From 16b30632af10b73188d326099ee9888c7a0eeb7c Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 12 Apr 2023 22:42:06 +0100 Subject: [PATCH] Remove excessively slow fuzz targets. --- fuzzing/broker/Makefile | 22 ------ fuzzing/broker/broker_fuzz_initial_packet.cpp | 56 --------------- fuzzing/broker/broker_fuzz_second_packet.cpp | 70 ------------------- 3 files changed, 148 deletions(-) delete mode 100644 fuzzing/broker/broker_fuzz_initial_packet.cpp delete mode 100644 fuzzing/broker/broker_fuzz_second_packet.cpp diff --git a/fuzzing/broker/Makefile b/fuzzing/broker/Makefile index 93ff8aa3..29062005 100644 --- a/fuzzing/broker/Makefile +++ b/fuzzing/broker/Makefile @@ -2,8 +2,6 @@ R=../.. .PHONY: all clean FUZZERS:= \ - broker_fuzz_initial_packet \ - broker_fuzz_second_packet \ broker_fuzz_read_handle \ broker_fuzz_test_config @@ -17,26 +15,6 @@ LOCAL_LIBADD:=$(LIBADD) $(LIB_FUZZING_ENGINE) ${R}/src/mosquitto_broker.a -lssl all: $(FUZZERS) -broker_fuzz_initial_packet : broker_fuzz_initial_packet.cpp broker_fuzz.cpp - $(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) - install $@ ${OUT}/$@ - cp ${R}/fuzzing/corpora/broker_packet_seed_corpus.zip ${OUT}/$@_seed_corpus.zip - -broker_fuzz_second_packet : broker_fuzz_second_packet.cpp broker_fuzz.cpp - $(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) - install $@ ${OUT}/$@ - cp ${R}/fuzzing/corpora/broker_packet_seed_corpus.zip ${OUT}/$@_seed_corpus.zip - -broker_fuzz_initial_packet_with_init : broker_fuzz_initial_packet.cpp broker_fuzz_with_init.cpp - $(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) - install $@ ${OUT}/$@ - cp ${R}/fuzzing/corpora/broker_packet_seed_corpus.zip ${OUT}/$@_seed_corpus.zip - -broker_fuzz_second_packet_with_init : broker_fuzz_second_packet.cpp broker_fuzz_with_init.cpp - $(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) - install $@ ${OUT}/$@ - cp ${R}/fuzzing/corpora/broker_packet_seed_corpus.zip ${OUT}/$@_seed_corpus.zip - broker_fuzz_read_handle : broker_fuzz_read_handle.cpp $(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) install $@ ${OUT}/$@ diff --git a/fuzzing/broker/broker_fuzz_initial_packet.cpp b/fuzzing/broker/broker_fuzz_initial_packet.cpp deleted file mode 100644 index 3bd080d5..00000000 --- a/fuzzing/broker/broker_fuzz_initial_packet.cpp +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright (c) 2023 Cedalo GmbH - -All rights reserved. This program and the accompanying materials -are made available under the terms of the Eclipse Public License 2.0 -and Eclipse Distribution License v1.0 which accompany this distribution. - -The Eclipse Public License is available at - https://www.eclipse.org/legal/epl-2.0/ -and the Eclipse Distribution License is available at - http://www.eclipse.org/org/documents/edl-v10.php. - -SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - -Contributors: - Roger Light - initial implementation and documentation. -*/ - -#include -#include -#include -#include -#include -#include - -#include "broker_fuzz.h" - -/* Set to 0 to cause the broker to exit */ -extern int g_run; - -/* - * This tests the first packet being sent to the broker only, with no authentication. - */ -void run_client(struct fuzz_data *fuzz) -{ - int sock; - uint8_t data[20]; - size_t len; - - sock = connect_retrying(fuzz->port); - if(sock < 0){ - abort(); - } - - errno = 0; - len = send(sock, fuzz->data, fuzz->size, 0); - if(len < fuzz->size){ - abort(); - } - - errno = 0; - recv_timeout(sock, data, sizeof(data), 100000); - close(sock); - - g_run = 0; -} diff --git a/fuzzing/broker/broker_fuzz_second_packet.cpp b/fuzzing/broker/broker_fuzz_second_packet.cpp deleted file mode 100644 index bbf6521c..00000000 --- a/fuzzing/broker/broker_fuzz_second_packet.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright (c) 2023 Cedalo GmbH - -All rights reserved. This program and the accompanying materials -are made available under the terms of the Eclipse Public License 2.0 -and Eclipse Distribution License v1.0 which accompany this distribution. - -The Eclipse Public License is available at - https://www.eclipse.org/legal/epl-2.0/ -and the Eclipse Distribution License is available at - http://www.eclipse.org/org/documents/edl-v10.php. - -SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - -Contributors: - Roger Light - initial implementation and documentation. -*/ -#include -#include -#include -#include -#include -#include - -#include "broker_fuzz.h" - -extern int g_run; - -/* - * This tests the second packet sent to the broker after the client has already - * connected, with no authentication. - */ -void run_client(struct fuzz_data *fuzz) -{ - int sock; - const uint8_t connect_packet[] = {0x10, 0x0D, 0x00, 0x04, 0x4D, 0x51, 0x54, 0x54, 0x04, 0x02, 0x00, 0x0A, 0x00, 0x01, 0x70}; - const uint8_t connack_packet[] = {0x20, 0x02, 0x00, 0x00}; - uint8_t data[20]; - size_t len; - - sock = connect_retrying(fuzz->port); - if(sock < 0){ - abort(); - } - - /* Do initial connect */ - errno = 0; - len = send(sock, connect_packet, sizeof(connect_packet), 0); - if(len < 0){ - abort(); - } - - /* And receive the CONNACK */ - recv_timeout(sock, data, sizeof(connack_packet), 100000); - if(memcmp(data, connack_packet, sizeof(connack_packet))){ - abort(); - } - - errno = 0; - len = send(sock, fuzz->data, fuzz->size, 0); - if(len < fuzz->size){ - abort(); - } - - errno = 0; - recv_timeout(sock, data, sizeof(data), 100000); - close(sock); - - g_run = 0; -}