Merge remote-tracking branch 'origin/topic/timw/generic-fuzzer'

* origin/topic/timw/generic-fuzzer:
  Move fuzzer corpus files to another directory
  Add a way to create generic fuzzers without creating new files

CHANGES

@@ -1,3 +1,9 @@
+5.1.0-dev.469 | 2022-08-26 14:36:03 -0700
+
+  * Move fuzzer corpus files to another directory (Tim Wojtulewicz, Corelight)
+
+  * Add a way to create generic fuzzers without creating new files (Tim Wojtulewicz, Corelight)
+
 5.1.0-dev.466 | 2022-08-26 11:00:06 -0700
 
   * Check for valid ip_hdr length before trying to make a Val out of it (Tim Wojtulewicz, Corelight)

VERSION

@@ -1 +1 @@
-5.1.0-dev.466
+5.1.0-dev.469

ci/test-fuzzers.sh

@@ -13,7 +13,7 @@ fuzzers=$(find ./src/fuzzers -name 'zeek-*-fuzzer')
 for fuzzer_path in ${fuzzers}; do
     fuzzer_exe=$(basename ${fuzzer_path})
     fuzzer_name=$(echo ${fuzzer_exe} | sed 's/zeek-\(.*\)-fuzzer/\1/g')
-    corpus="../src/fuzzers/${fuzzer_name}-corpus.zip"
+    corpus="../src/fuzzers/corpora/${fuzzer_name}-corpus.zip"
 
     if [[ -e ${corpus} ]]; then
         echo "Fuzzer: ${fuzzer_exe} ${corpus}"

src/fuzzers/CMakeLists.txt

@@ -29,12 +29,8 @@ endif ()
 # the shared lib, links it.
 string(REGEX MATCH ".*\\.a$" _have_static_bind_lib "${BIND_LIBRARY}")
 
-macro(ADD_FUZZ_TARGET _name)
-    set(_fuzz_target zeek-${_name}-fuzzer)
-    set(_fuzz_source ${_name}-fuzzer.cc)
-
+macro(SETUP_FUZZ_TARGET _fuzz_target _fuzz_source)
     add_executable(${_fuzz_target} ${_fuzz_source} ${ARGN})
-
     target_link_libraries(${_fuzz_target} zeek_fuzzer_shared)
 
     if ( _have_static_bind_lib )
@@ -49,6 +45,19 @@ macro(ADD_FUZZ_TARGET _name)
         target_link_libraries(${_fuzz_target}
                               $<TARGET_OBJECTS:zeek_fuzzer_standalone>)
     endif ()
+endmacro()
+
+macro(ADD_FUZZ_TARGET _name)
+    set(_fuzz_target zeek-${_name}-fuzzer)
+    set(_fuzz_source ${_name}-fuzzer.cc)
+    setup_fuzz_target(${_fuzz_target} ${_fuzz_source})
+endmacro ()
+
+macro(ADD_GENERIC_ANALYZER_FUZZ_TARGET _name)
+    set(_fuzz_target zeek-${_name}-fuzzer)
+    set(_fuzz_source generic-analyzer-fuzzer.cc)
+    setup_fuzz_target(${_fuzz_target} ${_fuzz_source})
+    target_compile_definitions(${_fuzz_target} PUBLIC ZEEK_FUZZ_ANALYZER=${_name})
 endmacro ()
 
 include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR})
@@ -78,10 +87,11 @@ target_link_libraries(zeek_fuzzer_shared
                       ${zeek_fuzzer_shared_deps}
                       ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
 
-add_fuzz_target(dns)
-add_fuzz_target(pop3)
 add_fuzz_target(packet)
-add_fuzz_target(http)
-add_fuzz_target(imap)
-add_fuzz_target(smtp)
-add_fuzz_target(ftp)
+add_fuzz_target(dns)
+
+add_generic_analyzer_fuzz_target(ftp)
+add_generic_analyzer_fuzz_target(http)
+add_generic_analyzer_fuzz_target(imap)
+add_generic_analyzer_fuzz_target(pop3)
+add_generic_analyzer_fuzz_target(smtp)

src/fuzzers/generic-analyzer-fuzzer.cc

@@ -11,7 +11,9 @@
 #include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
 #include "zeek/session/Manager.h"
 
-static constexpr auto ZEEK_FUZZ_ANALYZER = "ftp";
+// Simple macros for converting a compiler define into a string.
+#define VAL(str) #str
+#define TOSTRING(str) VAL(str)
 
 static zeek::Connection* add_connection()
 	{
@@ -37,7 +39,7 @@ static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn)
 	{
 	auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn);
 	auto* pia = new zeek::analyzer::pia::PIA_TCP(conn);
-	auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn);
+	auto a = zeek::analyzer_mgr->InstantiateAnalyzer(TOSTRING(ZEEK_FUZZ_ANALYZER), conn);
 	tcp->AddChildAnalyzer(a);
 	tcp->AddChildAnalyzer(pia->AsAnalyzer());
 	conn->SetSessionAdapter(tcp, pia);

src/fuzzers/http-fuzzer.cc

@@ -1,78 +0,0 @@
-#include <binpac.h>
-
-#include "zeek/Conn.h"
-#include "zeek/RunState.h"
-#include "zeek/analyzer/Analyzer.h"
-#include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
-#include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/fuzzers/FuzzBuffer.h"
-#include "zeek/fuzzers/fuzzer-setup.h"
-#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
-#include "zeek/session/Manager.h"
-
-static constexpr auto ZEEK_FUZZ_ANALYZER = "http";
-
-static zeek::Connection* add_connection()
-	{
-	static constexpr double network_time_start = 1439471031;
-	zeek::run_state::detail::update_network_time(network_time_start);
-
-	zeek::Packet p;
-	zeek::ConnTuple conn_id;
-	conn_id.src_addr = zeek::IPAddr("1.2.3.4");
-	conn_id.dst_addr = zeek::IPAddr("5.6.7.8");
-	conn_id.src_port = htons(23132);
-	conn_id.dst_port = htons(80);
-	conn_id.is_one_way = false;
-	conn_id.proto = TRANSPORT_TCP;
-	zeek::detail::ConnKey key(conn_id);
-	zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p);
-	conn->SetTransport(TRANSPORT_TCP);
-	zeek::session_mgr->Insert(conn);
-	return conn;
-	}
-
-static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn)
-	{
-	auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn);
-	auto* pia = new zeek::analyzer::pia::PIA_TCP(conn);
-	auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn);
-	tcp->AddChildAnalyzer(a);
-	tcp->AddChildAnalyzer(pia->AsAnalyzer());
-	conn->SetSessionAdapter(tcp, pia);
-	return a;
-	}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
-	{
-	zeek::detail::FuzzBuffer fb{data, size};
-
-	if ( ! fb.Valid() )
-		return 0;
-
-	auto conn = add_connection();
-	auto a = add_analyzer(conn);
-
-	for ( ;; )
-		{
-		auto chunk = fb.Next();
-
-		if ( ! chunk )
-			break;
-
-		try
-			{
-			a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig);
-			}
-		catch ( const binpac::Exception& e )
-			{
-			}
-
-		chunk = {};
-		zeek::event_mgr.Drain();
-		}
-
-	zeek::detail::fuzzer_cleanup_one_input();
-	return 0;
-	}

src/fuzzers/imap-fuzzer.cc

@@ -1,78 +0,0 @@
-#include <binpac.h>
-
-#include "zeek/Conn.h"
-#include "zeek/RunState.h"
-#include "zeek/analyzer/Analyzer.h"
-#include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
-#include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/fuzzers/FuzzBuffer.h"
-#include "zeek/fuzzers/fuzzer-setup.h"
-#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
-#include "zeek/session/Manager.h"
-
-static constexpr auto ZEEK_FUZZ_ANALYZER = "imap";
-
-static zeek::Connection* add_connection()
-	{
-	static constexpr double network_time_start = 1439471031;
-	zeek::run_state::detail::update_network_time(network_time_start);
-
-	zeek::Packet p;
-	zeek::ConnTuple conn_id;
-	conn_id.src_addr = zeek::IPAddr("1.2.3.4");
-	conn_id.dst_addr = zeek::IPAddr("5.6.7.8");
-	conn_id.src_port = htons(23132);
-	conn_id.dst_port = htons(80);
-	conn_id.is_one_way = false;
-	conn_id.proto = TRANSPORT_TCP;
-	zeek::detail::ConnKey key(conn_id);
-	zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p);
-	conn->SetTransport(TRANSPORT_TCP);
-	zeek::session_mgr->Insert(conn);
-	return conn;
-	}
-
-static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn)
-	{
-	auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn);
-	auto* pia = new zeek::analyzer::pia::PIA_TCP(conn);
-	auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn);
-	tcp->AddChildAnalyzer(a);
-	tcp->AddChildAnalyzer(pia->AsAnalyzer());
-	conn->SetSessionAdapter(tcp, pia);
-	return a;
-	}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
-	{
-	zeek::detail::FuzzBuffer fb{data, size};
-
-	if ( ! fb.Valid() )
-		return 0;
-
-	auto conn = add_connection();
-	auto a = add_analyzer(conn);
-
-	for ( ;; )
-		{
-		auto chunk = fb.Next();
-
-		if ( ! chunk )
-			break;
-
-		try
-			{
-			a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig);
-			}
-		catch ( const binpac::Exception& e )
-			{
-			}
-
-		chunk = {};
-		zeek::event_mgr.Drain();
-		}
-
-	zeek::detail::fuzzer_cleanup_one_input();
-	return 0;
-	}

src/fuzzers/pop3-fuzzer.cc

@@ -1,78 +0,0 @@
-#include <binpac.h>
-
-#include "zeek/Conn.h"
-#include "zeek/RunState.h"
-#include "zeek/analyzer/Analyzer.h"
-#include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
-#include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/fuzzers/FuzzBuffer.h"
-#include "zeek/fuzzers/fuzzer-setup.h"
-#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
-#include "zeek/session/Manager.h"
-
-static constexpr auto ZEEK_FUZZ_ANALYZER = "pop3";
-
-static zeek::Connection* add_connection()
-	{
-	static constexpr double network_time_start = 1439471031;
-	zeek::run_state::detail::update_network_time(network_time_start);
-
-	zeek::Packet p;
-	zeek::ConnTuple conn_id;
-	conn_id.src_addr = zeek::IPAddr("1.2.3.4");
-	conn_id.dst_addr = zeek::IPAddr("5.6.7.8");
-	conn_id.src_port = htons(23132);
-	conn_id.dst_port = htons(80);
-	conn_id.is_one_way = false;
-	conn_id.proto = TRANSPORT_TCP;
-	zeek::detail::ConnKey key(conn_id);
-	zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p);
-	conn->SetTransport(TRANSPORT_TCP);
-	zeek::session_mgr->Insert(conn);
-	return conn;
-	}
-
-static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn)
-	{
-	auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn);
-	auto* pia = new zeek::analyzer::pia::PIA_TCP(conn);
-	auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn);
-	tcp->AddChildAnalyzer(a);
-	tcp->AddChildAnalyzer(pia->AsAnalyzer());
-	conn->SetSessionAdapter(tcp, pia);
-	return a;
-	}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
-	{
-	zeek::detail::FuzzBuffer fb{data, size};
-
-	if ( ! fb.Valid() )
-		return 0;
-
-	auto conn = add_connection();
-	auto a = add_analyzer(conn);
-
-	for ( ;; )
-		{
-		auto chunk = fb.Next();
-
-		if ( ! chunk )
-			break;
-
-		try
-			{
-			a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig);
-			}
-		catch ( const binpac::Exception& e )
-			{
-			}
-
-		chunk = {};
-		zeek::event_mgr.Drain();
-		}
-
-	zeek::detail::fuzzer_cleanup_one_input();
-	return 0;
-	}

src/fuzzers/smtp-fuzzer.cc

@@ -1,78 +0,0 @@
-#include <binpac.h>
-
-#include "zeek/Conn.h"
-#include "zeek/RunState.h"
-#include "zeek/analyzer/Analyzer.h"
-#include "zeek/analyzer/Manager.h"
-#include "zeek/analyzer/protocol/pia/PIA.h"
-#include "zeek/analyzer/protocol/tcp/TCP.h"
-#include "zeek/fuzzers/FuzzBuffer.h"
-#include "zeek/fuzzers/fuzzer-setup.h"
-#include "zeek/packet_analysis/protocol/tcp/TCPSessionAdapter.h"
-#include "zeek/session/Manager.h"
-
-static constexpr auto ZEEK_FUZZ_ANALYZER = "smtp";
-
-static zeek::Connection* add_connection()
-	{
-	static constexpr double network_time_start = 1439471031;
-	zeek::run_state::detail::update_network_time(network_time_start);
-
-	zeek::Packet p;
-	zeek::ConnTuple conn_id;
-	conn_id.src_addr = zeek::IPAddr("1.2.3.4");
-	conn_id.dst_addr = zeek::IPAddr("5.6.7.8");
-	conn_id.src_port = htons(23132);
-	conn_id.dst_port = htons(80);
-	conn_id.is_one_way = false;
-	conn_id.proto = TRANSPORT_TCP;
-	zeek::detail::ConnKey key(conn_id);
-	zeek::Connection* conn = new zeek::Connection(key, network_time_start, &conn_id, 1, &p);
-	conn->SetTransport(TRANSPORT_TCP);
-	zeek::session_mgr->Insert(conn);
-	return conn;
-	}
-
-static zeek::analyzer::Analyzer* add_analyzer(zeek::Connection* conn)
-	{
-	auto* tcp = new zeek::packet_analysis::TCP::TCPSessionAdapter(conn);
-	auto* pia = new zeek::analyzer::pia::PIA_TCP(conn);
-	auto a = zeek::analyzer_mgr->InstantiateAnalyzer(ZEEK_FUZZ_ANALYZER, conn);
-	tcp->AddChildAnalyzer(a);
-	tcp->AddChildAnalyzer(pia->AsAnalyzer());
-	conn->SetSessionAdapter(tcp, pia);
-	return a;
-	}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
-	{
-	zeek::detail::FuzzBuffer fb{data, size};
-
-	if ( ! fb.Valid() )
-		return 0;
-
-	auto conn = add_connection();
-	auto a = add_analyzer(conn);
-
-	for ( ;; )
-		{
-		auto chunk = fb.Next();
-
-		if ( ! chunk )
-			break;
-
-		try
-			{
-			a->ForwardStream(chunk->size, chunk->data.get(), chunk->is_orig);
-			}
-		catch ( const binpac::Exception& e )
-			{
-			}
-
-		chunk = {};
-		zeek::event_mgr.Drain();
-		}
-
-	zeek::detail::fuzzer_cleanup_one_input();
-	return 0;
-	}