• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash -eu
2# Copyright 2021 Google LLC
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16################################################################################
17
18BASE=${SRC}/openvpn/src/openvpn
19
20apply_sed_changes() {
21  sed -i 's/read(/fuzz_read(/g' ${BASE}/console_systemd.c
22  sed -i 's/fgets(/fuzz_fgets(/g' ${BASE}/console_builtin.c
23  sed -i 's/fgets(/fuzz_fgets(/g' ${BASE}/misc.c
24  sed -i 's/#include "forward.h"/#include "fuzz_header.h"\n#include "forward.h"/g' ${BASE}/proxy.c
25  sed -i 's/select(/fuzz_select(/g' ${BASE}/proxy.c
26  sed -i 's/send(/fuzz_send(/g' ${BASE}/proxy.c
27  sed -i 's/recv(/fuzz_recv(/g' ${BASE}/proxy.c
28  sed -i 's/isatty/fuzz_isatty/g' ${BASE}/console_builtin.c
29
30  sed -i 's/fopen/fuzz_fopen/g' ${BASE}/console_builtin.c
31  sed -i 's/fclose/fuzz_fclose/g' ${BASE}/console_builtin.c
32
33  sed -i 's/sendto/fuzz_sendto/g' ${BASE}/socket.h
34  sed -i 's/#include "misc.h"/#include "misc.h"\nextern size_t fuzz_sendto(int sockfd, void *buf, size_t len, int flags, struct sockaddr *dest_addr, socklen_t addrlen);/g' ${BASE}/socket.h
35
36  sed -i 's/fp = (flags/fp = stdout;\n\/\//g' ${BASE}/error.c
37
38  sed -i 's/crypto_msg(M_FATAL/crypto_msg(M_WARN/g' ${BASE}/crypto_openssl.c
39  sed -i 's/msg(M_FATAL, \"Cipher/return;msg(M_FATAL, \"Cipher/g' ${BASE}/crypto.c
40  sed -i 's/msg(M_FATAL/msg(M_WARN/g' ${BASE}/crypto.c
41
42  sed -i 's/= write/= fuzz_write/g' ${BASE}/packet_id.c
43}
44
45# Changes in the code so we can fuzz it.
46git apply $SRC/crypto_patch.txt
47
48echo "" >> ${BASE}/openvpn.c
49echo "#include \"fake_fuzz_header.h\"" >> ${BASE}/openvpn.c
50echo "ssize_t fuzz_get_random_data(void *buf, size_t len) { return 0; }" >> ${BASE}/fake_fuzz_header.h
51echo "int fuzz_success;" >> ${BASE}/fake_fuzz_header.h
52
53# Apply hooking changes
54apply_sed_changes
55
56# Copy corpuses out
57zip -r $OUT/fuzz_verify_cert_seed_corpus.zip $SRC/boringssl/fuzz/cert_corpus
58
59# Build openvpn
60autoreconf -ivf
61./configure --disable-lz4 --with-crypto-library=openssl OPENSSL_LIBS="-L/usr/local/ssl/ -lssl -lcrypto" OPENSSL_CFLAGS="-I/usr/local/ssl/include/"
62make
63
64# Make openvpn object files into a library we can link fuzzers to
65cd src/openvpn
66rm openvpn.o
67ar r libopenvpn.a *.o
68
69# Compile our fuzz helper
70$CXX $CXXFLAGS -g -c $SRC/fuzz_randomizer.cpp -o $SRC/fuzz_randomizer.o
71
72# Compile the fuzzers
73for fuzzname in dhcp misc base64 proxy buffer route packet_id mroute list verify_cert forward crypto; do
74    $CC -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat \
75      -DPLUGIN_LIBDIR=\"/usr/local/lib/openvpn/plugins\" -std=c99 $CFLAGS \
76      -c $SRC/fuzz_${fuzzname}.c -o $SRC/fuzz_${fuzzname}.o
77
78    # Link with CXX
79    $CXX ${CXXFLAGS} ${LIB_FUZZING_ENGINE} $SRC/fuzz_${fuzzname}.o -o $OUT/fuzz_${fuzzname} $SRC/fuzz_randomizer.o \
80        libopenvpn.a ../../src/compat/.libs/libcompat.a /usr/lib/x86_64-linux-gnu/libnsl.a \
81        /usr/lib/x86_64-linux-gnu/libresolv.a /usr/lib/x86_64-linux-gnu/liblzo2.a \
82        -lssl -lcrypto -ldl
83done
84