Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1308874 - Land basic libFuzzer fuzzing framework r=franziskus
Differential Revision: https://nss-dev.phacility.com/D76
  • Loading branch information
Tim Taubert committed Oct 12, 2016
1 parent ef4fdb5 commit 4365cb2
Show file tree
Hide file tree
Showing 21 changed files with 553 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Expand Up @@ -13,3 +13,5 @@ GTAGS
#*
.#*
.ycm_extra_conf.py*
fuzz/libFuzzer/*
fuzz/corpus
2 changes: 2 additions & 0 deletions .hgignore
Expand Up @@ -13,3 +13,5 @@ GTAGS
#*
.#*
.ycm_extra_conf.py*
fuzz/libFuzzer/*
fuzz/corpus
4 changes: 4 additions & 0 deletions coreconf/sanitizers.mk
Expand Up @@ -8,6 +8,10 @@ ifeq ($(USE_UBSAN), 1)
SANITIZER_FLAGS_COMMON += -fsanitize=undefined -fno-sanitize-recover=undefined
endif

ifeq ($(FUZZ), 1)
SANITIZER_FLAGS_COMMON += -fsanitize-coverage=edge
endif

SANITIZER_FLAGS_COMMON += $(EXTRA_SANITIZER_FLAGS)
SANITIZER_CFLAGS = $(SANITIZER_FLAGS_COMMON)
SANITIZER_LDFLAGS = $(SANITIZER_FLAGS_COMMON)
Expand Down
4 changes: 4 additions & 0 deletions fuzz/.clang-format
@@ -0,0 +1,4 @@
---
Language: Cpp
BasedOnStyle: Google
...
42 changes: 42 additions & 0 deletions fuzz/Makefile
@@ -0,0 +1,42 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################

include manifest.mn

#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/config.mk

#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################


#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################


#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/rules.mk

#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################


#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
4 changes: 4 additions & 0 deletions fuzz/clone_corpus.sh
@@ -0,0 +1,4 @@
#!/bin/sh

cd $(dirname $0)
git clone https://github.com/mozilla/nss-fuzzing-corpus corpus
9 changes: 9 additions & 0 deletions fuzz/clone_libfuzzer.sh
@@ -0,0 +1,9 @@
#!/bin/sh

cd $(dirname $0)
mkdir tmp/
git clone -q https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer tmp/
mv tmp/.git libFuzzer
rm -fr tmp
cd libFuzzer
git reset --hard 4333f2ca71eb7951fcafcdcb111012fbe25c5e7e
10 changes: 10 additions & 0 deletions fuzz/common.mk
@@ -0,0 +1,10 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

MKPROG = $(CCC)
MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)

CXXFLAGS += -std=c++11
45 changes: 45 additions & 0 deletions fuzz/libFuzzer/Makefile
@@ -0,0 +1,45 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################

include manifest.mn

#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/config.mk

#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################

include config.mk

include ../common.mk

#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################


#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/rules.mk

#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################


#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
14 changes: 14 additions & 0 deletions fuzz/libFuzzer/config.mk
@@ -0,0 +1,14 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

# According to the LLVM docs, LibFuzzer isn't supposed to be built with any
# sanitizer flags and in fact, building it with ASan coverage currently causes
# Clang 3.9+ to crash, so we filter out all sanitizer-related flags here.
CXXFLAGS := $(filter-out -fsanitize%,$(CXXFLAGS))
CFLAGS := $(filter-out -fsanitize%,$(CFLAGS))
LDFLAGS := $(filter-out -fsanitize%,$(LDFLAGS))
DARWIN_SDK_SHLIBFLAGS := $(filter-out -fsanitize%,$(DARWIN_SDK_SHLIBFLAGS))

CXXFLAGS += -g -O2
26 changes: 26 additions & 0 deletions fuzz/libFuzzer/manifest.mn
@@ -0,0 +1,26 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
DEPTH = ../..
MODULE = nss

CPPSRCS = \
FuzzerCrossOver.cpp \
FuzzerDriver.cpp \
FuzzerExtFunctionsDlsym.cpp \
FuzzerExtFunctionsWeak.cpp \
FuzzerIO.cpp \
FuzzerLoop.cpp \
FuzzerMutate.cpp \
FuzzerSHA1.cpp \
FuzzerTracePC.cpp \
FuzzerTraceState.cpp \
FuzzerUtil.cpp \
FuzzerUtilDarwin.cpp \
FuzzerUtilLinux.cpp \
$(NULL)

LIBRARY_NAME = Fuzzer
LIBRARY_VERSION = 1
8 changes: 8 additions & 0 deletions fuzz/manifest.mn
@@ -0,0 +1,8 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ..
DEPTH = ..

DIRS = libFuzzer nssfuzz
45 changes: 45 additions & 0 deletions fuzz/nssfuzz/Makefile
@@ -0,0 +1,45 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################

include manifest.mn

#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/config.mk

#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/cmd/platlibs.mk

include ../common.mk

#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################


#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################

include $(CORE_DEPTH)/coreconf/rules.mk

#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################


#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
35 changes: 35 additions & 0 deletions fuzz/nssfuzz/cert_target.cc
@@ -0,0 +1,35 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <assert.h>
#include <stdint.h>
#include <memory>

#include "cert.h"

#include "registry.h"
#include "shared.h"

extern "C" int cert_fuzzing_target(const uint8_t *Data, size_t Size) {
SECItem data = {siBuffer, (unsigned char *)Data, (unsigned int)Size};

static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
assert(db != nullptr);

static CERTCertDBHandle *certDB = CERT_GetDefaultCertDB();
assert(certDB != NULL);

CERTCertificate *cert =
CERT_NewTempCertificate(certDB, &data, nullptr, false, true);

if (cert) {
CERT_DestroyCertificate(cert);
}

return 0;
}

REGISTER_FUZZING_TARGET("cert", cert_fuzzing_target, 3072, "Certificate Import")
24 changes: 24 additions & 0 deletions fuzz/nssfuzz/manifest.mn
@@ -0,0 +1,24 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
DEPTH = ../..
MODULE = nss

CPPSRCS = \
cert_target.cc \
pkcs8_target.cc \
spki_target.cc \
nssfuzz.cc \
$(NULL)

INCLUDES += -I$(CORE_DEPTH)/fuzz/libFuzzer

REQUIRES = nspr nss

PROGRAM = nssfuzz

EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)Fuzzer.$(LIB_SUFFIX)

USE_STATIC_LIBS = 1

0 comments on commit 4365cb2

Please sign in to comment.