diff options
author | hamzeh <hamzeh@google.com> | 2020-10-29 16:26:23 -0700 |
---|---|---|
committer | Hamzeh Zawawy <hamzeh@google.com> | 2020-10-30 02:02:15 +0000 |
commit | 650697ee781dd7500f234cc06ff577897f1bd822 (patch) | |
tree | c79f80244fe58af55bfe414f936c9451099c2ab1 | |
parent | 1bc86e5df66a7e5bacbe03fb073ed9bfbd785753 (diff) | |
download | usrsctp-650697ee781dd7500f234cc06ff577897f1bd822.tar.gz |
Enabling fuzzers to run on continuous fuzzing plaform
Test: build with ANITIZE_HOST=address SANITIZE_TARGET=hwaddress m fuzzer_connect
and run:
INFO: Seed: 2237440050
INFO: Loaded 3 modules (51446 inline 8-bit counters): 17625 [0x7f8b0ef9fa50, 0x7f8b0efa3f29), 17495 [0x7f8b0f3dca70, 0x7f8b0f3e0ec7), 16326 [0x55e5292aa6b0, 0x55e5292ae676),
INFO: Loaded 3 PC tables (51446 PCs): 17625 [0x7f8b0efa3f30,0x7f8b0efe8cc0), 17495 [0x7f8b0f3e0ec8,0x7f8b0f425438), 16326 [0x55e5292ae678,0x55e5292ee2d8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
2 INITED cov: 3 ft: 3 corp: 1/1b exec/s: 0 rss: 43Mb
Change-Id: If41c505881cc2dba7a71fa4eea2caa72433aa6c0
-rw-r--r-- | Android.bp | 48 | ||||
-rw-r--r-- | fuzzer/fuzzer_connect.c | 11 | ||||
-rw-r--r-- | fuzzer/fuzzer_listen.c | 10 |
3 files changed, 62 insertions, 7 deletions
@@ -1,7 +1,5 @@ -cc_library_static { - name: "usrsctplib", - // vendor needed for libpreprocessing effects. - vendor: true, +cc_defaults { + name: "usrsctplib_defaults", srcs: [ "usrsctplib/netinet/sctp_asconf.c", "usrsctplib/netinet/sctp_auth.c", @@ -56,5 +54,47 @@ cc_library_static { "libcrypto", ], host_supported: true, +} + +cc_library_static { + name: "usrsctplib", + // vendor needed for libpreprocessing effects. + vendor: true, + defaults: ["usrsctplib_defaults"], visibility: ["//external/webrtc:__subpackages__"], } + +cc_library_static { + name: "usrsctp_fuzz_lib", + defaults: ["usrsctplib_defaults"], +} + +cc_fuzz { + name: "fuzzer_connect", + srcs: [ + "fuzzer/fuzzer_connect.c", + ], + static_libs: [ + "usrsctp_fuzz_lib", + ], + shared_libs: [ + "libcrypto", + ], + host_supported: true, + corpus: ["CORPUS_CONNECT/*"], +} + +cc_fuzz { + name: "fuzzer_listen", + srcs: [ + "fuzzer/fuzzer_listen.c", + ], + static_libs: [ + "usrsctp_fuzz_lib", + ], + shared_libs: [ + "libcrypto", + ], + host_supported: true, + corpus: ["CORPUS_LISTEN/*"], +} diff --git a/fuzzer/fuzzer_connect.c b/fuzzer/fuzzer_connect.c index 61d4ec3..c7f3d99 100644 --- a/fuzzer/fuzzer_connect.c +++ b/fuzzer/fuzzer_connect.c @@ -34,6 +34,7 @@ #include <stdarg.h> #include <assert.h> #include <usrsctp.h> +#include <openssl/sha.h> #include "../programs/programs_helper.h" //#define FUZZ_VERBOSE @@ -67,6 +68,9 @@ static uint32_t assoc_vtag = 0; static void dump_packet(const void *buffer, size_t bufferlen, int inout) { +(void) buffer; +(void) bufferlen; +(void) inout; #ifdef FUZZ_VERBOSE static char *dump_buf; if ((dump_buf = usrsctp_dumppacket(buffer, bufferlen, inout)) != NULL) { @@ -80,6 +84,9 @@ dump_packet(const void *buffer, size_t bufferlen, int inout) { static int conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) { + (void) addr; + (void) tos; + (void) set_df; struct sctp_init_chunk *init_chunk; const char *init_chunk_first_bytes = "\x13\x88\x13\x89\x00\x00\x00\x00\x00\x00\x00\x00\x01"; // Looking for the outgoing VTAG. @@ -99,6 +106,8 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) static void handle_upcall(struct socket *sock, void *arg, int flgs) { + (void) arg; + (void) flgs; fuzzer_printf("handle_upcall()\n"); int events = usrsctp_get_events(sock); @@ -443,5 +452,3 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) return (0); } - - diff --git a/fuzzer/fuzzer_listen.c b/fuzzer/fuzzer_listen.c index e6e873c..7d0e58e 100644 --- a/fuzzer/fuzzer_listen.c +++ b/fuzzer/fuzzer_listen.c @@ -32,6 +32,7 @@ #include <stdlib.h> #include <string.h> #include <usrsctp.h> +#include <openssl/sha.h> #include "../programs/programs_helper.h" #define FUZZ_FAST 1 @@ -53,6 +54,11 @@ struct socket *s_l; static int conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) { + (void) addr; + (void) buf; + (void) length; + (void) tos; + (void) set_df; #if 0 char *dump_buf; if ((dump_buf = usrsctp_dumppacket(buf, length, SCTP_DUMP_OUTBOUND)) != NULL) { @@ -66,6 +72,9 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) static void handle_upcall(struct socket *sock, void *arg, int flgs) { + (void) sock; + (void) arg; + (void) flgs; fuzzer_printf("Listening socket established, implement logic!\n"); exit(EXIT_FAILURE); } @@ -167,4 +176,3 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) return (0); } - |