lib/fuzzing/wscript_build

   1 #!/usr/bin/env python
   2
   3 from waflib import Build
   4
   5 bld.SAMBA_SUBSYSTEM('fuzzing',
   6                     source='fuzzing.c',
   7                     deps='talloc')
   8
   9 bld.SAMBA_SUBSYSTEM('afl-fuzz-main',
  10     source='afl-fuzz-main.c',
  11     deps='samba-util',
  12     enabled=bld.env.enable_afl_fuzzer
  13     )
  14
  15 bld.SAMBA_BINARY('fuzz_tiniparser',
  16                  source='fuzz_tiniparser.c',
  17                  deps='fuzzing tiniparser talloc afl-fuzz-main',
  18                  fuzzer=True)
  19
  20 bld.SAMBA_BINARY('fuzz_oLschema2ldif',
  21                  source='fuzz_oLschema2ldif.c',
  22                  deps='fuzzing oLschema2ldif-lib afl-fuzz-main',
  23                  fuzzer=True)
  24
  25 bld.SAMBA_BINARY('fuzz_reg_parse',
  26                  source='fuzz_reg_parse.c',
  27                  deps='fuzzing samba3-util smbconf REGFIO afl-fuzz-main',
  28                  fuzzer=True)
  29
  30 bld.SAMBA_BINARY('fuzz_nmblib_parse_packet',
  31                  source='fuzz_nmblib_parse_packet.c',
  32                  deps='fuzzing libsmb afl-fuzz-main',
  33                  fuzzer=True)
  34
  35 bld.SAMBA_BINARY('fuzz_regfio',
  36                  source='fuzz_regfio.c',
  37                  deps='fuzzing samba3-util smbconf REGFIO afl-fuzz-main',
  38                  fuzzer=True)
  39
  40 bld.SAMBA_BINARY('fuzz_lzxpress',
  41                  source='fuzz_lzxpress.c',
  42                  deps='fuzzing LZXPRESS afl-fuzz-main',
  43                  fuzzer=True)
  44
  45 bld.SAMBA_BINARY('fuzz_ldap_decode',
  46                  source='fuzz_ldap_decode.c',
  47                  deps='fuzzing cli-ldap afl-fuzz-main',
  48                  fuzzer=True)
  49
  50 bld.SAMBA_BINARY('fuzz_ldb_parse_control',
  51                  source='fuzz_ldb_parse_control.c',
  52                  deps='fuzzing ldb afl-fuzz-main',
  53                  fuzzer=True)
  54
  55 bld.SAMBA_BINARY('fuzz_ldb_dn_explode',
  56                  source='fuzz_ldb_dn_explode.c',
  57                  deps='fuzzing ldb afl-fuzz-main',
  58                  fuzzer=True)
  59
  60 bld.SAMBA_BINARY('fuzz_ldb_ldif_read',
  61                  source='fuzz_ldb_ldif_read.c',
  62                  deps='fuzzing ldb afl-fuzz-main',
  63                  fuzzer=True)
  64
  65 bld.SAMBA_BINARY('fuzz_ldb_parse_binary_decode',
  66                  source='fuzz_ldb_parse_binary_decode.c',
  67                  deps='fuzzing ldb afl-fuzz-main',
  68                  fuzzer=True)
  69
  70 bld.SAMBA_BINARY('fuzz_ldb_parse_tree',
  71                  source='fuzz_ldb_parse_tree.c',
  72                  deps='fuzzing ldb afl-fuzz-main',
  73                  fuzzer=True)
  74
  75 bld.SAMBA_BINARY('fuzz_dcerpc_parse_binding',
  76                  source='fuzz_dcerpc_parse_binding.c',
  77                  deps='fuzzing dcerpc afl-fuzz-main',
  78                  fuzzer=True)
  79
  80 # The fuzz_type and fuzz_function parameters make the built
  81 # fuzzer take the same input as ndrdump and so the same that
  82 # could be sent to the client or server as the stub data.
  83
  84 def SAMBA_NDR_FUZZ(bld, interface, auto_deps=False,
  85                    fuzz_type=None, fuzz_function=None):
  86     name = "fuzz_ndr_%s" % (interface.lower())
  87     fuzz_dir = os.path.join(bld.env.srcdir, 'lib/fuzzing')
  88     fuzz_reldir = os.path.relpath(fuzz_dir, bld.path.abspath())
  89     fuzz_src = os.path.join(fuzz_reldir, 'fuzz_ndr_X.c')
  90
  91     cflags = "-D FUZZ_PIPE_TABLE=ndr_table_%s" % interface
  92     if fuzz_type:
  93         name += "_%s" % (fuzz_type)
  94         cflags += " -D FUZZ_TYPE=%s " % (fuzz_type)
  95     if fuzz_type and fuzz_function:
  96         name += "_%d" % (fuzz_function)
  97         cflags += " -D FUZZ_FUNCTION=%d" % (fuzz_function)
  98
  99     fuzz_named_src = os.path.join(fuzz_reldir,
 100                                   '%s.c' % (name))
 101     # Work around an issue that WAF is invoked from up to 3 different
 102     # directories so doesn't create a unique name for the multiple .o
 103     # files like it would if called from just one place.
 104     bld.SAMBA_GENERATOR(fuzz_named_src,
 105                         source=fuzz_src,
 106                         target=fuzz_named_src,
 107                         rule='cp ${SRC} ${TGT}')
 108
 109     if auto_deps:
 110         deps = "afl-fuzz-main talloc ndr NDR_%s" % interface.upper()
 111     else:
 112         deps = "afl-fuzz-main ndr-table NDR_DCERPC"
 113
 114     bld.SAMBA_BINARY(name, source=fuzz_named_src,
 115                      cflags = cflags,
 116                      deps = deps,
 117                      fuzzer=True)
 118
 119 Build.BuildContext.SAMBA_NDR_FUZZ = SAMBA_NDR_FUZZ
 120
 121 # fuzz_ndr_X is generated from the list if IDL fed to PIDL
 122 # however there are exceptions to the normal pattern
 123 bld.SAMBA_NDR_FUZZ('IOXIDResolver') # oxidresolver.idl
 124 bld.SAMBA_NDR_FUZZ('IRemoteActivation') # remact.idl
 125 bld.SAMBA_NDR_FUZZ('iremotewinspool') # winspool.idl
 126 bld.SAMBA_NDR_FUZZ('FileServerVssAgent') # fsvrp.idl
 127 bld.SAMBA_NDR_FUZZ('lsarpc') # lsa.idl
 128 bld.SAMBA_NDR_FUZZ('netdfs') # dfs.idl
 129 bld.SAMBA_NDR_FUZZ('nfs4acl_interface') # nfs4acl.idl
 130 bld.SAMBA_NDR_FUZZ('rpcecho') # echo.idl
 131
 132 # quota.idl
 133 bld.SAMBA_NDR_FUZZ('file_quota')
 134 bld.SAMBA_NDR_FUZZ('smb2_query_quota')
 135 bld.SAMBA_NDR_FUZZ('smb1_nt_transact_query_quota')
 136
 137 # ioctl.idl
 138 bld.SAMBA_NDR_FUZZ('copychunk')
 139 bld.SAMBA_NDR_FUZZ('compression')
 140 bld.SAMBA_NDR_FUZZ('netinterface')
 141 bld.SAMBA_NDR_FUZZ('sparse')
 142 bld.SAMBA_NDR_FUZZ('resiliency')
 143 bld.SAMBA_NDR_FUZZ('trim')
 144
 145 # WMI tables
 146 bld.SAMBA_NDR_FUZZ('IWbemClassObject')
 147 bld.SAMBA_NDR_FUZZ('IWbemServices')
 148 bld.SAMBA_NDR_FUZZ('IEnumWbemClassObject')
 149 bld.SAMBA_NDR_FUZZ('IWbemContext')
 150 bld.SAMBA_NDR_FUZZ('IWbemLevel1Login')
 151 bld.SAMBA_NDR_FUZZ('IWbemWCOSmartEnum')
 152 bld.SAMBA_NDR_FUZZ('IWbemFetchSmartEnum')
 153 bld.SAMBA_NDR_FUZZ('IWbemCallResult')
 154 bld.SAMBA_NDR_FUZZ('IWbemObjectSink')
 155
 156 # DCOM tables
 157 bld.SAMBA_NDR_FUZZ('dcom_Unknown')
 158 bld.SAMBA_NDR_FUZZ('IUnknown')
 159 bld.SAMBA_NDR_FUZZ('IClassFactory')
 160 bld.SAMBA_NDR_FUZZ('IRemUnknown')
 161 bld.SAMBA_NDR_FUZZ('IClassActivator')
 162 bld.SAMBA_NDR_FUZZ('ISCMLocalActivator')
 163 bld.SAMBA_NDR_FUZZ('IMachineLocalActivator')
 164 bld.SAMBA_NDR_FUZZ('ILocalObjectExporter')
 165 bld.SAMBA_NDR_FUZZ('ISystemActivator')
 166 bld.SAMBA_NDR_FUZZ('IRemUnknown2')
 167 bld.SAMBA_NDR_FUZZ('IDispatch')
 168 bld.SAMBA_NDR_FUZZ('IMarshal')
 169 bld.SAMBA_NDR_FUZZ('ICoffeeMachine')
 170 bld.SAMBA_NDR_FUZZ('IStream')
 171
 172 # Specific struct or function on the interface
 173
 174 bld.SAMBA_NDR_FUZZ('spoolss',
 175                    auto_deps=True,
 176                    fuzz_type="TYPE_IN",
 177                    fuzz_function=65)