[llvm] r282460 - [libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 26 17:27:41 PDT 2016
Author: kcc
Date: Mon Sep 26 19:27:40 2016
New Revision: 282460
URL: http://llvm.org/viewvc/llvm-project?rev=282460&view=rev
Log:
[libFuzzer] add a test based on openssl-1.0.1f (finds heartbleed)
Added:
llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/
llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh (with props)
llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key
llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem
llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc
llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh (with props)
Added: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh?rev=282460&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh (added)
+++ llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh Mon Sep 26 19:27:40 2016
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+[ -e $(basename $0) ] && echo "PLEASE USE THIS SCRIPT FROM ANOTHER DIR" && exit 1
+SCRIPT_DIR=$(dirname $0)
+EXECUTABLE_NAME_BASE=$(basename $SCRIPT_DIR)
+LIBFUZZER_SRC=$(dirname $(dirname $SCRIPT_DIR))
+JOBS=20
+
+# FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=edge"
+FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div"
+
+get() {
+ [ ! -e SRC ] && git clone https://github.com/openssl/openssl.git SRC && (cd SRC && git checkout OpenSSL_1_0_1f)
+# [ ! -e SRC ] && wget https://www.openssl.org/source/openssl-1.0.1f.tar.gz && tar xf openssl-1.0.1f.tar.gz && mv openssl-1.0.1f SRC
+}
+build_lib() {
+ rm -rf BUILD
+ cp -rf SRC BUILD
+ (cd BUILD && ./config && make clean && make CC="clang $FUZZ_CXXFLAGS" -j $JOBS)
+}
+
+get
+build_lib
+$LIBFUZZER_SRC/build.sh
+clang++ -g $SCRIPT_DIR/target.cc -DCERT_PATH=\"$SCRIPT_DIR/\" $FUZZ_CXXFLAGS BUILD/libssl.a BUILD/libcrypto.a libFuzzer.a -o $EXECUTABLE_NAME_BASE
Propchange: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
------------------------------------------------------------------------------
svn:executable = *
Added: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key?rev=282460&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key (added)
+++ llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.key Mon Sep 26 19:27:40 2016
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEA1AdZNDVOA9cXm97f
+erp1bukz2kohjToJS6Ma8fOb36VV9lQGmDNsJanXFiqafOgV+kh1HXqZ3l1I0JmZ
+71b+QQIDAQABAkAHGfPn5r0lLcgRpWZQwvv56f+dmQwEoeP7z4uwfNtEo0JcRD66
+1WRCvx3LE0VbNeaEdNmSPiRXhlwIggjfrBi9AiEA9UusPBcEp/QcPGs96nQQdQzE
+fw4x0HL/eSV3qHimT6MCIQDdSAiX4Ouxoiwn/9KhDMcZXRYX/OPzj6w8u1YIH7BI
+ywIgSozbJdAhHCJ2ym4VfUIVFl3xAmSAA0hQGLOocE1qzl0CIQDRicOxZmhqBiKA
+IgznOn1StEYWov+MhRFZVSBLgw5gbwIgJzOlSlu0Y22hEUsLCKyHBrCAZZHcZ020
+20pfogmQYn0=
+-----END PRIVATE KEY-----
Added: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem?rev=282460&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem (added)
+++ llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/server.pem Mon Sep 26 19:27:40 2016
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYTCCAQugAwIBAgIJAMPQQtUHkx+KMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
+BAMMAWEwHhcNMTYwOTI0MjIyMDUyWhcNNDQwMjA5MjIyMDUyWjAMMQowCAYDVQQD
+DAFhMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANQHWTQ1TgPXF5ve33q6dW7pM9pK
+IY06CUujGvHzm9+lVfZUBpgzbCWp1xYqmnzoFfpIdR16md5dSNCZme9W/kECAwEA
+AaNQME4wHQYDVR0OBBYEFCXtEo9rkLuKGSlm0mFE4Yk/HDJVMB8GA1UdIwQYMBaA
+FCXtEo9rkLuKGSlm0mFE4Yk/HDJVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADQQCnldOnbdNJZxBO/J+979Urg8qDp8MnlN0979AmK1P5/YzPnAF4BU7QTOTE
+imS5qZ0MvziBa81nVlnnFRkIezcD
+-----END CERTIFICATE-----
Added: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc?rev=282460&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc (added)
+++ llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/target.cc Mon Sep 26 19:27:40 2016
@@ -0,0 +1,39 @@
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <assert.h>
+#include <stdint.h>
+#include <stddef.h>
+
+#ifndef CERT_PATH
+# define CERT_PATH
+#endif
+
+SSL_CTX *Init() {
+ SSL_library_init();
+ SSL_load_error_strings();
+ ERR_load_BIO_strings();
+ OpenSSL_add_all_algorithms();
+ SSL_CTX *sctx;
+ assert (sctx = SSL_CTX_new(TLSv1_method()));
+ /* These two file were created with this command:
+ openssl req -x509 -newkey rsa:512 -keyout server.key \
+ -out server.pem -days 9999 -nodes -subj /CN=a/
+ */
+ assert(SSL_CTX_use_certificate_file(sctx, CERT_PATH "server.pem",
+ SSL_FILETYPE_PEM));
+ assert(SSL_CTX_use_PrivateKey_file(sctx, CERT_PATH "server.key",
+ SSL_FILETYPE_PEM));
+ return sctx;
+}
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ static SSL_CTX *sctx = Init();
+ SSL *server = SSL_new(sctx);
+ BIO *sinbio = BIO_new(BIO_s_mem());
+ BIO *soutbio = BIO_new(BIO_s_mem());
+ SSL_set_bio(server, sinbio, soutbio);
+ SSL_set_accept_state(server);
+ BIO_write(sinbio, Data, Size);
+ SSL_do_handshake(server);
+ SSL_free(server);
+ return 0;
+}
Added: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh?rev=282460&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh (added)
+++ llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh Mon Sep 26 19:27:40 2016
@@ -0,0 +1,5 @@
+#!/bin/bash
+# Find heartbleed.
+set -x
+[ -e openssl-1.0.1f ] && ./openssl-1.0.1f -max_total_time=300 2>&1 | tee log
+grep -Pzo "(?s)ERROR: AddressSanitizer: heap-buffer-overflow.*READ of size.*#1 0x.* in tls1_process_heartbeat .*ssl/t1_lib.c:2586" log
Propchange: llvm/trunk/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/test.sh
------------------------------------------------------------------------------
svn:executable = *
More information about the llvm-commits
mailing list