Merge pull request #416 from TheBlueMatt/2019-12-fuzz-clib

Refactor fuzzing to be a C-callable library plus rust binaries

Author: TheBlueMatt

fuzz/Cargo.toml

@@ -14,6 +14,7 @@ cargo-fuzz = true
 afl_fuzz = ["afl"]
 honggfuzz_fuzz = ["honggfuzz"]
 libfuzzer_fuzz = ["libfuzzer-sys"]
+stdin_fuzz = []
 
 [dependencies]
 afl = { version = "0.4", optional = true }
@@ -36,123 +37,7 @@ members = ["."]
 lto = true
 codegen-units = 1
 
-[[bin]]
-name = "peer_crypt_target"
-path = "fuzz_targets/peer_crypt_target.rs"
-
-[[bin]]
-name = "full_stack_target"
-path = "fuzz_targets/full_stack_target.rs"
-
-[[bin]]
-name = "chanmon_fail_consistency"
-path = "fuzz_targets/chanmon_fail_consistency.rs"
-
-[[bin]]
-name = "router_target"
-path = "fuzz_targets/router_target.rs"
-
-[[bin]]
-name = "chanmon_deser_target"
-path = "fuzz_targets/chanmon_deser_target.rs"
-
-# message fuzz targets
-[[bin]]
-name = "msg_ping_target"
-path = "fuzz_targets/msg_targets/msg_ping_target.rs"
-
-[[bin]]
-name = "msg_pong_target"
-path = "fuzz_targets/msg_targets/msg_pong_target.rs"
-
-[[bin]]
-name = "msg_error_message_target"
-path = "fuzz_targets/msg_targets/msg_error_message_target.rs"
-
-[[bin]]
-name = "msg_update_add_htlc_target"
-path = "fuzz_targets/msg_targets/msg_update_add_htlc_target.rs"
-
-[[bin]]
-name = "msg_accept_channel_target"
-path = "fuzz_targets/msg_targets/msg_accept_channel_target.rs"
-
-[[bin]]
-name = "msg_closing_signed_target"
-path = "fuzz_targets/msg_targets/msg_closing_signed_target.rs"
-
-[[bin]]
-name = "msg_commitment_signed_target"
-path = "fuzz_targets/msg_targets/msg_commitment_signed_target.rs"
-
-[[bin]]
-name = "msg_funding_created_target"
-path = "fuzz_targets/msg_targets/msg_funding_created_target.rs"
-
-[[bin]]
-name = "msg_funding_locked_target"
-path = "fuzz_targets/msg_targets/msg_funding_locked_target.rs"
-
-[[bin]]
-name = "msg_funding_signed_target"
-path = "fuzz_targets/msg_targets/msg_funding_signed_target.rs"
-
-[[bin]]
-name = "msg_open_channel_target"
-path = "fuzz_targets/msg_targets/msg_open_channel_target.rs"
-
-[[bin]]
-name = "msg_revoke_and_ack_target"
-path = "fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs"
-
-[[bin]]
-name = "msg_shutdown_target"
-path = "fuzz_targets/msg_targets/msg_shutdown_target.rs"
-
-[[bin]]
-name = "msg_update_fail_malformed_htlc_target"
-path = "fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs"
-
-[[bin]]
-name = "msg_update_fee_target"
-path = "fuzz_targets/msg_targets/msg_update_fee_target.rs"
-
-[[bin]]
-name = "msg_update_fulfill_htlc_target"
-path = "fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs"
-
-[[bin]]
-name = "msg_update_fail_htlc_target"
-path = "fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs"
-
-[[bin]]
-name = "msg_channel_reestablish_target"
-path = "fuzz_targets/msg_targets/msg_channel_reestablish_target.rs"
-
-[[bin]]
-name = "msg_announcement_signatures_target"
-path = "fuzz_targets/msg_targets/msg_announcement_signatures_target.rs"
-
-[[bin]]
-name = "msg_channel_announcement_target"
-path = "fuzz_targets/msg_targets/msg_channel_announcement_target.rs"
-
-[[bin]]
-name = "msg_channel_update_target"
-path = "fuzz_targets/msg_targets/msg_channel_update_target.rs"
-
-[[bin]]
-name = "msg_decoded_onion_error_packet_target"
-path = "fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs"
-
-[[bin]]
-name = "msg_init_target"
-path = "fuzz_targets/msg_targets/msg_init_target.rs"
-
-[[bin]]
-name = "msg_node_announcement_target"
-path = "fuzz_targets/msg_targets/msg_node_announcement_target.rs"
-
-[[bin]]
-name = "msg_onion_hop_data_target"
-path = "fuzz_targets/msg_targets/msg_onion_hop_data_target.rs"
+[lib]
+name = "lightning_fuzz"
+path = "src/lib.rs"
+crate-type = ["rlib", "dylib", "staticlib"]

fuzz/src/bin/chanmon_consistency_target.rs

@@ -0,0 +1,44 @@
+// This file is auto-generated by gen_target.sh based on target_template.txt
+// To modify it, modify target_template.txt and run gen_target.sh instead.
+
+//Uncomment this for libfuzzer builds:
+//#![no_main]
+
+extern crate lightning_fuzz;
+use lightning_fuzz::chanmon_consistency::*;
+
+use std::io::Read;
+
+#[cfg(feature = "afl")]
+#[macro_use] extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	fuzz!(|data| {
+		chanmon_consistency_run(data.as_ptr(), data.len());
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			chanmon_consistency_run(data.as_ptr(), data.len());
+		});
+	}
+}
+
+#[cfg(feature = "libfuzzer_fuzz")]
+#[macro_use] extern crate libfuzzer_sys;
+#[cfg(feature = "libfuzzer_fuzz")]
+fuzz_target!(|data: &[u8]| {
+	chanmon_consistency_run(data.as_ptr(), data.len());
+});
+
+#[cfg(feature = "stdin_fuzz")]
+fn main() {
+	let mut data = Vec::with_capacity(8192);
+	std::io::stdin().read_to_end(&mut data).unwrap();
+	chanmon_consistency_run(data.as_ptr(), data.len());
+}

fuzz/src/bin/chanmon_deser_target.rs

@@ -0,0 +1,44 @@
+// This file is auto-generated by gen_target.sh based on target_template.txt
+// To modify it, modify target_template.txt and run gen_target.sh instead.
+
+//Uncomment this for libfuzzer builds:
+//#![no_main]
+
+extern crate lightning_fuzz;
+use lightning_fuzz::chanmon_deser::*;
+
+use std::io::Read;
+
+#[cfg(feature = "afl")]
+#[macro_use] extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	fuzz!(|data| {
+		chanmon_deser_run(data.as_ptr(), data.len());
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			chanmon_deser_run(data.as_ptr(), data.len());
+		});
+	}
+}
+
+#[cfg(feature = "libfuzzer_fuzz")]
+#[macro_use] extern crate libfuzzer_sys;
+#[cfg(feature = "libfuzzer_fuzz")]
+fuzz_target!(|data: &[u8]| {
+	chanmon_deser_run(data.as_ptr(), data.len());
+});
+
+#[cfg(feature = "stdin_fuzz")]
+fn main() {
+	let mut data = Vec::with_capacity(8192);
+	std::io::stdin().read_to_end(&mut data).unwrap();
+	chanmon_deser_run(data.as_ptr(), data.len());
+}

fuzz/src/bin/full_stack_target.rs

@@ -0,0 +1,44 @@
+// This file is auto-generated by gen_target.sh based on target_template.txt
+// To modify it, modify target_template.txt and run gen_target.sh instead.
+
+//Uncomment this for libfuzzer builds:
+//#![no_main]
+
+extern crate lightning_fuzz;
+use lightning_fuzz::full_stack::*;
+
+use std::io::Read;
+
+#[cfg(feature = "afl")]
+#[macro_use] extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	fuzz!(|data| {
+		full_stack_run(data.as_ptr(), data.len());
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			full_stack_run(data.as_ptr(), data.len());
+		});
+	}
+}
+
+#[cfg(feature = "libfuzzer_fuzz")]
+#[macro_use] extern crate libfuzzer_sys;
+#[cfg(feature = "libfuzzer_fuzz")]
+fuzz_target!(|data: &[u8]| {
+	full_stack_run(data.as_ptr(), data.len());
+});
+
+#[cfg(feature = "stdin_fuzz")]
+fn main() {
+	let mut data = Vec::with_capacity(8192);
+	std::io::stdin().read_to_end(&mut data).unwrap();
+	full_stack_run(data.as_ptr(), data.len());
+}

fuzz/src/bin/gen_target.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+echo "#include <stdint.h>" > ../../targets.h
+GEN_TEST() {
+	cat target_template.txt | sed s/TARGET_NAME/$1/ | sed s/TARGET_MOD/$2$1/ > $1_target.rs
+	echo "void $1_run(const unsigned char* data, size_t data_len);" >> ../../targets.h
+}
+
+GEN_TEST chanmon_deser
+GEN_TEST chanmon_consistency
+GEN_TEST full_stack
+GEN_TEST peer_crypt
+GEN_TEST router
+
+GEN_TEST msg_accept_channel msg_targets::
+GEN_TEST msg_announcement_signatures msg_targets::
+GEN_TEST msg_channel_reestablish msg_targets::
+GEN_TEST msg_closing_signed msg_targets::
+GEN_TEST msg_commitment_signed msg_targets::
+GEN_TEST msg_decoded_onion_error_packet msg_targets::
+GEN_TEST msg_funding_created msg_targets::
+GEN_TEST msg_funding_locked msg_targets::
+GEN_TEST msg_funding_signed msg_targets::
+GEN_TEST msg_init msg_targets::
+GEN_TEST msg_open_channel msg_targets::
+GEN_TEST msg_revoke_and_ack msg_targets::
+GEN_TEST msg_shutdown msg_targets::
+GEN_TEST msg_update_fail_htlc msg_targets::
+GEN_TEST msg_update_fail_malformed_htlc msg_targets::
+GEN_TEST msg_update_fee msg_targets::
+GEN_TEST msg_update_fulfill_htlc msg_targets::
+
+GEN_TEST msg_channel_announcement msg_targets::
+GEN_TEST msg_channel_update msg_targets::
+GEN_TEST msg_node_announcement msg_targets::
+
+GEN_TEST msg_update_add_htlc msg_targets::
+GEN_TEST msg_error_message msg_targets::
+GEN_TEST msg_onion_hop_data msg_targets::
+
+GEN_TEST msg_ping msg_targets::
+GEN_TEST msg_pong msg_targets::

fuzz/src/bin/msg_accept_channel_target.rs

@@ -0,0 +1,44 @@
+// This file is auto-generated by gen_target.sh based on target_template.txt
+// To modify it, modify target_template.txt and run gen_target.sh instead.
+
+//Uncomment this for libfuzzer builds:
+//#![no_main]
+
+extern crate lightning_fuzz;
+use lightning_fuzz::msg_targets::msg_accept_channel::*;
+
+use std::io::Read;
+
+#[cfg(feature = "afl")]
+#[macro_use] extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	fuzz!(|data| {
+		msg_accept_channel_run(data.as_ptr(), data.len());
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			msg_accept_channel_run(data.as_ptr(), data.len());
+		});
+	}
+}
+
+#[cfg(feature = "libfuzzer_fuzz")]
+#[macro_use] extern crate libfuzzer_sys;
+#[cfg(feature = "libfuzzer_fuzz")]
+fuzz_target!(|data: &[u8]| {
+	msg_accept_channel_run(data.as_ptr(), data.len());
+});
+
+#[cfg(feature = "stdin_fuzz")]
+fn main() {
+	let mut data = Vec::with_capacity(8192);
+	std::io::stdin().read_to_end(&mut data).unwrap();
+	msg_accept_channel_run(data.as_ptr(), data.len());
+}