From 77b5dfb770441c7e9fffec0916ea5917d465e150 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Fri, 3 Mar 2023 21:42:11 +0000 Subject: [PATCH] Fuzzing: Basic mosquitto_passwd target --- apps/mosquitto_passwd/mosquitto_passwd.c | 4 ++ fuzzing/Makefile | 2 + fuzzing/mosquitto_passwd/Makefile | 20 ++++++ .../mosquitto_passwd_fuzz_load.cpp | 68 +++++++++++++++++++ 4 files changed, 94 insertions(+) create mode 100644 fuzzing/mosquitto_passwd/Makefile create mode 100644 fuzzing/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp diff --git a/apps/mosquitto_passwd/mosquitto_passwd.c b/apps/mosquitto_passwd/mosquitto_passwd.c index 63b69bd1..9bec4096 100644 --- a/apps/mosquitto_passwd/mosquitto_passwd.c +++ b/apps/mosquitto_passwd/mosquitto_passwd.c @@ -418,7 +418,11 @@ static bool is_username_valid(const char *username) return true; } +#ifdef WITH_FUZZING +int mosquitto_passwd_fuzz_main(int argc, char *argv[]) +#else int main(int argc, char *argv[]) +#endif { char *password_file_tmp = NULL; char *password_file = NULL; diff --git a/fuzzing/Makefile b/fuzzing/Makefile index 7dc36914..c3c42778 100644 --- a/fuzzing/Makefile +++ b/fuzzing/Makefile @@ -6,6 +6,7 @@ all: $(MAKE) -C broker $@ $(MAKE) -C db_dump $@ $(MAKE) -C lib $@ + $(MAKE) -C mosquitto_passwd $@ clean: -rm -rf corpora/broker corpora/client @@ -14,3 +15,4 @@ clean: $(MAKE) -C broker $@ $(MAKE) -C db_dump $@ $(MAKE) -C lib $@ + $(MAKE) -C mosquitto_passwd $@ diff --git a/fuzzing/mosquitto_passwd/Makefile b/fuzzing/mosquitto_passwd/Makefile new file mode 100644 index 00000000..4c88c8f7 --- /dev/null +++ b/fuzzing/mosquitto_passwd/Makefile @@ -0,0 +1,20 @@ +R=../.. +.PHONY: all clean + +FUZZERS:= \ + mosquitto_passwd_fuzz_load + +LOCAL_CPPFLAGS:=$(CPPFLAGS) +LOCAL_CXXFLAGS:=$(CXXFLAGS) -g -Wall -Werror -pthread +LOCAL_LDFLAGS:=$(LDFLAGS) +LOCAL_LIBADD:=$(LIBADD) $(LIB_FUZZING_ENGINE) ${R}/apps/mosquitto_passwd/mosquittopasswd.a + +all: $(FUZZERS) + +mosquitto_passwd_fuzz_load : mosquitto_passwd_fuzz_load.cpp + $(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) + install $@ ${OUT}/$@ + cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/$@_seed_corpus.zip + +clean: + rm -f *.o $(FUZZERS) diff --git a/fuzzing/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp b/fuzzing/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp new file mode 100644 index 00000000..02e2f8a9 --- /dev/null +++ b/fuzzing/mosquitto_passwd/mosquitto_passwd_fuzz_load.cpp @@ -0,0 +1,68 @@ +/* +Copyright (c) 2023 Cedalo GmbH + +All rights reserved. This program and the accompanying materials +are made available under the terms of the Eclipse Public License 2.0 +and Eclipse Distribution License v1.0 which accompany this distribution. + +The Eclipse Public License is available at + https://www.eclipse.org/legal/epl-2.0/ +and the Eclipse Distribution License is available at + http://www.eclipse.org/org/documents/edl-v10.php. + +SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + +Contributors: + Roger Light - initial implementation and documentation. +*/ + +#include +#include +#include +#include +#include + +/* + * Test loading a file + */ + + +/* The fuzz-only main function. */ +extern "C" int mosquitto_passwd_fuzz_main(int argc, char *argv[]); + +void run_mosquitto_passwd(char *filename) +{ + char *argv[2]; + int argc = 2; + + argv[0] = strdup("mosquitto_passwd"); + argv[1] = strdup("-b"); + argv[2] = filename; + argv[3] = strdup("username"); + argv[4] = strdup("password"); + + mosquitto_passwd_fuzz_main(argc, argv); + + free(argv[0]); + free(argv[1]); + free(argv[3]); + free(argv[4]); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + char filename[100]; + FILE *fptr; + + snprintf(filename, sizeof(filename), "/tmp/mosquitto_passwd_%d", getpid()); + fptr = fopen(filename, "wb"); + if(!fptr) return 1; + fwrite(data, 1, size, fptr); + fclose(fptr); + + run_mosquitto_passwd(filename); + + unlink(filename); + + return 0; +}