diff options
Diffstat (limited to 'projects/nss')
19 files changed, 413 insertions, 0 deletions
diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile new file mode 100644 index 00000000..e3a621ec --- /dev/null +++ b/projects/nss/Dockerfile @@ -0,0 +1,26 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool mercurial zlib1g-dev + +RUN hg clone https://hg.mozilla.org/projects/nspr nspr +RUN hg clone https://hg.mozilla.org/projects/nss nss +RUN git clone https://github.com/mozilla/nss-fuzzing-corpus.git nss-corpus + +WORKDIR nss +COPY build.sh fuzzers/* $SRC/ diff --git a/projects/nss/build.sh b/projects/nss/build.sh new file mode 100755 index 00000000..d2a126ed --- /dev/null +++ b/projects/nss/build.sh @@ -0,0 +1,68 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build the library. +make CCC="$CXX" XCFLAGS="$CXXFLAGS" SANITIZER_CFLAGS="$CXXFLAGS" \ + BUILD_OPT=1 USE_64=1 NSS_DISABLE_GTESTS=1 ZDEFS_FLAG= \ + nss_clean_all nss_build_all +cd .. + +# Copy libraries and some objects to $WORK/nss/lib. +mkdir -p $WORK/nss/lib +cp dist/Linux*/lib/*.a $WORK/nss/lib +cp nspr/Linux*/pr/src/misc/prlog2.o $WORK/nss/lib + +# Copy includes to $WORK/nss/include. +mkdir -p $WORK/nss/include +cp -rL dist/Linux*/include/* $WORK/nss/include +cp -rL dist/{public,private}/nss/* $WORK/nss/include + + +# Build the fuzzers. +FUZZERS="asn1_algorithmid_fuzzer \ + asn1_any_fuzzer \ + asn1_bitstring_fuzzer \ + asn1_bmpstring_fuzzer \ + asn1_boolean_fuzzer \ + asn1_generalizedtime_fuzzer \ + asn1_ia5string_fuzzer \ + asn1_integer_fuzzer \ + asn1_null_fuzzer \ + asn1_objectid_fuzzer \ + asn1_octetstring_fuzzer \ + asn1_utctime_fuzzer \ + asn1_utf8string_fuzzer" + +# The following fuzzers are currently disabled due to linking issues: +# cert_certificate_fuzzer, seckey_privatekeyinfo_fuzzer + + +for fuzzer in $FUZZERS; do + $CXX $CXXFLAGS -std=c++11 $SRC/$fuzzer.cc \ + -I$WORK/nss/include \ + -lfuzzer \ + $WORK/nss/lib/libnss.a $WORK/nss/lib/libnssutil.a \ + $WORK/nss/lib/libnspr4.a $WORK/nss/lib/libplc4.a $WORK/nss/lib/libplds4.a \ + $WORK/nss/lib/prlog2.o -o $OUT/$fuzzer +done + +# Archive and copy to $OUT seed corpus if the build succeeded. +zip $WORK/nss/all_nss_seed_corpus.zip $SRC/nss-corpus/*/* + +for fuzzer in $FUZZERS; do + cp $WORK/nss/all_nss_seed_corpus.zip $OUT/${fuzzer}_seed_corpus.zip +done diff --git a/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc b/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc new file mode 100644 index 00000000..ec244184 --- /dev/null +++ b/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <secoid.h> +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECAlgorithmID, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); + NSSFuzzOneInput<SECAlgorithmID, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_any_fuzzer.cc b/projects/nss/fuzzers/asn1_any_fuzzer.cc new file mode 100644 index 00000000..06a0c090 --- /dev/null +++ b/projects/nss/fuzzers/asn1_any_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_AnyTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_AnyTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc b/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc new file mode 100644 index 00000000..26543c10 --- /dev/null +++ b/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_BitStringTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_BitStringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc b/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc new file mode 100644 index 00000000..a3776409 --- /dev/null +++ b/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_boolean_fuzzer.cc b/projects/nss/fuzzers/asn1_boolean_fuzzer.cc new file mode 100644 index 00000000..6e178ee0 --- /dev/null +++ b/projects/nss/fuzzers/asn1_boolean_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_BooleanTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_BooleanTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_fuzzer_template.h b/projects/nss/fuzzers/asn1_fuzzer_template.h new file mode 100644 index 00000000..416b707e --- /dev/null +++ b/projects/nss/fuzzers/asn1_fuzzer_template.h @@ -0,0 +1,45 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef ASN1_FUZZER_TEMPLATE_H_ +#define ASN1_FUZZER_TEMPLATE_H_ + +#include <nspr.h> +#include <nss.h> +#include <secasn1.h> +#include <secder.h> +#include <secitem.h> +#include <secport.h> +#include <stddef.h> +#include <stdint.h> + +template <typename DestinationType, + SECStatus (*DecodeFunction)(PLArenaPool*, + void*, + const SEC_ASN1Template*, + const SECItem*)> +void NSSFuzzOneInput(const SEC_ASN1Template* the_template, + const uint8_t* data, + size_t size) { + DestinationType* destination = new DestinationType(); + memset(destination, 0, sizeof(DestinationType)); + + PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + delete destination; + return; + } + + SECItem source; + source.type = siBuffer; + source.data = static_cast<unsigned char*>(const_cast<uint8_t*>(data)); + source.len = static_cast<unsigned int>(size); + + DecodeFunction(arena, destination, the_template, &source); + + PORT_FreeArena(arena, PR_FALSE); + delete destination; +} + +#endif // ASN1_FUZZER_TEMPLATE_H_ diff --git a/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc b/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc new file mode 100644 index 00000000..1faf586f --- /dev/null +++ b/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc b/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc new file mode 100644 index 00000000..2a33255a --- /dev/null +++ b/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_integer_fuzzer.cc b/projects/nss/fuzzers/asn1_integer_fuzzer.cc new file mode 100644 index 00000000..4e08fec0 --- /dev/null +++ b/projects/nss/fuzzers/asn1_integer_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_IntegerTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_IntegerTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_null_fuzzer.cc b/projects/nss/fuzzers/asn1_null_fuzzer.cc new file mode 100644 index 00000000..4af7afb7 --- /dev/null +++ b/projects/nss/fuzzers/asn1_null_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_NullTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_NullTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_objectid_fuzzer.cc b/projects/nss/fuzzers/asn1_objectid_fuzzer.cc new file mode 100644 index 00000000..bdc8288b --- /dev/null +++ b/projects/nss/fuzzers/asn1_objectid_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc b/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc new file mode 100644 index 00000000..71b25776 --- /dev/null +++ b/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_utctime_fuzzer.cc b/projects/nss/fuzzers/asn1_utctime_fuzzer.cc new file mode 100644 index 00000000..604e2609 --- /dev/null +++ b/projects/nss/fuzzers/asn1_utctime_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc b/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc new file mode 100644 index 00000000..f4a3a6ac --- /dev/null +++ b/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECItem, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); + NSSFuzzOneInput<SECItem, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/cert_certificate_fuzzer.cc b/projects/nss/fuzzers/cert_certificate_fuzzer.cc new file mode 100644 index 00000000..ce1efc73 --- /dev/null +++ b/projects/nss/fuzzers/cert_certificate_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <cert.h> +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<CERTCertificate, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(CERT_CertificateTemplate), data, size); + NSSFuzzOneInput<CERTCertificate, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(CERT_CertificateTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc b/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc new file mode 100644 index 00000000..a6dd802e --- /dev/null +++ b/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <secmod.h> +#include <stddef.h> +#include <stdint.h> + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput<SECKEYPrivateKeyInfo, SEC_QuickDERDecodeItem>( + SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); + NSSFuzzOneInput<SECKEYPrivateKeyInfo, SEC_ASN1DecodeItem>( + SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); + + return 0; +} diff --git a/projects/nss/target.yaml b/projects/nss/target.yaml new file mode 100644 index 00000000..1a0af5d7 --- /dev/null +++ b/projects/nss/target.yaml @@ -0,0 +1 @@ +homepage: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" |