Getting seeds into oss-fuzz
Andrew Bartlett
abartlet at samba.org
Thu Feb 27 02:11:42 UTC 2020
G'Day Gary,
We discussed in person a long-delayed task for the fuzzing effort,
which is to provide oss-fuzz with good seeds for each of our fuzz
targets. It would be awesome if you can slow-burn at this when you get
some cycles.
For the NDR targets, we do have a source of good seeds, because we
changed make test to save them. We need to provide some for the other
fuzzers, like LDIF examples, LDAP packets, DNs and ini files etc.
The specification for how the zip file should be constructed is here:
https://google.github.io/oss-fuzz/getting-started/new-project-guide/#seed-corpus
The script to be modified is lib/fuzzing/oss-fuzz/build_samba.sh
This needs to be extended to prepare the zip files of seeds.
The zip file needs to be along-side the binary in $OUT named
$fuzzer_seed_corpus.zip, with each file being the SHA1 of its contents
(many of our existing seeds are not named this way)..
See for example this from nss:
https://hg.mozilla.org/projects/nss/file/tip/automation/ossfuzz/build.sh
and tor:
https://github.com/google/oss-fuzz/blob/2d5e2ef84f281e6ab789055aa735606d3122fda9/projects/tor/build.sh
The seeds should be in their own git repo, with a specific revision
checked out over https:// at build time: I've just created
https://gitlab.com/samba-team/samba-fuzz-seeds
We should grab a copy of Google's Corpara:
https://google.github.io/oss-fuzz/advanced-topics/corpora/#downloading-the-corpus
https://google.github.io/oss-fuzz/faq/#are-there-any-restrictions-on-using-test-cases--corpora-generated-by-oss-fuzz
Then add in the seeds from Douglas (just ask him in person), both from
a 'make test' and hongfuzz on the make test seeds, which he can share
with you. Some of these will need to be split up into _IN, _OUT and
_STRUCT as the 'make test' system created one directory per pipe, and
we split the fuzzers up later.
Finally, we should run our fuzzers against the zip files (unzipped) in
lib/fuzzing/oss-fuzz/check_build.sh, to show that this all works.
All in all a lot of work, but we can chip away at it.
To test, clone https://github.com/google/oss-fuzz
./infra/helper.py build_image samba
./infra/helper.py shell samba
Run 'compile' in the shell after changing code and pulling into the
checkout there.
To run end-to-end you can change projects/samba/Dockerfile to point at
your repo and run
./infra/helper.py build_image samba
./infra/helper.py build_fuzzers samba
./infra/helper.py run_fuzzers samba $fuzzer_name
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list