diff options
author | Arjun <167687092+pkillarjun@users.noreply.github.com> | 2024-05-20 18:05:56 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-20 08:35:56 -0400 |
commit | a3f1d103ab515231c1376a8501a827ffe4c521ac (patch) | |
tree | 24277f02f445ceae03014bb42ec49ee0887c7916 | |
parent | 368993df0a22f35e1f0e23623e95f986a6b9ee0e (diff) | |
download | oss-fuzz-upstream-master.tar.gz |
[krb5] move fuzzers and build upstream (#11951)upstream-master
[Do Not Merge]
Moved the fuzzer to [krb5 repo](https://github.com/krb5/krb5/pull/1346)
with `build.sh`.
Signed-off-by: Arjun <pkillarjun@protonmail.com>
-rw-r--r-- | projects/krb5/Dockerfile | 8 | ||||
-rw-r--r-- | projects/krb5/build.sh | 48 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_chpw.c | 43 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c | 80 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_json.c | 41 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_krb5.c | 41 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_marshal.c | 57 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_ndr.c | 38 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_pac.c | 42 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Fuzz_profile.c | 51 | ||||
-rw-r--r-- | projects/krb5/fuzzing/Makefile | 47 | ||||
-rw-r--r-- | projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos | bin | 599 -> 0 bytes | |||
-rw-r--r-- | projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego | bin | 664 -> 0 bytes |
13 files changed, 3 insertions, 493 deletions
diff --git a/projects/krb5/Dockerfile b/projects/krb5/Dockerfile index 5b8fe0d78..eb0e5a006 100644 --- a/projects/krb5/Dockerfile +++ b/projects/krb5/Dockerfile @@ -15,9 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf bison flex -RUN git clone --depth 1 https://github.com/krb5/krb5 -RUN git clone https://github.com/pkillarjun/oss-fuzz-bloat -COPY build.sh $SRC/ -COPY fuzzing/ $SRC/krb5/fuzzing/ +RUN apt-get update && apt-get install -y autoconf bison +RUN git clone --depth=1 -b fuzzing https://github.com/pkillarjun/krb5.git +RUN cp $SRC/krb5/src/tests/fuzzing/oss-fuzz.sh $SRC/build.sh WORKDIR $SRC/krb5/ diff --git a/projects/krb5/build.sh b/projects/krb5/build.sh deleted file mode 100644 index dd2584e0a..000000000 --- a/projects/krb5/build.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -eu -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -pushd src/ -autoreconf -f -./configure --enable-static --disable-shared CC=$CC CXX=$CXX CFLAGS="-fcommon $CFLAGS" CXXFLAGS="-fcommon $CXXFLAGS" LDFLAGS="-fcommon $CFLAGS" -make -popd - -pushd fuzzing/ -make - -cp Fuzz_ndr $OUT/Fuzz_ndr -cp Fuzz_pac $OUT/Fuzz_pac -cp Fuzz_chpw $OUT/Fuzz_chpw -cp Fuzz_json $OUT/Fuzz_json -cp Fuzz_krb5 $OUT/Fuzz_krb5 -cp Fuzz_marshal $OUT/Fuzz_marshal -cp Fuzz_profile $OUT/Fuzz_profile -cp Fuzz_gss_accept_sec_context $OUT/Fuzz_gss_accept_sec_context -popd - -pushd $SRC/oss-fuzz-bloat/krb5/ -cp Fuzz_ndr_seed_corpus.zip $OUT/Fuzz_ndr_seed_corpus.zip -cp Fuzz_pac_seed_corpus.zip $OUT/Fuzz_pac_seed_corpus.zip -cp Fuzz_chpw_seed_corpus.zip $OUT/Fuzz_chpw_seed_corpus.zip -cp Fuzz_json_seed_corpus.zip $OUT/Fuzz_json_seed_corpus.zip -cp Fuzz_krb5_seed_corpus.zip $OUT/Fuzz_krb5_seed_corpus.zip -cp Fuzz_marshal_seed_corpus.zip $OUT/Fuzz_marshal_seed_corpus.zip -cp Fuzz_profile_seed_corpus.zip $OUT/Fuzz_profile_seed_corpus.zip -popd - -pushd fuzzing/exemplars -zip -j $OUT/Fuzz_gss_accept_sec_context_seed_corpus.zip gss-accept-sec-context-kerberos gss-accept-sec-context-spnego -popd diff --git a/projects/krb5/fuzzing/Fuzz_chpw.c b/projects/krb5/fuzzing/Fuzz_chpw.c deleted file mode 100644 index 601d00bf8..000000000 --- a/projects/krb5/fuzzing/Fuzz_chpw.c +++ /dev/null @@ -1,43 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <string.h> - -#include "k5-int.h" -#include "krb5.h" - -#define kMinInputLength 20 -#define kMaxInputLength 100 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/tests/misc/test_chpw_message.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 0; - } - - char *msg; - krb5_data DataInput; - krb5_context context; - - krb5_init_context(&context); - - DataInput = make_data((void *)Data, Size); - - krb5_chpw_message(context, &DataInput, &msg); - - free(msg); - krb5_free_context(context); - return 0; -} diff --git a/projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c b/projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c deleted file mode 100644 index 8538ee410..000000000 --- a/projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c +++ /dev/null @@ -1,80 +0,0 @@ -/* Copyright 2023 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <string.h> - -#include "krb5.h" -#include "gssapi.h" - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ - OM_uint32 maj_stat, min_stat; - - gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; - gss_name_t client_name = GSS_C_NO_NAME; - gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL; - - /* Each fuzz input contains multiple tokens preceded by a length field. - * Process them in turn with gss_accept_sec_context while - * GSS_S_CONTINUE_NEEDED is set - */ - do { - unsigned short token_length; - - gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER; - - if (Size < sizeof(token_length)) - break; - - token_length = *(unsigned short *)Data; - - Data += sizeof(token_length); - Size -= sizeof(token_length); - - if (token_length == 0 || token_length > Size) - break; - - input_token.length = token_length; - input_token.value = malloc(token_length); - memcpy(input_token.value, Data, token_length); - - Data += token_length; - Size -= token_length; - - maj_stat = gss_accept_sec_context( - &min_stat, - &ctx, - GSS_C_NO_CREDENTIAL, /* server_creds */ - &input_token, - GSS_C_NO_CHANNEL_BINDINGS, /* input_bindings */ - &client_name, - NULL, /* mech_type */ - &output_token, - NULL, /* ret_flags */ - NULL, /* time */ - &deleg_cred - ); - - gss_release_buffer(&min_stat, &output_token); - gss_release_buffer(&min_stat, &input_token); - - if (GSS_ERROR(maj_stat)) { - if (ctx != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, &ctx, GSS_C_NO_BUFFER); - break; - } - } while(maj_stat & GSS_S_CONTINUE_NEEDED); - - gss_release_name(&min_stat, &client_name); - gss_release_cred(&min_stat, &deleg_cred); - - return 0; -} diff --git a/projects/krb5/fuzzing/Fuzz_json.c b/projects/krb5/fuzzing/Fuzz_json.c deleted file mode 100644 index e05090f42..000000000 --- a/projects/krb5/fuzzing/Fuzz_json.c +++ /dev/null @@ -1,41 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> -#include <string.h> - -#include <k5-json.h> - -#define kMinInputLength 10 -#define kMaxInputLength 1024 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/util/support/t_json.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 0; - } - -//Add Null byte - uint8_t *DataFx; - size_t SizeFx = Size+1; - DataFx = (uint8_t *)calloc(SizeFx,sizeof(uint8_t)); - memcpy((void *)DataFx,(void *)Data,Size); - - k5_json_value v; - k5_json_decode((char *)DataFx, &v); - k5_json_release(v); - - free(DataFx); - return 0; -} diff --git a/projects/krb5/fuzzing/Fuzz_krb5.c b/projects/krb5/fuzzing/Fuzz_krb5.c deleted file mode 100644 index 3e78e41c5..000000000 --- a/projects/krb5/fuzzing/Fuzz_krb5.c +++ /dev/null @@ -1,41 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> - -#include "k5-int.h" - -#define kMinInputLength 10 -#define kMaxInputLength 1024 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/kdc/t_ndr.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 0; - } - - krb5_data data_in; - krb5_error_code ret; - krb5_ticket *ticket; - krb5_context context; - - data_in = make_data((void *)Data, Size); - - krb5_init_context(&context); - ret = krb5_decode_ticket(&data_in, &ticket); - krb5_free_ticket(context, ticket); - krb5_free_context(context); - - return ret; -} diff --git a/projects/krb5/fuzzing/Fuzz_marshal.c b/projects/krb5/fuzzing/Fuzz_marshal.c deleted file mode 100644 index 2f4793d03..000000000 --- a/projects/krb5/fuzzing/Fuzz_marshal.c +++ /dev/null @@ -1,57 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> - -#include "cc-int.h" - -#define kMinInputLength 10 -#define kMaxInputLength 5120 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/lib/krb5/ccache/t_marshal.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 0; - } - - int MaxVersion = 4; - krb5_data ser_data; - krb5_context context; - krb5_principal princ; - krb5_creds cred, *alloc_cred; - - krb5_init_context(&context); - - { //public functions for unmarshalling - ser_data = make_data((void *)Data, Size); - krb5_unmarshal_credentials(context, &ser_data, &alloc_cred); - krb5_free_creds(context, alloc_cred); - } - - for (size_t version = 1; version <= MaxVersion; version++){ - - { //principal unmarshalling - k5_unmarshal_princ(Data, Size, version, &princ); - krb5_free_principal(context, princ); - } - - { //cred unmarshalling - k5_unmarshal_cred(Data, Size, version,&cred); - krb5_free_cred_contents(context, &cred); - } - } - - krb5_free_context(context); - return 0; -} diff --git a/projects/krb5/fuzzing/Fuzz_ndr.c b/projects/krb5/fuzzing/Fuzz_ndr.c deleted file mode 100644 index a7da00393..000000000 --- a/projects/krb5/fuzzing/Fuzz_ndr.c +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> - -#include "k5-int.h" -#include "kdc_util.h" - -#define kMinInputLength 10 -#define kMaxInputLength 1024 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/kdc/t_ndr.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 0; - } - - krb5_data data_in; - krb5_error_code ret; - struct pac_s4u_delegation_info *di = NULL; - - data_in = make_data((void *)Data, Size); - ret = ndr_dec_delegation_info(&data_in, &di); - ndr_free_delegation_info(di); - - return ret; -} diff --git a/projects/krb5/fuzzing/Fuzz_pac.c b/projects/krb5/fuzzing/Fuzz_pac.c deleted file mode 100644 index 5a95dac6f..000000000 --- a/projects/krb5/fuzzing/Fuzz_pac.c +++ /dev/null @@ -1,42 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> - -#include "k5-int.h" - -#define kMinInputLength 10 -#define kMaxInputLength 5120 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/lib/krb5/krb/t_pac.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 0; - } - - krb5_context context; - - krb5_init_context(&context); - krb5_set_default_realm(context, "WIN2K3.THINKER.LOCAL"); - - { - krb5_pac pac; - krb5_pac_parse(context, Data, Size, &pac); - - krb5_pac_free(context, pac); - } - - krb5_free_context(context); - return 0; -} diff --git a/projects/krb5/fuzzing/Fuzz_profile.c b/projects/krb5/fuzzing/Fuzz_profile.c deleted file mode 100644 index 4ddbb16c0..000000000 --- a/projects/krb5/fuzzing/Fuzz_profile.c +++ /dev/null @@ -1,51 +0,0 @@ -/* Copyright 2022 Google LLC -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific make_data(language governing permissions and -limitations under the License. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <stdint.h> - -#include "prof_int.h" - -#define kMinInputLength 10 -#define kMaxInputLength 5120 - -extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{//src/util/profile/test_parse.c - - if (Size < kMinInputLength || Size > kMaxInputLength){ - return 1; - } - - char filename[256]; - - sprintf(filename, "/tmp/libfuzzer.%d", getpid()); - FILE *fp = fopen(filename, "wb"); - if (!fp) { - return 1; - } - fwrite(Data, Size, 1, fp); - - { - struct profile_node *root; - - initialize_prof_error_table(); - - profile_parse_file(fp, &root, NULL); - profile_verify_node(root); - - profile_free_node(root); - } - - fclose(fp); - unlink(filename); - return 0; -} diff --git a/projects/krb5/fuzzing/Makefile b/projects/krb5/fuzzing/Makefile deleted file mode 100644 index 1107b57c4..000000000 --- a/projects/krb5/fuzzing/Makefile +++ /dev/null @@ -1,47 +0,0 @@ -TARGET=Fuzzer - -#File -ndrEXE=Fuzz_ndr -pacEXE=Fuzz_pac -chpwEXE=Fuzz_chpw -jsonEXE=Fuzz_json -krb5EXE=Fuzz_krb5 -marshalEXE=Fuzz_marshal -profileEXE=Fuzz_profile -gss_accept_sec_contextEXE=Fuzz_gss_accept_sec_context - -#header lib obj -DIR=./../src -INC=-I$(DIR)/include/ -I$(DIR)/kdc/ -I$(DIR)/lib/krb5/ccache/ -I$(DIR)/util/profile/ -EXTCFLAGS=-DHAVE_CONFIG_H -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE -DHAS_STDARG -fcommon -Wall -Werror - -LibINC=-L$(DIR)/lib/ -fcommon -LibFLAGS=$(LIB_FUZZING_ENGINE) -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -ndrOBJ=$(DIR)/kdc/ndr.o - -all: $(TARGET) - -#SETUP -$(TARGET): - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(ndrEXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(pacEXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(chpwEXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(jsonEXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(krb5EXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(marshalEXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(profileEXE).c - $(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(gss_accept_sec_contextEXE).c - - $(CXX) $(CFLAGS) $(LibINC) -o $(ndrEXE) $(ndrEXE).o $(ndrOBJ) $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(pacEXE) $(pacEXE).o $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(chpwEXE) $(chpwEXE).o $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(jsonEXE) $(jsonEXE).o $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(krb5EXE) $(krb5EXE).o $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(marshalEXE) $(marshalEXE).o $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(profileEXE) $(profileEXE).o $(LibFLAGS) - $(CXX) $(CFLAGS) $(LibINC) -o $(gss_accept_sec_contextEXE) $(gss_accept_sec_contextEXE).o $(LibFLAGS) - -clean: - rm $(ndrEXE) $(pacEXE) $(chpwEXE) $(jsonEXE) $(krb5EXE) $(marshalEXE) $(profileEXE) $(gss_accept_sec_contextEXE) *.o - -.PHONY: all clean diff --git a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos b/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos Binary files differdeleted file mode 100644 index 9bc9afdd7..000000000 --- a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos +++ /dev/null diff --git a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego b/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego Binary files differdeleted file mode 100644 index a191e0a59..000000000 --- a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego +++ /dev/null |