mirror of
https://github.com/RPCS3/llvm-mirror.git
synced 2024-12-11 21:45:16 +00:00
[libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)
llvm-svn: 282460
This commit is contained in:
parent
ba61cede89
commit
e755516322
25
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
Executable file
25
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
[ -e $(basename $0) ] && echo "PLEASE USE THIS SCRIPT FROM ANOTHER DIR" && exit 1
|
||||
SCRIPT_DIR=$(dirname $0)
|
||||
EXECUTABLE_NAME_BASE=$(basename $SCRIPT_DIR)
|
||||
LIBFUZZER_SRC=$(dirname $(dirname $SCRIPT_DIR))
|
||||
JOBS=20
|
||||
|
||||
# FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=edge"
|
||||
FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div"
|
||||
|
||||
get() {
|
||||
[ ! -e SRC ] && git clone https://github.com/openssl/openssl.git SRC && (cd SRC && git checkout OpenSSL_1_0_1f)
|
||||
# [ ! -e SRC ] && wget https://www.openssl.org/source/openssl-1.0.1f.tar.gz && tar xf openssl-1.0.1f.tar.gz && mv openssl-1.0.1f SRC
|
||||
}
|
||||
build_lib() {
|
||||
rm -rf BUILD
|
||||
cp -rf SRC BUILD
|
||||
(cd BUILD && ./config && make clean && make CC="clang $FUZZ_CXXFLAGS" -j $JOBS)
|
||||
}
|
||||
|
||||
get
|
||||
build_lib
|
||||
$LIBFUZZER_SRC/build.sh
|
||||
clang++ -g $SCRIPT_DIR/target.cc -DCERT_PATH=\"$SCRIPT_DIR/\" $FUZZ_CXXFLAGS BUILD/libssl.a BUILD/libcrypto.a libFuzzer.a -o $EXECUTABLE_NAME_BASE
|
10
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key
Normal file
10
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key
Normal file
@ -0,0 +1,10 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA1AdZNDVOA9cXm97f
|
||||
erp1bukz2kohjToJS6Ma8fOb36VV9lQGmDNsJanXFiqafOgV+kh1HXqZ3l1I0JmZ
|
||||
71b+QQIDAQABAkAHGfPn5r0lLcgRpWZQwvv56f+dmQwEoeP7z4uwfNtEo0JcRD66
|
||||
1WRCvx3LE0VbNeaEdNmSPiRXhlwIggjfrBi9AiEA9UusPBcEp/QcPGs96nQQdQzE
|
||||
fw4x0HL/eSV3qHimT6MCIQDdSAiX4Ouxoiwn/9KhDMcZXRYX/OPzj6w8u1YIH7BI
|
||||
ywIgSozbJdAhHCJ2ym4VfUIVFl3xAmSAA0hQGLOocE1qzl0CIQDRicOxZmhqBiKA
|
||||
IgznOn1StEYWov+MhRFZVSBLgw5gbwIgJzOlSlu0Y22hEUsLCKyHBrCAZZHcZ020
|
||||
20pfogmQYn0=
|
||||
-----END PRIVATE KEY-----
|
10
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem
Normal file
10
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem
Normal file
@ -0,0 +1,10 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBYTCCAQugAwIBAgIJAMPQQtUHkx+KMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
|
||||
BAMMAWEwHhcNMTYwOTI0MjIyMDUyWhcNNDQwMjA5MjIyMDUyWjAMMQowCAYDVQQD
|
||||
DAFhMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANQHWTQ1TgPXF5ve33q6dW7pM9pK
|
||||
IY06CUujGvHzm9+lVfZUBpgzbCWp1xYqmnzoFfpIdR16md5dSNCZme9W/kECAwEA
|
||||
AaNQME4wHQYDVR0OBBYEFCXtEo9rkLuKGSlm0mFE4Yk/HDJVMB8GA1UdIwQYMBaA
|
||||
FCXtEo9rkLuKGSlm0mFE4Yk/HDJVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
|
||||
BQADQQCnldOnbdNJZxBO/J+979Urg8qDp8MnlN0979AmK1P5/YzPnAF4BU7QTOTE
|
||||
imS5qZ0MvziBa81nVlnnFRkIezcD
|
||||
-----END CERTIFICATE-----
|
39
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc
Normal file
39
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc
Normal file
@ -0,0 +1,39 @@
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <assert.h>
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#ifndef CERT_PATH
|
||||
# define CERT_PATH
|
||||
#endif
|
||||
|
||||
SSL_CTX *Init() {
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
ERR_load_BIO_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
SSL_CTX *sctx;
|
||||
assert (sctx = SSL_CTX_new(TLSv1_method()));
|
||||
/* These two file were created with this command:
|
||||
openssl req -x509 -newkey rsa:512 -keyout server.key \
|
||||
-out server.pem -days 9999 -nodes -subj /CN=a/
|
||||
*/
|
||||
assert(SSL_CTX_use_certificate_file(sctx, CERT_PATH "server.pem",
|
||||
SSL_FILETYPE_PEM));
|
||||
assert(SSL_CTX_use_PrivateKey_file(sctx, CERT_PATH "server.key",
|
||||
SSL_FILETYPE_PEM));
|
||||
return sctx;
|
||||
}
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||
static SSL_CTX *sctx = Init();
|
||||
SSL *server = SSL_new(sctx);
|
||||
BIO *sinbio = BIO_new(BIO_s_mem());
|
||||
BIO *soutbio = BIO_new(BIO_s_mem());
|
||||
SSL_set_bio(server, sinbio, soutbio);
|
||||
SSL_set_accept_state(server);
|
||||
BIO_write(sinbio, Data, Size);
|
||||
SSL_do_handshake(server);
|
||||
SSL_free(server);
|
||||
return 0;
|
||||
}
|
5
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh
Executable file
5
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
# Find heartbleed.
|
||||
set -x
|
||||
[ -e openssl-1.0.1f ] && ./openssl-1.0.1f -max_total_time=300 2>&1 | tee log
|
||||
grep -Pzo "(?s)ERROR: AddressSanitizer: heap-buffer-overflow.*READ of size.*#1 0x.* in tls1_process_heartbeat .*ssl/t1_lib.c:2586" log
|
Loading…
Reference in New Issue
Block a user