diff --git a/src/fuzzers/CMakeLists.txt b/src/fuzzers/CMakeLists.txt index 4f23a282be..1656ab5f70 100644 --- a/src/fuzzers/CMakeLists.txt +++ b/src/fuzzers/CMakeLists.txt @@ -29,12 +29,8 @@ endif () # the shared lib, links it. string(REGEX MATCH ".*\\.a$" _have_static_bind_lib "${BIND_LIBRARY}") -macro(ADD_FUZZ_TARGET _name) - set(_fuzz_target zeek-${_name}-fuzzer) - set(_fuzz_source ${_name}-fuzzer.cc) - +macro(SETUP_FUZZ_TARGET _fuzz_target _fuzz_source) add_executable(${_fuzz_target} ${_fuzz_source} ${ARGN}) - target_link_libraries(${_fuzz_target} zeek_fuzzer_shared) if ( _have_static_bind_lib ) @@ -49,6 +45,19 @@ macro(ADD_FUZZ_TARGET _name) target_link_libraries(${_fuzz_target} $) endif () +endmacro() + +macro(ADD_FUZZ_TARGET _name) + set(_fuzz_target zeek-${_name}-fuzzer) + set(_fuzz_source ${_name}-fuzzer.cc) + setup_fuzz_target(${_fuzz_target} ${_fuzz_source}) +endmacro () + +macro(ADD_GENERIC_ANALYZER_FUZZ_TARGET _name) + set(_fuzz_target zeek-${_name}-fuzzer) + set(_fuzz_source generic-analyzer-fuzzer.cc) + setup_fuzz_target(${_fuzz_target} ${_fuzz_source}) + target_compile_definitions(${_fuzz_target} PUBLIC ZEEK_FUZZ_ANALYZER=${_name}) endmacro () include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}) @@ -78,10 +87,11 @@ target_link_libraries(zeek_fuzzer_shared ${zeek_fuzzer_shared_deps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) -add_fuzz_target(dns) -add_fuzz_target(pop3) add_fuzz_target(packet) -add_fuzz_target(http) -add_fuzz_target(imap) -add_fuzz_target(smtp) -add_fuzz_target(ftp) +add_fuzz_target(dns) + +add_generic_analyzer_fuzz_target(ftp) +add_generic_analyzer_fuzz_target(http) +add_generic_analyzer_fuzz_target(imap) +add_generic_analyzer_fuzz_target(pop3) +add_generic_analyzer_fuzz_target(smtp) diff --git a/src/fuzzers/ftp-fuzzer.cc b/src/fuzzers/generic-analyzer-fuzzer.cc similarity index 90% rename from src/fuzzers/ftp-fuzzer.cc rename to src/fuzzers/generic-analyzer-fuzzer.cc index 67caf8be48..f054cbeefd 100644 --- a/src/fuzzers/ftp-fuzzer.cc +++ b/src/fuzzers/generic-analyzer-fuzzer.cc @@ -11,7 +11,9 @@ #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" #include "zeek/session/Manager.h" -static constexpr auto ZEEK_FUZZ_ANALYZER = "ftp"; +// Simple macros for converting a compiler define into a string. +#define VAL(str) #str +#define TOSTRING(str) VAL(str) static zeek::Connection* add_connection() { @@ -37,7 +39,7 @@ static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) { auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn); auto* pia = new zeek::analyzer::pia::PIA_TCP(conn); - auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); + auto a = zeek::analyzer_mgr->InstantiateAnalyzer(TOSTRING(ZEEK_FUZZ_ANALYZER), conn); tcp->AddChildAnalyzer(a); tcp->AddChildAnalyzer(pia->AsAnalyzer()); conn->SetSessionAdapter(tcp, pia); diff --git a/src/fuzzers/http-fuzzer.cc b/src/fuzzers/http-fuzzer.cc deleted file mode 100644 index 3ef6a11059..0000000000 --- a/src/fuzzers/http-fuzzer.cc +++ /dev/null @@ -1,78 +0,0 @@ -#include - -#include "zeek/Conn.h" -#include "zeek/RunState.h" -#include "zeek/analyzer/Analyzer.h" -#include "zeek/analyzer/Manager.h" -#include "zeek/analyzer/protocol/pia/PIA.h" -#include "zeek/analyzer/protocol/tcp/TCP.h" -#include "zeek/fuzzers/FuzzBuffer.h" -#include "zeek/fuzzers/fuzzer-setup.h" -#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" -#include "zeek/session/Manager.h" - -static constexpr auto ZEEK_FUZZ_ANALYZER = "http"; - -static zeek::Connection* add_connection() - { - static constexpr double network_time_start = 1439471031; - zeek::run_state::detail::update_network_time(network_time_start); - - zeek::Packet p; - zeek::ConnTuple conn_id; - conn_id.src_addr = zeek::IPAddr("1.2.3.4"); - conn_id.dst_addr = zeek::IPAddr("5.6.7.8"); - conn_id.src_port = htons(23132); - conn_id.dst_port = htons(80); - conn_id.is_one_way = false; - conn_id.proto = TRANSPORT_TCP; - zeek::detail::ConnKey key(conn_id); - zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p); - conn->SetTransport(TRANSPORT_TCP); - zeek::session_mgr->Insert(conn); - return conn; - } - -static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) - { - auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn); - auto* pia = new zeek::analyzer::pia::PIA_TCP(conn); - auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); - tcp->AddChildAnalyzer(a); - tcp->AddChildAnalyzer(pia->AsAnalyzer()); - conn->SetSessionAdapter(tcp, pia); - return a; - } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) - { - zeek::detail::FuzzBuffer fb{data, size}; - - if ( ! fb.Valid() ) - return 0; - - auto conn = add_connection(); - auto a = add_analyzer(conn); - - for ( ;; ) - { - auto chunk = fb.Next(); - - if ( ! chunk ) - break; - - try - { - a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig); - } - catch ( const binpac::Exception& e ) - { - } - - chunk = {}; - zeek::event_mgr.Drain(); - } - - zeek::detail::fuzzer_cleanup_one_input(); - return 0; - } diff --git a/src/fuzzers/imap-fuzzer.cc b/src/fuzzers/imap-fuzzer.cc deleted file mode 100644 index 89e8e3c730..0000000000 --- a/src/fuzzers/imap-fuzzer.cc +++ /dev/null @@ -1,78 +0,0 @@ -#include - -#include "zeek/Conn.h" -#include "zeek/RunState.h" -#include "zeek/analyzer/Analyzer.h" -#include "zeek/analyzer/Manager.h" -#include "zeek/analyzer/protocol/pia/PIA.h" -#include "zeek/analyzer/protocol/tcp/TCP.h" -#include "zeek/fuzzers/FuzzBuffer.h" -#include "zeek/fuzzers/fuzzer-setup.h" -#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" -#include "zeek/session/Manager.h" - -static constexpr auto ZEEK_FUZZ_ANALYZER = "imap"; - -static zeek::Connection* add_connection() - { - static constexpr double network_time_start = 1439471031; - zeek::run_state::detail::update_network_time(network_time_start); - - zeek::Packet p; - zeek::ConnTuple conn_id; - conn_id.src_addr = zeek::IPAddr("1.2.3.4"); - conn_id.dst_addr = zeek::IPAddr("5.6.7.8"); - conn_id.src_port = htons(23132); - conn_id.dst_port = htons(80); - conn_id.is_one_way = false; - conn_id.proto = TRANSPORT_TCP; - zeek::detail::ConnKey key(conn_id); - zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p); - conn->SetTransport(TRANSPORT_TCP); - zeek::session_mgr->Insert(conn); - return conn; - } - -static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) - { - auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn); - auto* pia = new zeek::analyzer::pia::PIA_TCP(conn); - auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); - tcp->AddChildAnalyzer(a); - tcp->AddChildAnalyzer(pia->AsAnalyzer()); - conn->SetSessionAdapter(tcp, pia); - return a; - } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) - { - zeek::detail::FuzzBuffer fb{data, size}; - - if ( ! fb.Valid() ) - return 0; - - auto conn = add_connection(); - auto a = add_analyzer(conn); - - for ( ;; ) - { - auto chunk = fb.Next(); - - if ( ! chunk ) - break; - - try - { - a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig); - } - catch ( const binpac::Exception& e ) - { - } - - chunk = {}; - zeek::event_mgr.Drain(); - } - - zeek::detail::fuzzer_cleanup_one_input(); - return 0; - } diff --git a/src/fuzzers/pop3-fuzzer.cc b/src/fuzzers/pop3-fuzzer.cc deleted file mode 100644 index da59df96bd..0000000000 --- a/src/fuzzers/pop3-fuzzer.cc +++ /dev/null @@ -1,78 +0,0 @@ -#include - -#include "zeek/Conn.h" -#include "zeek/RunState.h" -#include "zeek/analyzer/Analyzer.h" -#include "zeek/analyzer/Manager.h" -#include "zeek/analyzer/protocol/pia/PIA.h" -#include "zeek/analyzer/protocol/tcp/TCP.h" -#include "zeek/fuzzers/FuzzBuffer.h" -#include "zeek/fuzzers/fuzzer-setup.h" -#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" -#include "zeek/session/Manager.h" - -static constexpr auto ZEEK_FUZZ_ANALYZER = "pop3"; - -static zeek::Connection* add_connection() - { - static constexpr double network_time_start = 1439471031; - zeek::run_state::detail::update_network_time(network_time_start); - - zeek::Packet p; - zeek::ConnTuple conn_id; - conn_id.src_addr = zeek::IPAddr("1.2.3.4"); - conn_id.dst_addr = zeek::IPAddr("5.6.7.8"); - conn_id.src_port = htons(23132); - conn_id.dst_port = htons(80); - conn_id.is_one_way = false; - conn_id.proto = TRANSPORT_TCP; - zeek::detail::ConnKey key(conn_id); - zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p); - conn->SetTransport(TRANSPORT_TCP); - zeek::session_mgr->Insert(conn); - return conn; - } - -static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) - { - auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn); - auto* pia = new zeek::analyzer::pia::PIA_TCP(conn); - auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); - tcp->AddChildAnalyzer(a); - tcp->AddChildAnalyzer(pia->AsAnalyzer()); - conn->SetSessionAdapter(tcp, pia); - return a; - } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) - { - zeek::detail::FuzzBuffer fb{data, size}; - - if ( ! fb.Valid() ) - return 0; - - auto conn = add_connection(); - auto a = add_analyzer(conn); - - for ( ;; ) - { - auto chunk = fb.Next(); - - if ( ! chunk ) - break; - - try - { - a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig); - } - catch ( const binpac::Exception& e ) - { - } - - chunk = {}; - zeek::event_mgr.Drain(); - } - - zeek::detail::fuzzer_cleanup_one_input(); - return 0; - } diff --git a/src/fuzzers/smtp-fuzzer.cc b/src/fuzzers/smtp-fuzzer.cc deleted file mode 100644 index 68d42c6912..0000000000 --- a/src/fuzzers/smtp-fuzzer.cc +++ /dev/null @@ -1,78 +0,0 @@ -#include - -#include "zeek/Conn.h" -#include "zeek/RunState.h" -#include "zeek/analyzer/Analyzer.h" -#include "zeek/analyzer/Manager.h" -#include "zeek/analyzer/protocol/pia/PIA.h" -#include "zeek/analyzer/protocol/tcp/TCP.h" -#include "zeek/fuzzers/FuzzBuffer.h" -#include "zeek/fuzzers/fuzzer-setup.h" -#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h" -#include "zeek/session/Manager.h" - -static constexpr auto ZEEK_FUZZ_ANALYZER = "smtp"; - -static zeek::Connection* add_connection() - { - static constexpr double network_time_start = 1439471031; - zeek::run_state::detail::update_network_time(network_time_start); - - zeek::Packet p; - zeek::ConnTuple conn_id; - conn_id.src_addr = zeek::IPAddr("1.2.3.4"); - conn_id.dst_addr = zeek::IPAddr("5.6.7.8"); - conn_id.src_port = htons(23132); - conn_id.dst_port = htons(80); - conn_id.is_one_way = false; - conn_id.proto = TRANSPORT_TCP; - zeek::detail::ConnKey key(conn_id); - zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p); - conn->SetTransport(TRANSPORT_TCP); - zeek::session_mgr->Insert(conn); - return conn; - } - -static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn) - { - auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn); - auto* pia = new zeek::analyzer::pia::PIA_TCP(conn); - auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn); - tcp->AddChildAnalyzer(a); - tcp->AddChildAnalyzer(pia->AsAnalyzer()); - conn->SetSessionAdapter(tcp, pia); - return a; - } - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) - { - zeek::detail::FuzzBuffer fb{data, size}; - - if ( ! fb.Valid() ) - return 0; - - auto conn = add_connection(); - auto a = add_analyzer(conn); - - for ( ;; ) - { - auto chunk = fb.Next(); - - if ( ! chunk ) - break; - - try - { - a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig); - } - catch ( const binpac::Exception& e ) - { - } - - chunk = {}; - zeek::event_mgr.Drain(); - } - - zeek::detail::fuzzer_cleanup_one_input(); - return 0; - }