Fuzzing: db_dump file loading

.gitignore

@@ -17,15 +17,20 @@ c/*.test
 cpp/*.test
 
 apps/db_dump/mosquitto_db_dump
+apps/db_dump/mosquitto_db_dump.a
 apps/mosquitto_ctrl/mosquitto_ctrl
 apps/mosquitto_passwd/mosquitto_passwd
+apps/mosquitto_passwd/mosquitto_passwd.a
 
 build/
 build64/
 
 client/mosquitto_pub
+client/mosquitto_pub.a
 client/mosquitto_rr
+client/mosquitto_rr.a
 client/mosquitto_sub
+client/mosquitto_sub.a
 client/testing
 client/testing.c
 

apps/db_dump/Makefile

@@ -1,7 +1,7 @@
 R=../..
 include ${R}/config.mk
 
-CFLAGS_FINAL=${CFLAGS} ${BROKER_CFLAGS} ${BROKER_CPPFLAGS} -I${R}/include -I${R}/ -I${R}/lib -I${R}/src -I${R}/deps -I${R}/common
+CFLAGS_FINAL=${CFLAGS} ${CPPFLAGS} ${BROKER_CFLAGS} ${BROKER_CPPFLAGS} -I${R}/include -I${R}/ -I${R}/lib -I${R}/src -I${R}/deps -I${R}/common
 
 OBJS = \
 	   db_dump.o \
@@ -21,11 +21,18 @@ BROKER_OBJS = \
 
 .PHONY: all clean reallyclean
 
+ifeq ($(WITH_FUZZING),yes)
+all : mosquitto_db_dump.a
+else
 all : mosquitto_db_dump
+endif
 
 mosquitto_db_dump : ${OBJS} ${BROKER_OBJS}
 	${CROSS_COMPILE}${CC} $^ -o $@ ${LDFLAGS} ${LIBS} ${APP_LDFLAGS}
 
+mosquitto_db_dump.a : ${OBJS} ${BROKER_OBJS}
+	${CROSS_COMPILE}$(AR) cr $@ $^
+
 db_dump.o : db_dump.c db_dump.h ${R}/src/persist.h
 	${CROSS_COMPILE}${CC} $(CFLAGS_FINAL) -c $< -o $@
 
@@ -41,7 +48,7 @@ stubs.o : stubs.c
 reallyclean: clean
 
 clean :
-	-rm -f $(OBJS) $(BROKER_OBJS)  mosquitto_db_dump *.gcda *.gcno
+	-rm -f $(OBJS) $(BROKER_OBJS)  mosquitto_db_dump mosquitto_db_dump.a *.gcda *.gcno
 
 install:
 

apps/db_dump/db_dump.c

@@ -387,7 +387,11 @@ static void cleanup_msg_store()
 }
 
 
+#ifdef WITH_FUZZING
+int db_dump_fuzz_main(int argc, char *argv[])
+#else
 int main(int argc, char *argv[])
+#endif
 {
 	FILE *fd;
 	char header[15];

apps/mosquitto_passwd/Makefile

@@ -12,7 +12,11 @@ OBJS=	mosquitto_passwd.o \
 		password_mosq.o
 
 ifeq ($(WITH_TLS),yes)
-all: mosquitto_passwd
+ifeq ($(WITH_FUZZING),yes)
+all : mosquitto_passwd.a
+else
+all : mosquitto_passwd
+endif
 else
 all:
 endif
@@ -20,6 +24,9 @@ endif
 mosquitto_passwd : ${OBJS}
 	${CROSS_COMPILE}${CC} ${LDFLAGS} ${APP_LDFLAGS} $^ -o $@ $(PASSWD_LDADD)
 
+mosquitto_passwd.a : ${OBJS}
+	${CROSS_COMPILE}$(AR) cr $@ $^
+
 mosquitto_passwd.o : mosquitto_passwd.c
 	${CROSS_COMPILE}${CC} $(APP_CPPFLAGS) $(APP_CFLAGS) -c $< -o $@
 
@@ -51,7 +58,7 @@ uninstall :
 	-rm -f "${DESTDIR}${prefix}/bin/mosquitto_passwd"
 
 clean :
-	-rm -f *.o mosquitto_passwd *.gcda *.gcno
+	-rm -f *.o *.a mosquitto_passwd *.gcda *.gcno
 
 reallyclean : clean
 	-rm -rf *.orig *.db

client/Makefile

@@ -3,6 +3,10 @@ include ${R}/config.mk
 
 .PHONY: all install uninstall reallyclean clean static static_pub static_sub static_rr
 
+CLIENT_CFLAGS:=$(CLIENT_CFLAGS) $(CFLAGS)
+CLIENT_CPPFLAGS:=$(CLIENT_CPPFLAGS) $(CPPFLAGS)
+CLIENT_LDFLAGS:=$(CLIENT_LDFLAGS) $(LDFLAGS)
+
 ifeq ($(WITH_SHARED_LIBRARIES),yes)
 SHARED_DEP:=${R}/lib/libmosquitto.so.${SOVERSION}
 endif
@@ -22,22 +26,22 @@ static : static_pub static_sub static_rr
 	# libmosquitto only.
 
 static_pub : pub_client.o pub_shared.o client_props.o client_shared.o ${R}/lib/libmosquitto.a
-	${CROSS_COMPILE}${CC} $^ -o mosquitto_pub ${LDFLAGS} ${CLIENT_LDFLAGS} ${STATIC_LIB_DEPS} ${CLIENT_STATIC_LDADD}
+	${CROSS_COMPILE}${CC} $^ -o mosquitto_pub ${CLIENT_LDFLAGS} ${STATIC_LIB_DEPS} ${CLIENT_STATIC_LDADD}
 
 static_sub : sub_client.o sub_client_output.o client_props.o client_shared.o ${R}/lib/libmosquitto.a
-	${CROSS_COMPILE}${CC} $^ -o mosquitto_sub ${LDFLAGS} ${CLIENT_LDFLAGS} ${STATIC_LIB_DEPS} ${CLIENT_STATIC_LDADD}
+	${CROSS_COMPILE}${CC} $^ -o mosquitto_sub ${CLIENT_LDFLAGS} ${STATIC_LIB_DEPS} ${CLIENT_STATIC_LDADD}
 
 static_rr : rr_client.o client_props.o client_shared.o pub_shared.o sub_client_output.o ${R}/lib/libmosquitto.a
-	${CROSS_COMPILE}${CC} $^ -o mosquitto_rr ${LDFLAGS} ${CLIENT_LDFLAGS} ${STATIC_LIB_DEPS} ${CLIENT_STATIC_LDADD}
+	${CROSS_COMPILE}${CC} $^ -o mosquitto_rr ${CLIENT_LDFLAGS} ${STATIC_LIB_DEPS} ${CLIENT_STATIC_LDADD}
 
 mosquitto_pub : pub_client.o pub_shared.o client_shared.o client_props.o
-	${CROSS_COMPILE}${CC} ${LDFLAGS} $(CLIENT_LDFLAGS) $^ -o $@ $(CLIENT_LDADD)
+	${CROSS_COMPILE}${CC} $(CLIENT_LDFLAGS) $^ -o $@ $(CLIENT_LDADD)
 
 mosquitto_sub : sub_client.o sub_client_output.o client_shared.o client_props.o
-	${CROSS_COMPILE}${CC} ${LDFLAGS} $(CLIENT_LDFLAGS) $^ -o $@ $(CLIENT_LDADD)
+	${CROSS_COMPILE}${CC} $(CLIENT_LDFLAGS) $^ -o $@ $(CLIENT_LDADD)
 
 mosquitto_rr : rr_client.o client_shared.o client_props.o pub_shared.o sub_client_output.o
-	${CROSS_COMPILE}${CC} ${LDFLAGS} $(CLIENT_LDFLAGS) $^ -o $@ $(CLIENT_LDADD)
+	${CROSS_COMPILE}${CC} $(CLIENT_LDFLAGS) $^ -o $@ $(CLIENT_LDADD)
 
 pub_client.o : pub_client.c ${SHARED_DEP}
 	${CROSS_COMPILE}${CC} $(CLIENT_CPPFLAGS) $(CLIENT_CFLAGS) -c $< -o $@

config.mk

@@ -215,6 +215,11 @@ ifeq ($(UNAME),Linux)
 	LIB_LIBADD:=$(LIB_LIBADD) -lrt
 endif
 
+ifeq ($(WITH_FUZZING),yes)
+	WITH_SHARED_LIBRARIES:=no
+	WITH_STATIC_LIBRARIES:=yes
+endif
+
 ifeq ($(WITH_SHARED_LIBRARIES),yes)
 	CLIENT_LDADD:=${CLIENT_LDADD} ${R}/lib/libmosquitto.so.${SOVERSION}
 endif
@@ -430,10 +435,9 @@ endif
 
 ifeq ($(WITH_FUZZING),yes)
 	MAKE_ALL:=$(MAKE_ALL) fuzzing
-	BROKER_CPPFLAGS:=$(BROKER_CPPFLAGS) -DWITH_FUZZING
-	BROKER_CFLAGS:=$(BROKER_CFLAGS) -fPIC
-	BROKER_LDFLAGS:=$(BROKER_LDFLAGS) -shared
-	LDFLAGS:=$(LDFLAGS) $(CFLAGS)
+	CPPFLAGS:=$(CPPFLAGS) -DWITH_FUZZING
+	CFLAGS:=$(CFLAGS) -fPIC
+	LDFLAGS:=$(LDFLAGS) -shared $(CFLAGS)
 endif
 
 BROKER_LDADD:=${BROKER_LDADD} ${LDADD}

fuzzing/Makefile

@@ -2,8 +2,13 @@
 
 all:
 	./generate_packet_corpora.py
+	zip -r corpora/db_dump_seed_corpus.zip ../test/apps/db_dump/data/
 	$(MAKE) -C broker $@
+	$(MAKE) -C db_dump $@
 
 clean:
-	-rm -rf corpora/broker corpora/client corpora/broker_packet_seed_corpus.zip corpora/client_packet_seed_corpus.zip
+	-rm -rf corpora/broker corpora/client
+	-rm -f corpora/broker_packet_seed_corpus.zip corpora/client_packet_seed_corpus.zip
+	-rm -f corpora/db_dump_seed_corpus.zip
 	$(MAKE) -C broker $@
+	$(MAKE) -C db_dump $@

fuzzing/db_dump/Makefile

@@ -0,0 +1,20 @@
+R=../..
+.PHONY: all clean
+
+FUZZERS:= \
+	db_dump_fuzz_load
+
+LOCAL_CPPFLAGS:=$(CPPFLAGS)
+LOCAL_CXXFLAGS:=$(CXXFLAGS) -g -Wall -Werror -pthread
+LOCAL_LDFLAGS:=$(LDFLAGS)
+LOCAL_LIBADD:=$(LIBADD) $(LIB_FUZZING_ENGINE) ${R}/apps/db_dump/mosquitto_db_dump.a
+
+all: $(FUZZERS)
+
+db_dump_fuzz_load : db_dump_fuzz_load.cpp
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
+	install $@ ${OUT}/$@
+	cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/
+
+clean:
+	rm -f *.o $(FUZZERS)

fuzzing/db_dump/db_dump_fuzz_load.cpp

@@ -0,0 +1,62 @@
+/*
+Copyright (c) 2023 Cedalo GmbH
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+   https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+  http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+
+Contributors:
+   Roger Light - initial implementation and documentation.
+*/
+
+#include <cstdio>
+#include <cstdint>
+#include <cstdlib>
+#include <cstring>
+#include <unistd.h>
+
+/*
+ * Test loading a file
+ */
+
+
+/* The fuzz-only main function. */
+extern "C" int db_dump_fuzz_main(int argc, char *argv[]);
+
+void run_db_dump(char *filename)
+{
+	char *argv[2];
+	int argc = 2;
+
+	argv[0] = strdup("mosquitto_db_dump");
+	argv[1] = filename;
+
+	db_dump_fuzz_main(argc, argv);
+
+	free(argv[0]);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char filename[100];
+	FILE *fptr;
+
+	snprintf(filename, sizeof(filename), "/tmp/db_dump_%d.db", getpid());
+	fptr = fopen(filename, "wb");
+	if(!fptr) return 1;
+	fwrite(data, 1, size, fptr);
+	fclose(fptr);
+
+	run_db_dump(filename);
+
+	unlink(filename);
+
+	return 0;
+}

src/Makefile

@@ -3,6 +3,10 @@ include ${R}/config.mk
 
 .PHONY: all install uninstall clean reallyclean
 
+BROKER_CFLAGS:=$(BROKER_CFLAGS) $(CFLAGS)
+BROKER_CPPFLAGS:=$(BROKER_CPPFLAGS) $(CPPFLAGS)
+BROKER_LDFLAGS:=$(BROKER_LDFLAGS) $(LDFLAGS)
+
 ifeq ($(WITH_FUZZING),yes)
 all : mosquitto_broker.a
 else

test/apps/db_dump/db-dump-client-stats.py

@@ -12,7 +12,7 @@ def do_test(file, counts):
     cmd = [
         mosq_test.get_build_root()+'/apps/db_dump/mosquitto_db_dump',
         '--client-stats',
-        f'{test_dir}/apps/db_dump/{file}'
+        f'{test_dir}/apps/db_dump/data/{file}'
     ]
 
     res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=1, encoding='utf-8')

test/apps/db_dump/db-dump-corrupt.py

@@ -6,7 +6,7 @@ def do_test(file, stderr, rc_expected):
 
     cmd = [
         mosq_test.get_build_root()+'/apps/db_dump/mosquitto_db_dump',
-        f'{test_dir}/apps/db_dump/{file}'
+        f'{test_dir}/apps/db_dump/data/{file}'
     ]
 
     res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=1, encoding='utf-8')
@@ -18,7 +18,7 @@ def do_test(file, stderr, rc_expected):
         print(res.returncode)
         raise mosq_test.TestError
 
-do_test('missing.test-db', f"Error: Unable to open {test_dir}/apps/db_dump/missing.test-db\n", 0)
+do_test('missing.test-db', f"Error: Unable to open {test_dir}/apps/db_dump/data/missing.test-db\n", 0)
 do_test('bad-magic.test-db', "Error: Unrecognised file format.\n", 1)
 do_test('short.test-db', "Error: Corrupt persistent database.\n", 1)
 do_test('bad-dbid-size.test-db', "Error: Incompatible database configuration (dbid size is 5 bytes, expected 8)", 1)

test/apps/db_dump/db-dump-print-empty.py

@@ -6,7 +6,7 @@ def do_test(file, stdout):
 
     cmd = [
         mosq_test.get_build_root()+'/apps/db_dump/mosquitto_db_dump',
-        f'{test_dir}/apps/db_dump/{file}'
+        f'{test_dir}/apps/db_dump/data/{file}'
     ]
 
     res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=1, encoding='utf-8')

test/apps/db_dump/db-dump-print-v6-all.py

@@ -6,7 +6,7 @@ def do_test(file, stdout):
 
     cmd = [
         mosq_test.get_build_root()+'/apps/db_dump/mosquitto_db_dump',
-            f'{test_dir}/apps/db_dump/{file}'
+            f'{test_dir}/apps/db_dump/data/{file}'
             ]
 
     res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=1, encoding='utf-8')

test/apps/db_dump/db-dump-print-v6-mqtt-v5-props.py

@@ -6,7 +6,7 @@ def do_test(file, stdout):
 
     cmd = [
         mosq_test.get_build_root() + '/apps/db_dump/mosquitto_db_dump',
-        f'{test_dir}/apps/db_dump/{file}'
+        f'{test_dir}/apps/db_dump/data/{file}'
     ]
 
     res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=3, encoding='utf-8')

test/apps/db_dump/db-dump-stats.py

@@ -13,7 +13,7 @@ def do_test(file, counts):
     cmd = [
         mosq_test.get_build_root()+'/apps/db_dump/mosquitto_db_dump',
             '--stats',
-            f'{test_dir}/apps/db_dump/{file}'
+            f'{test_dir}/apps/db_dump/data/{file}'
     ]
 
     res = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=1, encoding='utf-8')