Add fuzzer for security deserializer (#1967)

* fuzz: add fuzzer targeting deserializer in security plugin * fuzz_security_deser: set linker language to cxx
eclipse-cyclonedds · Apr 12, 2024 · 31a4843 · 31a4843
1 parent ac3c750
commit 31a4843
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 1 deletion.
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -18,4 +18,5 @@ add_subdirectory(fuzz_config_init)
 add_subdirectory(fuzz_handle_rtps_message)
 add_subdirectory(fuzz_type_object)
 add_subdirectory(fuzz_sample_deser)
+add_subdirectory(fuzz_security_deser)
 # add_subdirectory(fuzz_idlc)
diff --git a/fuzz/fuzz_security_deser/CMakeLists.txt b/fuzz/fuzz_security_deser/CMakeLists.txt
@@ -0,0 +1,16 @@
+project(fuzz_security_deser LANGUAGES C)
+cmake_minimum_required(VERSION 3.5)
+
+if(NOT TARGET CycloneDDS::ddsc)
+  # Find the CycloneDDS package.
+  find_package(CycloneDDS REQUIRED)
+endif()
+
+add_executable(fuzz_security_deser fuzz_security_deser.c)
+target_include_directories(
+  fuzz_security_deser PRIVATE
+  "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../src/core/ddsi/include>"
+  "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../src/security/core/include>"
+  "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../src/security/api/include>")
+set_target_properties(fuzz_security_deser PROPERTIES LINKER_LANGUAGE CXX)
+target_link_libraries(fuzz_security_deser CycloneDDS::ddsc $ENV{LIB_FUZZING_ENGINE})
diff --git a/fuzz/fuzz_security_deser/fuzz_security_deser.c b/fuzz/fuzz_security_deser/fuzz_security_deser.c
@@ -0,0 +1,28 @@
+#include <string.h>
+#include <dds/security/core/dds_security_serialize.h>
+#include <dds/security/core/dds_security_utils.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    {
+        DDS_Security_Deserializer dser = DDS_Security_Deserializer_new(data, size);
+        DDS_Security_KeyMaterial_AES_GCM_GMAC km;
+        memset(&km, 0, sizeof(DDS_Security_KeyMaterial_AES_GCM_GMAC));
+        DDS_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(dser, &km);
+        DDS_Security_Deserializer_free(dser);
+        DDS_Security_KeyMaterial_AES_GCM_GMAC_deinit(&km);
+    }
+
+    {
+        DDS_Security_ParticipantBuiltinTopicData *pbtd = DDS_Security_ParticipantBuiltinTopicData_alloc();
+        DDS_Security_SecurityException ex;
+        DDS_Security_Exception_clean(&ex);
+        DDS_Security_Deserializer dser = DDS_Security_Deserializer_new(data, size);
+        DDS_Security_Deserialize_ParticipantBuiltinTopicData(dser, pbtd, &ex);
+        DDS_Security_Deserializer_free(dser);
+        DDS_Security_Exception_reset(&ex);
+        DDS_Security_ParticipantBuiltinTopicData_free(pbtd);
+    }
+
+    return 0;
+}
diff --git a/...z_security_deser/fuzz_security_deser_seed_corpus/2d324193bb3029278fbc99dcd574f74b9d465296 b/...z_security_deser/fuzz_security_deser_seed_corpus/2d324193bb3029278fbc99dcd574f74b9d465296
diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
@@ -21,7 +21,7 @@ cmake \
     -DEXPORT_ALL_SYMBOLS=ON \
     -DBUILD_SHARED_LIBS=OFF \
     -DBUILD_EXAMPLES=NO \
-    -DENABLE_SECURITY=NO \
+    -DENABLE_SECURITY=ON \
     -DENABLE_SSL=NO \
     -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
     -DCMAKE_INSTALL_PREFIX=/usr/local ..