Fuzzing: Basic mosquitto_passwd target

3 years ago · 77b5dfb770
parent 799e3c214d
commit 77b5dfb770
4 changed files with 94 additions and 0 deletions
--- a/apps/mosquitto_passwd/mosquitto_passwd.c
+++ b/apps/mosquitto_passwd/mosquitto_passwd.c
@ -418,7 +418,11 @@ static bool is_username_valid(const char *username)
 	return true;
 }

+#ifdef WITH_FUZZING
+int mosquitto_passwd_fuzz_main(int argc, char *argv[])
+#else
 int main(int argc, char *argv[])
+#endif
 {
 	char *password_file_tmp = NULL;
 	char *password_file = NULL;
--- a/fuzzing/Makefile
+++ b/fuzzing/Makefile
@ -6,6 +6,7 @@ all:
 	$(MAKE) -C broker $@
 	$(MAKE) -C db_dump $@
 	$(MAKE) -C lib $@
+	$(MAKE) -C mosquitto_passwd $@

 clean:
 	-rm -rf corpora/broker corpora/client
@ -14,3 +15,4 @@ clean:
 	$(MAKE) -C broker $@
 	$(MAKE) -C db_dump $@
 	$(MAKE) -C lib $@
+	$(MAKE) -C mosquitto_passwd $@
--- a/fuzzing/mosquitto_passwd/Makefile
+++ b/fuzzing/mosquitto_passwd/Makefile
@ -0,0 +1,20 @@
+R=../..
+.PHONY: all clean
+
+FUZZERS:= \
+	mosquitto_passwd_fuzz_load
+
+LOCAL_CPPFLAGS:=$(CPPFLAGS)
+LOCAL_CXXFLAGS:=$(CXXFLAGS) -g -Wall -Werror -pthread
+LOCAL_LDFLAGS:=$(LDFLAGS)
+LOCAL_LIBADD:=$(LIBADD) $(LIB_FUZZING_ENGINE) ${R}/apps/mosquitto_passwd/mosquittopasswd.a
+
+all: $(FUZZERS)
+
+mosquitto_passwd_fuzz_load : mosquitto_passwd_fuzz_load.cpp
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
+	install $@ ${OUT}/$@
+	cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
+
+clean:
+	rm -f *.o $(FUZZERS)
--- a/fuzzing/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp
+++ b/fuzzing/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp
@ -0,0 +1,68 @@
+/*
+Copyright (c) 2023 Cedalo GmbH
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+   https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+  http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+
+Contributors:
+   Roger Light - initial implementation and documentation.
+*/
+
+#include <cstdio>
+#include <cstdint>
+#include <cstdlib>
+#include <cstring>
+#include <unistd.h>
+
+/*
+ * Test loading a file
+ */
+
+
+/* The fuzz-only main function. */
+extern "C" int mosquitto_passwd_fuzz_main(int argc, char *argv[]);
+
+void run_mosquitto_passwd(char *filename)
+{
+	char *argv[2];
+	int argc = 2;
+
+	argv[0] = strdup("mosquitto_passwd");
+	argv[1] = strdup("-b");
+	argv[2] = filename;
+	argv[3] = strdup("username");
+	argv[4] = strdup("password");
+
+	mosquitto_passwd_fuzz_main(argc, argv);
+
+	free(argv[0]);
+	free(argv[1]);
+	free(argv[3]);
+	free(argv[4]);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char filename[100];
+	FILE *fptr;
+
+	snprintf(filename, sizeof(filename), "/tmp/mosquitto_passwd_%d", getpid());
+	fptr = fopen(filename, "wb");
+	if(!fptr) return 1;
+	fwrite(data, 1, size, fptr);
+	fclose(fptr);
+
+	run_mosquitto_passwd(filename);
+
+	unlink(filename);
+
+	return 0;
+}