+make all
+
+cp FuzzClient $OUT/FuzzClient
+cp FuzzExtens $OUT/FuzzExtens
+cp FuzzServer $OUT/FuzzServer
+cp FuzzLeapsec $OUT/FuzzLeapsec
+
+pushd $SRC/oss-fuzz-bloat/ntpsec/
+cp FuzzClient_seed_corpus.zip $OUT/FuzzClient_seed_corpus.zip
+cp FuzzExtens_seed_corpus.zip $OUT/FuzzExtens_seed_corpus.zip
+cp FuzzServer_seed_corpus.zip $OUT/FuzzServer_seed_corpus.zip
+cp FuzzLeapsec_seed_corpus.zip $OUT/FuzzLeapsec_seed_corpus.zip
+popd
--- a/projects/ntpsec/fuzz/FuzzClient.c
+++ b/projects/ntpsec/fuzz/FuzzClient.c
@ -0,0 +1,35 @@
+/* Copyright 2022 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ntpd.h"
+
+#define kMinInputLength 4
+#define kMaxInputLength 1024
+
+bool nts_client_process_response_core(uint8_t *buff, int transferred, struct peer* peer);
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/nts_client.c
+
+    if (Size < kMinInputLength || Size > kMaxInputLength){
+        return 0;
+    }
+
+	struct peer peer;
+	peer.srcadr.sa4.sin_family = AF_INET;
+	peer.srcadr.sa4.sin_port = htons(9999);
+	peer.srcadr.sa4.sin_addr.s_addr= htonl(0x04030201);
+
+	return nts_client_process_response_core((uint8_t*)Data,Size, &peer);
+}
--- a/projects/ntpsec/fuzz/FuzzExtens.c
+++ b/projects/ntpsec/fuzz/FuzzExtens.c
@ -0,0 +1,32 @@
+/* Copyright 2022 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ntpd.h"
+#include "nts.h"
+
+#define kMinInputLength 4
+#define kMaxInputLength 2048
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/nts_extens.c
+	
+	if (Size < kMinInputLength || Size > kMaxInputLength){
+        return 0;
+    }
+
+	struct ntspacket_t ntspkt;
+	memset(&ntspkt, 0, sizeof(ntspkt));
+
+	return extens_server_recv(&ntspkt,(uint8_t*)Data, Size);
+}
--- a/projects/ntpsec/fuzz/FuzzLeapsec.c
+++ b/projects/ntpsec/fuzz/FuzzLeapsec.c
@ -0,0 +1,57 @@
+/* Copyright 2022 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdarg.h>
+
+#include "ntp.h"
+#include "ntpd.h"
+#include "ntp_calendar.h"
+#include "ntp_leapsec.h"
+
+#define kMinInputLength 4
+#define kMaxInputLength 2048
+
+int validate_check(uint8_t *Data);
+int load_check(uint8_t *Data);
+
+__attribute__((no_sanitize("address","memory","undefined"))) static int stringreader(void* farg)
+{
+	const char ** cpp = (const char**)farg;
+	if (**cpp) {
+		return *(*cpp)++;
+	} else {
+	    return EOF;
+	}
+}
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/leapsec.c
+
+    if (Size < kMinInputLength || Size > kMaxInputLength){
+        return 0;
+    }
+
+    validate_check((uint8_t *)Data);
+    return load_check((uint8_t *)Data);
+}
+
+int validate_check(uint8_t *Data){
+	int rc = leapsec_validate(stringreader, &Data);
+    return rc;
+}
+
+int load_check(uint8_t *Data){
+	bool    rc;
+	leap_table_t * pt = leapsec_get_table(0);
+	rc = (pt != NULL) && leapsec_load(pt, stringreader, &Data);
+	rc = rc && leapsec_set_table(pt);
+	return rc;
+}
--- a/projects/ntpsec/fuzz/FuzzServer.c
+++ b/projects/ntpsec/fuzz/FuzzServer.c
@ -0,0 +1,35 @@
+/* Copyright 2022 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "nts.h"
+
+#define kMinInputLength 4
+#define kMaxInputLength 1024
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/nts_server.c
+
+	if (Size < kMinInputLength || Size > kMaxInputLength){
+        return 0;
+    }
+
+	int aead;
+	struct BufCtl_t buf;
+
+	aead = NO_AEAD;
+	buf.next = (uint8_t*)Data;
+	buf.left = Size;	
+
+	return nts_ke_process_receive(&buf, &aead);
+}
--- a/projects/ntpsec/fuzz/Makefile
+++ b/projects/ntpsec/fuzz/Makefile
@ -0,0 +1,52 @@
+#main
+TARGET=Fuzzer
+
+#fuzzers
+CLIENTEXE=FuzzClient
+EXTENSEXE=FuzzExtens
+SERVEREXE=FuzzServer
+LEAPSECEXE=FuzzLeapsec
+
+#Flags
+SET=cd ../ &&
+EXTCFLAGS= -Wall -Wextra
+INC=-I../include/ -I../ntpd/ -I../build/ -I../tests/unity/ -I../tests/common/
+LIBINC=../build/main
+
+#library
+ntpd_lib=-L$(LIBINC)/ntpd/ -lntpd_lib
+libntp=-L$(LIBINC)/libntp/ -lntp
+libaes_siv=-L$(LIBINC)/libaes_siv/ -laes_siv
+extra_lib=-lssl -lcrypto
+setup_inc=setup.o
+LIB=$(ntpd_lib) $(libntp) $(libaes_siv) $(extra_lib) $(setup_inc)
+
+all: $(TARGET)
+
+INIT:
+	$(SET) ./buildprep -n
+CONF:
+	$(SET) CC=$(CC) CFLAGS="$(CFLAGS)" LDFLAGS="$(CFLAGS)" ./waf configure --enable-debug --disable-doc
+MAKEALL:
+	$(SET) ./waf build --notests
+SETUP:
+	$(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c setup.c
+
+$(TARGET): INIT CONF MAKEALL SETUP
+	$(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(CLIENTEXE).c
+	$(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(EXTENSEXE).c
+	$(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(SERVEREXE).c
+	$(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(LEAPSECEXE).c
+
+	$(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(CLIENTEXE).o -o $(CLIENTEXE) $(LIB) 
+	$(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(EXTENSEXE).o -o $(EXTENSEXE) $(LIB) 
+	$(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(SERVEREXE).o -o $(SERVEREXE) $(LIB) 
+	$(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(LEAPSECEXE).o -o $(LEAPSECEXE) $(LIB) 
+
+clean:
+	rm $(CLIENTEXE) $(EXTENSEXE) $(SERVEREXE) $(LEAPSECEXE) *.o
+
+reallyclean: clean
+	$(SET) ./waf clean
+
+.PHONY: all clean reallyclean
--- a/projects/ntpsec/fuzz/setup.c
+++ b/projects/ntpsec/fuzz/setup.c
@ -0,0 +1,34 @@
+/* Copyright 2022 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ntpd.h"
+#include "ntp_dns.h"
+
+const char *progname = "ntpsecfuzz";
+
+void dns_take_server(struct peer *a, sockaddr_u *b);
+void dns_take_status(struct peer *a, DNS_Status b);
+
+void dns_take_server(struct peer *a, sockaddr_u *b) {
+	UNUSED_ARG(a);
+	UNUSED_ARG(b);
+	return;
+}
+
+void dns_take_status(struct peer *a, DNS_Status b) {
+	UNUSED_ARG(a);
+	UNUSED_ARG(b);
+	return;
+}
--- a/projects/ntpsec/project.yaml
+++ b/projects/ntpsec/project.yaml
@ -0,0 +1,18 @@
+homepage: "https://ntpsec.org/"
+language: c
+primary_contact: "fallenpegasus@gmail.com"
+vendor_ccs:
+  - "security@ntpsec.org"
+  - "contact@ntpsec.org"
+  - "rlaager@coderich.net"
+auto_ccs:
+  - "ajsinghyadav00@gmail.com"
+fuzzing_engines:
+  - libfuzzer
+  - afl
+  - honggfuzz
+sanitizers:
+  - address
+  - memory
+  - undefined
+main_repo: 'https://gitlab.com/NTPsec/ntpsec'