Skip to content

Use cmake in ci/fuzz #361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 18, 2025
Merged

Use cmake in ci/fuzz #361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6485501
fuzz: fix FAKEROOT
dacav Mar 17, 2025
ab839b2
fuzz: Improved cmake invocations for libcbor and libfido2
dacav Mar 10, 2025
ce8d557
fuzz: use cmake to build pam_u2f
dacav Mar 17, 2025
8e70a9c
fuzz: Use ninja(1) for building
dacav Mar 17, 2025
6914452
fuzz: script shebang + copyright
dacav Mar 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/linux_fuzz.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
CC: ${{ matrix.cc }}
run: |
sudo apt -q update
sudo apt install -q -y autoconf automake libtool pkg-config \
sudo apt install -q -y ninja-build pkg-config \
libpam-dev libz-dev libudev-dev libpcsclite-dev
sudo apt install -q -y ${CC%-*}-tools-${CC#clang-}
- name: Fuzz
Expand Down
80 changes: 49 additions & 31 deletions build-aux/ci/fuzz-linux-asan.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
#!/usr/bin/env bash
set -euxo pipefail
#!/usr/bin/env sh
#
# Copyright (C) 2025 Yubico AB - See COPYING

set -eux

CORPUS_URL="https://storage.googleapis.com/yubico-pam-u2f/corpus.tgz"

Expand All @@ -16,58 +19,73 @@ PAM_U2F_CFLAGS="${PAM_U2F_CFLAGS},undefined,bounds"
PAM_U2F_CFLAGS="${PAM_U2F_CFLAGS},leak"
PAM_U2F_CFLAGS="${PAM_U2F_CFLAGS} -fno-sanitize-recover=all"

NPROC="$(nproc)"

${CC} --version
WORKDIR="${WORKDIR:-$(pwd)}"
FAKEROOT="${FAKEROOT:-$(mktemp -d)}"

if [ -n "${FAKEROOT:-}" ]; then
mkdir -p "${FAKEROOT}"
FAKEROOT="$(cd "$FAKEROOT" && pwd)" # Must be absolute
else
FAKEROOT="$(mktemp -d)"
trap 'rm -rf "$FAKEROOT"' 0
fi

export LD_LIBRARY_PATH="${FAKEROOT}/lib"
export PKG_CONFIG_PATH="${FAKEROOT}/lib/pkgconfig"
export UBSAN_OPTIONS="halt_on_error=1:print_stacktrace=1"
export ASAN_OPTIONS="detect_leaks=1:detect_invalid_pointer_pairs=2"

pushd "${FAKEROOT}" &>/dev/null
cd "${FAKEROOT}"

git clone --depth 1 "${LIBFIDO2_URL}" -b "${LIBFIDO2_TAG}"
git clone --depth 1 "${LIBCBOR_URL}" -b "${LIBCBOR_TAG}"

# libcbor (with libfido2 patch)
patch -d libcbor -p0 -s <libfido2/fuzz/README
pushd libcbor &>/dev/null
mkdir build
cmake -B build \
-DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \
cmake -B libcbor.build -S libcbor \
-DBUILD_SHARED_LIBS=ON \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_FLAGS_DEBUG="${LIBCBOR_CFLAGS} ${COMMON_CFLAGS}" \
-DBUILD_SHARED_LIBS=ON -DCMAKE_BUILD_TYPE=Debug -DSANITIZE=OFF \
-DWITH_EXAMPLES=OFF
make VERBOSE=1 -j $(nproc) -C build all install
popd &>/dev/null # libcbor
-DCMAKE_INSTALL_LIBDIR=lib \
-DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \
-DSANITIZE=OFF \
-DWITH_EXAMPLES=OFF \
-GNinja
cmake --build libcbor.build -j "$NPROC"
cmake --install libcbor.build

# libfido2 (with fuzzing support)
pushd libfido2 &>/dev/null
mkdir build
cmake -B build \
-DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \
cmake -B build.libfido2 -S libfido2 \
-DBUILD_EXAMPLES=OFF \
-DBUILD_MANPAGES=OFF \
-DBUILD_TOOLS=OFF \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_FLAGS_DEBUG="${LIBFIDO2_CFLAGS} ${COMMON_CFLAGS}" \
-DCMAKE_INSTALL_LIBDIR=lib \
-DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \
-DFUZZ=1 \
-DFUZZ_LDFLAGS="-fsanitize=fuzzer" \
-DCMAKE_BUILD_TYPE=Debug -DFUZZ=1 -DBUILD_EXAMPLES=0 \
-DBUILD_TOOLS=0 -DBUILD_MANPAGES=0
make VERBOSE=1 -j $(nproc) -C build all install
popd &>/dev/null # libfido2
-GNinja
cmake --build build.libfido2 -j "$NPROC"
cmake --install build.libfido2

# pam-u2f
mkdir build
pushd build &>/dev/null
autoreconf -i "${WORKDIR}"
"${WORKDIR}"/configure --enable-fuzzing --disable-silent-rules \
--disable-man CFLAGS="${PAM_U2F_CFLAGS} ${COMMON_CFLAGS}"
make -j $(nproc)
cmake -B build.pam_u2f -S "$WORKDIR" \
-DBUILD_FUZZER=ON \
-DBUILD_MANPAGES=OFF \
-DBUILD_MODULE=OFF \
-DBUILD_PAMU2FCFG=OFF \
-DBUILD_TESTING=OFF \
-DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_C_FLAGS_DEBUG="${PAM_U2F_CFLAGS} ${COMMON_CFLAGS}" \
-GNinja
cmake --build build.pam_u2f -j "$NPROC"

# fuzz
curl --retry 4 -s -o corpus.tgz "${CORPUS_URL}"
tar xzf corpus.tgz
fuzz/fuzz_format_parsers corpus/format_parsers \
build.pam_u2f/fuzz/fuzz_format_parsers corpus/format_parsers \
-reload=30 -print_pcs=1 -print_funcs=30 -timeout=10 -runs=1
fuzz/fuzz_auth corpus/auth \
build.pam_u2f/fuzz/fuzz_auth corpus/auth \
-reload=30 -print_pcs=1 -print_funcs=30 -timeout=10 -runs=1

popd &>/dev/null # fakeroot
Loading