search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
epan/dissectors/pidl/drsuapi/drsuapi.cnf init/free_ndr_pointer_list
[wireshark-sm.git] / fuzz / fuzzshark.c
blob0c4ba99d21239c86704bd4855f5a156432e54e74
1 /* fuzzshark.c
2 *
3 * Fuzzer variant of Wireshark for oss-fuzz
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include <config.h>
13 #define WS_LOG_DOMAIN LOG_DOMAIN_MAIN
14
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <string.h>
18 #include <limits.h>
19
20 #include <glib.h>
21
22 #include <epan/epan.h>
23
24 #include <wsutil/cmdarg_err.h>
25 #include <ui/failure_message.h>
26 #include <wsutil/filesystem.h>
27 #include <wsutil/privileges.h>
28 #include <wsutil/wslog.h>
29 #include <wsutil/version_info.h>
30
31 #include <wiretap/wtap.h>
32
33 #include <epan/color_filters.h>
34 #include <epan/timestamp.h>
35 #include <epan/prefs.h>
36 #include <epan/column.h>
37 #include <epan/column-info.h>
38 #include <epan/print.h>
39 #include <epan/epan_dissect.h>
40 #include <epan/disabled_protos.h>
41
42 #ifdef HAVE_PLUGINS
43 #include <wsutil/plugins.h>
44 #endif
45
46 #include "FuzzerInterface.h"
47
48 #define EPAN_INIT_FAIL 2
49
50 static column_info fuzz_cinfo;
51 static epan_t *fuzz_epan;
52 static epan_dissect_t *fuzz_edt;
53
54 /*
55 * Report an error in command-line arguments.
56 */
57 static void
58 fuzzshark_cmdarg_err(const char *msg_format, va_list ap)
59 {
60 fprintf(stderr, "oss-fuzzshark: ");
61 vfprintf(stderr, msg_format, ap);
62 fprintf(stderr, "\n");
63 }
64
65 /*
66 * Report additional information for an error in command-line arguments.
67 */
68 static void
69 fuzzshark_cmdarg_err_cont(const char *msg_format, va_list ap)
70 {
71 vfprintf(stderr, msg_format, ap);
72 fprintf(stderr, "\n");
73 }
74
75 static int
76 fuzzshark_pref_set(const char *name, const char *value)
77 {
78 char pref[4096];
79 char *errmsg = NULL;
80
81 prefs_set_pref_e ret;
82
83 snprintf(pref, sizeof(pref), "%s:%s", name, value);
84
85 ret = prefs_set_pref(pref, &errmsg);
86 g_free(errmsg);
87
88 return (ret == PREFS_SET_OK);
89 }
90
91 static const nstime_t *
92 fuzzshark_get_frame_ts(struct packet_provider_data *prov _U_, uint32_t frame_num _U_)
93 {
94 static nstime_t empty;
95
96 return &empty;
97 }
98
99 static epan_t *
100 fuzzshark_epan_new(void)
101 {
102 static const struct packet_provider_funcs funcs = {
103 fuzzshark_get_frame_ts,
104 NULL,
105 NULL,
106 NULL
107 };
108
109 return epan_new(NULL, &funcs);
110 }
111
112 static dissector_handle_t
113 get_dissector_handle(const char *table, const char *target)
114 {
115 dissector_handle_t fuzz_handle = NULL;
116
117 if (table != NULL && target != NULL)
118 {
119 /* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */
120 GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(table));
121 while (handle_list)
122 {
123 dissector_handle_t handle = (dissector_handle_t) handle_list->data;
124 const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle));
125
126 if (!strcmp(handle_filter_name, target))
127 fuzz_handle = handle;
128 handle_list = handle_list->next;
129 }
130 }
131 else if (target != NULL)
132 {
133 fuzz_handle = find_dissector(target);
134 }
135
136 return fuzz_handle;
137 }
138
139 static void
140 fuzz_prefs_apply(void)
141 {
142 /* Turn off fragmentation for some protocols */
143 fuzzshark_pref_set("ip.defragment", "FALSE");
144 fuzzshark_pref_set("ipv6.defragment", "FALSE");
145 fuzzshark_pref_set("wlan.defragment", "FALSE");
146 fuzzshark_pref_set("tcp.desegment_tcp_streams", "FALSE");
147
148 /* Notify all registered modules that have had any of their preferences changed. */
149 prefs_apply_all();
150 }
151
152 static int
153 fuzz_init(int argc _U_, char **argv)
154 {
155 char *configuration_init_error;
156
157
158 char *err_msg = NULL;
159 e_prefs *prefs_p;
160 int ret = EXIT_SUCCESS;
161 size_t i;
162
163 const char *fuzz_target =
164 #if defined(FUZZ_DISSECTOR_TARGET)
165 FUZZ_DISSECTOR_TARGET;
166 #else
167 getenv("FUZZSHARK_TARGET");
168 #endif
169
170 const char *disabled_dissector_list[] =
171 {
172 #ifdef FUZZ_DISSECTOR_LIST
173 FUZZ_DISSECTOR_LIST ,
174 #endif
175 "snort"
176 };
177
178 #if !defined(FUZZ_DISSECTOR_TABLE) && !defined(FUZZ_DISSECTOR_TARGET)
179 const char *fuzz_table = getenv("FUZZSHARK_TABLE");
180
181 if (!fuzz_table && !fuzz_target) {
182 fprintf(stderr,
183 "Missing environment variables!\n"
184 "\n"
185 "Modes of operation:\n"
186 "\n"
187 " 1. Call a dissector directly by its name:\n"
188 " FUZZSHARK_TARGET=dns %s input-file\n"
189 " Calls dissect_x from register_dissector(NAME, dissect_x, proto_x)\n"
190 "\n"
191 " 2. Call a dissector by its filter name in a dissector table:\n"
192 " FUZZSHARK_TABLE=ip.proto FUZZSHARK_TARGET=ospf %s input-file\n"
193 " The filter name is from proto_register_protocol(., ., FILTER_NAME)\n"
194 " Selects dissectors from dissector_add_uint* or dissector_add_for_decode_as.\n"
195 "\n"
196 "Either mode runs the selected dissector once and can hopefully reproduce a\n"
197 "crash. Mode (2) can be used if a dissector (such as 'ospf') is not available\n"
198 "through (1).\n"
199 "\n"
200 "For best results, build dedicated fuzzshark_* targets with:\n"
201 " cmake -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++\\\n"
202 " -DENABLE_FUZZER=1 -DENABLE_ASAN=1 -DENABLE_UBSAN=1\n"
203 " ninja all-fuzzers\n"
204 "These options enable LibFuzzer which makes fuzzing possible as opposed to\n"
205 "running dissectors only once with a sample (as is the case with this fuzzshark"
206 "binary). These fuzzshark_* targets are also used by oss-fuzz.\n",
207 argv[0], argv[0]);
208 return 1;
209 }
210 #endif
211
212 dissector_handle_t fuzz_handle = NULL;
213
214 /* In oss-fuzz running environment g_get_home_dir() fails:
215 * (process:1): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (0)
216 * (process:1): GLib-CRITICAL **: g_once_init_leave: assertion 'result != 0' failed
217 *
218 * Avoid GLib-CRITICAL by setting some XDG environment variables.
219 */
220 g_setenv("XDG_CACHE_HOME", "/not/existing/directory", 0); /* g_get_user_cache_dir() */
221 g_setenv("XDG_CONFIG_HOME", "/not/existing/directory", 0); /* g_get_user_config_dir() */
222 g_setenv("XDG_DATA_HOME", "/not/existing/directory", 0); /* g_get_user_data_dir() */
223
224 g_setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0);
225 g_setenv("G_SLICE", "always-malloc", 0);
226
227 cmdarg_err_init(fuzzshark_cmdarg_err, fuzzshark_cmdarg_err_cont);
228
229 /* Initialize log handler early so we can have proper logging during startup. */
230 ws_log_init("fuzzshark", vcmdarg_err);
231
232 /* Early logging command-line initialization. */
233 ws_log_parse_args(&argc, argv, vcmdarg_err, LOG_ARGS_NOEXIT);
234
235 ws_noisy("Finished log init and parsing command line log arguments");
236
237 /*
238 * Get credential information for later use, and drop privileges
239 * before doing anything else.
240 * Let the user know if anything happened.
241 */
242 init_process_policies();
243 #if 0 /* disable setresgid(), it fails with -EINVAL https://github.com/google/oss-fuzz/pull/532#issuecomment-294515463 */
244 relinquish_special_privs_perm();
245 #endif
246
247 /*
248 * Attempt to get the pathname of the executable file.
249 */
250 configuration_init_error = configuration_init(argv[0], NULL);
251 if (configuration_init_error != NULL) {
252 fprintf(stderr, "fuzzshark: Can't get pathname of oss-fuzzshark program: %s.\n", configuration_init_error);
253 g_free(configuration_init_error);
254 }
255
256 /* Initialize the version information. */
257 ws_init_version_info("OSS Fuzzshark",
258 epan_gather_compile_info, epan_gather_runtime_info);
259
260 init_report_failure_message("fuzzshark");
261
262 timestamp_set_type(TS_RELATIVE);
263 timestamp_set_precision(TS_PREC_AUTO);
264 timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
265
266 /*
267 * Libwiretap must be initialized before libwireshark is, so that
268 * dissection-time handlers for file-type-dependent blocks can
269 * register using the file type/subtype value for the file type.
270 */
271 wtap_init(true);
272
273 /* Register all dissectors; we must do this before checking for the
274 "-G" flag, as the "-G" flag dumps information registered by the
275 dissectors, and we must do it before we read the preferences, in
276 case any dissectors register preferences. */
277 if (!epan_init(NULL, NULL, false))
278 {
279 ret = EPAN_INIT_FAIL;
280 goto clean_exit;
281 }
282
283 /* Load libwireshark settings from the current profile. */
284 prefs_p = epan_load_settings();
285
286 if (!color_filters_init(&err_msg, NULL))
287 {
288 fprintf(stderr, "%s\n", err_msg);
289 g_free(err_msg);
290 }
291
292 for (i = 0; i < G_N_ELEMENTS(disabled_dissector_list); i++)
293 {
294 const char *item = disabled_dissector_list[i];
295
296 /* XXX, need to think how to disallow chains like: IP -> .... -> IP,
297 * best would be to disable dissector always, but allow it during initial call. */
298 if (fuzz_target == NULL || strcmp(fuzz_target, item))
299 {
300 fprintf(stderr, "oss-fuzzshark: disabling: %s\n", item);
301 proto_disable_proto_by_name(item);
302 }
303 }
304
305 fuzz_prefs_apply();
306
307 /* Build the column format array */
308 build_column_format_array(&fuzz_cinfo, prefs_p->num_cols, true);
309
310 #if defined(FUZZ_DISSECTOR_TABLE) && defined(FUZZ_DISSECTOR_TARGET)
311 # define FUZZ_EPAN 1
312 fprintf(stderr, "oss-fuzzshark: configured for dissector: %s in table: %s\n", fuzz_target, FUZZ_DISSECTOR_TABLE);
313 fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TABLE, fuzz_target);
314
315 #elif defined(FUZZ_DISSECTOR_TARGET)
316 # define FUZZ_EPAN 2
317 fprintf(stderr, "oss-fuzzshark: configured for dissector: %s\n", fuzz_target);
318 fuzz_handle = get_dissector_handle(NULL, fuzz_target);
319
320 #else
321 # define FUZZ_EPAN 3
322 if (fuzz_table) {
323 fprintf(stderr, "oss-fuzzshark: requested dissector: %s in table %s\n", fuzz_target, fuzz_table);
324 } else {
325 fprintf(stderr, "oss-fuzzshark: requested dissector: %s\n", fuzz_target);
326 }
327 fuzz_handle = get_dissector_handle(fuzz_table, fuzz_target);
328 #endif
329
330 #ifdef FUZZ_EPAN
331 g_assert(fuzz_handle != NULL && "Requested dissector is not found!");
332 register_postdissector(fuzz_handle);
333 #endif
334
335 fuzz_epan = fuzzshark_epan_new();
336 fuzz_edt = epan_dissect_new(fuzz_epan, true, false);
337
338 return 0;
339 clean_exit:
340 wtap_cleanup();
341 free_progdirs();
342 return ret;
343 }
344
345 #ifdef FUZZ_EPAN
346 int
347 LLVMFuzzerTestOneInput(const uint8_t *buf, size_t real_len)
348 {
349 static uint32_t framenum = 0;
350 epan_dissect_t *edt = fuzz_edt;
351
352 uint32_t len = (uint32_t) real_len;
353
354 wtap_rec rec;
355 frame_data fdlocal;
356
357 memset(&rec, 0, sizeof(rec));
358
359 rec.rec_type = REC_TYPE_PACKET;
360 rec.rec_header.packet_header.caplen = len;
361 rec.rec_header.packet_header.len = len;
362
363 /* whdr.pkt_encap = WTAP_ENCAP_ETHERNET; */
364 rec.rec_header.packet_header.pkt_encap = INT16_MAX;
365 rec.presence_flags = WTAP_HAS_TS | WTAP_HAS_CAP_LEN; /* most common flags... */
366
367 frame_data_init(&fdlocal, ++framenum, &rec, /* offset */ 0, /* cum_bytes */ 0);
368 /* frame_data_set_before_dissect() not needed */
369 epan_dissect_run(edt, WTAP_FILE_TYPE_SUBTYPE_UNKNOWN, &rec, tvb_new_real_data(buf, len, len), &fdlocal, NULL /* &fuzz_cinfo */);
370 frame_data_destroy(&fdlocal);
371
372 epan_dissect_reset(edt);
373 return 0;
374 }
375
376 #else
377 # error "Missing fuzz target."
378 #endif
379
380 int
381 LLVMFuzzerInitialize(int *argc, char ***argv)
382 {
383 int ret;
384
385 ret = fuzz_init(*argc, *argv);
386 if (ret != 0)
387 exit(ret);
388
389 return 0;
390 }
391
392 /*
393 * Editor modelines - https://www.wireshark.org/tools/modelines.html
394 *
395 * Local variables:
396 * c-basic-offset: 8
397 * tab-width: 8
398 * indent-tabs-mode: t
399 * End:
400 *
401 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
402 * :indentSize=8:tabSize=8:noTabs=false:
403 */
Metzes wireshark repo