net-snmp: migrate fuzzers upstream. (#6113)

* net-snmp: migrate fuzzers upstream. * fix correct upstream link.
author: DavidKorczynski <david@adalogics.com> 2021-07-29 17:42:39 +0100
committer: GitHub <noreply@github.com> 2021-07-29 17:42:39 +0100
commit: e3ad773061c79c08a90cbb93db987c57c8f66f9d (patch)
tree: bfef8e2280d2582e2d9eeb9730945124af970d6a
parent: 8eb04554765201beacdc2a3eb98f6b725d222b75 (diff)
10 files changed, 7 insertions, 405 deletions
diff --git a/projects/net-snmp/Dockerfile b/projects/net-snmp/Dockerfile
index e67cbb4d..72dfa667 100644
--- a/projects/net-snmp/Dockerfile
+++ b/projects/net-snmp/Dockerfile
@@ -16,9 +16,6 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder
 RUN apt-get update && apt-get install -y make autoconf libtool libssl-dev
-RUN git clone --depth 1 git://git.code.sf.net/p/net-snmp/code net-snmp
+RUN git clone https://github.com/net-snmp/net-snmp net-snmp
 WORKDIR net-snmp
 COPY build.sh $SRC/
-#
-# Until the project moves the fuzzers to the source tree
-COPY *_fuzzer.c $SRC/
diff --git a/projects/net-snmp/agentx_parse_fuzzer.c b/projects/net-snmp/agentx_parse_fuzzer.c
deleted file mode 100644
index 43601120..00000000
--- a/projects/net-snmp/agentx_parse_fuzzer.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2018 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This fuzzer exercises the agentx PDU parsing code.
- */
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-/* We build with the agent/mibgroup/agentx dir in an -I */
-#include <protocol.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
-    netsnmp_session session;
-
-    session.version = AGENTX_VERSION_1;
-    agentx_parse(&session, pdu, (unsigned char *)data, size);
-    snmp_free_pdu(pdu);
-    return 0;
-}
diff --git a/projects/net-snmp/build.sh b/projects/net-snmp/build.sh
index 2a0f061f..158c99dd 100755
--- a/projects/net-snmp/build.sh
+++ b/projects/net-snmp/build.sh
@@ -20,19 +20,12 @@
 # net-snmp build is not parallel-make safe; do not add -j
 make
 
-# build fuzzers (remember to link statically)
-fuzzers=(
-    agentx_parse
-    parse_octet_hint
-    read_objid
-    snmp_mib
-    snmp_parse
-    snmp_parse_oid
-    snmp_pdu_parse
-    snmp_scoped_pdu_parse
-)
-for fuzzname in "${fuzzers[@]}"; do
-  $CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx $SRC/${fuzzname}_fuzzer.c -o $WORK/${fuzzname}_fuzzer.o
+# build fuzzers and link statically
+fuzzers=$(find ./fuzzing -name "*_fuzzer.c")
+suffix="_fuzzer\.c"
+for fuzzer in ${fuzzers}; do
+  fuzzname=$(basename -- ${fuzzer%$suffix})
+  $CC $CFLAGS -c -Iinclude -Iagent/mibgroup/agentx ./fuzzing/${fuzzname}_fuzzer.c -o $WORK/${fuzzname}_fuzzer.o
   $CXX $CXXFLAGS $WORK/${fuzzname}_fuzzer.o \
         $LIB_FUZZING_ENGINE snmplib/.libs/libnetsnmp.a \
         agent/.libs/libnetsnmpagent.a \
diff --git a/projects/net-snmp/parse_octet_hint_fuzzer.c b/projects/net-snmp/parse_octet_hint_fuzzer.c
deleted file mode 100644
index 0495f3b5..00000000
--- a/projects/net-snmp/parse_octet_hint_fuzzer.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <assert.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    char *hint, *value;
-    int value_start, new_val_len;
-    unsigned char *new_val;
-
-    hint = strndup((const char *)data, size);
-    value_start = strlen(hint);
-    assert(value_start <= size);
-    value = strndup((const char *)data + value_start, size - value_start);
-    parse_octet_hint(hint, value, &new_val, &new_val_len);
-    free(new_val);
-    free(hint);
-    free(value);
-    return 0; 
-}
diff --git a/projects/net-snmp/read_objid_fuzzer.c b/projects/net-snmp/read_objid_fuzzer.c
deleted file mode 100644
index 1d49508b..00000000
--- a/projects/net-snmp/read_objid_fuzzer.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    oid *objid = malloc(MAX_OID_LEN * sizeof(oid));
-    size_t objidlen = MAX_OID_LEN;
-    char *input;
-
-    input = strndup((const char *)data, size);
-    read_objid(input, objid, &objidlen);
-    free(objid);
-    free(input);
-    return 0;
-}
diff --git a/projects/net-snmp/snmp_mib_fuzzer.c b/projects/net-snmp/snmp_mib_fuzzer.c
deleted file mode 100644
index ccac14a9..00000000
--- a/projects/net-snmp/snmp_mib_fuzzer.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int SecmodInMsg_CB(struct snmp_secmod_incoming_params *sp1) {
-    return SNMPERR_SUCCESS;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    char *filename;
-    if (asprintf(&filename, "/tmp/fuzzed-mib.%d", getpid()) == -1) {
-        return 0;
-    }
-
-    FILE *fp = fopen(filename, "wb");
-    if (!fp) {
-        return 0;
-    }
-    fwrite(data, size, 1, fp);
-    fclose(fp);
-
-    // Read the file
-    read_mib(filename);
-
-    unlink(filename);
-    free(filename);
-    return 0;
-}
diff --git a/projects/net-snmp/snmp_parse_fuzzer.c b/projects/net-snmp/snmp_parse_fuzzer.c
deleted file mode 100644
index bc247f58..00000000
--- a/projects/net-snmp/snmp_parse_fuzzer.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This fuzzer exercises the SNMP PDU parsing code, including ASN.1.
- */
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    size_t bytes_remaining = size;
-    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
-
-    netsnmp_session sess = { };
-    snmpv3_parse(pdu, (unsigned char *)data, &bytes_remaining, NULL, &sess);
-    snmp_free_pdu(pdu);
-    return 0;
-}
diff --git a/projects/net-snmp/snmp_parse_oid_fuzzer.c b/projects/net-snmp/snmp_parse_oid_fuzzer.c
deleted file mode 100644
index 2b069f7f..00000000
--- a/projects/net-snmp/snmp_parse_oid_fuzzer.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int SecmodInMsg_CB(struct snmp_secmod_incoming_params *sp1) {
-    return SNMPERR_SUCCESS;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    oid *root = malloc(MAX_OID_LEN * sizeof(oid));
-    size_t rootlen;
-    char *input;
-
-    input = strndup((const char *)data, size);
-    snmp_parse_oid((const char *)input, root, &rootlen);
-    free(root);
-    free(input);
-    return 0; 
-}
diff --git a/projects/net-snmp/snmp_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_pdu_parse_fuzzer.c
deleted file mode 100644
index 6d45552d..00000000
--- a/projects/net-snmp/snmp_pdu_parse_fuzzer.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2018 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This fuzzer exercises the SNMP PDU parsing code, including ASN.1.
- */
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    size_t bytes_remaining = size;
-    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
-
-    snmp_pdu_parse(pdu, (unsigned char *)data, &bytes_remaining);
-    snmp_free_pdu(pdu);
-    return 0;
-}
diff --git a/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c b/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c
deleted file mode 100644
index d7e1957c..00000000
--- a/projects/net-snmp/snmp_scoped_pdu_parse_fuzzer.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * This fuzzer exercises the SNMP PDU parsing code, including ASN.1.
- */
-#include <net-snmp/net-snmp-config.h>
-#include <net-snmp/net-snmp-includes.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerInitialize(int *argc, char ***argv) {
-    if (getenv("NETSNMP_DEBUGGING") != NULL) {
-        /*
-         * Turn on all debugging, to help understand what
-         * bits of the parser are running.
-         */
-        snmp_enable_stderrlog();
-        snmp_set_do_debugging(1);
-        debug_register_tokens("");
-    }
-    return 0;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    size_t bytes_remaining = size;
-    netsnmp_pdu *pdu = SNMP_MALLOC_TYPEDEF(netsnmp_pdu);
-
-    snmpv3_scopedPDU_parse(pdu, (unsigned char *)data, &bytes_remaining);
-    snmp_free_pdu(pdu);
-    return 0;
-}
author	DavidKorczynski <david@adalogics.com>	2021-07-29 17:42:39 +0100
committer	GitHub <noreply@github.com>	2021-07-29 17:42:39 +0100
commit	e3ad773061c79c08a90cbb93db987c57c8f66f9d (patch)
tree	bfef8e2280d2582e2d9eeb9730945124af970d6a
parent	8eb04554765201beacdc2a3eb98f6b725d222b75 (diff)