diff --git a/projects/ntpsec/Dockerfile b/projects/ntpsec/Dockerfile new file mode 100644 index 000000000..24889f3c3 --- /dev/null +++ b/projects/ntpsec/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y autoconf automake build-essential bison libssl-dev libcap-dev libseccomp-dev libavahi-compat-libdnssd-dev pps-tools python3-dev +RUN git clone https://gitlab.com/NTPsec/ntpsec +RUN git clone https://github.com/0x34d/oss-fuzz-bloat +COPY build.sh $SRC/ +COPY fuzz/ $SRC/ntpsec/fuzz/ +WORKDIR $SRC/ntpsec/ diff --git a/projects/ntpsec/build.sh b/projects/ntpsec/build.sh new file mode 100644 index 000000000..22836c41f --- /dev/null +++ b/projects/ntpsec/build.sh @@ -0,0 +1,31 @@ +#!/bin/bash -eu +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd fuzz +make all + +cp FuzzClient $OUT/FuzzClient +cp FuzzExtens $OUT/FuzzExtens +cp FuzzServer $OUT/FuzzServer +cp FuzzLeapsec $OUT/FuzzLeapsec + +pushd $SRC/oss-fuzz-bloat/ntpsec/ +cp FuzzClient_seed_corpus.zip $OUT/FuzzClient_seed_corpus.zip +cp FuzzExtens_seed_corpus.zip $OUT/FuzzExtens_seed_corpus.zip +cp FuzzServer_seed_corpus.zip $OUT/FuzzServer_seed_corpus.zip +cp FuzzLeapsec_seed_corpus.zip $OUT/FuzzLeapsec_seed_corpus.zip +popd diff --git a/projects/ntpsec/fuzz/FuzzClient.c b/projects/ntpsec/fuzz/FuzzClient.c new file mode 100644 index 000000000..f9eba3e20 --- /dev/null +++ b/projects/ntpsec/fuzz/FuzzClient.c @@ -0,0 +1,35 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include +#include +#include "ntpd.h" + +#define kMinInputLength 4 +#define kMaxInputLength 1024 + +bool nts_client_process_response_core(uint8_t *buff, int transferred, struct peer* peer); + +extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/nts_client.c + + if (Size < kMinInputLength || Size > kMaxInputLength){ + return 0; + } + + struct peer peer; + peer.srcadr.sa4.sin_family = AF_INET; + peer.srcadr.sa4.sin_port = htons(9999); + peer.srcadr.sa4.sin_addr.s_addr= htonl(0x04030201); + + return nts_client_process_response_core((uint8_t*)Data,Size, &peer); +} diff --git a/projects/ntpsec/fuzz/FuzzExtens.c b/projects/ntpsec/fuzz/FuzzExtens.c new file mode 100644 index 000000000..0b54aed44 --- /dev/null +++ b/projects/ntpsec/fuzz/FuzzExtens.c @@ -0,0 +1,32 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include +#include +#include "ntpd.h" +#include "nts.h" + +#define kMinInputLength 4 +#define kMaxInputLength 2048 + +extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/nts_extens.c + + if (Size < kMinInputLength || Size > kMaxInputLength){ + return 0; + } + + struct ntspacket_t ntspkt; + memset(&ntspkt, 0, sizeof(ntspkt)); + + return extens_server_recv(&ntspkt,(uint8_t*)Data, Size); +} diff --git a/projects/ntpsec/fuzz/FuzzLeapsec.c b/projects/ntpsec/fuzz/FuzzLeapsec.c new file mode 100644 index 000000000..473b76861 --- /dev/null +++ b/projects/ntpsec/fuzz/FuzzLeapsec.c @@ -0,0 +1,57 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include + +#include "ntp.h" +#include "ntpd.h" +#include "ntp_calendar.h" +#include "ntp_leapsec.h" + +#define kMinInputLength 4 +#define kMaxInputLength 2048 + +int validate_check(uint8_t *Data); +int load_check(uint8_t *Data); + +__attribute__((no_sanitize("address","memory","undefined"))) static int stringreader(void* farg) +{ + const char ** cpp = (const char**)farg; + if (**cpp) { + return *(*cpp)++; + } else { + return EOF; + } +} + +extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/leapsec.c + + if (Size < kMinInputLength || Size > kMaxInputLength){ + return 0; + } + + validate_check((uint8_t *)Data); + return load_check((uint8_t *)Data); +} + +int validate_check(uint8_t *Data){ + int rc = leapsec_validate(stringreader, &Data); + return rc; +} + +int load_check(uint8_t *Data){ + bool rc; + leap_table_t * pt = leapsec_get_table(0); + rc = (pt != NULL) && leapsec_load(pt, stringreader, &Data); + rc = rc && leapsec_set_table(pt); + return rc; +} diff --git a/projects/ntpsec/fuzz/FuzzServer.c b/projects/ntpsec/fuzz/FuzzServer.c new file mode 100644 index 000000000..676a8ef13 --- /dev/null +++ b/projects/ntpsec/fuzz/FuzzServer.c @@ -0,0 +1,35 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include +#include +#include "nts.h" + +#define kMinInputLength 4 +#define kMaxInputLength 1024 + +extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {//ntpsec/tests/ntpd/nts_server.c + + if (Size < kMinInputLength || Size > kMaxInputLength){ + return 0; + } + + int aead; + struct BufCtl_t buf; + + aead = NO_AEAD; + buf.next = (uint8_t*)Data; + buf.left = Size; + + return nts_ke_process_receive(&buf, &aead); +} diff --git a/projects/ntpsec/fuzz/Makefile b/projects/ntpsec/fuzz/Makefile new file mode 100644 index 000000000..4860b7f69 --- /dev/null +++ b/projects/ntpsec/fuzz/Makefile @@ -0,0 +1,52 @@ +#main +TARGET=Fuzzer + +#fuzzers +CLIENTEXE=FuzzClient +EXTENSEXE=FuzzExtens +SERVEREXE=FuzzServer +LEAPSECEXE=FuzzLeapsec + +#Flags +SET=cd ../ && +EXTCFLAGS= -Wall -Wextra +INC=-I../include/ -I../ntpd/ -I../build/ -I../tests/unity/ -I../tests/common/ +LIBINC=../build/main + +#library +ntpd_lib=-L$(LIBINC)/ntpd/ -lntpd_lib +libntp=-L$(LIBINC)/libntp/ -lntp +libaes_siv=-L$(LIBINC)/libaes_siv/ -laes_siv +extra_lib=-lssl -lcrypto +setup_inc=setup.o +LIB=$(ntpd_lib) $(libntp) $(libaes_siv) $(extra_lib) $(setup_inc) + +all: $(TARGET) + +INIT: + $(SET) ./buildprep -n +CONF: + $(SET) CC=$(CC) CFLAGS="$(CFLAGS)" LDFLAGS="$(CFLAGS)" ./waf configure --enable-debug --disable-doc +MAKEALL: + $(SET) ./waf build --notests +SETUP: + $(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c setup.c + +$(TARGET): INIT CONF MAKEALL SETUP + $(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(CLIENTEXE).c + $(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(EXTENSEXE).c + $(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(SERVEREXE).c + $(CC) $(EXTCFLAGS) $(CFLAGS) $(INC) -c $(LEAPSECEXE).c + + $(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(CLIENTEXE).o -o $(CLIENTEXE) $(LIB) + $(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(EXTENSEXE).o -o $(EXTENSEXE) $(LIB) + $(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(SERVEREXE).o -o $(SERVEREXE) $(LIB) + $(CXX) $(LDFLAGS) $(CFLAGS) $(LIB_FUZZING_ENGINE) $(LEAPSECEXE).o -o $(LEAPSECEXE) $(LIB) + +clean: + rm $(CLIENTEXE) $(EXTENSEXE) $(SERVEREXE) $(LEAPSECEXE) *.o + +reallyclean: clean + $(SET) ./waf clean + +.PHONY: all clean reallyclean diff --git a/projects/ntpsec/fuzz/setup.c b/projects/ntpsec/fuzz/setup.c new file mode 100644 index 000000000..08f1cd36d --- /dev/null +++ b/projects/ntpsec/fuzz/setup.c @@ -0,0 +1,34 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include +#include +#include "ntpd.h" +#include "ntp_dns.h" + +const char *progname = "ntpsecfuzz"; + +void dns_take_server(struct peer *a, sockaddr_u *b); +void dns_take_status(struct peer *a, DNS_Status b); + +void dns_take_server(struct peer *a, sockaddr_u *b) { + UNUSED_ARG(a); + UNUSED_ARG(b); + return; +} + +void dns_take_status(struct peer *a, DNS_Status b) { + UNUSED_ARG(a); + UNUSED_ARG(b); + return; +} diff --git a/projects/ntpsec/project.yaml b/projects/ntpsec/project.yaml new file mode 100644 index 000000000..335047578 --- /dev/null +++ b/projects/ntpsec/project.yaml @@ -0,0 +1,18 @@ +homepage: "https://ntpsec.org/" +language: c +primary_contact: "fallenpegasus@gmail.com" +vendor_ccs: + - "security@ntpsec.org" + - "contact@ntpsec.org" + - "rlaager@coderich.net" +auto_ccs: + - "ajsinghyadav00@gmail.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz +sanitizers: + - address + - memory + - undefined +main_repo: 'https://gitlab.com/NTPsec/ntpsec'