ssl_server_fuzzer.cc
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include <grpc/grpc.h>
20 #include <grpc/grpc_security.h>
21 #include <grpc/support/log.h>
22 
23 #include "src/core/lib/iomgr/load_file.h"
24 #include "src/core/lib/security/credentials/credentials.h"
25 #include "src/core/lib/security/security_connector/security_connector.h"
26 #include "test/core/util/mock_endpoint.h"
27 
28 #define CA_CERT_PATH "src/core/tsi/test_creds/ca.pem"
29 #define SERVER_CERT_PATH "src/core/tsi/test_creds/server1.pem"
30 #define SERVER_KEY_PATH "src/core/tsi/test_creds/server1.key"
31 
32 bool squelch = true;
33 // ssl has an array of global gpr_mu's that are never released.
34 // Turning this on will fail the leak check.
35 bool leak_check = false;
36 
37 static void discard_write(grpc_slice /*slice*/) {}
38 
39 static void dont_log(gpr_log_func_args* /*args*/) {}
40 
41 struct handshake_state {
42  bool done_callback_called;
43 };
44 
45 static void on_handshake_done(void* arg, grpc_error_handle error) {
46  grpc_core::HandshakerArgs* args =
47  static_cast<grpc_core::HandshakerArgs*>(arg);
48  struct handshake_state* state =
49  static_cast<struct handshake_state*>(args->user_data);
50  GPR_ASSERT(state->done_callback_called == false);
51  state->done_callback_called = true;
52  // The fuzzer should not pass the handshake.
53  GPR_ASSERT(!GRPC_ERROR_IS_NONE(error));
54 }
55 
56 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
57  if (squelch) gpr_set_log_function(dont_log);
58  grpc_init();
59  {
60  grpc_core::ExecCtx exec_ctx;
61 
62  grpc_endpoint* mock_endpoint = grpc_mock_endpoint_create(discard_write);
63 
64  grpc_mock_endpoint_put_read(
65  mock_endpoint, grpc_slice_from_copied_buffer((const char*)data, size));
66 
67  // Load key pair and establish server SSL credentials.
68  grpc_slice ca_slice, cert_slice, key_slice;
69  GPR_ASSERT(GRPC_LOG_IF_ERROR("load_file",
70  grpc_load_file(CA_CERT_PATH, 1, &ca_slice)));
71  GPR_ASSERT(GRPC_LOG_IF_ERROR(
72  "load_file", grpc_load_file(SERVER_CERT_PATH, 1, &cert_slice)));
73  GPR_ASSERT(GRPC_LOG_IF_ERROR(
74  "load_file", grpc_load_file(SERVER_KEY_PATH, 1, &key_slice)));
75  const char* ca_cert =
76  reinterpret_cast<const char*> GRPC_SLICE_START_PTR(ca_slice);
77  const char* server_cert =
78  reinterpret_cast<const char*> GRPC_SLICE_START_PTR(cert_slice);
79  const char* server_key =
80  reinterpret_cast<const char*> GRPC_SLICE_START_PTR(key_slice);
81  grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {server_key, server_cert};
82  grpc_server_credentials* creds = grpc_ssl_server_credentials_create(
83  ca_cert, &pem_key_cert_pair, 1, 0, nullptr);
84  grpc_slice_unref(cert_slice);
85  grpc_slice_unref(key_slice);
86  grpc_slice_unref(ca_slice);
87 
88  // Create security connector
89  grpc_core::RefCountedPtr<grpc_server_security_connector> sc =
90  creds->create_security_connector(nullptr);
91  GPR_ASSERT(sc != nullptr);
92  grpc_core::Timestamp deadline =
93  grpc_core::Duration::Seconds(1) + grpc_core::ExecCtx::Get()->Now();
94 
95  struct handshake_state state;
96  state.done_callback_called = false;
97  auto handshake_mgr =
98  grpc_core::MakeRefCounted<grpc_core::HandshakeManager>();
99  sc->add_handshakers(nullptr, nullptr, handshake_mgr.get());
100  handshake_mgr->DoHandshake(mock_endpoint, nullptr /* channel_args */,
101  deadline, nullptr /* acceptor */,
102  on_handshake_done, &state);
103  grpc_core::ExecCtx::Get()->Flush();
104 
105  // If the given string happens to be part of the correct client hello, the
106  // server will wait for more data. Explicitly fail the server by shutting
107  // down the endpoint.
108  if (!state.done_callback_called) {
109  grpc_endpoint_shutdown(
110  mock_endpoint,
111  GRPC_ERROR_CREATE_FROM_STATIC_STRING("Explicit close"));
112  grpc_core::ExecCtx::Get()->Flush();
113  }
114  GPR_ASSERT(state.done_callback_called);
115 
116  sc.reset(DEBUG_LOCATION, "test");
117  grpc_server_credentials_release(creds);
118  grpc_core::ExecCtx::Get()->Flush();
119  }
120 
121  grpc_shutdown();
122  return 0;
123 }
grpc_mock_endpoint_put_read
void grpc_mock_endpoint_put_read(grpc_endpoint *ep, grpc_slice slice)
Definition: mock_endpoint.cc:128
grpc_slice_unref
GPRAPI void grpc_slice_unref(grpc_slice s)
Definition: slice_api.cc:32
mock_endpoint
Definition: mock_endpoint.cc:32
leak_check
bool leak_check
Definition: ssl_server_fuzzer.cc:35
log.h
grpc_load_file
grpc_error_handle grpc_load_file(const char *filename, int add_null_terminator, grpc_slice *output)
Definition: load_file.cc:33
load_file.h
grpc_server_security_connector::add_handshakers
virtual void add_handshakers(const grpc_channel_args *args, grpc_pollset_set *interested_parties, grpc_core::HandshakeManager *handshake_mgr)=0
grpc_core::RefCountedPtr::reset
void reset(T *value=nullptr)
Definition: ref_counted_ptr.h:111
grpc_core::Timestamp
Definition: src/core/lib/gprpp/time.h:62
error
grpc_error_handle error
Definition: retry_filter.cc:499
GRPC_LOG_IF_ERROR
#define GRPC_LOG_IF_ERROR(what, error)
Definition: error.h:398
grpc_security.h
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
credentials.h
handshake_state::done_callback_called
bool done_callback_called
Definition: ssl_server_fuzzer.cc:42
gen_build_yaml.struct
def struct(**kwargs)
Definition: test/core/end2end/gen_build_yaml.py:30
gpr_log_func_args
Definition: include/grpc/impl/codegen/log.h:77
DEBUG_LOCATION
#define DEBUG_LOCATION
Definition: debug_location.h:41
SERVER_KEY_PATH
#define SERVER_KEY_PATH
Definition: ssl_server_fuzzer.cc:30
asyncio_get_stats.args
args
Definition: asyncio_get_stats.py:40
grpc_core::RefCountedPtr
Definition: ref_counted_ptr.h:35
GPR_ASSERT
#define GPR_ASSERT(x)
Definition: include/grpc/impl/codegen/log.h:94
squelch
bool squelch
Definition: ssl_server_fuzzer.cc:32
grpc_ssl_server_credentials_create
GRPCAPI grpc_server_credentials * grpc_ssl_server_credentials_create(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved)
Definition: ssl_credentials.cc:319
grpc_server_credentials_release
GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds)
Definition: credentials.cc:95
grpc_core::ExecCtx::Flush
bool Flush()
Definition: exec_ctx.cc:69
grpc.h
security_connector.h
GRPC_SLICE_START_PTR
#define GRPC_SLICE_START_PTR(slice)
Definition: include/grpc/impl/codegen/slice.h:101
arg
Definition: cmdline.cc:40
grpc_slice
Definition: include/grpc/impl/codegen/slice.h:65
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Definition: ssl_server_fuzzer.cc:56
grpc_endpoint_shutdown
void grpc_endpoint_shutdown(grpc_endpoint *ep, grpc_error_handle why)
Definition: endpoint.cc:49
data
char data[kBufferLength]
Definition: abseil-cpp/absl/strings/internal/str_format/float_conversion.cc:1006
CA_CERT_PATH
#define CA_CERT_PATH
Definition: ssl_server_fuzzer.cc:28
grpc_server_credentials::create_security_connector
virtual grpc_core::RefCountedPtr< grpc_server_security_connector > create_security_connector(const grpc_channel_args *args)=0
grpc_core::ExecCtx
Definition: exec_ctx.h:97
SERVER_CERT_PATH
#define SERVER_CERT_PATH
Definition: ssl_server_fuzzer.cc:29
GRPC_ERROR_CREATE_FROM_STATIC_STRING
#define GRPC_ERROR_CREATE_FROM_STATIC_STRING(desc)
Definition: error.h:291
grpc_server_credentials
Definition: src/core/lib/security/credentials/credentials.h:259
grpc_slice_from_copied_buffer
GPRAPI grpc_slice grpc_slice_from_copied_buffer(const char *source, size_t len)
Definition: slice/slice.cc:170
exec_ctx
grpc_core::ExecCtx exec_ctx
Definition: end2end_binder_transport_test.cc:75
discard_write
static void discard_write(grpc_slice)
Definition: ssl_server_fuzzer.cc:37
mock_endpoint.h
grpc_core::Duration::Seconds
static constexpr Duration Seconds(int64_t seconds)
Definition: src/core/lib/gprpp/time.h:151
handshake_state
Definition: ssl_server_fuzzer.cc:41
arg
struct arg arg
state
Definition: bloaty/third_party/zlib/contrib/blast/blast.c:41
grpc_mock_endpoint_create
grpc_endpoint * grpc_mock_endpoint_create(void(*on_write)(grpc_slice slice))
Definition: mock_endpoint.cc:118
grpc_core::HandshakerArgs
Definition: handshaker.h:64
grpc_core::ExecCtx::Now
Timestamp Now()
Definition: exec_ctx.cc:90
gpr_set_log_function
GPRAPI void gpr_set_log_function(gpr_log_func func)
Definition: log.cc:143
grpc_init
GRPCAPI void grpc_init(void)
Definition: init.cc:146
grpc_error
Definition: error_internal.h:42
size
voidpf void uLong size
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:136
dont_log
static void dont_log(gpr_log_func_args *)
Definition: ssl_server_fuzzer.cc:39
grpc_endpoint
Definition: endpoint.h:105
grpc_shutdown
GRPCAPI void grpc_shutdown(void)
Definition: init.cc:209
grpc_ssl_pem_key_cert_pair
Definition: grpc_security.h:173
on_handshake_done
static void on_handshake_done(void *arg, grpc_error_handle error)
Definition: ssl_server_fuzzer.cc:45
grpc_core::ExecCtx::Get
static ExecCtx * Get()
Definition: exec_ctx.h:205
GRPC_ERROR_IS_NONE
#define GRPC_ERROR_IS_NONE(err)
Definition: error.h:241

grpc
Author(s):
autogenerated on Thu Mar 13 2025 03:01:21