I am just pointing out that there was a change. No action is required on your part. Sorry for the confusion.
Regards, Bhargava On 08/27/2018 05:43 PM, Ben Pfaff wrote: > Do you mean that we should change the name in OVS? Or are you just > pointing out that it changed? > > Thanks, > > Ben. > > On Mon, Aug 27, 2018 at 04:50:35PM +0200, Bhargava Shastry wrote: >> Minor change in naming: Now, the fuzzer binaries are called $name_target >> instead of $name_fuzzer >> >> On 08/27/2018 04:49 PM, Bhargava Shastry wrote: >>> Thanks. The new oss-fuzz scripts for fetching, building and fuzzing OvS >>> is upstream >>> >>> https://github.com/google/oss-fuzz/tree/master/projects/openvswitch >>> >>> On 08/24/2018 10:05 PM, Ben Pfaff wrote: >>>> Thanks. Applied to master. >>>> >>>> On Wed, Aug 22, 2018 at 03:09:26PM +0200, Bhargava Shastry wrote: >>>>> Sorry, I forgot to attach the patch itself. Here it is (attached). >>>>> >>>>> On 08/22/2018 02:37 PM, Bhargava Shastry wrote: >>>>>> Hi Ben, >>>>>> >>>>>> The patch looks good to me. I have signed it here: >>>>>> >>>>>> https://github.com/bshastry/ovs/tree/try-patch-v3 >>>>>> >>>>>> that was rebased on top off latest master. >>>>>> >>>>>> Regards, Bhargava >>>>>> >>>>>> On 08/22/2018 01:01 AM, Ben Pfaff wrote: >>>>>>> I sent a v2: https://patchwork.ozlabs.org/patch/960749/ >>>>>>> >>>>>>> If you like it, I need a Signed-off-by from you. >>>>>>> >>>>>>> Q: What's a Signed-off-by and how do I provide one? >>>>>>> >>>>>>> A: Free and open source software projects usually require a >>>>>>> contributor to provide some assurance that they're entitled to >>>>>>> contribute the code that they provide. Some projects, for >>>>>>> example, do this with a Contributor License Agreement (CLA) or >>>>>>> a copyright assignment that is signed on paper or >>>>>>> electronically. >>>>>>> >>>>>>> For this purpose, Open vSwitch has adopted something called the >>>>>>> Developer's Certificate of Origin (DCO), which is also used by >>>>>>> the Linux kernel and originated there. Informally stated, >>>>>>> agreeing to the DCO is the developer's way of attesting that a >>>>>>> particular commit that they are contributing is one that they >>>>>>> are allowed to contribute. You should visit >>>>>>> https://developercertificate.org/ to read the full statement of >>>>>>> the DCO, which is less than 200 words long. >>>>>>> >>>>>>> To certify compliance with the Developer's Certificate of >>>>>>> Origin for a particular commit, just add the following line to >>>>>>> the end of your commit message, properly substituting your name >>>>>>> and email address: >>>>>>> >>>>>>> Signed-off-by: Firstname Lastname <[email protected]> >>>>>>> >>>>>>> Git has special support for adding a Signed-off-by line to a >>>>>>> commit message: when you run "git commit", just add the -s >>>>>>> option, as in "git commit -s". If you use the "git citool" GUI >>>>>>> for commits, you can add a Signed-off-by line to the commit >>>>>>> message by pressing Control+S. Other Git user interfaces may >>>>>>> provide similar support. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Ben. >>>>>>> >>>>>>> On Fri, Aug 03, 2018 at 10:51:39AM +0200, Bhargava Shastry >>>>>>> wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> Gentle reminder to check if the proposed patch works :-) >>>>>>>> >>>>>>>> Thanks, Bhargava >>>>>>>> >>>>>>>> On 07/30/2018 11:58 AM, Bhargava Shastry wrote: >>>>>>>>> Any updates on the proposed patch? :-) >>>>>>>>> >>>>>>>>> On 07/16/2018 02:07 PM, Bhargava Shastry wrote: >>>>>>>>>> Update: I fixed these errors in the attached patch that >>>>>>>>>> supersedes the patch here >>>>>>>>>> (https://patchwork.ozlabs.org/patch/942118/) >>>>>>>>>> >>>>>>>>>> The major change is that I add the following line for >>>>>>>>>> each fuzz target binary in the tests/oss-fuzz/automake.mk >>>>>>>>>> file: >>>>>>>>>> >>>>>>>>>> e.g., tests_oss_fuzz_flow_extract_target_LDFLAGS = >>>>>>>>>> $(LIB_FUZZING_ENGINE) \ -lc++ >>>>>>>>>> >>>>>>>>>> Regards, Bhargava >>>>>>>>>> >>>>>>>>>> On 07/16/2018 11:45 AM, Bhargava Shastry wrote: >>>>>>>>>>> Oops, here's the link failure log: >>>>>>>>>>> >>>>>>>>>>> ``` >>>>>>>>>>> /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../x86_64-linux-gnu/crt1.o: >>>>>>>>>>> In function `_start': (.text+0x20): undefined reference >>>>>>>>>>> to `main' clang-7: error: linker command failed with >>>>>>>>>>> exit code 1 (use -v to see invocation) Makefile:4159: >>>>>>>>>>> recipe for target 'tests/oss-fuzz/flow_extract_target' >>>>>>>>>>> failed make: *** [tests/oss-fuzz/flow_extract_target] >>>>>>>>>>> Error 1 fuzzers build failed. ``` >>>>>>>>>>> >>>>>>>>>>> The main symbol is provided by libfuzzer (clang++ >>>>>>>>>>> -lFuzzingEngine) >>>>>>>>>>> >>>>>>>>>>> Regards, Bhargava >>>>>>>>>>> >>>>>>>>>>> On 07/16/2018 11:36 AM, Bhargava Shastry wrote: >>>>>>>>>>>> Hi Ben, >>>>>>>>>>>> >>>>>>>>>>>>> Never mind that one, I failed to check in some of >>>>>>>>>>>>> that. >>>>>>>>>>>>> >>>>>>>>>>>>> I sent it formally: >>>>>>>>>>>>> https://patchwork.ozlabs.org/patch/942118/ >>>>>>>>>>>> >>>>>>>>>>>> Thanks for the patch. This fixes the previous error. >>>>>>>>>>>> Now, there are some new errors during the >>>>>>>>>>>> compilation/linking process. I think most of this can >>>>>>>>>>>> be fixed if I figure out how automake works. In a >>>>>>>>>>>> nutshell, here's the problem: >>>>>>>>>>>> >>>>>>>>>>>> - oss-fuzz provides compilation flags that can be >>>>>>>>>>>> plugged in like so ``` CC=clang CXX=clang++ >>>>>>>>>>>> CFLAGS=-O1 -fno-omit-frame-pointer >>>>>>>>>>>> -gline-tables-only >>>>>>>>>>>> -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION >>>>>>>>>>>> -fsanitize=address -fsanitize-address-use-after-scope >>>>>>>>>>>> -fsanitize=fuzzer-no-link CXXFLAGS=-O1 >>>>>>>>>>>> -fno-omit-frame-pointer -gline-tables-only >>>>>>>>>>>> -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION >>>>>>>>>>>> -fsanitize=address -fsanitize-address-use-after-scope >>>>>>>>>>>> -fsanitize=fuzzer-no-link -stdlib=libc++ ``` >>>>>>>>>>>> >>>>>>>>>>>> And here's what I used to do before >>>>>>>>>>>> >>>>>>>>>>>> - Use clang and CFLAGS above plus some additional >>>>>>>>>>>> includes to compile each of the fuzzer tests - Use >>>>>>>>>>>> clang++ and additional linker flags to link these >>>>>>>>>>>> into a fuzzer binary >>>>>>>>>>>> >>>>>>>>>>>> Now, I see that the compilation works ``` >>>>>>>>>>>> depbase=`echo tests/oss-fuzz/flow_extract_target.o | >>>>>>>>>>>> sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ clang >>>>>>>>>>>> -DHAVE_CONFIG_H -I. -I ./include -I ./include -I >>>>>>>>>>>> ./lib -I ./lib -I/usr/include -Wstrict-prototypes >>>>>>>>>>>> -Wall -Wextra -Wno-sign-compare -Wpointer-arith >>>>>>>>>>>> -Wformat -Wformat-security -Wswitch-enum >>>>>>>>>>>> -Wunused-parameter -Wbad-function-cast -Wcast-align >>>>>>>>>>>> -Wstrict-prototypes -Wold-style-definition >>>>>>>>>>>> -Wmissing-prototypes -Wmissing-field-initializers >>>>>>>>>>>> -Wthread-safety -fno-strict-aliasing -Wswitch-bool >>>>>>>>>>>> -Wlogical-not-parentheses -Wsizeof-array-argument >>>>>>>>>>>> -Wshift-negative-value -Qunused-arguments -Wshadow >>>>>>>>>>>> -Wno-null-pointer-arithmetic -O1 >>>>>>>>>>>> -fno-omit-frame-pointer -gline-tables-only >>>>>>>>>>>> -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION >>>>>>>>>>>> -fsanitize=address -fsanitize-address-use-after-scope >>>>>>>>>>>> -fsanitize=fuzzer-no-link -MT >>>>>>>>>>>> tests/oss-fuzz/flow_extract_target.o -MD -MP -MF >>>>>>>>>>>> $depbase.Tpo -c -o >>>>>>>>>>>> tests/oss-fuzz/flow_extract_target.o >>>>>>>>>>>> tests/oss-fuzz/flow_extract_target.c &&\ mv -f >>>>>>>>>>>> $depbase.Tpo $depbase.Po ``` >>>>>>>>>>>> >>>>>>>>>>>> However, the linking fails ``` libtool: link: clang >>>>>>>>>>>> -Wstrict-prototypes -Wall -Wextra -Wno-sign-compare >>>>>>>>>>>> -Wpointer-arith -Wformat -Wformat-security >>>>>>>>>>>> -Wswitch-enum -Wunused-parameter -Wbad-function-cast >>>>>>>>>>>> -Wcast-align -Wstrict-prototypes >>>>>>>>>>>> -Wold-style-definition -Wmissing-prototypes >>>>>>>>>>>> -Wmissing-field-initializers -Wthread-safety >>>>>>>>>>>> -fno-strict-aliasing -Wswitch-bool >>>>>>>>>>>> -Wlogical-not-parentheses -Wsizeof-array-argument >>>>>>>>>>>> -Wshift-negative-value -Qunused-arguments -Wshadow >>>>>>>>>>>> -Wno-null-pointer-arithmetic -O1 >>>>>>>>>>>> -fno-omit-frame-pointer -gline-tables-only >>>>>>>>>>>> -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION >>>>>>>>>>>> -fsanitize=address -fsanitize-address-use-after-scope >>>>>>>>>>>> -fsanitize=fuzzer-no-link -o >>>>>>>>>>>> tests/oss-fuzz/flow_extract_target >>>>>>>>>>>> tests/oss-fuzz/flow_extract_target.o -L/usr/lib >>>>>>>>>>>> lib/.libs/libopenvswitch.a -lssl -lcrypto -latomic >>>>>>>>>>>> ``` >>>>>>>>>>>> >>>>>>>>>>>> I think adding -lFuzzingEngine should fix this but >>>>>>>>>>>> another variable between my build script and automake >>>>>>>>>>>> is the use of clang++ for linking. >>>>>>>>>>>> >>>>>>>>>>>> Do you know how I can experiment with different >>>>>>>>>>>> linker flags and compiler/linker in automake? >>>>>>>>>>>> >>>>>>>>>>>> Regards, Bhargava >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- Bhargava Shastry <[email protected]> Security in >>>>>>>> Telecommunications TU Berlin / Telekom Innovation >>>>>>>> Laboratories Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 >>>>>>>> Berlin, Germany phone: +49 30 8353 58235 Keybase: >>>>>>>> https://keybase.io/bshastry >>>>>> >>>>> >>>>> -- Bhargava Shastry <[email protected]> Security in >>>>> Telecommunications TU Berlin / Telekom Innovation Laboratories >>>>> Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany >>>>> phone: +49 30 8353 58235 Keybase: https://keybase.io/bshastry >>>> >>>>> From b1f8df05c7a93fe5bc71ee650daeb701c27ba7db Mon Sep 17 00:00:00 >>>>> 2001 From: Bhargava Shastry <[email protected]> >>>>> Date: Wed, 22 Aug 2018 15:07:15 +0200 Subject: [PATCH] Moved >>>>> oss-fuzz test cases to OvS repo and added a Make target for them. >>>>> >>>>> Signed-off-by: Bhargava Shastry <bshastry at >>>>> sec.t-labs.tu-berlin.de> --- Makefile.am >>>>> | 1 + tests/automake.mk | 2 + >>>>> tests/oss-fuzz/automake.mk | 30 ++ >>>>> .../config/flow_extract_target.options | 2 + >>>>> .../config/json_parser_target.options | 2 + >>>>> .../oss-fuzz/config/ofp_print_target.options | 3 + >>>>> tests/oss-fuzz/config/ovs.dict | 293 >>>>> ++++++++++++++++++ tests/oss-fuzz/flow_extract_target.c | >>>>> 15 + tests/oss-fuzz/fuzzer.h | 9 + >>>>> tests/oss-fuzz/json_parser_target.c | 42 +++ >>>>> tests/oss-fuzz/ofp_print_target.c | 47 +++ 11 files >>>>> changed, 446 insertions(+) create mode 100644 >>>>> tests/oss-fuzz/automake.mk create mode 100644 >>>>> tests/oss-fuzz/config/flow_extract_target.options create mode >>>>> 100644 tests/oss-fuzz/config/json_parser_target.options create mode >>>>> 100644 tests/oss-fuzz/config/ofp_print_target.options create mode >>>>> 100644 tests/oss-fuzz/config/ovs.dict create mode 100644 >>>>> tests/oss-fuzz/flow_extract_target.c create mode 100644 >>>>> tests/oss-fuzz/fuzzer.h create mode 100644 >>>>> tests/oss-fuzz/json_parser_target.c create mode 100644 >>>>> tests/oss-fuzz/ofp_print_target.c >>>>> >>>>> diff --git a/Makefile.am b/Makefile.am index 788972804..ff472ad81 >>>>> 100644 --- a/Makefile.am +++ b/Makefile.am @@ -102,6 +102,7 @@ >>>>> dist_pkgdata_SCRIPTS = dist_sbin_SCRIPTS = dist_scripts_SCRIPTS = >>>>> dist_scripts_DATA = +EXTRA_PROGRAMS = INSTALL_DATA_LOCAL = >>>>> UNINSTALL_LOCAL = man_MANS = diff --git a/tests/automake.mk >>>>> b/tests/automake.mk index 49ceb415d..b29a37ec8 100644 --- >>>>> a/tests/automake.mk +++ b/tests/automake.mk @@ -477,3 +477,5 @@ >>>>> clean-pki: rm -f tests/pki/stamp rm -rf tests/pki endif + +include >>>>> tests/oss-fuzz/automake.mk diff --git a/tests/oss-fuzz/automake.mk >>>>> b/tests/oss-fuzz/automake.mk new file mode 100644 index >>>>> 000000000..9f46de6d0 --- /dev/null +++ >>>>> b/tests/oss-fuzz/automake.mk @@ -0,0 +1,30 @@ +OSS_FUZZ_TARGETS = >>>>> \ + tests/oss-fuzz/flow_extract_target \ + >>>>> tests/oss-fuzz/json_parser_target \ + >>>>> tests/oss-fuzz/ofp_print_target +EXTRA_PROGRAMS += >>>>> $(OSS_FUZZ_TARGETS) +oss-fuzz-targets: $(OSS_FUZZ_TARGETS) + >>>>> +tests_oss_fuzz_flow_extract_target_SOURCES = \ + >>>>> tests/oss-fuzz/flow_extract_target.c \ + tests/oss-fuzz/fuzzer.h >>>>> +tests_oss_fuzz_flow_extract_target_LDADD = lib/libopenvswitch.la >>>>> +tests_oss_fuzz_flow_extract_target_LDFLAGS = $(LIB_FUZZING_ENGINE) >>>>> -lc++ + +tests_oss_fuzz_json_parser_target_SOURCES = \ + >>>>> tests/oss-fuzz/json_parser_target.c \ + tests/oss-fuzz/fuzzer.h >>>>> +tests_oss_fuzz_json_parser_target_LDADD = lib/libopenvswitch.la >>>>> +tests_oss_fuzz_json_parser_target_LDFLAGS = $(LIB_FUZZING_ENGINE) >>>>> -lc++ + +tests_oss_fuzz_ofp_print_target_SOURCES = \ + >>>>> tests/oss-fuzz/ofp_print_target.c \ + tests/oss-fuzz/fuzzer.h >>>>> +tests_oss_fuzz_ofp_print_target_LDADD = lib/libopenvswitch.la >>>>> +tests_oss_fuzz_ofp_print_target_LDFLAGS = $(LIB_FUZZING_ENGINE) >>>>> -lc++ + +EXTRA_DIST += \ + >>>>> tests/oss-fuzz/config/flow_extract_target.options \ + >>>>> tests/oss-fuzz/config/json_parser_target.options \ + >>>>> tests/oss-fuzz/config/ofp_print_target.options \ + >>>>> tests/oss-fuzz/config/ovs.dict diff --git >>>>> a/tests/oss-fuzz/config/flow_extract_target.options >>>>> b/tests/oss-fuzz/config/flow_extract_target.options new file mode >>>>> 100644 index 000000000..7a77aaf04 --- /dev/null +++ >>>>> b/tests/oss-fuzz/config/flow_extract_target.options @@ -0,0 +1,2 >>>>> @@ +[libfuzzer] +dict = ovs.dict diff --git >>>>> a/tests/oss-fuzz/config/json_parser_target.options >>>>> b/tests/oss-fuzz/config/json_parser_target.options new file mode >>>>> 100644 index 000000000..8d3739a53 --- /dev/null +++ >>>>> b/tests/oss-fuzz/config/json_parser_target.options @@ -0,0 +1,2 @@ >>>>> +[libfuzzer] +dict = json.dict diff --git >>>>> a/tests/oss-fuzz/config/ofp_print_target.options >>>>> b/tests/oss-fuzz/config/ofp_print_target.options new file mode >>>>> 100644 index 000000000..7f117292e --- /dev/null +++ >>>>> b/tests/oss-fuzz/config/ofp_print_target.options @@ -0,0 +1,3 @@ >>>>> +[libfuzzer] +close_fd_mask = 3 +dict = ovs.dict diff --git >>>>> a/tests/oss-fuzz/config/ovs.dict b/tests/oss-fuzz/config/ovs.dict >>>>> new file mode 100644 index 000000000..243b243ab --- /dev/null +++ >>>>> b/tests/oss-fuzz/config/ovs.dict @@ -0,0 +1,293 @@ +"0.2" >>>>> +"ADD_SUBSCRIBE" +"-cbc" +"CLEARSUB" +"CLIENT" +"GIMME" >>>>> +"GIMMEDEFS" +"GIMMESTATS" +"HM" +"-hmac96" +"HM_CTL" +"HM_STAT" >>>>> +"HMST_CLIENT" +"LOGIN" +"\\MAILSLOT\\BROWSE" +"NET-ANNOUNCED" >>>>> +"NET-VISIBLE" +"-nodefs" +"NONE" +"OPSTAFF" +"\\PIPE\\LANMAN" >>>>> +"public" +"REALM" +"REALM-ANNOUNCED" +"REALM-VISIBLE" >>>>> +"REQ_SUBSCRIBE" +"RLM_SUBSCRIBE" +"RLM_UNSUBSCRIBE" +"SENT" +" >>>>> %ssub%s" +"SUBSCRIBE" +"SUBSCRIBE_NODEFS" +"un" +"UNSUBSCRIBE" >>>>> +"USER_FLUSH" +"USER_HIDE" +"USER_LOCATE" +"USER_UNHIDE" +"WG_CTL" >>>>> +"\x01\x00" +"\x01\x00\x00" +"\x01\x00\x01" +"\x01\x00\x02" >>>>> +"\x01\x00\x03" +"\x01\x00\x05" +"\x01\x01" +"\x01\x02" >>>>> +"\x01\x03" +"\x01\x04" +"\x01\x05" +"\x01\x07" +"\x01\x0B" >>>>> +"\x01\x0C" +"\x01\x10" +"\x01\x11" +"\x01\x12" +"\x01\x13" >>>>> +"\x01\x14" +"\x01\x15" +"\x01\x16" +"\x01\xE8\x48" +"\x01\xF4" >>>>> +"\x01\xF5" +"\x01\xF6" +"\x01\xF7" +"\x01\xF8" +"\x01\xF9" >>>>> +"\x01\xFA" +"\x01\xFB" +"\x01\xFC" +"\x01\xFD" +"\x01\xFE" >>>>> +"\x01\xFF" +"\x02\x00" +"\x02\x00\x00" +"\x02\x01" +"\x02\x02" >>>>> +"\x02\x03" +"\x02\x04" +"\x02\x05" +"\x02\x06" +"\x02\x07" >>>>> +"\x02\x08" +"\x02\x09" +"\x02\x0C" +"\x02\x0E" +"\x02\x0F" >>>>> +"\x02\x11" +"\x02\x12" +"\x02\x58" +"\x02\x81" +"\x02\x83" >>>>> +"\x03\x00" +"\x03\x01" +"\x03\x02" +"\x03\x03" +"\x03\x06" >>>>> +"\x03\xE8" +"\x03\xE9" +"\x03\xEA" +"\x03\xEB" +"\x03\xEC" >>>>> +"\x03\xED" +"\x03\xEE" +"\x03\xEF" +"\x03\xF0" +"\x03\xF1" >>>>> +"\x03\xF2" +"\x03\xF3" +"\x03\xF4" +"\x03\xFF\xFF\xFF" >>>>> +"\x04\x00" +"\x04\x00\x00" +"\x04\x01" +"\x04\x02" +"\x04\x03" >>>>> +"\x04\x04" +"\x04\x51" +"\x04\x52" +"\x04\x53" +"\x04\x55" >>>>> +"\x04\x56" +"\x05\x00" +"\x05\x01" +"\x05\x02" +"\x05\x03" >>>>> +"\x05\x53" +"\x05\xCC" +"\x05\xDC" +"\x06\x00" +"\x06\x01" >>>>> +"\x06\xCF" +"\x07\x07" +"\x07\xC1" +"\x07\xFF" +"\x08\x00" >>>>> +"\x08\x00\x00\x00" +"\x08\x00\x07" +"\x08\x01" +"\x08\x06" >>>>> +"\x08\x38\x00\x00" +"\x0A\x00\xB1" +"\x0C\x01" +"\x0C\x02" >>>>> +"\x0C\x03" +"\x0C\x04" +"\x0C\x05" +"\x0C\x06" +"\x0C\x08" >>>>> +"\x0D\x80" +"\x0E\x00" +"\x0E\x10" +"\x0E\xC8" +"\x0E\xC9" >>>>> +"\x0F\x42\x40" +"\x0F\xFF" +"\x10\x00" +"\x11\x11" +"\x11\xD7" >>>>> +"\x12\x0F" +"\x12\xBB" +"\x1A\x30" +"\x1A\x31" +"\x1A\x32" >>>>> +"\x1B\x21" +"\x1B\x58" +"\x1B\x59" +"\x1B\x5A" +"\x1B\x5B" >>>>> +"\x1B\x5C" +"\x1B\x5D" +"\x1B\x5F" +"\x1B\x61" +"\x1F\x00" >>>>> +"\x1F\x40" +"\x1F\xFF" +"\x1F\xFF\xFF" +"\x20\x00" +"\x20\x03" >>>>> +"\x20\x04" +"\x27\x10" +"\x27\x13" +"\x2F\xBF" +"\x35\x00\x00" >>>>> +"\x3C\x13" +"\x40\x00" +"\x40\x04" +"\x40\x80" >>>>> +"\x47\x00\x06\x01" +"\x4E\x20" +"\x4E\x21" +"\x4E\x22" >>>>> +"\x4E\x23" +"\x4E\x24" +"\x4E\x25" +"\x4E\x26" +"\x4E\x27" >>>>> +"\x4E\x28" +"\x4E\x29" +"\x4E\x2A" +"\x4E\x2C" +"\x60\x00" >>>>> +"\x60\x01" +"\x60\x02" +"\x60\x03" +"\x60\x04" +"\x60\x07" >>>>> +"\x7F\xFF" +"\x7F\xFF\xFF" +"\x80\x00" +"\x80\x00\x00\x00" >>>>> +"\x80\x01" +"\x80\x05" +"\x80\x0A" +"\x80\x21" >>>>> +"\x80\x21\x10\x01" +"\x80\x21\x10\x02" +"\x80\x23" +"\x80\x35" >>>>> +"\x80\x57" +"\x80\x9B" +"\x80\xC2" +"\x80\xF3" +"\x80\xFD" >>>>> +"\x81\x00" +"\x81\x37" +"\x82\x81" +"\x83\xAA\x7E\x80" >>>>> +"\x85\xBE" +"\x86\xDD" +"\x88\x08" +"\x88\x09" +"\x88\x0B" >>>>> +"\x88\x47" +"\x88\x48" +"\x88\x63" +"\x88\x64" +"\x88\x6F" >>>>> +"\x88\x70" +"\x88\x8E" +"\x88\x99" +"\x88\xA2" +"\x88\xA8" >>>>> +"\x88\xCA" +"\x88\xCC" +"\x89\x02" +"\x89\x3A" +"\x89\x47" >>>>> +"\x90\x00" +"\x91\x00" +"\xA0\x00" +"\xAB\xCD" +"\xB0\x00" >>>>> +"\xC0\x00\x00\x00" +"\xC0\x21" +"\xC0\x23" +"\xC0\x25" >>>>> +"\xC0\x27" +"\xC0\x2B" +"\xC0\x2D" +"\xC1\x23" +"\xC2\x23" >>>>> +"\xC2\x27" +"\xDA\xDA" +"\xE0\x00" +"\xE0\x00\x00\x00" >>>>> +"\xF0\x00\x00\x00" +"\xF1\x0A" +"\xF9\x89" +"\xFC\x00" >>>>> +"\xFD\xE9" +"\xFE\xFE" +"\xFF\x00" +"\xFF\x00\x00" >>>>> +"\xFF\x00\x00\x00" +"\xFF\xF0" +"\xFF\xF8" +"\xFF\xFD" >>>>> +"\xFF\xFE" +"\xFF\xFF" +"\xFF\xFF\x00\x00" +"\xFF\xFF\xF0\x00" >>>>> +"\xFF\xFF\xFF\x00" +"\xFF\xFF\xFF\x01" +"\xFF\xFF\xFF\x02" >>>>> +"\xFF\xFF\xFF\x03" +"\xFF\xFF\xFF\xEF" +"\xFF\xFF\xFF\xFD" >>>>> +"\xFF\xFF\xFF\xFE" +"\xFF\xFF\xFF\xFF" +"ZEPH" +"ZEPHYR_ADMIN" >>>>> +"ZEPHYR_CTL" diff --git a/tests/oss-fuzz/flow_extract_target.c >>>>> b/tests/oss-fuzz/flow_extract_target.c new file mode 100644 index >>>>> 000000000..e03cf136c --- /dev/null +++ >>>>> b/tests/oss-fuzz/flow_extract_target.c @@ -0,0 +1,15 @@ +#include >>>>> <config.h> +#include "fuzzer.h" +#include "dp-packet.h" +#include >>>>> "flow.h" + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t >>>>> size) +{ + struct dp_packet packet; + struct flow flow; + + >>>>> dp_packet_use_const(&packet, data, size); + >>>>> flow_extract(&packet, &flow); + return 0; +} diff --git >>>>> a/tests/oss-fuzz/fuzzer.h b/tests/oss-fuzz/fuzzer.h new file mode >>>>> 100644 index 000000000..f87ae59e9 --- /dev/null +++ >>>>> b/tests/oss-fuzz/fuzzer.h @@ -0,0 +1,9 @@ +#ifndef FUZZER_H >>>>> +#define FUZZER_H 1 + +#include <stdint.h> +#include <stddef.h> + >>>>> +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + >>>>> +#endif /* fuzzer.h */ diff --git >>>>> a/tests/oss-fuzz/json_parser_target.c >>>>> b/tests/oss-fuzz/json_parser_target.c new file mode 100644 index >>>>> 000000000..e39e04a0d --- /dev/null +++ >>>>> b/tests/oss-fuzz/json_parser_target.c @@ -0,0 +1,42 @@ +#include >>>>> <config.h> +#include "fuzzer.h" +#include "jsonrpc.h" +#include >>>>> "openvswitch/json.h" +#include "ovsdb-error.h" +#include >>>>> "ovsdb/table.h" +#include <assert.h> +#include <string.h> + +int >>>>> +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + >>>>> if (!size || data[size - 1]) { + return 0; + } + + >>>>> struct json *j1 = json_from_string((const char *)data); + if >>>>> (j1->type == JSON_STRING) { + json_destroy(j1); + >>>>> return 0; + } + + free(json_to_string(j1, JSSF_SORT | >>>>> JSSF_PRETTY)); + + struct jsonrpc_msg *msg; + char *error = >>>>> jsonrpc_msg_from_json(j1, &msg); /* Frees 'j1'. */ + if (error) >>>>> { + free(error); + return 0; + } + + struct >>>>> json *j2 = jsonrpc_msg_to_json(msg); /* Frees 'msg'. */ + if >>>>> (j2->type == JSON_STRING) { + json_destroy(j2); + >>>>> return 0; + } + + free(json_to_string(j2, JSSF_SORT | >>>>> JSSF_PRETTY)); + json_destroy(j2); + + return 0; +} diff >>>>> --git a/tests/oss-fuzz/ofp_print_target.c >>>>> b/tests/oss-fuzz/ofp_print_target.c new file mode 100644 index >>>>> 000000000..126f2623f --- /dev/null +++ >>>>> b/tests/oss-fuzz/ofp_print_target.c @@ -0,0 +1,47 @@ +#include >>>>> <config.h> +#include "fuzzer.h" +#include "dp-packet.h" +#include >>>>> "openvswitch/ofp-print.h" +#include "openvswitch/ofpbuf.h" >>>>> +#include "openvswitch/vlog.h" + +int +LLVMFuzzerTestOneInput(const >>>>> uint8_t *data, size_t size) +{ + if (size < sizeof(struct >>>>> ofp_header)) { + return 0; + } + + static bool isInit >>>>> = false; + if (!isInit) { + vlog_set_verbosity("off"); + >>>>> isInit = true; + } + + struct ofpbuf b; + >>>>> ofpbuf_use_const(&b, data, size); + for (;;) { + /* Check >>>>> if ofpbuf contains ofp header. */ + struct ofp_header *oh = >>>>> ofpbuf_at(&b, 0, sizeof *oh); + if (!oh) { + >>>>> break; + } + + /* Check if length is geq than lower >>>>> bound. */ + size_t length = ntohs(oh->length); + if >>>>> (length < sizeof *oh) { + break; + } + + >>>>> /* Check if ofpbuf contains payload. */ + size_t tail_len = >>>>> length - sizeof *oh; + void *tail = ofpbuf_at(&b, sizeof >>>>> *oh, tail_len); + if (!tail) { + break; + >>>>> } + + ofp_print(stdout, ofpbuf_pull(&b, length), length, >>>>> NULL, NULL, 2); + } + ofpbuf_uninit(&b); + return 0; +} -- >>>>> 2.17.1 >>>>> >>>> >>> >> >> -- >> Bhargava Shastry <[email protected]> >> Security in Telecommunications >> TU Berlin / Telekom Innovation Laboratories >> Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany >> phone: +49 30 8353 58235 >> Keybase: https://keybase.io/bshastry -- Bhargava Shastry <[email protected]> Security in Telecommunications TU Berlin / Telekom Innovation Laboratories Ernst-Reuter-Platz 7, Sekr TEL 17 / D - 10587 Berlin, Germany phone: +49 30 8353 58235 Keybase: https://keybase.io/bshastry _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
