[krb5] move fuzzers and build upstream (#11951)upstream-master

[Do Not Merge]

Moved the fuzzer to [krb5 repo](https://github.com/krb5/krb5/pull/1346)
with `build.sh`.

Signed-off-by: Arjun <pkillarjun@protonmail.com>

13 files changed, 3 insertions, 493 deletions

diff --git a/projects/krb5/Dockerfile b/projects/krb5/Dockerfile
index 5b8fe0d78..eb0e5a006 100644
--- a/projects/krb5/Dockerfile
+++ b/projects/krb5/Dockerfile
@@ -15,9 +15,7 @@
 ################################################################################
 
 FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y make autoconf bison flex
-RUN git clone --depth 1 https://github.com/krb5/krb5
-RUN git clone https://github.com/pkillarjun/oss-fuzz-bloat
-COPY build.sh $SRC/
-COPY fuzzing/ $SRC/krb5/fuzzing/
+RUN apt-get update && apt-get install -y autoconf bison
+RUN git clone --depth=1 -b fuzzing https://github.com/pkillarjun/krb5.git
+RUN cp $SRC/krb5/src/tests/fuzzing/oss-fuzz.sh $SRC/build.sh
 WORKDIR $SRC/krb5/
diff --git a/projects/krb5/build.sh b/projects/krb5/build.sh
deleted file mode 100644
index dd2584e0a..000000000
--- a/projects/krb5/build.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash -eu
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-pushd src/
-autoreconf -f
-./configure --enable-static --disable-shared CC=$CC CXX=$CXX CFLAGS="-fcommon $CFLAGS" CXXFLAGS="-fcommon $CXXFLAGS" LDFLAGS="-fcommon $CFLAGS"
-make
-popd
-
-pushd fuzzing/
-make
-
-cp Fuzz_ndr $OUT/Fuzz_ndr
-cp Fuzz_pac $OUT/Fuzz_pac
-cp Fuzz_chpw $OUT/Fuzz_chpw
-cp Fuzz_json $OUT/Fuzz_json
-cp Fuzz_krb5 $OUT/Fuzz_krb5
-cp Fuzz_marshal $OUT/Fuzz_marshal
-cp Fuzz_profile $OUT/Fuzz_profile
-cp Fuzz_gss_accept_sec_context $OUT/Fuzz_gss_accept_sec_context
-popd
-
-pushd $SRC/oss-fuzz-bloat/krb5/
-cp Fuzz_ndr_seed_corpus.zip $OUT/Fuzz_ndr_seed_corpus.zip
-cp Fuzz_pac_seed_corpus.zip $OUT/Fuzz_pac_seed_corpus.zip
-cp Fuzz_chpw_seed_corpus.zip $OUT/Fuzz_chpw_seed_corpus.zip
-cp Fuzz_json_seed_corpus.zip $OUT/Fuzz_json_seed_corpus.zip
-cp Fuzz_krb5_seed_corpus.zip $OUT/Fuzz_krb5_seed_corpus.zip
-cp Fuzz_marshal_seed_corpus.zip $OUT/Fuzz_marshal_seed_corpus.zip
-cp Fuzz_profile_seed_corpus.zip $OUT/Fuzz_profile_seed_corpus.zip
-popd
-
-pushd fuzzing/exemplars
-zip -j $OUT/Fuzz_gss_accept_sec_context_seed_corpus.zip gss-accept-sec-context-kerberos gss-accept-sec-context-spnego
-popd
diff --git a/projects/krb5/fuzzing/Fuzz_chpw.c b/projects/krb5/fuzzing/Fuzz_chpw.c
deleted file mode 100644
index 601d00bf8..000000000
--- a/projects/krb5/fuzzing/Fuzz_chpw.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-
-#include "k5-int.h"
-#include "krb5.h"
-
-#define kMinInputLength 20
-#define kMaxInputLength 100
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/tests/misc/test_chpw_message.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 0;
-    }
-
-    char *msg;
-    krb5_data DataInput;
-    krb5_context context;
-
-    krb5_init_context(&context);
-
-    DataInput = make_data((void *)Data, Size);
-
-    krb5_chpw_message(context, &DataInput, &msg);
-
-    free(msg);
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c b/projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c
deleted file mode 100644
index 8538ee410..000000000
--- a/projects/krb5/fuzzing/Fuzz_gss_accept_sec_context.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* Copyright 2023 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <string.h>
-
-#include "krb5.h"
-#include "gssapi.h"
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
-{
-    OM_uint32 maj_stat, min_stat;
-
-    gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
-    gss_name_t client_name = GSS_C_NO_NAME;
-    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;
-
-    /* Each fuzz input contains multiple tokens preceded by a length field.
-     * Process them in turn with gss_accept_sec_context while
-     * GSS_S_CONTINUE_NEEDED is set
-     */
-    do {
-        unsigned short token_length;
-
-        gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
-
-        if (Size < sizeof(token_length))
-            break;
-
-        token_length = *(unsigned short *)Data;
-
-        Data += sizeof(token_length);
-        Size -= sizeof(token_length);
-
-        if (token_length == 0 || token_length > Size)
-            break;
-
-        input_token.length = token_length;
-        input_token.value = malloc(token_length);
-        memcpy(input_token.value, Data, token_length);
-
-        Data += token_length;
-        Size -= token_length;
-
-        maj_stat = gss_accept_sec_context(
-            &min_stat,
-            &ctx,
-            GSS_C_NO_CREDENTIAL, /* server_creds */
-            &input_token,
-            GSS_C_NO_CHANNEL_BINDINGS, /* input_bindings */
-            &client_name,
-            NULL, /* mech_type */
-            &output_token,
-            NULL, /* ret_flags */
-            NULL, /* time */
-            &deleg_cred
-        );
-
-        gss_release_buffer(&min_stat, &output_token);
-        gss_release_buffer(&min_stat, &input_token);
-
-        if (GSS_ERROR(maj_stat)) {
-            if (ctx != GSS_C_NO_CONTEXT)
-                gss_delete_sec_context(&min_stat, &ctx, GSS_C_NO_BUFFER);
-            break;
-        }
-    } while(maj_stat & GSS_S_CONTINUE_NEEDED);
-
-    gss_release_name(&min_stat, &client_name);
-    gss_release_cred(&min_stat, &deleg_cred);
-
-    return 0;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_json.c b/projects/krb5/fuzzing/Fuzz_json.c
deleted file mode 100644
index e05090f42..000000000
--- a/projects/krb5/fuzzing/Fuzz_json.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-
-#include <k5-json.h>
-
-#define kMinInputLength 10
-#define kMaxInputLength 1024
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/util/support/t_json.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 0;
-    }
-
-//Add Null byte
-    uint8_t *DataFx;
-    size_t SizeFx = Size+1;
-    DataFx = (uint8_t *)calloc(SizeFx,sizeof(uint8_t));
-    memcpy((void *)DataFx,(void *)Data,Size);
-
-    k5_json_value v;
-    k5_json_decode((char *)DataFx, &v);
-    k5_json_release(v);
-
-    free(DataFx);
-    return 0;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_krb5.c b/projects/krb5/fuzzing/Fuzz_krb5.c
deleted file mode 100644
index 3e78e41c5..000000000
--- a/projects/krb5/fuzzing/Fuzz_krb5.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-#include "k5-int.h"
-
-#define kMinInputLength 10
-#define kMaxInputLength 1024
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/kdc/t_ndr.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 0;
-    }
-
-    krb5_data data_in;
-    krb5_error_code ret;
-    krb5_ticket *ticket;
-    krb5_context context;
-
-    data_in = make_data((void *)Data, Size);
-
-    krb5_init_context(&context);
-    ret = krb5_decode_ticket(&data_in, &ticket);
-    krb5_free_ticket(context, ticket);
-    krb5_free_context(context);
-
-    return ret;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_marshal.c b/projects/krb5/fuzzing/Fuzz_marshal.c
deleted file mode 100644
index 2f4793d03..000000000
--- a/projects/krb5/fuzzing/Fuzz_marshal.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-#include "cc-int.h"
-
-#define kMinInputLength 10
-#define kMaxInputLength 5120
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/lib/krb5/ccache/t_marshal.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 0;
-    }
-
-    int MaxVersion = 4;
-    krb5_data ser_data;
-    krb5_context context;
-    krb5_principal princ;
-    krb5_creds cred, *alloc_cred;
-
-    krb5_init_context(&context);
-
-    {   //public functions for unmarshalling
-        ser_data = make_data((void *)Data, Size);
-        krb5_unmarshal_credentials(context, &ser_data, &alloc_cred);
-        krb5_free_creds(context, alloc_cred);
-    }
-
-    for (size_t version = 1; version <= MaxVersion; version++){
-
-        {   //principal unmarshalling
-            k5_unmarshal_princ(Data, Size, version, &princ);
-            krb5_free_principal(context, princ);
-        }
-
-        {   //cred unmarshalling
-            k5_unmarshal_cred(Data, Size, version,&cred);
-            krb5_free_cred_contents(context, &cred);
-        }
-    }
-
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_ndr.c b/projects/krb5/fuzzing/Fuzz_ndr.c
deleted file mode 100644
index a7da00393..000000000
--- a/projects/krb5/fuzzing/Fuzz_ndr.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-#include "k5-int.h"
-#include "kdc_util.h"
-
-#define kMinInputLength 10
-#define kMaxInputLength 1024
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/kdc/t_ndr.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 0;
-    }
-
-    krb5_data data_in;
-    krb5_error_code ret;
-    struct pac_s4u_delegation_info *di = NULL;
-
-    data_in = make_data((void *)Data, Size);
-    ret = ndr_dec_delegation_info(&data_in, &di);
-    ndr_free_delegation_info(di);
-
-    return ret;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_pac.c b/projects/krb5/fuzzing/Fuzz_pac.c
deleted file mode 100644
index 5a95dac6f..000000000
--- a/projects/krb5/fuzzing/Fuzz_pac.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-#include "k5-int.h"
-
-#define kMinInputLength 10
-#define kMaxInputLength 5120
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/lib/krb5/krb/t_pac.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 0;
-    }
-
-    krb5_context context;
-
-    krb5_init_context(&context);
-    krb5_set_default_realm(context, "WIN2K3.THINKER.LOCAL");
-
-    {
-        krb5_pac pac;
-        krb5_pac_parse(context, Data, Size, &pac);
-
-        krb5_pac_free(context, pac);
-    }
-
-    krb5_free_context(context);
-    return 0;
-}
diff --git a/projects/krb5/fuzzing/Fuzz_profile.c b/projects/krb5/fuzzing/Fuzz_profile.c
deleted file mode 100644
index 4ddbb16c0..000000000
--- a/projects/krb5/fuzzing/Fuzz_profile.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/* Copyright 2022 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific make_data(language governing permissions and
-limitations under the License.
-*/
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-#include "prof_int.h"
-
-#define kMinInputLength 10
-#define kMaxInputLength 5120
-
-extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) 
-{//src/util/profile/test_parse.c
-
-    if (Size < kMinInputLength || Size > kMaxInputLength){
-        return 1;
-    }
-
-    char filename[256];
-
-    sprintf(filename, "/tmp/libfuzzer.%d", getpid());
-    FILE *fp = fopen(filename, "wb");
-    if (!fp) {
-        return 1;
-    }
-    fwrite(Data, Size, 1, fp);
-
-    {
-        struct profile_node *root;
-
-        initialize_prof_error_table();
-
-        profile_parse_file(fp, &root, NULL);
-        profile_verify_node(root);
-
-        profile_free_node(root);
-    }
-
-    fclose(fp);
-    unlink(filename);
-    return 0;
-}
diff --git a/projects/krb5/fuzzing/Makefile b/projects/krb5/fuzzing/Makefile
deleted file mode 100644
index 1107b57c4..000000000
--- a/projects/krb5/fuzzing/Makefile
+++ /dev/null
@@ -1,47 +0,0 @@
-TARGET=Fuzzer
-
-#File
-ndrEXE=Fuzz_ndr
-pacEXE=Fuzz_pac
-chpwEXE=Fuzz_chpw
-jsonEXE=Fuzz_json
-krb5EXE=Fuzz_krb5
-marshalEXE=Fuzz_marshal
-profileEXE=Fuzz_profile
-gss_accept_sec_contextEXE=Fuzz_gss_accept_sec_context
-
-#header lib obj
-DIR=./../src
-INC=-I$(DIR)/include/ -I$(DIR)/kdc/ -I$(DIR)/lib/krb5/ccache/ -I$(DIR)/util/profile/
-EXTCFLAGS=-DHAVE_CONFIG_H -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE -DHAS_STDARG -fcommon -Wall -Werror 
-
-LibINC=-L$(DIR)/lib/ -fcommon
-LibFLAGS=$(LIB_FUZZING_ENGINE) -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv
-ndrOBJ=$(DIR)/kdc/ndr.o
-
-all: $(TARGET)
-
-#SETUP
-$(TARGET):
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(ndrEXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(pacEXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(chpwEXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(jsonEXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(krb5EXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(marshalEXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(profileEXE).c
-	$(CC) $(CFLAGS) $(EXTCFLAGS) $(INC) -c $(gss_accept_sec_contextEXE).c
-
-	$(CXX) $(CFLAGS) $(LibINC) -o $(ndrEXE) $(ndrEXE).o $(ndrOBJ) $(LibFLAGS) 
-	$(CXX) $(CFLAGS) $(LibINC) -o $(pacEXE) $(pacEXE).o $(LibFLAGS)
-	$(CXX) $(CFLAGS) $(LibINC) -o $(chpwEXE) $(chpwEXE).o $(LibFLAGS)
-	$(CXX) $(CFLAGS) $(LibINC) -o $(jsonEXE) $(jsonEXE).o $(LibFLAGS)
-	$(CXX) $(CFLAGS) $(LibINC) -o $(krb5EXE) $(krb5EXE).o  $(LibFLAGS)
-	$(CXX) $(CFLAGS) $(LibINC) -o $(marshalEXE) $(marshalEXE).o $(LibFLAGS)
-	$(CXX) $(CFLAGS) $(LibINC) -o $(profileEXE) $(profileEXE).o $(LibFLAGS)
-	$(CXX) $(CFLAGS) $(LibINC) -o $(gss_accept_sec_contextEXE) $(gss_accept_sec_contextEXE).o $(LibFLAGS)
-
-clean:
-	rm $(ndrEXE) $(pacEXE) $(chpwEXE) $(jsonEXE)  $(krb5EXE) $(marshalEXE) $(profileEXE) $(gss_accept_sec_contextEXE) *.o
-
-.PHONY: all clean
diff --git a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos b/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos
deleted file mode 100644
index 9bc9afdd7..000000000
--- a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-kerberos
+++ /dev/null
diff --git a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego b/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego
deleted file mode 100644
index a191e0a59..000000000
--- a/projects/krb5/fuzzing/exemplars/gss-accept-sec-context-spnego
+++ /dev/null