lib/fuzzing/wscript_build

   1 #!/usr/bin/env python
   2
   3 from waflib import Build
   4
   5 bld.SAMBA_SUBSYSTEM('fuzzing',
   6                     source='fuzzing.c',
   7                     deps='talloc')
   8
   9 bld.SAMBA_SUBSYSTEM('afl-fuzz-main',
  10     source='afl-fuzz-main.c',
  11     deps='samba-util',
  12     enabled=bld.env.enable_afl_fuzzer
  13     )
  14
  15 bld.SAMBA_BINARY('fuzz_tiniparser',
  16                  source='fuzz_tiniparser.c',
  17                  deps='fuzzing tiniparser talloc afl-fuzz-main',
  18                  fuzzer=True)
  19
  20 bld.SAMBA_BINARY('fuzz_oLschema2ldif',
  21                  source='fuzz_oLschema2ldif.c',
  22                  deps='fuzzing oLschema2ldif-lib afl-fuzz-main',
  23                  fuzzer=True)
  24
  25 bld.SAMBA_BINARY('fuzz_reg_parse',
  26                  source='fuzz_reg_parse.c',
  27                  deps='fuzzing samba3-util smbconf REGFIO afl-fuzz-main',
  28                  fuzzer=True)
  29
  30 bld.SAMBA_BINARY('fuzz_nmblib_parse_packet',
  31                  source='fuzz_nmblib_parse_packet.c',
  32                  deps='fuzzing libsmb afl-fuzz-main',
  33                  fuzzer=True)
  34
  35 bld.SAMBA_BINARY('fuzz_regfio',
  36                  source='fuzz_regfio.c',
  37                  deps='fuzzing samba3-util smbconf REGFIO afl-fuzz-main',
  38                  fuzzer=True)
  39
  40 bld.SAMBA_BINARY('fuzz_lzxpress',
  41                  source='fuzz_lzxpress.c',
  42                  deps='fuzzing LZXPRESS afl-fuzz-main',
  43                  fuzzer=True)
  44
  45 bld.SAMBA_BINARY('fuzz_ldap_decode',
  46                  source='fuzz_ldap_decode.c',
  47                  deps='fuzzing cli-ldap afl-fuzz-main',
  48                  fuzzer=True)
  49
  50 bld.SAMBA_BINARY('fuzz_ldb_parse_control',
  51                  source='fuzz_ldb_parse_control.c',
  52                  deps='fuzzing ldb afl-fuzz-main',
  53                  fuzzer=True)
  54
  55 bld.SAMBA_BINARY('fuzz_ldb_dn_explode',
  56                  source='fuzz_ldb_dn_explode.c',
  57                  deps='fuzzing ldb afl-fuzz-main',
  58                  fuzzer=True)
  59
  60 bld.SAMBA_BINARY('fuzz_ldb_ldif_read',
  61                  source='fuzz_ldb_ldif_read.c',
  62                  deps='fuzzing ldb afl-fuzz-main',
  63                  fuzzer=True)
  64
  65 bld.SAMBA_BINARY('fuzz_ldb_parse_binary_decode',
  66                  source='fuzz_ldb_parse_binary_decode.c',
  67                  deps='fuzzing ldb afl-fuzz-main',
  68                  fuzzer=True)
  69
  70 bld.SAMBA_BINARY('fuzz_ldb_parse_tree',
  71                  source='fuzz_ldb_parse_tree.c',
  72                  deps='fuzzing ldb afl-fuzz-main',
  73                  fuzzer=True)
  74
  75 bld.SAMBA_BINARY('fuzz_dcerpc_parse_binding',
  76                  source='fuzz_dcerpc_parse_binding.c',
  77                  deps='fuzzing dcerpc afl-fuzz-main',
  78                  fuzzer=True)
  79
  80 bld.SAMBA_BINARY('fuzz_cli_credentials_parse_string',
  81                  source='fuzz_cli_credentials_parse_string.c',
  82                  deps='fuzzing samba-credentials afl-fuzz-main',
  83                  fuzzer=True)
  84
  85 # The fuzz_type and fuzz_function parameters make the built
  86 # fuzzer take the same input as ndrdump and so the same that
  87 # could be sent to the client or server as the stub data.
  88
  89 def SAMBA_NDR_FUZZ(bld, interface, auto_deps=False,
  90                    fuzz_type=None, fuzz_function=None):
  91     name = "fuzz_ndr_%s" % (interface.lower())
  92     fuzz_dir = os.path.join(bld.env.srcdir, 'lib/fuzzing')
  93     fuzz_reldir = os.path.relpath(fuzz_dir, bld.path.abspath())
  94     fuzz_src = os.path.join(fuzz_reldir, 'fuzz_ndr_X.c')
  95
  96     cflags = "-D FUZZ_PIPE_TABLE=ndr_table_%s" % interface
  97     if fuzz_type:
  98         name += "_%s" % (fuzz_type)
  99         cflags += " -D FUZZ_TYPE=%s " % (fuzz_type)
 100     if fuzz_type and fuzz_function:
 101         name += "_%d" % (fuzz_function)
 102         cflags += " -D FUZZ_FUNCTION=%d" % (fuzz_function)
 103
 104     fuzz_named_src = os.path.join(fuzz_reldir,
 105                                   '%s.c' % (name))
 106     # Work around an issue that WAF is invoked from up to 3 different
 107     # directories so doesn't create a unique name for the multiple .o
 108     # files like it would if called from just one place.
 109     bld.SAMBA_GENERATOR(fuzz_named_src,
 110                         source=fuzz_src,
 111                         target=fuzz_named_src,
 112                         rule='cp ${SRC} ${TGT}')
 113
 114     if auto_deps:
 115         deps = "afl-fuzz-main talloc ndr NDR_%s" % interface.upper()
 116     else:
 117         deps = "afl-fuzz-main ndr-table NDR_DCERPC"
 118
 119     bld.SAMBA_BINARY(name, source=fuzz_named_src,
 120                      cflags = cflags,
 121                      deps = deps,
 122                      fuzzer=True)
 123
 124 Build.BuildContext.SAMBA_NDR_FUZZ = SAMBA_NDR_FUZZ
 125
 126 # fuzz_ndr_X is generated from the list if IDL fed to PIDL
 127 # however there are exceptions to the normal pattern
 128 bld.SAMBA_NDR_FUZZ('IOXIDResolver') # oxidresolver.idl
 129 bld.SAMBA_NDR_FUZZ('IRemoteActivation') # remact.idl
 130 bld.SAMBA_NDR_FUZZ('iremotewinspool') # winspool.idl
 131 bld.SAMBA_NDR_FUZZ('FileServerVssAgent') # fsvrp.idl
 132 bld.SAMBA_NDR_FUZZ('lsarpc') # lsa.idl
 133 bld.SAMBA_NDR_FUZZ('netdfs') # dfs.idl
 134 bld.SAMBA_NDR_FUZZ('nfs4acl_interface') # nfs4acl.idl
 135 bld.SAMBA_NDR_FUZZ('rpcecho') # echo.idl
 136
 137 # quota.idl
 138 bld.SAMBA_NDR_FUZZ('file_quota')
 139 bld.SAMBA_NDR_FUZZ('smb2_query_quota')
 140 bld.SAMBA_NDR_FUZZ('smb1_nt_transact_query_quota')
 141
 142 # ioctl.idl
 143 bld.SAMBA_NDR_FUZZ('copychunk')
 144 bld.SAMBA_NDR_FUZZ('compression')
 145 bld.SAMBA_NDR_FUZZ('netinterface')
 146 bld.SAMBA_NDR_FUZZ('sparse')
 147 bld.SAMBA_NDR_FUZZ('resiliency')
 148 bld.SAMBA_NDR_FUZZ('trim')
 149
 150 # WMI tables
 151 bld.SAMBA_NDR_FUZZ('IWbemClassObject')
 152 bld.SAMBA_NDR_FUZZ('IWbemServices')
 153 bld.SAMBA_NDR_FUZZ('IEnumWbemClassObject')
 154 bld.SAMBA_NDR_FUZZ('IWbemContext')
 155 bld.SAMBA_NDR_FUZZ('IWbemLevel1Login')
 156 bld.SAMBA_NDR_FUZZ('IWbemWCOSmartEnum')
 157 bld.SAMBA_NDR_FUZZ('IWbemFetchSmartEnum')
 158 bld.SAMBA_NDR_FUZZ('IWbemCallResult')
 159 bld.SAMBA_NDR_FUZZ('IWbemObjectSink')
 160
 161 # DCOM tables
 162 bld.SAMBA_NDR_FUZZ('dcom_Unknown')
 163 bld.SAMBA_NDR_FUZZ('IUnknown')
 164 bld.SAMBA_NDR_FUZZ('IClassFactory')
 165 bld.SAMBA_NDR_FUZZ('IRemUnknown')
 166 bld.SAMBA_NDR_FUZZ('IClassActivator')
 167 bld.SAMBA_NDR_FUZZ('ISCMLocalActivator')
 168 bld.SAMBA_NDR_FUZZ('IMachineLocalActivator')
 169 bld.SAMBA_NDR_FUZZ('ILocalObjectExporter')
 170 bld.SAMBA_NDR_FUZZ('ISystemActivator')
 171 bld.SAMBA_NDR_FUZZ('IRemUnknown2')
 172 bld.SAMBA_NDR_FUZZ('IDispatch')
 173 bld.SAMBA_NDR_FUZZ('IMarshal')
 174 bld.SAMBA_NDR_FUZZ('ICoffeeMachine')
 175 bld.SAMBA_NDR_FUZZ('IStream')
 176
 177 # Specific struct or function on the interface
 178
 179 bld.SAMBA_NDR_FUZZ('spoolss',
 180                    auto_deps=True,
 181                    fuzz_type="TYPE_IN",
 182                    fuzz_function=65)