diff options
| -rwxr-xr-x | projects/sudoers/Dockerfile | 22 | ||||
| -rwxr-xr-x | projects/sudoers/build.sh | 39 | ||||
| -rw-r--r-- | projects/sudoers/fuzz_iolog_json_parse.c | 69 | ||||
| -rw-r--r-- | projects/sudoers/fuzz_sudoers_parse.c | 64 | ||||
| -rwxr-xr-x | projects/sudoers/project.yaml | 10 |
5 files changed, 204 insertions, 0 deletions
diff --git a/projects/sudoers/Dockerfile b/projects/sudoers/Dockerfile new file mode 100755 index 00000000..916ce7bf --- /dev/null +++ b/projects/sudoers/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN git clone https://github.com/sudo-project/sudo + +WORKDIR $SRC/sudo +COPY build.sh $SRC/ +COPY fuzz_* $SRC/ diff --git a/projects/sudoers/build.sh b/projects/sudoers/build.sh new file mode 100755 index 00000000..2be31685 --- /dev/null +++ b/projects/sudoers/build.sh @@ -0,0 +1,39 @@ +#!/bin/bash -eu +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +if [ $SANITIZER == "address" ]; then + export LDFLAGS="-fsanitize=address" +elif [ $SANITIZER == "undefined" ]; then + export LDFLAGS="-fsanitize=undefined" +elif [ $SANITIZER == "coverage" ]; then + export LDFLAGS="$CFLAGS" +fi + +./configure --enable-static-sudoers --enable-static --disable-shared-libutil +make + +# Fuzz json parser +cd lib/iolog/ +$CC $CFLAGS -c -I../../include -I../.. -I. $SRC/fuzz_iolog_json_parse.c -fPIC -DPIC -o .libs/tmp_fuzz +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE .libs/tmp_fuzz -o $OUT/fuzz_iolog_json_parse \ + .libs/libsudo_iolog.a ../eventlog/.libs/libsudo_eventlog.a ../util/.libs/libsudo_util.a + +# Fuzz libsudoers parsing +cd ../../plugins/sudoers +$CC $CFLAGS -c -I../../include -I../.. -I. $SRC/fuzz_sudoers_parse.c -fPIC -DPIC -o fuzz_sudoers_parse.o +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE fuzz_sudoers_parse.o -o $OUT/fuzz_sudoers_parse \ + ./.libs/libparsesudoers.a ./.libs/sudoers.a net_ifs.o parse_ldif.o ldap_util.o -lcrypt diff --git a/projects/sudoers/fuzz_iolog_json_parse.c b/projects/sudoers/fuzz_iolog_json_parse.c new file mode 100644 index 00000000..788f15df --- /dev/null +++ b/projects/sudoers/fuzz_iolog_json_parse.c @@ -0,0 +1,69 @@ +/* Copyright 2021 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include <stdlib.h> +#include <stdio.h> +#include <stdint.h> + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_STDBOOL_H +# include <stdbool.h> +#else +# include "compat/stdbool.h" +#endif /* HAVE_STDBOOL_H */ +#include <string.h> +#include <unistd.h> +#include <ctype.h> +#include <limits.h> +#include <fcntl.h> +#include <time.h> + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_eventlog.h" +#include "sudo_fatal.h" +#include "sudo_gettext.h" +#include "sudo_iolog.h" +#include "sudo_util.h" + +#include "iolog_json.h" + + + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + char filename[256]; + sprintf(filename, "/tmp/libfuzzer.%d", getpid()); + + FILE *fp = fopen(filename, "wb"); + if (!fp) { + return 0; + } + fwrite(data, size, 1, fp); + fclose(fp); + + fp = fopen(filename, "rb"); + struct json_object root; + if (iolog_parse_json(fp, "libfuzzer_input.txt", &root)) { + free_json_items(&root.items); + } + + unlink(filename); + + return 0; +} + diff --git a/projects/sudoers/fuzz_sudoers_parse.c b/projects/sudoers/fuzz_sudoers_parse.c new file mode 100644 index 00000000..c9fd3be1 --- /dev/null +++ b/projects/sudoers/fuzz_sudoers_parse.c @@ -0,0 +1,64 @@ +/* Copyright 2021 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include <stdint.h> +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_STRINGS_H +# include <strings.h> +#endif /* HAVE_STRINGS_H */ +#include <ctype.h> +#include <errno.h> +#include <pwd.h> +#include <unistd.h> +#ifdef HAVE_GETOPT_LONG +# include <getopt.h> +# else +# include "compat/getopt.h" +#endif /* HAVE_GETOPT_LONG */ + +#include "sudoers.h" +#include "sudoers_version.h" +#include "sudo_lbuf.h" +#include "redblack.h" +#include "cvtsudoers.h" +#include <gram.h> + + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + char filename[256]; + sprintf(filename, "/tmp/libfuzzer.%d", getpid()); + + FILE *fp = fopen(filename, "wb"); + if (!fp) { + return 0; + } + fwrite(data, size, 1, fp); + fclose(fp); + + // main entry point for the fuzzer + fp = fopen(filename, "rb"); + init_parser(filename, false, true); + sudoers_parse_ldif(&parsed_policy, fp, NULL, true); + + //fclose(fp); + unlink(filename); + + return 0; +} + diff --git a/projects/sudoers/project.yaml b/projects/sudoers/project.yaml new file mode 100755 index 00000000..309a3eb3 --- /dev/null +++ b/projects/sudoers/project.yaml @@ -0,0 +1,10 @@ +homepage: "https://github.com/sudo-project" +primary_contact: "sudo@sudo.ws" +language: c +fuzzing_engines: + - libfuzzer + - honggfuzz + - dataflow +auto_ccs : + - "david@adalogics.com" +main_repo: 'https://github.com/sudo-project/sudo' |