From 965fc94e4910da14d13a2f10d997cc720b3f6127 Mon Sep 17 00:00:00 2001 From: Arjun Date: Sat, 25 May 2024 17:52:02 +0530 Subject: [PATCH] fuzzing: add fuzzing infrastructure in build system Signed-off-by: Arjun Reviewed-by: Andrew Clayton Signed-off-by: Andrew Clayton --- auto/fuzzing | 75 +++++++++++++++++++++++++++++++++++++++++++ auto/help | 2 ++ auto/make | 2 +- auto/options | 4 +++ auto/sources | 9 ++++++ auto/summary | 2 ++ configure | 2 ++ fuzzing/build-fuzz.sh | 20 ++++++++++++ fuzzing/oss-fuzz.sh | 29 +++++++++++++++++ 9 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 auto/fuzzing create mode 100644 fuzzing/build-fuzz.sh create mode 100644 fuzzing/oss-fuzz.sh diff --git a/auto/fuzzing b/auto/fuzzing new file mode 100644 index 000000000..f792941bd --- /dev/null +++ b/auto/fuzzing @@ -0,0 +1,75 @@ +# Copyright (C) NGINX, Inc. + + +if [ -n "$NXT_FUZZ" ]; then + + # Fuzz-Test object files list. + + $echo "NXT_FUZZ_OBJS = \\" >> $NXT_MAKEFILE + + for nxt_src in $NXT_FUZZ_SRCS + do + nxt_obj=${nxt_src%.c}.o + $echo " $NXT_BUILD_DIR/$nxt_obj \\" >> $NXT_MAKEFILE + done + + + # Fuzz-Test executables. + + cat << END >> $NXT_MAKEFILE + +.PHONY: fuzz +fuzz: $NXT_BUILD_DIR/fuzz_basic \\ + $NXT_BUILD_DIR/fuzz_http_controller \\ + $NXT_BUILD_DIR/fuzz_http_h1p \\ + $NXT_BUILD_DIR/fuzz_http_h1p_peer \\ + $NXT_BUILD_DIR/fuzz_json + +$NXT_BUILD_DIR/fuzz_basic: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_basic \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_basic_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_http_controller: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_controller \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_controller_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_http_h1p: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_http_h1p_peer: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p_peer \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_peer_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +$NXT_BUILD_DIR/fuzz_json: \$(NXT_FUZZ_OBJS) \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC + \$(PP_LD) \$@ + \$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_json \\ + \$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_json_fuzz.o \\ + $NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\ + $NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\ + $NXT_FUZZ + +END + +fi diff --git a/auto/help b/auto/help index 8f7553f34..6a6aee19e 100644 --- a/auto/help +++ b/auto/help @@ -54,6 +54,8 @@ cat << END --debug enable debug logging + --fuzz=ENGINE enable fuzz testing + python OPTIONS configure Python module run "./configure python --help" to see available options diff --git a/auto/make b/auto/make index 2788b9f52..de904a431 100644 --- a/auto/make +++ b/auto/make @@ -158,7 +158,7 @@ END # Object files. -for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_LIB_UNIT_SRCS \ +for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_FUZZ_SRCS $NXT_LIB_UNIT_SRCS \ src/test/nxt_unit_app_test.c \ src/test/nxt_unit_websocket_chat.c \ src/test/nxt_unit_websocket_echo.c diff --git a/auto/options b/auto/options index 0550c6991..5be1ebe18 100644 --- a/auto/options +++ b/auto/options @@ -42,6 +42,8 @@ NXT_TEST_BUILD_HPUX_SENDFILE=NO NXT_TESTS=NO +NXT_FUZZ= + NXT_HELP=NO for nxt_option @@ -125,6 +127,8 @@ do --tests) NXT_TESTS=YES ;; + --fuzz=*) NXT_FUZZ="$value" ;; + --help) . auto/help exit 0 diff --git a/auto/sources b/auto/sources index f34d7fd7e..dfabf7cf2 100644 --- a/auto/sources +++ b/auto/sources @@ -307,6 +307,15 @@ if [ $NXT_TESTS = YES ]; then fi +NXT_FUZZ_SRCS=" \ + fuzzing/nxt_basic_fuzz.c \ + fuzzing/nxt_http_controller_fuzz.c \ + fuzzing/nxt_http_h1p_fuzz.c \ + fuzzing/nxt_http_h1p_peer_fuzz.c \ + fuzzing/nxt_json_fuzz.c \ +" + + NXT_SRCS=" \ src/nxt_main.c \ " diff --git a/auto/summary b/auto/summary index dd7a60a06..b6caee6c6 100644 --- a/auto/summary +++ b/auto/summary @@ -36,4 +36,6 @@ Unit configuration summary: debug logging: ............. $NXT_DEBUG + fuzz engine: ............... "$NXT_FUZZ" + END diff --git a/configure b/configure index 2cb4d457e..50eca39f0 100755 --- a/configure +++ b/configure @@ -57,6 +57,7 @@ esac mkdir -p $NXT_BUILD_DIR mkdir -p $NXT_BUILD_DIR/bin +mkdir -p $NXT_BUILD_DIR/fuzzing mkdir -p $NXT_BUILD_DIR/include mkdir -p $NXT_BUILD_DIR/lib mkdir -p $NXT_BUILD_DIR/lib/unit/modules @@ -179,4 +180,5 @@ if [ $NXT_NJS != NO ]; then fi . auto/make +. auto/fuzzing . auto/summary diff --git a/fuzzing/build-fuzz.sh b/fuzzing/build-fuzz.sh new file mode 100644 index 000000000..04f080d94 --- /dev/null +++ b/fuzzing/build-fuzz.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +export CC=clang +export CXX=clang++ +export CFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link" +export CXXFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link" +export LIB_FUZZING_ENGINE="-fsanitize=fuzzer" + +./configure --no-regex --no-pcre2 --fuzz=$LIB_FUZZING_ENGINE +make fuzz -j$(nproc) + +mkdir -p build/fuzz_basic_seed +mkdir -p build/fuzz_http_controller_seed +mkdir -p build/fuzz_http_h1p_seed +mkdir -p build/fuzz_http_h1p_peer_seed +mkdir -p build/fuzz_json_seed + +echo "" +echo "Run: ./build/\${fuzzer} build/\${fuzzer}_seed src/fuzz/\${fuzzer}_seed_corpus" +echo "" diff --git a/fuzzing/oss-fuzz.sh b/fuzzing/oss-fuzz.sh new file mode 100644 index 000000000..1fe5ecda8 --- /dev/null +++ b/fuzzing/oss-fuzz.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu + +# Build unit +./configure --no-regex --no-pcre2 --fuzz="$LIB_FUZZING_ENGINE" +make fuzz -j"$(nproc)" + +# Copy all fuzzers. +cp build/fuzz_* $OUT/ + +# cd into fuzzing dir +pushd fuzzing/ +cp fuzz_http.dict $OUT/fuzz_http_controller.dict +cp fuzz_http.dict $OUT/fuzz_http_h1p.dict +cp fuzz_http.dict $OUT/fuzz_http_h1p_peer.dict + +# Create temporary directories. +cp -r fuzz_http_seed_corpus/ fuzz_http_controller_seed_corpus/ +cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_seed_corpus/ +cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/ + +zip -r $OUT/fuzz_basic_seed_corpus.zip fuzz_basic_seed_corpus/ +zip -r $OUT/fuzz_http_controller_seed_corpus.zip fuzz_http_controller_seed_corpus/ +zip -r $OUT/fuzz_http_h1p_seed_corpus.zip fuzz_http_h1p_seed_corpus/ +zip -r $OUT/fuzz_http_h1p_peer_seed_corpus.zip fuzz_http_h1p_peer_seed_corpus/ +zip -r $OUT/fuzz_json_seed_corpus.zip fuzz_json_seed_corpus/ + +# Delete temporary directories. +rm -r fuzz_http_controller_seed_corpus/ fuzz_http_h1p_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/ +popd