/src/fluent-bit/tests/internal/fuzzers/aws_credentials_fuzzer.c

Source
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */

/*  Fluent Bit
 *  ==========
 *  Copyright (C) 2023 The Fluent Bit Authors
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

#include <stdint.h>
#include <string.h>
#include <fluent-bit.h>
#include <fluent-bit/flb_sds.h>
#include <fluent-bit/flb_aws_credentials.h>
#include <fluent-bit/flb_mem.h>
#include "flb_fuzz_header.h"

int initialization_crutch()
{
    struct flb_config *config;
    config = flb_config_init();
    if (config == NULL) {
        return -1;
    }
    flb_config_exit(config);
    return 0;
}


void fuzz_sts(const uint8_t *data, size_t size) {
    char *sks_response = get_null_terminated(150, &data, &size);

    struct flb_aws_credentials *creds;
    time_t expiration;

    creds = flb_parse_sts_resp(sks_response, &expiration);
    if (creds != NULL) {
        flb_aws_credentials_destroy(creds);
    }

    if (size > 300) {
        char *action = get_null_terminated(50, &data, &size);
        char *role_arn = get_null_terminated(50, &data, &size);
        char *session_name = get_null_terminated(50, &data, &size);
        char *external_id = get_null_terminated(50, &data, &size);
        char *identity_token = get_null_terminated(50, &data, &size);

        flb_sds_t s1 = flb_sts_uri(action, role_arn, session_name,
                                   external_id, identity_token);
        if (s1 != NULL) {
            flb_sds_destroy(s1);
        }

        flb_free(action);
        flb_free(role_arn);
        flb_free(session_name);
        flb_free(external_id);
        flb_free(identity_token);
    }

    if (sks_response != NULL) {
        flb_free(sks_response);
    }
}


void fuzz_http(const uint8_t *data, size_t size) {
    time_t expiration;
    struct flb_aws_credentials *creds = NULL;
    size_t response_len;

    response_len = (size > 250) ? 250 : size;
    char *response = get_null_terminated(response_len, &data, &size);
    if (response != NULL) {
        creds = flb_parse_http_credentials(response, strlen(response), &expiration);
        if (creds != NULL) {
            flb_aws_credentials_destroy(creds);
        }
        flb_free(response);
    }
}


void fuzz_process(const uint8_t *data, size_t size) {
    char** tokens = NULL;
    char *input = get_null_terminated(250, &data, &size);
    tokens = parse_credential_process(input);
    if (tokens != NULL) {
        flb_free(tokens);
    }
    flb_free(input);
}


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    /* Set flb_malloc_mod to be fuzzer-data dependent */
    if (size < 304) {
        return 0;
    }
    flb_malloc_p = 0;
    flb_malloc_mod = *(int*)data;
    data += 4;
    size -= 4;

    /* Avoid division by zero for modulo operations */
    if (flb_malloc_mod == 0) {
        flb_malloc_mod = 1;
    }
    if (initialization_crutch() == -1) {
        return 0;
    }

    const uint8_t *data_copy = data;
    size_t size_copy = size;
    fuzz_sts(data_copy, size_copy);

    data_copy = data;
    size_copy = size;
    fuzz_http(data_copy, size_copy);

    data_copy = data;
    size_copy = size;
    fuzz_process(data_copy, size_copy);

    return 0;
}

Line	Count	Source
1		/* -- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -- */
2
3		/* Fluent Bit
4		* ==========
5		* Copyright (C) 2023 The Fluent Bit Authors
6		*
7		* Licensed under the Apache License, Version 2.0 (the "License");
8		* you may not use this file except in compliance with the License.
9		* You may obtain a copy of the License at
10		*
11		* http://www.apache.org/licenses/LICENSE-2.0
12		*
13		* Unless required by applicable law or agreed to in writing, software
14		* distributed under the License is distributed on an "AS IS" BASIS,
15		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16		* See the License for the specific language governing permissions and
17		* limitations under the License.
18		*/
19
20		#include <stdint.h>
21		#include <string.h>
22		#include <fluent-bit.h>
23		#include <fluent-bit/flb_sds.h>
24		#include <fluent-bit/flb_aws_credentials.h>
25		#include <fluent-bit/flb_mem.h>
26		#include "flb_fuzz_header.h"
27
28		int initialization_crutch()
29	949	{
30	949	struct flb_config *config;
31	949	config = flb_config_init();
32	949	if (config == NULL) {
33	291	return -1;
34	291	}
35	658	flb_config_exit(config);
36	658	return 0;
37	949	}
38
39
40	377	void fuzz_sts(const uint8_t *data, size_t size) {
41	377	char *sks_response = get_null_terminated(150, &data, &size);
42
43	377	struct flb_aws_credentials *creds;
44	377	time_t expiration;
45
46	377	creds = flb_parse_sts_resp(sks_response, &expiration);
47	377	if (creds != NULL) {
48	2	flb_aws_credentials_destroy(creds);
49	2	}
50
51	377	if (size > 300) {
52	64	char *action = get_null_terminated(50, &data, &size);
53	64	char *role_arn = get_null_terminated(50, &data, &size);
54	64	char *session_name = get_null_terminated(50, &data, &size);
55	64	char *external_id = get_null_terminated(50, &data, &size);
56	64	char *identity_token = get_null_terminated(50, &data, &size);
57
58	64	flb_sds_t s1 = flb_sts_uri(action, role_arn, session_name,
59	64	external_id, identity_token);
60	64	if (s1 != NULL) {
61	63	flb_sds_destroy(s1);
62	63	}
63
64	64	flb_free(action);
65	64	flb_free(role_arn);
66	64	flb_free(session_name);
67	64	flb_free(external_id);
68	64	flb_free(identity_token);
69	64	}
70
71	377	if (sks_response != NULL) {
72	377	flb_free(sks_response);
73	377	}
74	377	}
75
76
77	377	void fuzz_http(const uint8_t *data, size_t size) {
78	377	time_t expiration;
79	377	struct flb_aws_credentials *creds = NULL;
80	377	size_t response_len;
81
82	377	response_len = (size > 250) ? 250 : size;
83	377	char *response = get_null_terminated(response_len, &data, &size);
84	377	if (response != NULL) {
85	377	creds = flb_parse_http_credentials(response, strlen(response), &expiration);
86	377	if (creds != NULL) {
87	7	flb_aws_credentials_destroy(creds);
88	7	}
89	377	flb_free(response);
90	377	}
91	377	}
92
93
94	377	void fuzz_process(const uint8_t *data, size_t size) {
95	377	char** tokens = NULL;
96	377	char *input = get_null_terminated(250, &data, &size);
97	377	tokens = parse_credential_process(input);
98	377	if (tokens != NULL) {
99	103	flb_free(tokens);
100	103	}
101	377	flb_free(input);
102	377	}
103
104
105		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
106	542	{
107		/* Set flb_malloc_mod to be fuzzer-data dependent */
108	542	if (size < 304) {
109	17	return 0;
110	17	}
111	525	flb_malloc_p = 0;
112	525	flb_malloc_mod = (int)data;
113	525	data += 4;
114	525	size -= 4;
115
116		/* Avoid division by zero for modulo operations */
117	525	if (flb_malloc_mod == 0) {
118	2	flb_malloc_mod = 1;
119	2	}
120	525	if (initialization_crutch() == -1) {
121	148	return 0;
122	148	}
123
124	377	const uint8_t *data_copy = data;
125	377	size_t size_copy = size;
126	377	fuzz_sts(data_copy, size_copy);
127
128	377	data_copy = data;
129	377	size_copy = size;
130	377	fuzz_http(data_copy, size_copy);
131
132	377	data_copy = data;
133	377	size_copy = size;
134	377	fuzz_process(data_copy, size_copy);
135
136	377	return 0;
137	525	}

Coverage Report

Created: 2026-01-21 07:06