diff options
| -rw-r--r-- | projects/nss/Dockerfile | 4 | ||||
| -rwxr-xr-x | projects/nss/build.sh | 52 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc | 19 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_any_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_bitstring_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_boolean_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_fuzzer_template.h | 45 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_ia5string_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_integer_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_null_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_objectid_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_octetstring_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_utctime_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/asn1_utf8string_fuzzer.cc | 18 | ||||
| -rw-r--r-- | projects/nss/fuzzers/cert_certificate_fuzzer.cc | 19 | ||||
| -rw-r--r-- | projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc | 19 |
18 files changed, 4 insertions, 370 deletions
diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile index 5b2976ff..f494a9b5 100644 --- a/projects/nss/Dockerfile +++ b/projects/nss/Dockerfile @@ -16,11 +16,11 @@ FROM ossfuzz/base-builder MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool mercurial zlib1g-dev +RUN apt-get install -y make mercurial zlib1g-dev gyp ninja-build libssl-dev RUN hg clone https://hg.mozilla.org/projects/nspr nspr RUN hg clone https://hg.mozilla.org/projects/nss nss RUN git clone --depth 1 https://github.com/mozilla/nss-fuzzing-corpus.git nss-corpus WORKDIR nss -COPY build.sh fuzzers/* $SRC/ +COPY build.sh $SRC/ diff --git a/projects/nss/build.sh b/projects/nss/build.sh index 6a35c478..98024b1d 100755 --- a/projects/nss/build.sh +++ b/projects/nss/build.sh @@ -15,54 +15,6 @@ # ################################################################################ -# Build the library. -make CCC="$CXX" XCFLAGS="$CXXFLAGS" SANITIZER_CFLAGS="$CXXFLAGS" \ - BUILD_OPT=1 USE_64=1 NSS_DISABLE_GTESTS=1 ZDEFS_FLAG= \ - nss_clean_all nss_build_all -cd .. -# Copy libraries and some objects to $WORK/nss/lib. -mkdir -p $WORK/nss/lib -cp dist/Linux*/lib/*.a $WORK/nss/lib -cp nspr/Linux*/pr/src/misc/prlog2.o $WORK/nss/lib - -# Copy includes to $WORK/nss/include. -mkdir -p $WORK/nss/include -cp -rL dist/Linux*/include/* $WORK/nss/include -cp -rL dist/{public,private}/nss/* $WORK/nss/include - - -# Build the fuzzers. -FUZZERS="asn1_algorithmid_fuzzer \ - asn1_any_fuzzer \ - asn1_bitstring_fuzzer \ - asn1_bmpstring_fuzzer \ - asn1_boolean_fuzzer \ - asn1_generalizedtime_fuzzer \ - asn1_ia5string_fuzzer \ - asn1_integer_fuzzer \ - asn1_null_fuzzer \ - asn1_objectid_fuzzer \ - asn1_octetstring_fuzzer \ - asn1_utctime_fuzzer \ - asn1_utf8string_fuzzer" - -# The following fuzzers are currently disabled due to linking issues: -# cert_certificate_fuzzer, seckey_privatekeyinfo_fuzzer - - -for fuzzer in $FUZZERS; do - $CXX $CXXFLAGS -std=c++11 $SRC/$fuzzer.cc \ - -I$WORK/nss/include \ - -lFuzzingEngine \ - $WORK/nss/lib/libnss.a $WORK/nss/lib/libnssutil.a \ - $WORK/nss/lib/libnspr4.a $WORK/nss/lib/libplc4.a $WORK/nss/lib/libplds4.a \ - $WORK/nss/lib/prlog2.o -o $OUT/$fuzzer -done - -# Archive and copy to $OUT seed corpus if the build succeeded. -zip $WORK/nss/all_nss_seed_corpus.zip $SRC/nss-corpus/*/* - -for fuzzer in $FUZZERS; do - cp $WORK/nss/all_nss_seed_corpus.zip $OUT/${fuzzer}_seed_corpus.zip -done +# Build NSS with fuzzers. +./automation/ossfuzz/build.sh diff --git a/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc b/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc deleted file mode 100644 index ec244184..00000000 --- a/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <secoid.h> -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECAlgorithmID, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); - NSSFuzzOneInput<SECAlgorithmID, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_any_fuzzer.cc b/projects/nss/fuzzers/asn1_any_fuzzer.cc deleted file mode 100644 index 06a0c090..00000000 --- a/projects/nss/fuzzers/asn1_any_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_AnyTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_AnyTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc b/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc deleted file mode 100644 index 26543c10..00000000 --- a/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_BitStringTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_BitStringTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc b/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc deleted file mode 100644 index a3776409..00000000 --- a/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_boolean_fuzzer.cc b/projects/nss/fuzzers/asn1_boolean_fuzzer.cc deleted file mode 100644 index 6e178ee0..00000000 --- a/projects/nss/fuzzers/asn1_boolean_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_BooleanTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_BooleanTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_fuzzer_template.h b/projects/nss/fuzzers/asn1_fuzzer_template.h deleted file mode 100644 index 416b707e..00000000 --- a/projects/nss/fuzzers/asn1_fuzzer_template.h +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef ASN1_FUZZER_TEMPLATE_H_ -#define ASN1_FUZZER_TEMPLATE_H_ - -#include <nspr.h> -#include <nss.h> -#include <secasn1.h> -#include <secder.h> -#include <secitem.h> -#include <secport.h> -#include <stddef.h> -#include <stdint.h> - -template <typename DestinationType, - SECStatus (*DecodeFunction)(PLArenaPool*, - void*, - const SEC_ASN1Template*, - const SECItem*)> -void NSSFuzzOneInput(const SEC_ASN1Template* the_template, - const uint8_t* data, - size_t size) { - DestinationType* destination = new DestinationType(); - memset(destination, 0, sizeof(DestinationType)); - - PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - delete destination; - return; - } - - SECItem source; - source.type = siBuffer; - source.data = static_cast<unsigned char*>(const_cast<uint8_t*>(data)); - source.len = static_cast<unsigned int>(size); - - DecodeFunction(arena, destination, the_template, &source); - - PORT_FreeArena(arena, PR_FALSE); - delete destination; -} - -#endif // ASN1_FUZZER_TEMPLATE_H_ diff --git a/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc b/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc deleted file mode 100644 index 1faf586f..00000000 --- a/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc b/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc deleted file mode 100644 index 2a33255a..00000000 --- a/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_integer_fuzzer.cc b/projects/nss/fuzzers/asn1_integer_fuzzer.cc deleted file mode 100644 index 4e08fec0..00000000 --- a/projects/nss/fuzzers/asn1_integer_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_IntegerTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_IntegerTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_null_fuzzer.cc b/projects/nss/fuzzers/asn1_null_fuzzer.cc deleted file mode 100644 index 4af7afb7..00000000 --- a/projects/nss/fuzzers/asn1_null_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_NullTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_NullTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_objectid_fuzzer.cc b/projects/nss/fuzzers/asn1_objectid_fuzzer.cc deleted file mode 100644 index bdc8288b..00000000 --- a/projects/nss/fuzzers/asn1_objectid_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc b/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc deleted file mode 100644 index 71b25776..00000000 --- a/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_utctime_fuzzer.cc b/projects/nss/fuzzers/asn1_utctime_fuzzer.cc deleted file mode 100644 index 604e2609..00000000 --- a/projects/nss/fuzzers/asn1_utctime_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc b/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc deleted file mode 100644 index f4a3a6ac..00000000 --- a/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); - NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/cert_certificate_fuzzer.cc b/projects/nss/fuzzers/cert_certificate_fuzzer.cc deleted file mode 100644 index ce1efc73..00000000 --- a/projects/nss/fuzzers/cert_certificate_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cert.h> -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<CERTCertificate, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(CERT_CertificateTemplate), data, size); - NSSFuzzOneInput<CERTCertificate, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(CERT_CertificateTemplate), data, size); - - return 0; -} diff --git a/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc b/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc deleted file mode 100644 index a6dd802e..00000000 --- a/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <secmod.h> -#include <stddef.h> -#include <stdint.h> - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput<SECKEYPrivateKeyInfo, SEC_QuickDERDecodeItem>( - SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); - NSSFuzzOneInput<SECKEYPrivateKeyInfo, SEC_ASN1DecodeItem>( - SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); - - return 0; -} |