diff --git a/INSTALL b/INSTALL index a311970d9..1a763fe14 100644 --- a/INSTALL +++ b/INSTALL @@ -181,11 +181,25 @@ Compilation options: https://www.llvm.org/docs/LibFuzzer.html for details. The resulting binaries, beginning with "fuzz_" can be used to test sudo. This option is generally used in conjunction - with --enable-sanitizer. + with --enable-sanitizer. This option requires the clang + C compiler--it is not supported by gcc. This option should only be used for testing and not in a production environment. + --enable-fuzzer-engine=library + The library to use when linking fuzz targets instead of + LLVM's libFuzzer. It is intended to be set to the path to + an alternate fuzzing library, such as AFL++ or Honggfuzz. + + --enable-fuzzer-linker=command + An alternate linker command to use when building fuzz + targets, instead of clang. It may be necessary to set this + when using the --enable-fuzzer-engine option to link with + a fuzzer engine that requires C++ libraries. For oss-fuzz, + this option is used to cause fuzz targets to be linked with + clang++. + --disable-hardening Disable the use of compiler/linker exploit mitigation options which are enabled by default. This includes compiling with diff --git a/configure b/configure index 170e340b2..478a6bc6f 100755 --- a/configure +++ b/configure @@ -762,6 +762,8 @@ rundir logpath log_dir iolog_dir +FUZZ_LD +FUZZ_ENGINE PPFILES LIBLOGSRV LOGSRVD_CONF @@ -783,7 +785,6 @@ SSP_CFLAGS SSP_LDFLAGS PIE_CFLAGS PIE_LDFLAGS -FUZZ_LDFLAGS ASAN_CFLAGS ASAN_LDFLAGS CROSS_COMPILING @@ -1007,6 +1008,8 @@ enable_hardening enable_pie enable_sanitizer enable_fuzzer +enable_fuzzer_engine +enable_fuzzer_linker enable_leaks enable_poll enable_admin_flag @@ -1709,6 +1712,10 @@ Optional Features: --enable-pie Build sudo as a position independent executable. --enable-sanitizer Build sudo with sanitizer support. --enable-fuzzer Build sudo with LLVM libFuzzer support. + --enable-fuzzer-engine Link fuzz targets with the specified fuzzer engine + instead of the default. + --enable-fuzzer-linker Use the specified linker when building fuzz targets + instead of the default C compiler. --disable-leaks Prevent some harmless memory leaks. --disable-poll Use select() instead of poll(). --enable-admin-flag Whether to create a Ubuntu-style admin flag file @@ -3523,6 +3530,7 @@ printf "%s\n" "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + # @@ -3614,6 +3622,8 @@ INIT_DIR= RC_LINK= COMPAT_EXP= SIGNAME= +FUZZ_ENGINE= +FUZZ_LD='$(CC)' WEAK_ALIAS=no CHECKSHADOW=true shadow_funcs= @@ -6923,6 +6933,34 @@ else $as_nop fi +# Check whether --enable-fuzzer-engine was given. +if test ${enable_fuzzer_engine+y} +then : + enableval=$enable_fuzzer_engine; case "$enableval" in + yes) as_fn_error $? "\"must give --enable-fuzzer-engine an argument.\"" "$LINENO" 5 + ;; + no) ;; + *) FUZZ_ENGINE="$enableval" + ;; + esac + +fi + + +# Check whether --enable-fuzzer-linker was given. +if test ${enable_fuzzer_linker+y} +then : + enableval=$enable_fuzzer_linker; case "$enableval" in + yes) as_fn_error $? "\"must give --enable-fuzzer-linker an argument.\"" "$LINENO" 5 + ;; + no) ;; + *) FUZZ_LD="$enableval" + ;; + esac + +fi + + # Check whether --enable-leaks was given. if test ${enable_leaks+y} then : @@ -28609,39 +28647,9 @@ else $as_nop fi - -if test ${FUZZ_LDFLAGS+y} -then : - - case " $FUZZ_LDFLAGS " in #( - *" -fsanitize=fuzzer "*) : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : FUZZ_LDFLAGS already contains -fsanitize=fuzzer"; } >&5 - (: FUZZ_LDFLAGS already contains -fsanitize=fuzzer) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append FUZZ_LDFLAGS " -fsanitize=fuzzer" - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : FUZZ_LDFLAGS=\"\$FUZZ_LDFLAGS\""; } >&5 - (: FUZZ_LDFLAGS="$FUZZ_LDFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else $as_nop - - FUZZ_LDFLAGS=-fsanitize=fuzzer - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : FUZZ_LDFLAGS=\"\$FUZZ_LDFLAGS\""; } >&5 - (: FUZZ_LDFLAGS="$FUZZ_LDFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - + if test -z "$FUZZ_ENGINE"; then + FUZZ_ENGINE="-fsanitize=fuzzer" + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-omit-frame-pointer" >&5 printf %s "checking whether C compiler accepts -fno-omit-frame-pointer... " >&6; } if test ${ax_cv_check_cflags___fno_omit_frame_pointer+y} diff --git a/configure.ac b/configure.ac index 0fe5634e9..2697c9e35 100644 --- a/configure.ac +++ b/configure.ac @@ -101,7 +101,6 @@ AC_SUBST([SUDOERS_TEST_PROGS]) AC_SUBST([CROSS_COMPILING]) AC_SUBST([ASAN_LDFLAGS]) AC_SUBST([ASAN_CFLAGS]) -AC_SUBST([FUZZ_LDFLAGS]) AC_SUBST([PIE_LDFLAGS]) AC_SUBST([PIE_CFLAGS]) AC_SUBST([SSP_LDFLAGS]) @@ -123,6 +122,8 @@ AC_SUBST([LOGSRVD_SRC]) AC_SUBST([LOGSRVD_CONF]) AC_SUBST([LIBLOGSRV]) AC_SUBST([PPFILES]) +AC_SUBST([FUZZ_ENGINE]) +AC_SUBST([FUZZ_LD]) dnl dnl Variables that get substituted in docs (not overridden by environment) @@ -262,6 +263,8 @@ INIT_DIR= RC_LINK= COMPAT_EXP= SIGNAME= +FUZZ_ENGINE= +FUZZ_LD='$(CC)' dnl dnl Other variables dnl @@ -1534,6 +1537,28 @@ AC_ARG_ENABLE(fuzzer, [AS_HELP_STRING([--enable-fuzzer], [Build sudo with LLVM libFuzzer support.])], [], [enable_fuzzer=no]) +AC_ARG_ENABLE(fuzzer-engine, +[AS_HELP_STRING([--enable-fuzzer-engine], [Link fuzz targets with the specified fuzzer engine instead of the default.])], +[ case "$enableval" in + yes) AC_MSG_ERROR(["must give --enable-fuzzer-engine an argument."]) + ;; + no) ;; + *) FUZZ_ENGINE="$enableval" + ;; + esac +]) + +AC_ARG_ENABLE(fuzzer-linker, +[AS_HELP_STRING([--enable-fuzzer-linker], [Use the specified linker when building fuzz targets instead of the default C compiler.])], +[ case "$enableval" in + yes) AC_MSG_ERROR(["must give --enable-fuzzer-linker an argument."]) + ;; + no) ;; + *) FUZZ_LD="$enableval" + ;; + esac +]) + AC_ARG_ENABLE(leaks, [AS_HELP_STRING([--disable-leaks], [Prevent some harmless memory leaks.])], [ case "$enableval" in @@ -4569,7 +4594,9 @@ fi if test "$enable_fuzzer" = "yes"; then AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link], [ AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_CFLAGS]) - AX_APPEND_FLAG([-fsanitize=fuzzer], [FUZZ_LDFLAGS]) + if test -z "$FUZZ_ENGINE"; then + FUZZ_ENGINE="-fsanitize=fuzzer" + fi AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [ AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS]) ]) diff --git a/lib/iolog/Makefile.in b/lib/iolog/Makefile.in index 2f9dbf95d..6d64ca29c 100644 --- a/lib/iolog/Makefile.in +++ b/lib/iolog/Makefile.in @@ -81,9 +81,10 @@ TEST_LIBS = @LIBS@ TEST_LDFLAGS = @LDFLAGS@ # Fuzzers +LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ FUZZ_PROGS = fuzz_iolog_json fuzz_iolog_legacy fuzz_iolog_timing -FUZZ_LIBS = @LIBS@ -FUZZ_LDFLAGS = @LDFLAGS@ @FUZZ_LDFLAGS@ +FUZZ_LIBS = @LIBS@ $(LIB_FUZZING_ENGINE) +FUZZ_LDFLAGS = @LDFLAGS@ # Set to non-empty for development mode DEVEL = @DEVEL@ @@ -160,13 +161,13 @@ host_port_test: $(HOST_PORT_TEST_OBJS) libsudo_iolog.la $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(HOST_PORT_TEST_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS) fuzz_iolog_json: $(FUZZ_IOLOG_JSON_OBJS) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_IOLOG_JSON_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_JSON_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) fuzz_iolog_legacy: $(FUZZ_IOLOG_LEGACY_OBJS) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_IOLOG_LEGACY_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_LEGACY_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) fuzz_iolog_timing: $(FUZZ_IOLOG_TIMING_OBJS) libsudo_iolog.la - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_IOLOG_TIMING_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_IOLOG_TIMING_OBJS) libsudo_iolog.la $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) pre-install: diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 9b7bc4440..d659cc9ea 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -159,9 +159,10 @@ TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \ check_iolog_plugin check_starttime check_unesc @SUDOERS_TEST_PROGS@ # Fuzzers +LIB_FUZZING_ENGINE = @FUZZ_ENGINE@ FUZZ_PROGS = fuzz_sudoers fuzz_sudoers_ldif -FUZZ_LIBS = libparsesudoers.la $(LIBS) -FUZZ_LDFLAGS = @LDFLAGS@ @FUZZ_LDFLAGS@ +FUZZ_LIBS = libparsesudoers.la $(LIBS) $(LIB_FUZZING_ENGINE) +FUZZ_LDFLAGS = @LDFLAGS@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ @@ -347,10 +348,10 @@ check_symbols: $(CHECK_SYMBOLS_OBJS) $(LIBUTIL) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(CHECK_SYMBOLS_LDFLAGS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@ fuzz_sudoers: $(FUZZ_SUDOERS_OBJS) libparsesudoers.la $(LIBUTIL) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_SUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_SUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) fuzz_sudoers_ldif: $(FUZZ_SUDOERS_LDIF_OBJS) libparsesudoers.la $(LIBUTIL) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(FUZZ_SUDOERS_LDIF_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link @FUZZ_LD@ -o $@ $(FUZZ_SUDOERS_LDIF_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(FUZZ_LDFLAGS) $(FUZZ_LIBS) GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate.c