xref: /freebsd/contrib/libfido2/.actions/fuzz-linux (revision 60a517b66a69b8c011b04063ef63a938738719bd) 
1*60a517b6SEd Maste#!/bin/sh -eux
2*60a517b6SEd Maste
3*60a517b6SEd Maste# Copyright (c) 2020-2022 Yubico AB. All rights reserved.
4*60a517b6SEd Maste# Use of this source code is governed by a BSD-style
5*60a517b6SEd Maste# license that can be found in the LICENSE file.
6*60a517b6SEd Maste# SPDX-License-Identifier: BSD-2-Clause
7*60a517b6SEd Maste
8*60a517b6SEd MasteLIBCBOR_URL="https://github.com/pjk/libcbor"
9*60a517b6SEd MasteLIBCBOR_TAG="v0.10.2"
10*60a517b6SEd MasteLIBCBOR_ASAN="address alignment bounds"
11*60a517b6SEd MasteLIBCBOR_MSAN="memory"
12*60a517b6SEd MasteOPENSSL_URL="https://github.com/openssl/openssl"
13*60a517b6SEd MasteOPENSSL_TAG="openssl-3.0.12"
14*60a517b6SEd MasteZLIB_URL="https://github.com/madler/zlib"
15*60a517b6SEd MasteZLIB_TAG="v1.3"
16*60a517b6SEd MasteZLIB_ASAN="address alignment bounds undefined"
17*60a517b6SEd MasteZLIB_MSAN="memory"
18*60a517b6SEd MasteFIDO2_ASAN="address bounds fuzzer-no-link implicit-conversion leak"
19*60a517b6SEd MasteFIDO2_ASAN="${FIDO2_ASAN} pointer-compare pointer-subtract undefined"
20*60a517b6SEd MasteFIDO2_MSAN="fuzzer-no-link memory"
21*60a517b6SEd MasteCOMMON_CFLAGS="-g2 -fno-omit-frame-pointer"
22*60a517b6SEd MasteCOMMON_CFLAGS="${COMMON_CFLAGS} -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
23*60a517b6SEd MasteUBSAN_OPTIONS="halt_on_error=1:print_stacktrace=1:strict_string_checks=1"
24*60a517b6SEd MasteASAN_OPTIONS="${UBSAN_OPTIONS}:detect_invalid_pointer_pairs=2:detect_leaks=1"
25*60a517b6SEd MasteMSAN_OPTIONS="${UBSAN_OPTIONS}"
26*60a517b6SEd Maste
27*60a517b6SEd Mastecase "$1" in
28*60a517b6SEd Masteasan)
29*60a517b6SEd Maste	LIBCBOR_CFLAGS="-fsanitize=$(echo "${LIBCBOR_ASAN}" | tr ' ' ',')"
30*60a517b6SEd Maste	ZLIB_CFLAGS="-fsanitize=$(echo "${ZLIB_ASAN}" | tr ' ' ',')"
31*60a517b6SEd Maste	FIDO2_CFLAGS="-fsanitize=$(echo "${FIDO2_ASAN}" | tr ' ' ',')"
32*60a517b6SEd Maste	FIDO2_CFLAGS="${FIDO2_CFLAGS} -fsanitize-address-use-after-scope"
33*60a517b6SEd Maste	;;
34*60a517b6SEd Mastemsan)
35*60a517b6SEd Maste	LIBCBOR_CFLAGS="-fsanitize=$(echo "${LIBCBOR_MSAN}" | tr ' ' ',')"
36*60a517b6SEd Maste	ZLIB_CFLAGS="-fsanitize=$(echo "${ZLIB_MSAN}" | tr ' ' ',')"
37*60a517b6SEd Maste	FIDO2_CFLAGS="-fsanitize=$(echo "${FIDO2_MSAN}" | tr ' ' ',')"
38*60a517b6SEd Maste	FIDO2_CFLAGS="${FIDO2_CFLAGS} -fsanitize-memory-track-origins"
39*60a517b6SEd Maste	;;
40*60a517b6SEd Maste*)
41*60a517b6SEd Maste	echo "unknown sanitiser \"$1\"" 1>&2 && exit 1
42*60a517b6SEd Masteesac
43*60a517b6SEd Maste
44*60a517b6SEd Maste${CC} --version
45*60a517b6SEd MasteWORKDIR="${WORKDIR:-$(pwd)}"
46*60a517b6SEd MasteFAKEROOT="${FAKEROOT:-$(mktemp -d)}"
47*60a517b6SEd Mastecd "${FAKEROOT}"
48*60a517b6SEd Maste
49*60a517b6SEd Maste# libcbor
50*60a517b6SEd Mastegit clone --depth=1 "${LIBCBOR_URL}" -b "${LIBCBOR_TAG}"
51*60a517b6SEd Mastecd libcbor
52*60a517b6SEd Mastepatch -p0 -s < "${WORKDIR}/fuzz/README"
53*60a517b6SEd Mastemkdir build
54*60a517b6SEd Maste(cd build && cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_BUILD_TYPE=Debug \
55*60a517b6SEd Maste    -DCMAKE_C_FLAGS_DEBUG="${LIBCBOR_CFLAGS} ${COMMON_CFLAGS}" \
56*60a517b6SEd Maste    -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \
57*60a517b6SEd Maste    -DSANITIZE=OFF ..)
58*60a517b6SEd Mastemake VERBOSE=1 -j"$(nproc)" -C build all install
59*60a517b6SEd Mastecd -
60*60a517b6SEd Maste
61*60a517b6SEd Maste# openssl
62*60a517b6SEd Mastegit clone --depth=1 "${OPENSSL_URL}" -b "${OPENSSL_TAG}"
63*60a517b6SEd Mastecd openssl
64*60a517b6SEd Maste./Configure linux-x86_64-clang "enable-$1" --prefix="${FAKEROOT}" \
65*60a517b6SEd Maste    --openssldir="${FAKEROOT}/openssl" --libdir=lib
66*60a517b6SEd Mastemake install_sw
67*60a517b6SEd Mastecd -
68*60a517b6SEd Maste
69*60a517b6SEd Maste# zlib
70*60a517b6SEd Mastegit clone --depth=1 "${ZLIB_URL}" -b "${ZLIB_TAG}"
71*60a517b6SEd Mastecd zlib
72*60a517b6SEd MasteCFLAGS="${ZLIB_CFLAGS}" LDFLAGS="${ZLIB_CFLAGS}" ./configure \
73*60a517b6SEd Maste    --prefix="${FAKEROOT}"
74*60a517b6SEd Mastemake install
75*60a517b6SEd Mastecd -
76*60a517b6SEd Maste
77*60a517b6SEd Maste# libfido2
78*60a517b6SEd Mastemkdir build
79*60a517b6SEd Masteexport PKG_CONFIG_PATH="${FAKEROOT}/lib/pkgconfig"
80*60a517b6SEd Maste(cd build && cmake -DCMAKE_BUILD_TYPE=Debug \
81*60a517b6SEd Maste    -DCMAKE_C_FLAGS_DEBUG="${FIDO2_CFLAGS} ${COMMON_CFLAGS}" -DFUZZ=ON \
82*60a517b6SEd Maste    -DFUZZ_LDFLAGS="-fsanitize=fuzzer" "${WORKDIR}")
83*60a517b6SEd Mastemake -j"$(nproc)" -C build
84*60a517b6SEd Maste
85*60a517b6SEd Maste# fuzz
86*60a517b6SEd Mastemkdir corpus
87*60a517b6SEd Mastecurl -s https://storage.googleapis.com/yubico-libfido2/corpus.tgz |
88*60a517b6SEd Maste    tar -C corpus -zxf -
89*60a517b6SEd Masteexport UBSAN_OPTIONS ASAN_OPTIONS MSAN_OPTIONS
90*60a517b6SEd Mastefor f in assert bio cred credman hid largeblob mgmt netlink pcsc; do
91*60a517b6SEd Maste	build/fuzz/fuzz_${f} -use_value_profile=1 -reload=30 -print_pcs=1 \
92*60a517b6SEd Maste	    -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_${f}
93*60a517b6SEd Mastedone
94