Skip to content

Commit 2605fba

Browse files
wiktor-kwiktor-k
authored
Merge pull request #38 from wiktor-k/add-fuzzing
Add fuzzing setup for `Message::decode`
2 parents cee1b09 + 00d7997 commit 2605fba

File tree

6 files changed

+105
-0
lines changed

6 files changed

+105
-0
lines changed

Cargo.lock

Lines changed: 39 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,9 @@ keywords = ["ssh", "agent", "authentication", "openssh", "async"]
1515
categories = ["authentication", "cryptography", "encoding", "network-programming", "parsing"]
1616
exclude = [".github"]
1717

18+
[workspace]
19+
members = [".", "fuzz"]
20+
1821
[dependencies]
1922
byteorder = "1.4.3"
2023
async-trait = { version = "0.1.77", optional = true }

fuzz/.gitignore

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
target
2+
corpus
3+
artifacts
4+
coverage

fuzz/Cargo.toml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
[package]
2+
name = "ssh-agent-lib-fuzz"
3+
version = "0.0.0"
4+
publish = false
5+
edition = "2021"
6+
7+
[package.metadata]
8+
cargo-fuzz = true
9+
10+
[dependencies]
11+
libfuzzer-sys = "0.4"
12+
ssh-encoding = "0.2.0"
13+
14+
[dependencies.ssh-agent-lib]
15+
path = ".."
16+
17+
[[bin]]
18+
name = "message_decode"
19+
path = "fuzz_targets/message_decode.rs"
20+
test = false
21+
doc = false
22+
bench = false

fuzz/README.md

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
# Fuzzing
2+
3+
This directory contains fuzzing targets for ssh-agent-lib.
4+
5+
## Setup
6+
7+
Install [`cargo-fuzz`](https://crates.io/crates/cargo-fuzz):
8+
9+
```sh
10+
cargo install --locked cargo-fuzz
11+
```
12+
13+
## Running
14+
15+
Select a target from the list printed by `cargo fuzz list` e.g. `message_decode`:
16+
17+
```sh
18+
cargo +nightly fuzz run message_decode
19+
```
20+
21+
Options that can be added to the `fuzz run` command:
22+
23+
- `--jobs N` - increase parallelism,
24+
- `--sanitizer none` - disable sanitizer since ssh-agent-lib does not use any `unsafe` blocks,
25+
26+
Note that due to a limitation of cargo-fuzz nightly version of the toolchain is required.
27+
28+
For more details see [Fuzzing with cargo-fuzz](https://rust-fuzz.github.io/book/cargo-fuzz.html) or the [more detailed explanation of fuzzing output](https://github.com/rust-fuzz/cargo-fuzz/issues/72#issuecomment-284448618) in a `cargo-fuzz` comment.

fuzz/fuzz_targets/message_decode.rs

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
#![no_main]
2+
3+
use libfuzzer_sys::fuzz_target;
4+
use ssh_agent_lib::proto::message::Message;
5+
use ssh_encoding::Decode;
6+
7+
fuzz_target!(|data: &[u8]| {
8+
let _ = Message::decode(&mut &data[..]);
9+
});

0 commit comments

Comments
 (0)