From 173bfbf7886608a4a7abbfac6a42ac4bf4a3432d Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 20 Sep 2020 16:14:20 +0100 Subject: New upstream version 1.5.0 --- fuzz/README | 130 ++---------------------------------------------------------- 1 file changed, 3 insertions(+), 127 deletions(-) (limited to 'fuzz/README') diff --git a/fuzz/README b/fuzz/README index 42646e4..03de9d0 100644 --- a/fuzz/README +++ b/fuzz/README @@ -3,10 +3,8 @@ ASAN/MSAN/UBSAN. AFL is more convenient when fuzzing the path from the authenticator to libfido2 in an existing application. To do so, use preload-snoop.c with a real -authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1 --DAFL=1, and use preload-fuzz.c to read device data from stdin. Examples of -this approach can be found in the harnesses under fuzz/harnesses/ that fuzz -the standalone examples and tools bundled with libfido2. +authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=1, and +use preload-fuzz.c to read device data from stdin. libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c, fuzz_assert.c, and fuzz_mgmt.c for examples. To build these harnesses, @@ -15,129 +13,7 @@ use -DFUZZ=1 -DLIBFUZZER=1. To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of libcbor and OpenSSL built with the respective sanitiser. In order to keep memory utilisation at a manageable level, you can either enforce limits at -the OS level (e.g. cgroups on Linux) or, alternatively, patch libcbor with -the diff at the bottom of this file. - -1. Using ASAN + UBSAN - -- Make sure you have libcbor built with -fsanitize=address; -- Make sure you have OpenSSL built with -fsanitize=address; -- Rebuild libfido2 with -DASAN=1 -DUBSAN=1. - -1.1 Decide where your workspace will live - -$ export FAKEROOT=/home/pedro/fakeroot -$ mkdir -p ${FAKEROOT}/src - -1.2 Building libcbor with ASAN - -$ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor -$ cd ${FAKEROOT}/src/libcbor - -Assuming libfido2 is under ${FAKEROOT}/src/libfido2: - -$ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README -$ mkdir build -$ cd build -$ cmake -DCMAKE_C_FLAGS_DEBUG="-g2 -fno-omit-frame-pointer" \ - -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ - -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=ON \ - -DCMAKE_INSTALL_LIBDIR=lib .. -$ make -$ make install - -1.3 Building OpenSSL with ASAN - -$ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl -$ cd ${FAKEROOT}/src/openssl -$ ./Configure linux-x86_64-clang enable-asan --prefix=${FAKEROOT} \ - --openssldir=${FAKEROOT}/openssl -$ make clean -$ make -$ make install_sw - -1.4 Building libfido2 with libFuzzer and ASAN + UBSAN - -$ cd ${FAKEROOT}/src/libfido2 -$ mkdir build -$ cd build -$ cmake -DFUZZ=1 -DLIBFUZZER=1 -DASAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ - -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ - -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ - -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ - -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ - -DCMAKE_BUILD_TYPE=Debug .. -$ make - -2. Using MSAN + UBSAN - -- Make sure you have libcbor built with -fsanitize=memory; -- Make sure you have OpenSSL built with -fsanitize=memory; -- Rebuild libfido2 with -DMSAN=1 -DUBSAN=1. - -2.1 Decide where your workspace will live - -$ export FAKEROOT=/home/pedro/fakeroot -$ mkdir -p ${FAKEROOT}/src - -2.2 Building libcbor with MSAN - -$ git clone https://github.com/pjk/libcbor ${FAKEROOT}/src/libcbor -$ cd ${FAKEROOT}/src/libcbor - -Assuming libfido2 is under ${FAKEROOT}/src/libfido2: - -$ patch -p0 < ${FAKEROOT}/src/libfido2/fuzz/README -$ mkdir build -$ cd build -$ cmake -DCMAKE_C_FLAGS_DEBUG="-fsanitize=memory,undefined -g2 -fno-omit-frame-pointer" \ - -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug \ - -DCMAKE_INSTALL_PREFIX=${FAKEROOT} -DSANITIZE=OFF \ - -DCMAKE_INSTALL_LIBDIR=lib .. -$ make -$ make install - -2.2 Building OpenSSL with MSAN - -$ mkdir -p ${FAKEROOT}/src -$ git clone https://github.com/openssl/openssl ${FAKEROOT}/src/openssl -$ cd ${FAKEROOT}/src/openssl -$ ./Configure linux-x86_64-clang enable-msan --prefix=${FAKEROOT} \ - --openssldir=${FAKEROOT}/openssl -$ make clean -$ make -$ make install_sw - -2.3 Building libfido2 with libFuzzer and MSAN + UBSAN - -$ cd ${FAKEROOT}/src/libfido2 -$ mkdir build -$ cd build -$ cmake -DFUZZ=1 -DLIBFUZZER=1 -DMSAN=1 -DUBSAN=1 -DCMAKE_C_COMPILER=clang \ - -DCRYPTO_INCLUDE_DIRS=${FAKEROOT}/include \ - -DCRYPTO_LIBRARY_DIRS=${FAKEROOT}/lib \ - -DCBOR_INCLUDE_DIRS=${FAKEROOT}/include \ - -DCBOR_LIBRARY_DIRS=${FAKEROOT}/lib \ - -DCMAKE_BUILD_TYPE=Debug .. -$ make - -3. Running the libFuzzer harnesses - -When running under ASAN, you may want to set ASAN_OPTIONS to -'allocator_may_return_null=1:detect_stack_use_after_return=1'. - -The recommended way to run the harnesses is: - -$ fuzz_{assert,cred,credman,mgmt} -use_value_profile=1 -reload=30 \ - -print_pcs=1 -print_funcs=30 -timeout=10 CORPUS_DIR - -You may want to use -jobs or -workers depending on the number of logical -cores available for fuzzing. - -4. Auxiliary scripts - -A set of harnesses and auxiliary scripts can be found under harnesses/. To -compile coverage reports, adjust the harnesses to your setup and run 'report'. +the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below. diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c index aa049a2..e294b38 100644 -- cgit v1.2.3