Issue 845891 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	jorgelo@chromium.org
Closed:	Jun 2018
Cc:	mmoroz@chromium.org
Components:	Tools>Stability>FuzzTarget
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	1
Type:	Feature
M-69

CrOS fuzzing: add a fuzzer for PermissionBroker

Project Member Reported by jorgelo@chromium.org, May 23 2018

Issue description

Start with something simple that we can use as an example for others.

Project Member

Comment 1 by bugdroid1@chromium.org, May 26 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/e27169d1dafe03ea92d86515e31aa284bcee5984

commit e27169d1dafe03ea92d86515e31aa284bcee5984
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Sat May 26 03:32:00 2018

permission_broker: Add Firewall fuzzer.

The firewall code in PermissionBroker doesn't do a lot of parsing, but
it is exposed to possibly untrusted input from Chrome. Besides, it's a
good example to show how to fuzz an API that does more than just
consume a |char*|.

Implement a simple fake that short-circuits the calls to real
executables. An obvious improvement would be to fail some of those
calls. Use FuzzedDataProvider to exercise the API, and open and close
ports.

BUG= chromium:845891 
TEST=Run the fuzzer.

Change-Id: I5c0ff8559c1c00e970e9949b11a0ed8cd5252c40
Reviewed-on: https://chromium-review.googlesource.com/1066574
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>

[add] https://crrev.com/e27169d1dafe03ea92d86515e31aa284bcee5984/permission_broker/firewall_fuzzer.cc
[modify] https://crrev.com/e27169d1dafe03ea92d86515e31aa284bcee5984/permission_broker/permission_broker.gyp

Project Member

Comment 2 by bugdroid1@chromium.org, May 30 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/b25191e1b405be3f73769484ac7d88ac93ca92ab

commit b25191e1b405be3f73769484ac7d88ac93ca92ab
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Wed May 30 19:50:44 2018

permission_broker: Install Firewall fuzzer.

BUG= chromium:845891 
TEST=Fuzzer gets installed and can be run.
CQ-DEPEND=CL:1066574

Change-Id: I0ae90e840fc2db81d93bb67d9af10b36fbe19731
Reviewed-on: https://chromium-review.googlesource.com/1072548
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

[modify] https://crrev.com/b25191e1b405be3f73769484ac7d88ac93ca92ab/virtual/chromium-os-fuzzers/chromium-os-fuzzers-1.ebuild
[modify] https://crrev.com/b25191e1b405be3f73769484ac7d88ac93ca92ab/chromeos-base/permission_broker/permission_broker-9999.ebuild
[rename] https://crrev.com/b25191e1b405be3f73769484ac7d88ac93ca92ab/virtual/chromium-os-fuzzers/chromium-os-fuzzers-1-r5.ebuild

Comment 3 by jorgelo@chromium.org, Jun 4 2018

Up and running: https://clusterfuzz.com/v2/performance-report/libFuzzer_chromeos_firewall_fuzzer/libfuzzer_asan_chromeos/latest

Comment 4 by jorgelo@chromium.org, Jun 4 2018

Status: Fixed (was: Started)

►

Issue 845891 link

Issue metadata

CrOS fuzzing: add a fuzzer for PermissionBroker

Issue description

Comment 1 by bugdroid1@chromium.org, May 26 2018

Comment 1 Deleted

Comment 2 by bugdroid1@chromium.org, May 30 2018

Comment 2 Deleted

Comment 3 by jorgelo@chromium.org, Jun 4 2018

Comment 3 Deleted

Comment 4 by jorgelo@chromium.org, Jun 4 2018

Comment 4 Deleted

Sign in to add a comment