E2fsprogs integration (#4006)

* added draco integration files * wrote build file and Dockerfile for Draco * split security-research-pocs fuzzer into four * added project build to build.sh * added more fuzzers * fixed sanitizer flags * removed commented code, combined fuzzers, fized build script * changed to singular filenames, converted usage of random int to enum, changed buffer name, and fixed build script * placed test files in memory instead of on disk, added asserts
2020-06-25 11:42:17 -07:00 · 2020-06-25 11:42:17 -07:00 · f8c9eec4cf
parent 181812050d
commit f8c9eec4cf
7 changed files with 347 additions and 0 deletions
--- a/projects/e2fsprogs/Dockerfile
+++ b/projects/e2fsprogs/Dockerfile
@ -0,0 +1,23 @@
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages git make texinfo
+RUN git clone --depth 1 https://github.com/tytso/e2fsprogs
+
+COPY build.sh $SRC/
+COPY fuzz/ $SRC/fuzz/
+WORKDIR $SRC/e2fsprogs
--- a/projects/e2fsprogs/build.sh
+++ b/projects/e2fsprogs/build.sh
@ -0,0 +1,33 @@
+#!/bin/bash -eu
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+export LDFLAGS="$CXXFLAGS"
+$SRC/e2fsprogs/configure
+make -j$(nproc) all
+
+# build fuzzers
+for fuzzer in $(find $SRC/fuzz -name '*_fuzzer.cc'); do
+  fuzzer_basename=$(basename -s .cc $fuzzer)
+  $CXX $CXXFLAGS \
+      $LIB_FUZZING_ENGINE \
+      -I $SRC/e2fsprogs/lib \
+      $fuzzer \
+      -L'./lib/ext2fs' -lext2fs \
+      -L'./lib/et' -lcom_err \
+      -o $OUT/$fuzzer_basename
+done
--- a/projects/e2fsprogs/fuzz/ext2fs_check_directory_fuzzer.cc
+++ b/projects/e2fsprogs/fuzz/ext2fs_check_directory_fuzzer.cc
@ -0,0 +1,43 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "ext2fs/ext2fs.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  static const char* fname = "/tmp/ext2_test_file";
+
+  // Write our data to a temp file.
+  int fd = open(fname, O_RDWR|O_CREAT|O_TRUNC);
+  write(fd, data, size);
+  close(fd);
+
+  ext2_filsys fs;
+  errcode_t retval = ext2fs_open(
+      fname,
+      0, 0, 0,
+      unix_io_manager,
+      &fs);
+
+  if (!retval) {
+    retval = ext2fs_check_directory(fs, EXT2_ROOT_INO);
+    ext2fs_close(fs);
+  }
+
+  return 0;
+}
--- a/projects/e2fsprogs/fuzz/ext2fs_image_read_write_fuzzer.cc
+++ b/projects/e2fsprogs/fuzz/ext2fs_image_read_write_fuzzer.cc
@ -0,0 +1,88 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <assert.h>
+#include <sys/syscall.h>
+#include <linux/memfd.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "ext2fs/ext2fs.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  enum FuzzerType {
+    ext2fsImageBitmapRead,
+    ext2fsImageInodeRead,
+    ext2fsImageSuperRead,
+    ext2fsImageBitmapWrite,
+    ext2fsImageInodeWrite,
+    ext2fsImageSuperWrite,
+    kMaxValue = ext2fsImageSuperWrite
+  };
+
+  FuzzedDataProvider stream(data, size);
+  const FuzzerType f = stream.ConsumeEnum<FuzzerType>();
+  static const char* fname = "/tmp/ext2_test_file";
+
+  // Write our data to a temp file.
+  int fd = syscall(SYS_memfd_create, fname, 0);
+  std::vector<char> buffer = stream.ConsumeRemainingBytes<char>();
+  write(fd, buffer.data(), buffer.size());
+  close(fd);
+
+  ext2_filsys fs;
+  errcode_t retval = ext2fs_open(
+      fname,
+      0, 0, 0,
+      unix_io_manager,
+      &fs);
+
+  if (!retval) {
+    switch (f) {
+      case ext2fsImageBitmapRead: {
+        ext2fs_image_bitmap_read(fs, fd, 0);
+        break;
+      }
+      case ext2fsImageInodeRead: {
+        ext2fs_image_inode_read(fs, fd, 0);
+        break;
+      }
+      case ext2fsImageSuperRead: {
+        ext2fs_image_super_read(fs, fd, 0);
+        break;
+      }
+      case ext2fsImageBitmapWrite: {
+        ext2fs_image_bitmap_write(fs, fd, 0);
+        break;
+      }
+      case ext2fsImageInodeWrite: {
+        ext2fs_image_inode_write(fs, fd, 0);
+        break;
+      }
+      case ext2fsImageSuperWrite: {
+        ext2fs_image_super_write(fs, fd, 0);
+        break;
+      }
+      default: {
+        assert(false);
+      }
+    }
+    ext2fs_close(fs);
+  }
+
+  return 0;
+}
--- a/projects/e2fsprogs/fuzz/ext2fs_read_bitmap_fuzzer.cc
+++ b/projects/e2fsprogs/fuzz/ext2fs_read_bitmap_fuzzer.cc
@ -0,0 +1,68 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <assert.h>
+#include <sys/syscall.h>
+#include <linux/memfd.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "ext2fs/ext2fs.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  enum FuzzerType {
+    ext2fsReadBlockBitmap,
+    ext2fsReadInodeBitmap,
+    kMaxValue = ext2fsReadInodeBitmap
+  };
+
+  FuzzedDataProvider stream(data, size);
+  const FuzzerType f = stream.ConsumeEnum<FuzzerType>();
+  static const char* fname = "/tmp/ext2_test_file";
+
+  // Write our data to a temp file.
+  int fd = syscall(SYS_memfd_create, fname, 0);
+  std::vector<char> buffer = stream.ConsumeRemainingBytes<char>();
+  write(fd, buffer.data(), buffer.size());
+  close(fd);
+
+  ext2_filsys fs;
+  errcode_t retval = ext2fs_open(
+      fname,
+      0, 0, 0,
+      unix_io_manager,
+      &fs);
+
+  if (!retval) {
+    switch (f) {
+      case ext2fsReadBlockBitmap: {
+        ext2fs_read_block_bitmap(fs);
+        break;
+      }
+      case ext2fsReadInodeBitmap: {
+        ext2fs_read_inode_bitmap(fs);
+        break;
+      }
+      default: {
+        assert(false);
+      }
+    }
+    ext2fs_close(fs);
+  }
+
+  return 0;
+}
--- a/projects/e2fsprogs/fuzz/ext2fs_read_write_dir_block_fuzzer.cc
+++ b/projects/e2fsprogs/fuzz/ext2fs_read_write_dir_block_fuzzer.cc
@ -0,0 +1,89 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <assert.h>
+#include <sys/syscall.h>
+#include <linux/memfd.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "ext2fs/ext2fs.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  enum FuzzerType {
+    ext2fsReadDirBlock,
+    ext2fsReadDirBlock2,
+    ext2fsReadDirBlock3,
+    ext2fsWriteDirBlock,
+    ext2fsWriteDirBlock2,
+    ext2fsWriteDirBlock3,
+    kMaxValue = ext2fsWriteDirBlock3
+  };
+
+  FuzzedDataProvider stream(data, size);
+  const FuzzerType f = stream.ConsumeEnum<FuzzerType>();
+  static const char* fname = "/tmp/ext2_test_file";
+
+  // Write our data to a temp file.
+  int fd = syscall(SYS_memfd_create, fname, 0);
+  std::vector<char> buffer = stream.ConsumeRemainingBytes<char>();
+  write(fd, buffer.data(), buffer.size());
+  close(fd);
+
+  ext2_filsys fs;
+  errcode_t retval = ext2fs_open(
+      fname,
+      0, 0, 0,
+      unix_io_manager,
+      &fs);
+
+  if (!retval) {
+    void *buf;
+    switch (f) {
+      case ext2fsReadDirBlock: {
+        ext2fs_read_dir_block(fs, 0, buf);
+        break;
+      }
+      case ext2fsReadDirBlock2: {
+        ext2fs_read_dir_block2(fs, 0, buf, 0);
+        break;
+      }
+      case ext2fsReadDirBlock3: {
+        ext2fs_read_dir_block3(fs, 0, buf, 0);
+        break;
+      }
+      case ext2fsWriteDirBlock: {
+        ext2fs_write_dir_block(fs, 0, buf);
+        break;
+      }
+      case ext2fsWriteDirBlock2: {
+        ext2fs_write_dir_block2(fs, 0, buf, 0);
+        break;
+      }
+      case ext2fsWriteDirBlock3: {
+        ext2fs_write_dir_block3(fs, 0, buf, 0);
+        break;
+      }
+      default: {
+        assert(false);
+      }
+    }
+    ext2fs_close(fs);
+  }
+
+  return 0;
+}
--- a/projects/e2fsprogs/project.yaml
+++ b/projects/e2fsprogs/project.yaml
@ -0,0 +1,3 @@
+homepage: "https://github.com/tytso/e2fsprogs"
+language: c
+primary_contact: "tytso@mit.edu"