From 31a4843667830be87a38bd8bb22268061f79b42b Mon Sep 17 00:00:00 2001 From: Robert Femmer <114982872+robertfemmer@users.noreply.github.com> Date: Fri, 12 Apr 2024 09:02:44 +0200 Subject: [PATCH] Add fuzzer for security deserializer (#1967) * fuzz: add fuzzer targeting deserializer in security plugin * fuzz_security_deser: set linker language to cxx --- fuzz/CMakeLists.txt | 1 + fuzz/fuzz_security_deser/CMakeLists.txt | 16 ++++++++++ .../fuzz_security_deser/fuzz_security_deser.c | 28 ++++++++++++++++++ .../2d324193bb3029278fbc99dcd574f74b9d465296 | Bin 0 -> 10 bytes fuzz/oss-fuzz-build.sh | 2 +- 5 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 fuzz/fuzz_security_deser/CMakeLists.txt create mode 100644 fuzz/fuzz_security_deser/fuzz_security_deser.c create mode 100644 fuzz/fuzz_security_deser/fuzz_security_deser_seed_corpus/2d324193bb3029278fbc99dcd574f74b9d465296 diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index 1b8ac70e17..30be15ee8f 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -18,4 +18,5 @@ add_subdirectory(fuzz_config_init) add_subdirectory(fuzz_handle_rtps_message) add_subdirectory(fuzz_type_object) add_subdirectory(fuzz_sample_deser) +add_subdirectory(fuzz_security_deser) # add_subdirectory(fuzz_idlc) diff --git a/fuzz/fuzz_security_deser/CMakeLists.txt b/fuzz/fuzz_security_deser/CMakeLists.txt new file mode 100644 index 0000000000..ddb223b8f3 --- /dev/null +++ b/fuzz/fuzz_security_deser/CMakeLists.txt @@ -0,0 +1,16 @@ +project(fuzz_security_deser LANGUAGES C) +cmake_minimum_required(VERSION 3.5) + +if(NOT TARGET CycloneDDS::ddsc) + # Find the CycloneDDS package. + find_package(CycloneDDS REQUIRED) +endif() + +add_executable(fuzz_security_deser fuzz_security_deser.c) +target_include_directories( + fuzz_security_deser PRIVATE + "$" + "$" + "$") +set_target_properties(fuzz_security_deser PROPERTIES LINKER_LANGUAGE CXX) +target_link_libraries(fuzz_security_deser CycloneDDS::ddsc $ENV{LIB_FUZZING_ENGINE}) diff --git a/fuzz/fuzz_security_deser/fuzz_security_deser.c b/fuzz/fuzz_security_deser/fuzz_security_deser.c new file mode 100644 index 0000000000..c23370dcb2 --- /dev/null +++ b/fuzz/fuzz_security_deser/fuzz_security_deser.c @@ -0,0 +1,28 @@ +#include +#include +#include + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + { + DDS_Security_Deserializer dser = DDS_Security_Deserializer_new(data, size); + DDS_Security_KeyMaterial_AES_GCM_GMAC km; + memset(&km, 0, sizeof(DDS_Security_KeyMaterial_AES_GCM_GMAC)); + DDS_Security_Deserialize_KeyMaterial_AES_GCM_GMAC(dser, &km); + DDS_Security_Deserializer_free(dser); + DDS_Security_KeyMaterial_AES_GCM_GMAC_deinit(&km); + } + + { + DDS_Security_ParticipantBuiltinTopicData *pbtd = DDS_Security_ParticipantBuiltinTopicData_alloc(); + DDS_Security_SecurityException ex; + DDS_Security_Exception_clean(&ex); + DDS_Security_Deserializer dser = DDS_Security_Deserializer_new(data, size); + DDS_Security_Deserialize_ParticipantBuiltinTopicData(dser, pbtd, &ex); + DDS_Security_Deserializer_free(dser); + DDS_Security_Exception_reset(&ex); + DDS_Security_ParticipantBuiltinTopicData_free(pbtd); + } + + return 0; +} diff --git a/fuzz/fuzz_security_deser/fuzz_security_deser_seed_corpus/2d324193bb3029278fbc99dcd574f74b9d465296 b/fuzz/fuzz_security_deser/fuzz_security_deser_seed_corpus/2d324193bb3029278fbc99dcd574f74b9d465296 new file mode 100644 index 0000000000000000000000000000000000000000..980993a4c7010df42b064d1b47073d2565f7d30f GIT binary patch literal 10 OcmY#9&j12U3=9AWp#bv$ literal 0 HcmV?d00001 diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh index 1aa8942713..b2d6896e13 100644 --- a/fuzz/oss-fuzz-build.sh +++ b/fuzz/oss-fuzz-build.sh @@ -21,7 +21,7 @@ cmake \ -DEXPORT_ALL_SYMBOLS=ON \ -DBUILD_SHARED_LIBS=OFF \ -DBUILD_EXAMPLES=NO \ - -DENABLE_SECURITY=NO \ + -DENABLE_SECURITY=ON \ -DENABLE_SSL=NO \ -DCMAKE_POSITION_INDEPENDENT_CODE=ON \ -DCMAKE_INSTALL_PREFIX=/usr/local ..