From f8c9eec4cfcecaae9ede6a46229edb5723a42354 Mon Sep 17 00:00:00 2001 From: Ravi Jotwani Date: Thu, 25 Jun 2020 11:42:17 -0700 Subject: [PATCH] E2fsprogs integration (#4006) * added draco integration files * wrote build file and Dockerfile for Draco * split security-research-pocs fuzzer into four * added project build to build.sh * added more fuzzers * fixed sanitizer flags * removed commented code, combined fuzzers, fized build script * changed to singular filenames, converted usage of random int to enum, changed buffer name, and fixed build script * placed test files in memory instead of on disk, added asserts --- projects/e2fsprogs/Dockerfile | 23 +++++ projects/e2fsprogs/build.sh | 33 +++++++ .../fuzz/ext2fs_check_directory_fuzzer.cc | 43 +++++++++ .../fuzz/ext2fs_image_read_write_fuzzer.cc | 88 ++++++++++++++++++ .../fuzz/ext2fs_read_bitmap_fuzzer.cc | 68 ++++++++++++++ .../ext2fs_read_write_dir_block_fuzzer.cc | 89 +++++++++++++++++++ projects/e2fsprogs/project.yaml | 3 + 7 files changed, 347 insertions(+) create mode 100644 projects/e2fsprogs/Dockerfile create mode 100755 projects/e2fsprogs/build.sh create mode 100644 projects/e2fsprogs/fuzz/ext2fs_check_directory_fuzzer.cc create mode 100644 projects/e2fsprogs/fuzz/ext2fs_image_read_write_fuzzer.cc create mode 100644 projects/e2fsprogs/fuzz/ext2fs_read_bitmap_fuzzer.cc create mode 100644 projects/e2fsprogs/fuzz/ext2fs_read_write_dir_block_fuzzer.cc create mode 100644 projects/e2fsprogs/project.yaml diff --git a/projects/e2fsprogs/Dockerfile b/projects/e2fsprogs/Dockerfile new file mode 100644 index 000000000..484525ba6 --- /dev/null +++ b/projects/e2fsprogs/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get install -y --allow-downgrades --allow-remove-essential --allow-change-held-packages git make texinfo +RUN git clone --depth 1 https://github.com/tytso/e2fsprogs + +COPY build.sh $SRC/ +COPY fuzz/ $SRC/fuzz/ +WORKDIR $SRC/e2fsprogs diff --git a/projects/e2fsprogs/build.sh b/projects/e2fsprogs/build.sh new file mode 100755 index 000000000..7b19f1059 --- /dev/null +++ b/projects/e2fsprogs/build.sh @@ -0,0 +1,33 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +export LDFLAGS="$CXXFLAGS" +$SRC/e2fsprogs/configure +make -j$(nproc) all + +# build fuzzers +for fuzzer in $(find $SRC/fuzz -name '*_fuzzer.cc'); do + fuzzer_basename=$(basename -s .cc $fuzzer) + $CXX $CXXFLAGS \ + $LIB_FUZZING_ENGINE \ + -I $SRC/e2fsprogs/lib \ + $fuzzer \ + -L'./lib/ext2fs' -lext2fs \ + -L'./lib/et' -lcom_err \ + -o $OUT/$fuzzer_basename +done diff --git a/projects/e2fsprogs/fuzz/ext2fs_check_directory_fuzzer.cc b/projects/e2fsprogs/fuzz/ext2fs_check_directory_fuzzer.cc new file mode 100644 index 000000000..bd5240bb5 --- /dev/null +++ b/projects/e2fsprogs/fuzz/ext2fs_check_directory_fuzzer.cc @@ -0,0 +1,43 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include +#include + +#include "ext2fs/ext2fs.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. + int fd = open(fname, O_RDWR|O_CREAT|O_TRUNC); + write(fd, data, size); + close(fd); + + ext2_filsys fs; + errcode_t retval = ext2fs_open( + fname, + 0, 0, 0, + unix_io_manager, + &fs); + + if (!retval) { + retval = ext2fs_check_directory(fs, EXT2_ROOT_INO); + ext2fs_close(fs); + } + + return 0; +} diff --git a/projects/e2fsprogs/fuzz/ext2fs_image_read_write_fuzzer.cc b/projects/e2fsprogs/fuzz/ext2fs_image_read_write_fuzzer.cc new file mode 100644 index 000000000..80128bfe3 --- /dev/null +++ b/projects/e2fsprogs/fuzz/ext2fs_image_read_write_fuzzer.cc @@ -0,0 +1,88 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include +#include +#include +#include +#include + +#include "ext2fs/ext2fs.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + enum FuzzerType { + ext2fsImageBitmapRead, + ext2fsImageInodeRead, + ext2fsImageSuperRead, + ext2fsImageBitmapWrite, + ext2fsImageInodeWrite, + ext2fsImageSuperWrite, + kMaxValue = ext2fsImageSuperWrite + }; + + FuzzedDataProvider stream(data, size); + const FuzzerType f = stream.ConsumeEnum(); + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. + int fd = syscall(SYS_memfd_create, fname, 0); + std::vector buffer = stream.ConsumeRemainingBytes(); + write(fd, buffer.data(), buffer.size()); + close(fd); + + ext2_filsys fs; + errcode_t retval = ext2fs_open( + fname, + 0, 0, 0, + unix_io_manager, + &fs); + + if (!retval) { + switch (f) { + case ext2fsImageBitmapRead: { + ext2fs_image_bitmap_read(fs, fd, 0); + break; + } + case ext2fsImageInodeRead: { + ext2fs_image_inode_read(fs, fd, 0); + break; + } + case ext2fsImageSuperRead: { + ext2fs_image_super_read(fs, fd, 0); + break; + } + case ext2fsImageBitmapWrite: { + ext2fs_image_bitmap_write(fs, fd, 0); + break; + } + case ext2fsImageInodeWrite: { + ext2fs_image_inode_write(fs, fd, 0); + break; + } + case ext2fsImageSuperWrite: { + ext2fs_image_super_write(fs, fd, 0); + break; + } + default: { + assert(false); + } + } + ext2fs_close(fs); + } + + return 0; +} diff --git a/projects/e2fsprogs/fuzz/ext2fs_read_bitmap_fuzzer.cc b/projects/e2fsprogs/fuzz/ext2fs_read_bitmap_fuzzer.cc new file mode 100644 index 000000000..861d4b537 --- /dev/null +++ b/projects/e2fsprogs/fuzz/ext2fs_read_bitmap_fuzzer.cc @@ -0,0 +1,68 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include +#include +#include +#include +#include + +#include "ext2fs/ext2fs.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + enum FuzzerType { + ext2fsReadBlockBitmap, + ext2fsReadInodeBitmap, + kMaxValue = ext2fsReadInodeBitmap + }; + + FuzzedDataProvider stream(data, size); + const FuzzerType f = stream.ConsumeEnum(); + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. + int fd = syscall(SYS_memfd_create, fname, 0); + std::vector buffer = stream.ConsumeRemainingBytes(); + write(fd, buffer.data(), buffer.size()); + close(fd); + + ext2_filsys fs; + errcode_t retval = ext2fs_open( + fname, + 0, 0, 0, + unix_io_manager, + &fs); + + if (!retval) { + switch (f) { + case ext2fsReadBlockBitmap: { + ext2fs_read_block_bitmap(fs); + break; + } + case ext2fsReadInodeBitmap: { + ext2fs_read_inode_bitmap(fs); + break; + } + default: { + assert(false); + } + } + ext2fs_close(fs); + } + + return 0; +} diff --git a/projects/e2fsprogs/fuzz/ext2fs_read_write_dir_block_fuzzer.cc b/projects/e2fsprogs/fuzz/ext2fs_read_write_dir_block_fuzzer.cc new file mode 100644 index 000000000..ca6d509c0 --- /dev/null +++ b/projects/e2fsprogs/fuzz/ext2fs_read_write_dir_block_fuzzer.cc @@ -0,0 +1,89 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include +#include +#include +#include +#include + +#include "ext2fs/ext2fs.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + enum FuzzerType { + ext2fsReadDirBlock, + ext2fsReadDirBlock2, + ext2fsReadDirBlock3, + ext2fsWriteDirBlock, + ext2fsWriteDirBlock2, + ext2fsWriteDirBlock3, + kMaxValue = ext2fsWriteDirBlock3 + }; + + FuzzedDataProvider stream(data, size); + const FuzzerType f = stream.ConsumeEnum(); + static const char* fname = "/tmp/ext2_test_file"; + + // Write our data to a temp file. + int fd = syscall(SYS_memfd_create, fname, 0); + std::vector buffer = stream.ConsumeRemainingBytes(); + write(fd, buffer.data(), buffer.size()); + close(fd); + + ext2_filsys fs; + errcode_t retval = ext2fs_open( + fname, + 0, 0, 0, + unix_io_manager, + &fs); + + if (!retval) { + void *buf; + switch (f) { + case ext2fsReadDirBlock: { + ext2fs_read_dir_block(fs, 0, buf); + break; + } + case ext2fsReadDirBlock2: { + ext2fs_read_dir_block2(fs, 0, buf, 0); + break; + } + case ext2fsReadDirBlock3: { + ext2fs_read_dir_block3(fs, 0, buf, 0); + break; + } + case ext2fsWriteDirBlock: { + ext2fs_write_dir_block(fs, 0, buf); + break; + } + case ext2fsWriteDirBlock2: { + ext2fs_write_dir_block2(fs, 0, buf, 0); + break; + } + case ext2fsWriteDirBlock3: { + ext2fs_write_dir_block3(fs, 0, buf, 0); + break; + } + default: { + assert(false); + } + } + ext2fs_close(fs); + } + + return 0; +} diff --git a/projects/e2fsprogs/project.yaml b/projects/e2fsprogs/project.yaml new file mode 100644 index 000000000..b18f4c2ed --- /dev/null +++ b/projects/e2fsprogs/project.yaml @@ -0,0 +1,3 @@ +homepage: "https://github.com/tytso/e2fsprogs" +language: c +primary_contact: "tytso@mit.edu"