The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3588
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Also added Dockerfile and build.sh for oss-fuzz integration To build and run fuzz targets: make CC=clang clang -fsanitize=fuzzer-no-link,address -Isrc -c <path/to/fuzz_target.c> clang -fsanitize=fuzzer,address -o fuzzMe fuzz_target.o liblxc.a ./fuzzMe Signed-off-by: Jesus Luna <jesuslun...@gmail.com>
From 3540543cdafe7ad86293e729302134c4bb23b9e9 Mon Sep 17 00:00:00 2001 From: Jesus Luna <jesuslun...@gmail.com> Date: Mon, 30 Nov 2020 20:04:48 -0800 Subject: [PATCH] Added fuzz targets for string_util functions. Added Dockerfile and build.sh for oss-fuzz integration Signed-off-by: Jesus Luna <jesuslun...@gmail.com> --- src/lxc/fuzz/Dockerfile | 5 ++++ src/lxc/fuzz/build.sh | 8 +++++ src/lxc/fuzz/parse_limit.c | 30 +++++++++++++++++++ src/lxc/fuzz/stringFuzz/append_paths_first.c | 16 ++++++++++ src/lxc/fuzz/stringFuzz/append_paths_second.c | 16 ++++++++++ src/lxc/fuzz/stringFuzz/deslash.c | 13 ++++++++ src/lxc/fuzz/stringFuzz/normalize_path.c | 14 +++++++++ src/lxc/fuzz/stringFuzz/parse_byte_string.c | 14 +++++++++ .../fuzz/stringFuzz/string_in_list_haystack.c | 16 ++++++++++ .../fuzz/stringFuzz/string_in_list_needle.c | 16 ++++++++++ src/lxc/fuzz/stringFuzz/string_join_parts.c | 17 +++++++++++ src/lxc/fuzz/stringFuzz/string_join_sep.c | 19 ++++++++++++ .../fuzz/stringFuzz/string_replace_haystack.c | 18 +++++++++++ .../fuzz/stringFuzz/string_replace_needle.c | 18 +++++++++++ .../stringFuzz/string_replace_replacement.c | 18 +++++++++++ src/lxc/fuzz/stringFuzz/string_split.c | 13 ++++++++ src/lxc/fuzz/stringFuzz/string_split_quoted.c | 13 ++++++++ 17 files changed, 264 insertions(+) create mode 100644 src/lxc/fuzz/Dockerfile create mode 100644 src/lxc/fuzz/build.sh create mode 100644 src/lxc/fuzz/parse_limit.c create mode 100644 src/lxc/fuzz/stringFuzz/append_paths_first.c create mode 100644 src/lxc/fuzz/stringFuzz/append_paths_second.c create mode 100644 src/lxc/fuzz/stringFuzz/deslash.c create mode 100644 src/lxc/fuzz/stringFuzz/normalize_path.c create mode 100644 src/lxc/fuzz/stringFuzz/parse_byte_string.c create mode 100644 src/lxc/fuzz/stringFuzz/string_in_list_haystack.c create mode 100644 src/lxc/fuzz/stringFuzz/string_in_list_needle.c create mode 100644 src/lxc/fuzz/stringFuzz/string_join_parts.c create mode 100644 src/lxc/fuzz/stringFuzz/string_join_sep.c create mode 100644 src/lxc/fuzz/stringFuzz/string_replace_haystack.c create mode 100644 src/lxc/fuzz/stringFuzz/string_replace_needle.c create mode 100644 src/lxc/fuzz/stringFuzz/string_replace_replacement.c create mode 100644 src/lxc/fuzz/stringFuzz/string_split.c create mode 100644 src/lxc/fuzz/stringFuzz/string_split_quoted.c diff --git a/src/lxc/fuzz/Dockerfile b/src/lxc/fuzz/Dockerfile new file mode 100644 index 0000000000..69e324524a --- /dev/null +++ b/src/lxc/fuzz/Dockerfile @@ -0,0 +1,5 @@ +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf automake libtool pkgconf +RUN git clone --depth 1 https://github.com/lxc/lxc.git lxc +WORKDIR lxc +COPY build.sh $SRC/ \ No newline at end of file diff --git a/src/lxc/fuzz/build.sh b/src/lxc/fuzz/build.sh new file mode 100644 index 0000000000..f1c7273493 --- /dev/null +++ b/src/lxc/fuzz/build.sh @@ -0,0 +1,8 @@ +./autogen.sh +./configure + +make clean +make + +for fuzzTar in $SRC/fuzz/stringFuzz/*; do + $CXX $CXXFLAGS -Isrc src/lxc/fuzz/stringFuzz/$fuzzTar -o $OUT/$fuzzTar $LIB_FUZZING_ENGINE src/lxc/.libs/liblxc.a diff --git a/src/lxc/fuzz/parse_limit.c b/src/lxc/fuzz/parse_limit.c new file mode 100644 index 0000000000..7b39415e7c --- /dev/null +++ b/src/lxc/fuzz/parse_limit.c @@ -0,0 +1,30 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/resource.h> + +#include "lxc/macro.h" + +extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + rlim_t temp = 0; + rlim_t* res = &temp; + char** value = (char**)buf; + + char *endptr = NULL; + + if (strncmp(*value, "unlimited", STRLITERALLEN("unlimited")) == 0) { + *res = RLIM_INFINITY; + *value += STRLITERALLEN("unlimited"); + return 0; + } + + int errno = 0; + *res = strtoull(*value, &endptr, 10); + if (errno || !endptr) + return 0; + + *value = endptr; + + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/append_paths_first.c b/src/lxc/fuzz/stringFuzz/append_paths_first.c new file mode 100644 index 0000000000..3484d98f92 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/append_paths_first.c @@ -0,0 +1,16 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* second = "hello/i/am/testing/path"; + const char* first = (char*)buf; + lxc_append_paths(first, second); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/append_paths_second.c b/src/lxc/fuzz/stringFuzz/append_paths_second.c new file mode 100644 index 0000000000..8e4e354827 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/append_paths_second.c @@ -0,0 +1,16 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* first = "hello/i/am/testing/path"; + const char* second = (char*)buf; + lxc_append_paths(first, second); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/deslash.c b/src/lxc/fuzz/stringFuzz/deslash.c new file mode 100644 index 0000000000..c6a0905c02 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/deslash.c @@ -0,0 +1,13 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + lxc_deslashify((char*)buf); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/normalize_path.c b/src/lxc/fuzz/stringFuzz/normalize_path.c new file mode 100644 index 0000000000..3433288361 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/normalize_path.c @@ -0,0 +1,14 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + const char* path = (char*)buf; + lxc_normalize_path(path); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/parse_byte_string.c b/src/lxc/fuzz/stringFuzz/parse_byte_string.c new file mode 100644 index 0000000000..3d8989ea90 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/parse_byte_string.c @@ -0,0 +1,14 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + int64_t temp = 5; + parse_byte_size_string((char*)buf, &temp); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_in_list_haystack.c b/src/lxc/fuzz/stringFuzz/string_in_list_haystack.c new file mode 100644 index 0000000000..6dfc540eda --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_in_list_haystack.c @@ -0,0 +1,16 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* needle = "hello i ,am, testing, string"; + const char* haystack = (char*)buf; + lxc_string_in_list(needle, haystack, ","); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_in_list_needle.c b/src/lxc/fuzz/stringFuzz/string_in_list_needle.c new file mode 100644 index 0000000000..6de3e86eb4 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_in_list_needle.c @@ -0,0 +1,16 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* haystack = "hello i ,am, testing, string"; + const char* needle = (char*)buf; + lxc_string_in_list(needle, haystack, ","); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_join_parts.c b/src/lxc/fuzz/stringFuzz/string_join_parts.c new file mode 100644 index 0000000000..cd708de82d --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_join_parts.c @@ -0,0 +1,17 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + const char *sep = "/"; + + bool pre = 1; + + lxc_string_join(sep, (char**)buf, pre); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_join_sep.c b/src/lxc/fuzz/stringFuzz/string_join_sep.c new file mode 100644 index 0000000000..829d95f3b5 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_join_sep.c @@ -0,0 +1,19 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + const char *parts[3] = {0}; + parts[0] = "hello"; + parts[1] = "world"; + + bool pre = 1; + + lxc_string_join((char*)buf, parts, pre); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_replace_haystack.c b/src/lxc/fuzz/stringFuzz/string_replace_haystack.c new file mode 100644 index 0000000000..492c749cad --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_replace_haystack.c @@ -0,0 +1,18 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* needle = "o"; + const char* haystack = (char*)buf; + const char* replacement = "r"; + + lxc_string_replace(needle, replacement, haystack); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_replace_needle.c b/src/lxc/fuzz/stringFuzz/string_replace_needle.c new file mode 100644 index 0000000000..67c5fa91f4 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_replace_needle.c @@ -0,0 +1,18 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* needle = (char*)buf; + const char* haystack = "hello I am a testing string"; + const char* replacement = "a"; + + lxc_string_replace(needle, replacement, haystack); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_replace_replacement.c b/src/lxc/fuzz/stringFuzz/string_replace_replacement.c new file mode 100644 index 0000000000..58db5953d5 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_replace_replacement.c @@ -0,0 +1,18 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + + const char* needle = "o"; + const char* haystack = "hello i am a testing string"; + const char* replacement = (char*)buf; + + lxc_string_replace(needle, replacement, haystack); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_split.c b/src/lxc/fuzz/stringFuzz/string_split.c new file mode 100644 index 0000000000..d861ebbdfb --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_split.c @@ -0,0 +1,13 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + lxc_string_split((char*)buf, '/'); + return 0; +} \ No newline at end of file diff --git a/src/lxc/fuzz/stringFuzz/string_split_quoted.c b/src/lxc/fuzz/stringFuzz/string_split_quoted.c new file mode 100644 index 0000000000..9f89c5a5e1 --- /dev/null +++ b/src/lxc/fuzz/stringFuzz/string_split_quoted.c @@ -0,0 +1,13 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "include/strlcpy.h" +#include "include/strlcat.h" +#include "lxc/string_utils.h" + +extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + lxc_string_split_quoted((char*)buf); + return 0; +} \ No newline at end of file
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
