1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#!/bin/bash -eu
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
################################################################################
# List of targets disabled for oss-fuzz.
declare -A disabled=()
# List of targets we want to fuzz in TLS and non-TLS mode.
declare -A tls_targets=([tls-client]=1 [tls-server]=1 [dtls-client]=1 [dtls-server]=1)
# Helper function that copies a fuzzer binary and its seed corpus.
copy_fuzzer()
{
local fuzzer=$1
local name=$2
# Copy the binary.
cp ../dist/Debug/bin/$fuzzer $OUT/$name
# Zip and copy the corpus, if any.
if [ -d "$SRC/nss-corpus/$name" ]; then
zip $OUT/${name}_seed_corpus.zip $SRC/nss-corpus/$name/*
fi
}
# Copy libFuzzer options
cp fuzz/options/*.options $OUT/
# Build the library (non-TLS fuzzing mode).
CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" \
./build.sh -c -v --fuzz=oss --fuzz --disable-tests
# Copy fuzzing targets.
for fuzzer in $(find ../dist/Debug/bin -name "nssfuzz-*" -printf "%f\n"); do
name=${fuzzer:8}
if [ -z "${disabled[$name]:-}" ]; then
[ -n "${tls_targets[$name]:-}" ] && name="${name}-no_fuzzer_mode"
copy_fuzzer $fuzzer $name
fi
done
# Build the library again (TLS fuzzing mode).
CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" \
./build.sh -c -v --fuzz=oss --fuzz=tls --disable-tests
# Copy dual mode targets in TLS mode.
for name in "${!tls_targets[@]}"; do
if [ -z "${disabled[$name]:-}" ]; then
copy_fuzzer nssfuzz-$name $name
fi
done
# Fuzz introspector picks up files in the out/Debug directory as fuzz
# targets, messing up the generated reports.
# To avoid this, we clear the build directory at the end. NSS libraries
# are statically linked to the fuzz targets.
rm -rf out/
|
