[lxc-devel] [lxc/master] Added fuzz targets for string_util functions.

jesusluna99 on Github lxc-bot at linuxcontainers.org
Tue Dec 1 04:11:44 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 615 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201130/2375858c/attachment.bin>
-------------- next part --------------
From 3540543cdafe7ad86293e729302134c4bb23b9e9 Mon Sep 17 00:00:00 2001
From: Jesus Luna <jesusluna99 at gmail.com>
Date: Mon, 30 Nov 2020 20:04:48 -0800
Subject: [PATCH] Added fuzz targets for string_util functions. Added
 Dockerfile and build.sh for oss-fuzz integration

Signed-off-by: Jesus Luna <jesusluna99 at gmail.com>
---
 src/lxc/fuzz/Dockerfile                       |  5 ++++
 src/lxc/fuzz/build.sh                         |  8 +++++
 src/lxc/fuzz/parse_limit.c                    | 30 +++++++++++++++++++
 src/lxc/fuzz/stringFuzz/append_paths_first.c  | 16 ++++++++++
 src/lxc/fuzz/stringFuzz/append_paths_second.c | 16 ++++++++++
 src/lxc/fuzz/stringFuzz/deslash.c             | 13 ++++++++
 src/lxc/fuzz/stringFuzz/normalize_path.c      | 14 +++++++++
 src/lxc/fuzz/stringFuzz/parse_byte_string.c   | 14 +++++++++
 .../fuzz/stringFuzz/string_in_list_haystack.c | 16 ++++++++++
 .../fuzz/stringFuzz/string_in_list_needle.c   | 16 ++++++++++
 src/lxc/fuzz/stringFuzz/string_join_parts.c   | 17 +++++++++++
 src/lxc/fuzz/stringFuzz/string_join_sep.c     | 19 ++++++++++++
 .../fuzz/stringFuzz/string_replace_haystack.c | 18 +++++++++++
 .../fuzz/stringFuzz/string_replace_needle.c   | 18 +++++++++++
 .../stringFuzz/string_replace_replacement.c   | 18 +++++++++++
 src/lxc/fuzz/stringFuzz/string_split.c        | 13 ++++++++
 src/lxc/fuzz/stringFuzz/string_split_quoted.c | 13 ++++++++
 17 files changed, 264 insertions(+)
 create mode 100644 src/lxc/fuzz/Dockerfile
 create mode 100644 src/lxc/fuzz/build.sh
 create mode 100644 src/lxc/fuzz/parse_limit.c
 create mode 100644 src/lxc/fuzz/stringFuzz/append_paths_first.c
 create mode 100644 src/lxc/fuzz/stringFuzz/append_paths_second.c
 create mode 100644 src/lxc/fuzz/stringFuzz/deslash.c
 create mode 100644 src/lxc/fuzz/stringFuzz/normalize_path.c
 create mode 100644 src/lxc/fuzz/stringFuzz/parse_byte_string.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_in_list_haystack.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_in_list_needle.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_join_parts.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_join_sep.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_replace_haystack.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_replace_needle.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_replace_replacement.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_split.c
 create mode 100644 src/lxc/fuzz/stringFuzz/string_split_quoted.c

diff --git a/src/lxc/fuzz/Dockerfile b/src/lxc/fuzz/Dockerfile
new file mode 100644
index 0000000000..69e324524a
--- /dev/null
+++ b/src/lxc/fuzz/Dockerfile
@@ -0,0 +1,5 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool pkgconf
+RUN git clone --depth 1 https://github.com/lxc/lxc.git lxc
+WORKDIR lxc
+COPY build.sh $SRC/
\ No newline at end of file
diff --git a/src/lxc/fuzz/build.sh b/src/lxc/fuzz/build.sh
new file mode 100644
index 0000000000..f1c7273493
--- /dev/null
+++ b/src/lxc/fuzz/build.sh
@@ -0,0 +1,8 @@
+./autogen.sh
+./configure
+
+make clean
+make
+
+for fuzzTar in $SRC/fuzz/stringFuzz/*; do
+    $CXX $CXXFLAGS -Isrc src/lxc/fuzz/stringFuzz/$fuzzTar -o $OUT/$fuzzTar $LIB_FUZZING_ENGINE src/lxc/.libs/liblxc.a
diff --git a/src/lxc/fuzz/parse_limit.c b/src/lxc/fuzz/parse_limit.c
new file mode 100644
index 0000000000..7b39415e7c
--- /dev/null
+++ b/src/lxc/fuzz/parse_limit.c
@@ -0,0 +1,30 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/resource.h>
+
+#include "lxc/macro.h"
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    
+    rlim_t temp = 0;
+    rlim_t* res = &temp;
+    char** value = (char**)buf;
+    
+    char *endptr = NULL;
+
+	if (strncmp(*value, "unlimited", STRLITERALLEN("unlimited")) == 0) {
+		*res = RLIM_INFINITY;
+		*value += STRLITERALLEN("unlimited");
+		return 0;
+	}
+
+	int errno = 0;
+	*res = strtoull(*value, &endptr, 10);
+	if (errno || !endptr)
+		return 0;
+
+	*value = endptr;
+
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/append_paths_first.c b/src/lxc/fuzz/stringFuzz/append_paths_first.c
new file mode 100644
index 0000000000..3484d98f92
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/append_paths_first.c
@@ -0,0 +1,16 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+
+    const char* second = "hello/i/am/testing/path";
+    const char* first = (char*)buf;
+    lxc_append_paths(first, second);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/append_paths_second.c b/src/lxc/fuzz/stringFuzz/append_paths_second.c
new file mode 100644
index 0000000000..8e4e354827
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/append_paths_second.c
@@ -0,0 +1,16 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+
+    const char* first = "hello/i/am/testing/path";
+    const char* second = (char*)buf;
+    lxc_append_paths(first, second);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/deslash.c b/src/lxc/fuzz/stringFuzz/deslash.c
new file mode 100644
index 0000000000..c6a0905c02
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/deslash.c
@@ -0,0 +1,13 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    lxc_deslashify((char*)buf);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/normalize_path.c b/src/lxc/fuzz/stringFuzz/normalize_path.c
new file mode 100644
index 0000000000..3433288361
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/normalize_path.c
@@ -0,0 +1,14 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    const char* path = (char*)buf;
+	lxc_normalize_path(path);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/parse_byte_string.c b/src/lxc/fuzz/stringFuzz/parse_byte_string.c
new file mode 100644
index 0000000000..3d8989ea90
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/parse_byte_string.c
@@ -0,0 +1,14 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    int64_t temp = 5;
+    parse_byte_size_string((char*)buf, &temp);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_in_list_haystack.c b/src/lxc/fuzz/stringFuzz/string_in_list_haystack.c
new file mode 100644
index 0000000000..6dfc540eda
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_in_list_haystack.c
@@ -0,0 +1,16 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+
+    const char* needle = "hello i ,am, testing, string";
+    const char* haystack = (char*)buf;
+    lxc_string_in_list(needle, haystack, ",");
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_in_list_needle.c b/src/lxc/fuzz/stringFuzz/string_in_list_needle.c
new file mode 100644
index 0000000000..6de3e86eb4
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_in_list_needle.c
@@ -0,0 +1,16 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+
+    const char* haystack = "hello i ,am, testing, string";
+    const char* needle = (char*)buf;
+    lxc_string_in_list(needle, haystack, ",");
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_join_parts.c b/src/lxc/fuzz/stringFuzz/string_join_parts.c
new file mode 100644
index 0000000000..cd708de82d
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_join_parts.c
@@ -0,0 +1,17 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+	const char *sep = "/";
+
+	bool pre = 1;
+
+    lxc_string_join(sep, (char**)buf, pre);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_join_sep.c b/src/lxc/fuzz/stringFuzz/string_join_sep.c
new file mode 100644
index 0000000000..829d95f3b5
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_join_sep.c
@@ -0,0 +1,19 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+	const char *parts[3] = {0};
+    parts[0] = "hello";
+    parts[1] = "world";
+ 
+	bool pre = 1;
+
+    lxc_string_join((char*)buf, parts, pre);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_replace_haystack.c b/src/lxc/fuzz/stringFuzz/string_replace_haystack.c
new file mode 100644
index 0000000000..492c749cad
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_replace_haystack.c
@@ -0,0 +1,18 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    
+    const char* needle = "o";
+    const char* haystack = (char*)buf;
+    const char* replacement = "r";
+
+    lxc_string_replace(needle, replacement, haystack);
+    return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_replace_needle.c b/src/lxc/fuzz/stringFuzz/string_replace_needle.c
new file mode 100644
index 0000000000..67c5fa91f4
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_replace_needle.c
@@ -0,0 +1,18 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    
+    const char* needle = (char*)buf;
+    const char* haystack = "hello I am a testing string";
+    const char* replacement = "a";
+
+    lxc_string_replace(needle, replacement, haystack);
+    return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_replace_replacement.c b/src/lxc/fuzz/stringFuzz/string_replace_replacement.c
new file mode 100644
index 0000000000..58db5953d5
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_replace_replacement.c
@@ -0,0 +1,18 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    
+    const char* needle = "o";
+    const char* haystack = "hello i am a testing string";
+    const char* replacement = (char*)buf;
+
+    lxc_string_replace(needle, replacement, haystack);
+	return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_split.c b/src/lxc/fuzz/stringFuzz/string_split.c
new file mode 100644
index 0000000000..d861ebbdfb
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_split.c
@@ -0,0 +1,13 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+    lxc_string_split((char*)buf, '/');
+    return 0;
+}
\ No newline at end of file
diff --git a/src/lxc/fuzz/stringFuzz/string_split_quoted.c b/src/lxc/fuzz/stringFuzz/string_split_quoted.c
new file mode 100644
index 0000000000..9f89c5a5e1
--- /dev/null
+++ b/src/lxc/fuzz/stringFuzz/string_split_quoted.c
@@ -0,0 +1,13 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "include/strlcpy.h"
+#include "include/strlcat.h"
+#include "lxc/string_utils.h"
+
+extern char* LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+   lxc_string_split_quoted((char*)buf);
+	return 0;
+}
\ No newline at end of file

More information about the lxc-devel mailing list