Makefile.am | 14 +++++++++++++- fuzzer/Admin.cpp | 22 ++++++++++++++++++++++ fuzzer/admin-data/load | 9 +++++++++ net/WebSocketHandler.hpp | 2 +- wsd/Admin.cpp | 6 +++++- wsd/Admin.hpp | 6 +++--- wsd/Auth.cpp | 2 +- 7 files changed, 54 insertions(+), 7 deletions(-)
New commits: commit a4e0a00bfe746ccf058dfd46de34bf4fabf5c059 Author: Miklos Vajna <[email protected]> AuthorDate: Wed Apr 1 17:22:23 2020 +0200 Commit: Miklos Vajna <[email protected]> CommitDate: Thu Apr 2 12:11:24 2020 +0200 Add an initial libfuzzer based fuzzer for the admin console Run the actual fuzzer like this: ./admin_fuzzer -max_len=16384 fuzzer/admin-data/ Change-Id: I5891df8033ff1837afce86775ee62447587f2f20 Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91504 Tested-by: Jenkins CollaboraOffice <[email protected]> Reviewed-by: Miklos Vajna <[email protected]> diff --git a/Makefile.am b/Makefile.am index e4e6ed5db..3ce60690d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -131,7 +131,9 @@ noinst_PROGRAMS = clientnb \ loolsocketdump if ENABLE_LIBFUZZER -noinst_PROGRAMS += clientsession_fuzzer +noinst_PROGRAMS += \ + admin_fuzzer \ + clientsession_fuzzer else noinst_PROGRAMS += loolwsd_fuzzer endif @@ -161,6 +163,16 @@ loolwsd_fuzzer_SOURCES = $(loolwsd_sources) \ $(shared_sources) \ kit/DummyLibreOfficeKit.cpp +admin_fuzzer_CPPFLAGS = \ + -DKIT_IN_PROCESS=1 \ + $(AM_CPPFLAGS) +admin_fuzzer_SOURCES = \ + $(loolwsd_sources) \ + $(loolforkit_sources) \ + $(shared_sources) \ + fuzzer/Admin.cpp +admin_fuzzer_LDFLAGS = -fsanitize=fuzzer $(AM_LDFLAGS) + clientsession_fuzzer_CPPFLAGS = \ -DKIT_IN_PROCESS=1 \ $(AM_CPPFLAGS) diff --git a/fuzzer/Admin.cpp b/fuzzer/Admin.cpp new file mode 100644 index 000000000..695b928b0 --- /dev/null +++ b/fuzzer/Admin.cpp @@ -0,0 +1,22 @@ +#include <iostream> + +#include "Admin.hpp" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + Admin& admin = Admin::instance(); + auto handler = std::make_shared<AdminSocketHandler>(&admin); + + std::string input(reinterpret_cast<const char*>(data), size); + std::stringstream ss(input); + std::string line; + while (std::getline(ss, line, '\n')) + { + std::vector<char> lineVector(line.data(), line.data() + line.size()); + handler->handleMessage(lineVector); + } + + return 0; +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/fuzzer/admin-data/load b/fuzzer/admin-data/load new file mode 100644 index 000000000..971d315e5 --- /dev/null +++ b/fuzzer/admin-data/load @@ -0,0 +1,9 @@ +auth jwt=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsb29sIiwic3ViIjoiYWRtaW4iLCJhdWQiOiJhZG1pbiIsIm5tZSI6ImFkbWluIiwiZXhwIjoiMTU4NTU3ODM1NiJ9.v_VuMvhuUHlcQN-vTzPl3UzIbkmXd5brIVc_RjSa10KjOo9lG6JXw1Jpvin1pbP2Q4QtyQo5o9yGlVW_JdMoA7neeQkq4FwA2MCJzXu9Kp62SB8KVqDkVafNBS4ZV_oGLU8tAjuGDWPC9oZj4H-07j6L9LC3SWbKlLUvdsC5nixXRiijHj6TWP_7HnVrPX1OuaaJM47Q--Wu7_3fI5pj4OLKYzLPX6ONlhO3YQKY1GaVLvIzbRo2J-A0x0KFk_k0JWo6dEtSK3Hr47xxyn3nt1AuyHowgxO8G2IKPGcFjrMcyKS2khh3DGNa5Re21Jm-e3LhtNX-sCpWnXhTuQqBxQ +documents +subscribe adddoc rmdoc resetidle propchange modifications +mem_consumed +active_docs_count +active_users_count +sent_bytes +recv_bytes +uptime diff --git a/net/WebSocketHandler.hpp b/net/WebSocketHandler.hpp index 43d710ea4..b23c3951f 100644 --- a/net/WebSocketHandler.hpp +++ b/net/WebSocketHandler.hpp @@ -540,7 +540,7 @@ public: int sendMessage(const char* data, const size_t len, const WSOpCode code, const bool flush = true) const { int unitReturn = -1; - if (UnitBase::get().filterSendMessage(data, len, code, flush, unitReturn)) + if (!Util::isFuzzing() && UnitBase::get().filterSendMessage(data, len, code, flush, unitReturn)) return unitReturn; //TODO: Support fragmented messages. diff --git a/wsd/Admin.cpp b/wsd/Admin.cpp index 7532206a5..017600af1 100644 --- a/wsd/Admin.cpp +++ b/wsd/Admin.cpp @@ -283,7 +283,11 @@ AdminSocketHandler::AdminSocketHandler(Admin* adminManager) void AdminSocketHandler::sendTextFrame(const std::string& message) { - UnitWSD::get().onAdminQueryMessage(message); + if (!Util::isFuzzing()) + { + UnitWSD::get().onAdminQueryMessage(message); + } + if (_isAuthenticated) { LOG_TRC("send admin text frame '" << message << "'"); diff --git a/wsd/Admin.hpp b/wsd/Admin.hpp index 6a2a3c752..5d3cd4b05 100644 --- a/wsd/Admin.hpp +++ b/wsd/Admin.hpp @@ -38,13 +38,13 @@ public: static void subscribeAsync(const std::shared_ptr<AdminSocketHandler>& handler); + /// Process incoming websocket messages + void handleMessage(const std::vector<char> &data) override; + private: /// Sends text frames simply to authenticated clients. void sendTextFrame(const std::string& message); - /// Process incoming websocket messages - void handleMessage(const std::vector<char> &data) override; - private: Admin* _admin; int _sessionId; diff --git a/wsd/Auth.cpp b/wsd/Auth.cpp index 514a3d508..c1a159748 100644 --- a/wsd/Auth.cpp +++ b/wsd/Auth.cpp @@ -146,7 +146,7 @@ bool JWTAuth::verify(const std::string& accessToken) std::chrono::system_clock::time_point now = std::chrono::system_clock::now(); std::time_t curtime = std::chrono::system_clock::to_time_t(now); - if (curtime > decodedExptime) + if (!Util::isFuzzing() && curtime > decodedExptime) { LOG_INF("JWTAuth:verify: JWT expired; curtime:" << curtime << ", exp:" << decodedExptime); return false; _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
