[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Nginx] Initial integration, new fuzzer added #4144

Merged
merged 48 commits into from
Aug 30, 2020
Merged

[Nginx] Initial integration, new fuzzer added #4144

Changes from 1 commit
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
55df55b
[postgresql] Added auto_css to project.yaml
yooyoo9 Jul 1, 2020
3b68612
[postgresql] Added new fuzzer
yooyoo9 Jul 1, 2020
e9c20a7
[postgresql] Cleaned up files, changed project.yaml
yooyoo9 Jul 1, 2020
1ff3708
Dockerfile - changed to official repo
yooyoo9 Jul 1, 2020
0924667
Renamed fix.diff
yooyoo9 Jul 1, 2020
bc96764
[postgresql] Fixed parser_fuzzer, added new json_parser_fuzzer
yooyoo9 Jul 8, 2020
291874c
[nginx] updated project.yaml
yooyoo9 Jul 16, 2020
519e52b
[nginx] added first fuzzer
yooyoo9 Jul 16, 2020
da30b18
[nginx] added build file for fuzzers
yooyoo9 Jul 16, 2020
fba5786
Added license header
yooyoo9 Jul 16, 2020
6547869
Removed dictionary
yooyoo9 Jul 16, 2020
c68a47d
Removed dictionary
yooyoo9 Jul 17, 2020
a99ddb5
Moved fuzzers to fuzzer directory
yooyoo9 Jul 17, 2020
5e8bd8c
fixed new lines
yooyoo9 Jul 17, 2020
e6d31a6
Updated years, removed maintainer field in Dockerfile
yooyoo9 Jul 17, 2020
829a3c5
Removed line spaces
yooyoo9 Jul 17, 2020
3af152a
Updated year
yooyoo9 Jul 17, 2020
cbcce1d
Changed existing fuzzer
yooyoo9 Jul 17, 2020
8c183ba
Changed Makefile
yooyoo9 Jul 17, 2020
ed61f81
delete newlines
yooyoo9 Jul 24, 2020
3e412dc
remove patch
yooyoo9 Jul 24, 2020
268b46c
update year
yooyoo9 Jul 24, 2020
e269dbc
add socket wrapper functions
yooyoo9 Jul 24, 2020
f7d6886
modified fuzzer initialization
yooyoo9 Jul 24, 2020
7f64ba5
add new grpc module fuzzer
yooyoo9 Jul 24, 2020
ca84f84
Merge branch 'master' of github.com:google/oss-fuzz into pgsql
yooyoo9 Jul 24, 2020
372e731
Merge branch 'master' of github.com:google/oss-fuzz into nginx
yooyoo9 Jul 27, 2020
94e9b20
Removed grpc fuzzer
yooyoo9 Jul 27, 2020
f49f44a
Fixed http request fuzzer
yooyoo9 Jul 27, 2020
a08f4ce
Add nginx patch
yooyoo9 Jul 27, 2020
d4a56b4
Add Makefile for fuzzers
yooyoo9 Jul 27, 2020
1cd4810
Fix fuzzer
yooyoo9 Jul 29, 2020
b2c5a49
Added client side fuzzing
yooyoo9 Jul 29, 2020
8fb8203
fixed fuzzer
yooyoo9 Jul 31, 2020
2d78bfd
Merge branch 'master' of github.com:google/oss-fuzz into nginx
yooyoo9 Aug 19, 2020
60a5296
Merge branch 'pgsql' into nginx
yooyoo9 Aug 24, 2020
dd8a2ed
Removed memory and undefined sanitizers
yooyoo9 Aug 25, 2020
a299963
Added dictionary
yooyoo9 Aug 25, 2020
97b8d9a
Changed fuzzer from c to c++
yooyoo9 Aug 25, 2020
7601376
Use protobuf for input to fuzzer
yooyoo9 Aug 25, 2020
1cea2f4
Improved style
yooyoo9 Aug 25, 2020
3884c3d
Added configuration file needed by fuzzer
yooyoo9 Aug 25, 2020
9aaf93e
Added licence header
yooyoo9 Aug 25, 2020
17afbf1
Added makefile for fuzzers
yooyoo9 Aug 25, 2020
4c43fba
Fixed dictionary
yooyoo9 Aug 25, 2020
b0a95ac
Modified make_fuzzers
yooyoo9 Aug 26, 2020
75ba108
moved dictionary
yooyoo9 Aug 28, 2020
d1eb9f4
Undo last commit
yooyoo9 Aug 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
modified fuzzer initialization
  • Loading branch information
@yooyoo9
yooyoo9 committed Jul 24, 2020
commit f7d688647a950ed2c57ad9f587bf03552667f0e3
38 changes: 14 additions & 24 deletions projects/nginx/fuzz/http_request_fuzzer.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2019 Google LLC
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -20,7 +20,6 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <time.h>

Expand Down Expand Up @@ -88,10 +87,6 @@ static char configuration[] =
"}\n"
"\n";

ssize_t __wrap_listen(int fd, void* buf, size_t bytes) {
return 0;
}

static ngx_cycle_t *cycle;
static ngx_log_t ngx_log;
static ngx_open_file_t ngx_log_file;
Expand All @@ -100,14 +95,17 @@ static char arg1[] = { 0, 0xAA, 0 };

extern char **environ;

static char *socket_name = "nginx.sock";
static char *config_file = "socket_config.conf";

// Create a base state for Nginx without starting the server
char *InitializeNginx(void) {
int InitializeNginx(void) {
ngx_log_t *log;
ngx_cycle_t init_cycle;

if( access("nginx.sock", F_OK ) != -1 ) {
remove("nginx.sock");
}

ngx_debug_init();
ngx_strerror_init();
ngx_time_init();
Expand Down Expand Up @@ -158,10 +156,9 @@ char *InitializeNginx(void) {

ngx_os_status(cycle->log);
ngx_cycle = cycle;
return config_file;
return 0;
}

// If this function is called, the fuzzer needs to be updated
void invalid_call(void) { }
yooyoo9 marked this conversation as resolved.
Show resolved Hide resolved

struct fuzzing_data {
Expand All @@ -181,18 +178,16 @@ static ssize_t recv_handler(ngx_connection_t *c, u_char *buf, size_t size) {
}


// Used when sending data, basically do nothing
// Used when sending data, do nothing
ngx_chain_t *send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) {
return in;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_len) {
if( access("nginx.sock", F_OK ) != -1 ) {
remove("nginx.sock");
}

InitializeNginx();
int LLVMFuzzerInitialize(int *argc, char ***argv){
yooyoo9 marked this conversation as resolved.
Show resolved Hide resolved
return InitializeNginx();
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_len) {
ngx_event_t read_event = {};
ngx_event_t write_event = {};
ngx_connection_t local = {};
Expand All @@ -210,7 +205,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_len) {
local.read = &read_event;
local.write = &write_event;

// Do our best to create fake free connection to feed the http handler
// Create fake free connection to feed the http handler
ngx_cycle->free_connections = &local;
ngx_cycle->free_connection_n = 1;

Expand All @@ -223,7 +218,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_len) {
c->sockaddr = ls->sockaddr;
c->listening = ls;
c->recv = recv_handler; // Where the input will be read
c->send_chain = send_chain; // Reply, do nothing
c->send_chain = send_chain;
c->send = (ngx_send_pt)invalid_call;
c->recv_chain = (ngx_recv_chain_pt)invalid_call;
c->log = &ngx_log;
Expand All @@ -247,10 +242,5 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_len) {
ngx_http_close_connection(c);
}

ngx_close_listening_sockets(cycle);
ngx_destroy_pool(ngx_cycle->pool);
ngx_strerror_delete();

remove("nginx.sock");
return 0;
}