From: Josh Steadmon <steadmon@google.com>
To: git@vger.kernel.org
Cc: eric.sesterhenn@x41-dsec.de, jarlob@gmail.com
Subject: [PATCH 1/3] fuzz: port fuzz-credential-from-url-gently from OSS-Fuzz
Date: Thu, 10 Oct 2024 14:11:53 -0700 [thread overview]
Message-ID: <625b8d607ed2c95e396e7794616d9f290f23d15c.1728594659.git.steadmon@google.com> (raw)
In-Reply-To: <cover.1728594659.git.steadmon@google.com>
From: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Git's fuzz tests are run continuously as part of OSS-Fuzz [1]. Several
additional fuzz tests have been contributed directly to OSS-Fuzz;
however, these tests are vulnerable to bitrot because they are not built
during Git's CI runs, and thus breaking changes are much less likely to
be noticed by Git contributors.
Port one of these tests back to the Git project:
fuzz-credential-from-url-gently
This test was originally written by Eric Sesterhenn as part of a
security audit of Git [2]. It was then contributed to the OSS-Fuzz repo
in commit c58ac4492 (Git fuzzing: uncomment the existing and add new
targets. (#11486), 2024-02-21) by Jaroslav Lobačevski. I (Josh Steadmon)
have verified with both Eric and Jaroslav that they're OK with moving
this test to the Git project.
[1] https://github.com/google/oss-fuzz
[2] https://ostif.org/wp-content/uploads/2023/01/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf
Co-authored-by: Jaroslav Lobačevski <jarlob@gmail.com>
Co-authored-by: Josh Steadmon <steadmon@google.com>
Signed-off-by: Josh Steadmon <steadmon@google.com>
---
Makefile | 1 +
ci/run-build-and-minimal-fuzzers.sh | 13 +++++++--
oss-fuzz/.gitignore | 1 +
oss-fuzz/fuzz-credential-from-url-gently.c | 32 ++++++++++++++++++++++
4 files changed, 45 insertions(+), 2 deletions(-)
create mode 100644 oss-fuzz/fuzz-credential-from-url-gently.c
diff --git a/Makefile b/Makefile
index e298c8b55e..3ce391062f 100644
--- a/Makefile
+++ b/Makefile
@@ -2378,6 +2378,7 @@ endif
FUZZ_OBJS += oss-fuzz/dummy-cmd-main.o
FUZZ_OBJS += oss-fuzz/fuzz-commit-graph.o
FUZZ_OBJS += oss-fuzz/fuzz-config.o
+FUZZ_OBJS += oss-fuzz/fuzz-credential-from-url-gently.o
FUZZ_OBJS += oss-fuzz/fuzz-date.o
FUZZ_OBJS += oss-fuzz/fuzz-pack-headers.o
FUZZ_OBJS += oss-fuzz/fuzz-pack-idx.o
diff --git a/ci/run-build-and-minimal-fuzzers.sh b/ci/run-build-and-minimal-fuzzers.sh
index af8065f349..d9d3ad23c7 100755
--- a/ci/run-build-and-minimal-fuzzers.sh
+++ b/ci/run-build-and-minimal-fuzzers.sh
@@ -13,8 +13,17 @@ group "Build fuzzers" make \
LIB_FUZZING_ENGINE="-fsanitize=fuzzer,address" \
fuzz-all
-for fuzzer in commit-graph config date pack-headers pack-idx ; do
+fuzzers="
+commit-graph \
+config \
+credential-from-url-gently \
+date \
+pack-headers \
+pack-idx \
+"
+
+for fuzzer in $fuzzers ; do
begin_group "fuzz-$fuzzer"
- ./oss-fuzz/fuzz-$fuzzer -verbosity=0 -runs=1 || exit 1
+ echo ./oss-fuzz/fuzz-$fuzzer -verbosity=0 -runs=1 || exit 1
end_group "fuzz-$fuzzer"
done
diff --git a/oss-fuzz/.gitignore b/oss-fuzz/.gitignore
index a877c11f42..2cfc845b20 100644
--- a/oss-fuzz/.gitignore
+++ b/oss-fuzz/.gitignore
@@ -1,5 +1,6 @@
fuzz-commit-graph
fuzz-config
+fuzz-credential-from-url-gently
fuzz-date
fuzz-pack-headers
fuzz-pack-idx
diff --git a/oss-fuzz/fuzz-credential-from-url-gently.c b/oss-fuzz/fuzz-credential-from-url-gently.c
new file mode 100644
index 0000000000..c872f9ad2d
--- /dev/null
+++ b/oss-fuzz/fuzz-credential-from-url-gently.c
@@ -0,0 +1,32 @@
+#include "git-compat-util.h"
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+#include "credential.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ struct credential c;
+ char *buf;
+
+ buf = malloc(size + 1);
+ if (!buf)
+ return 0;
+
+ memcpy(buf, data, size);
+ buf[size] = 0;
+
+ // start fuzzing
+ credential_init(&c);
+ credential_from_url_gently(&c, buf, 1);
+
+ // cleanup
+ credential_clear(&c);
+ free(buf);
+
+ return 0;
+}
--
2.47.0.rc1.288.g06298d1525-goog
next prev parent reply other threads:[~2024-10-10 21:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-10 21:11 [PATCH 0/3] fuzz: port OSS-Fuzz tests back to Git Josh Steadmon
2024-10-10 21:11 ` Josh Steadmon [this message]
2024-10-11 9:13 ` [PATCH 1/3] fuzz: port fuzz-credential-from-url-gently from OSS-Fuzz Oswald Buddenhagen
2024-10-11 16:35 ` Junio C Hamano
2024-10-14 20:35 ` Josh Steadmon
2024-10-14 20:43 ` Josh Steadmon
2024-10-10 21:11 ` [PATCH 2/3] fuzz: port fuzz-parse-attr-line " Josh Steadmon
2024-10-10 21:11 ` [PATCH 3/3] fuzz: port fuzz-url-decode-mem " Josh Steadmon
2024-10-10 21:34 ` [PATCH 0/3] fuzz: port OSS-Fuzz tests back to Git Junio C Hamano
2024-10-14 21:04 ` [PATCH v2 " Josh Steadmon
2024-10-14 21:04 ` [PATCH v2 1/3] fuzz: port fuzz-credential-from-url-gently from OSS-Fuzz Josh Steadmon
2024-10-14 21:04 ` [PATCH v2 2/3] fuzz: port fuzz-parse-attr-line " Josh Steadmon
2024-10-14 21:04 ` [PATCH v2 3/3] fuzz: port fuzz-url-decode-mem " Josh Steadmon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=625b8d607ed2c95e396e7794616d9f290f23d15c.1728594659.git.steadmon@google.com \
--to=steadmon@google.com \
--cc=eric.sesterhenn@x41-dsec.de \
--cc=git@vger.kernel.org \
--cc=jarlob@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).