VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/fuzz/fuzzmastercmd.cpp@ 88446

Last change on this file since 88446 was 82968, checked in by vboxsync, 5 years ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 70.3 KB
Line 
1/* $Id: fuzzmastercmd.cpp 82968 2020-02-04 10:35:17Z vboxsync $ */
2/** @file
3 * IPRT - Fuzzing framework API, master command.
4 */
5
6/*
7 * Copyright (C) 2018-2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27
28/*********************************************************************************************************************************
29* Header Files *
30*********************************************************************************************************************************/
31#include <iprt/fuzz.h>
32#include "internal/iprt.h"
33
34#include <iprt/asm.h>
35#include <iprt/assert.h>
36#include <iprt/base64.h>
37#include <iprt/buildconfig.h>
38#include <iprt/ctype.h>
39#include <iprt/env.h>
40#include <iprt/err.h>
41#include <iprt/file.h>
42#include <iprt/getopt.h>
43#include <iprt/json.h>
44#include <iprt/list.h>
45#include <iprt/mem.h>
46#include <iprt/message.h>
47#include <iprt/path.h>
48#include <iprt/process.h>
49#include <iprt/stream.h>
50#include <iprt/string.h>
51#include <iprt/tcp.h>
52#include <iprt/thread.h>
53#include <iprt/time.h>
54#include <iprt/vfs.h>
55#include <iprt/zip.h>
56
57
58/**
59 * A running fuzzer state.
60 */
61typedef struct RTFUZZRUN
62{
63 /** List node. */
64 RTLISTNODE NdFuzzed;
65 /** Identifier. */
66 char *pszId;
67 /** Number of processes. */
68 uint32_t cProcs;
69 /** Target recorder flags. */
70 uint32_t fTgtRecFlags;
71 /** The fuzzing observer state handle. */
72 RTFUZZOBS hFuzzObs;
73 /** Flag whether fuzzing was started. */
74 bool fStarted;
75 /** Time when this run was created. */
76 RTTIME TimeCreated;
77 /** Millisecond timestamp when the run was created. */
78 uint64_t tsCreatedMs;
79} RTFUZZRUN;
80/** Pointer to a running fuzzer state. */
81typedef RTFUZZRUN *PRTFUZZRUN;
82
83
84/**
85 * Fuzzing master command state.
86 */
87typedef struct RTFUZZCMDMASTER
88{
89 /** List of running fuzzers. */
90 RTLISTANCHOR LstFuzzed;
91 /** The port to listen on. */
92 uint16_t uPort;
93 /** The TCP server for requests. */
94 PRTTCPSERVER hTcpSrv;
95 /** The root temp directory. */
96 const char *pszTmpDir;
97 /** The root results directory. */
98 const char *pszResultsDir;
99 /** Flag whether to shutdown. */
100 bool fShutdown;
101 /** The response message. */
102 char *pszResponse;
103} RTFUZZCMDMASTER;
104/** Pointer to a fuzzing master command state. */
105typedef RTFUZZCMDMASTER *PRTFUZZCMDMASTER;
106
107
108/**
109 * Wrapper around RTErrInfoSetV / RTMsgErrorV.
110 *
111 * @returns @a rc
112 * @param pErrInfo Extended error info.
113 * @param rc The return code.
114 * @param pszFormat The message format.
115 * @param ... The message format arguments.
116 */
117static int rtFuzzCmdMasterErrorRc(PRTERRINFO pErrInfo, int rc, const char *pszFormat, ...)
118{
119 va_list va;
120 va_start(va, pszFormat);
121 if (pErrInfo)
122 RTErrInfoSetV(pErrInfo, rc, pszFormat, va);
123 else
124 RTMsgErrorV(pszFormat, va);
125 va_end(va);
126 return rc;
127}
128
129
130/**
131 * Returns a running fuzzer state by the given ID.
132 *
133 * @returns Pointer to the running fuzzer state or NULL if not found.
134 * @param pThis The fuzzing master command state.
135 * @param pszId The ID to look for.
136 */
137static PRTFUZZRUN rtFuzzCmdMasterGetFuzzerById(PRTFUZZCMDMASTER pThis, const char *pszId)
138{
139 PRTFUZZRUN pIt = NULL;
140 RTListForEach(&pThis->LstFuzzed, pIt, RTFUZZRUN, NdFuzzed)
141 {
142 if (!RTStrCmp(pIt->pszId, pszId))
143 return pIt;
144 }
145
146 return NULL;
147}
148
149
150#if 0 /* unused */
151/**
152 * Processes and returns the value of the given config item in the JSON request.
153 *
154 * @returns IPRT status code.
155 * @param ppszStr Where to store the pointer to the string on success.
156 * @param pszCfgItem The config item to resolve.
157 * @param hJsonCfg The JSON object containing the item.
158 * @param pErrInfo Where to store the error information on failure, optional.
159 */
160static int rtFuzzCmdMasterFuzzRunProcessCfgString(char **ppszStr, const char *pszCfgItem, RTJSONVAL hJsonCfg, PRTERRINFO pErrInfo)
161{
162 int rc = RTJsonValueQueryStringByName(hJsonCfg, pszCfgItem, ppszStr);
163 if (RT_FAILURE(rc))
164 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query string value of \"%s\"", pszCfgItem);
165
166 return rc;
167}
168
169
170/**
171 * Processes and returns the value of the given config item in the JSON request.
172 *
173 * @returns IPRT status code.
174 * @param pfVal Where to store the config value on success.
175 * @param pszCfgItem The config item to resolve.
176 * @param hJsonCfg The JSON object containing the item.
177 * @param pErrInfo Where to store the error information on failure, optional.
178 */
179static int rtFuzzCmdMasterFuzzRunProcessCfgBool(bool *pfVal, const char *pszCfgItem, RTJSONVAL hJsonCfg, PRTERRINFO pErrInfo)
180{
181 int rc = RTJsonValueQueryBooleanByName(hJsonCfg, pszCfgItem, pfVal);
182 if (RT_FAILURE(rc))
183 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query boolean value of \"%s\"", pszCfgItem);
184
185 return rc;
186}
187
188
189/**
190 * Processes and returns the value of the given config item in the JSON request.
191 *
192 * @returns IPRT status code.
193 * @param pfVal Where to store the config value on success.
194 * @param pszCfgItem The config item to resolve.
195 * @param hJsonCfg The JSON object containing the item.
196 * @param fDef Default value if the item wasn't found.
197 * @param pErrInfo Where to store the error information on failure, optional.
198 */
199static int rtFuzzCmdMasterFuzzRunProcessCfgBoolDef(bool *pfVal, const char *pszCfgItem, RTJSONVAL hJsonCfg, bool fDef, PRTERRINFO pErrInfo)
200{
201 int rc = RTJsonValueQueryBooleanByName(hJsonCfg, pszCfgItem, pfVal);
202 if (rc == VERR_NOT_FOUND)
203 {
204 *pfVal = fDef;
205 rc = VINF_SUCCESS;
206 }
207 else if (RT_FAILURE(rc))
208 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query boolean value of \"%s\"", pszCfgItem);
209
210 return rc;
211}
212#endif
213
214
215/**
216 * Processes and returns the value of the given config item in the JSON request.
217 *
218 * @returns IPRT status code.
219 * @param pcbVal Where to store the config value on success.
220 * @param pszCfgItem The config item to resolve.
221 * @param hJsonCfg The JSON object containing the item.
222 * @param cbDef Default value if the item wasn't found.
223 * @param pErrInfo Where to store the error information on failure, optional.
224 */
225static int rtFuzzCmdMasterFuzzRunProcessCfgSizeDef(size_t *pcbVal, const char *pszCfgItem, RTJSONVAL hJsonCfg, size_t cbDef, PRTERRINFO pErrInfo)
226{
227 *pcbVal = cbDef; /* Make GCC 6.3.0 happy. */
228
229 int64_t i64Val = 0;
230 int rc = RTJsonValueQueryIntegerByName(hJsonCfg, pszCfgItem, &i64Val);
231 if (rc == VERR_NOT_FOUND)
232 rc = VINF_SUCCESS;
233 else if (RT_FAILURE(rc))
234 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query size_t value of \"%s\"", pszCfgItem);
235 else if (i64Val < 0 || (size_t)i64Val != (uint64_t)i64Val)
236 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_OUT_OF_RANGE, "JSON request malformed: Integer \"%s\" is out of range", pszCfgItem);
237 else
238 *pcbVal = (size_t)i64Val;
239
240 return rc;
241}
242
243
244/**
245 * Processes and returns the value of the given config item in the JSON request.
246 *
247 * @returns IPRT status code.
248 * @param pcbVal Where to store the config value on success.
249 * @param pszCfgItem The config item to resolve.
250 * @param hJsonCfg The JSON object containing the item.
251 * @param cbDef Default value if the item wasn't found.
252 * @param pErrInfo Where to store the error information on failure, optional.
253 */
254static int rtFuzzCmdMasterFuzzRunProcessCfgU32Def(uint32_t *pu32Val, const char *pszCfgItem, RTJSONVAL hJsonCfg, uint32_t u32Def, PRTERRINFO pErrInfo)
255{
256 int64_t i64Val = 0;
257 int rc = RTJsonValueQueryIntegerByName(hJsonCfg, pszCfgItem, &i64Val);
258 if (rc == VERR_NOT_FOUND)
259 {
260 *pu32Val = u32Def;
261 rc = VINF_SUCCESS;
262 }
263 else if (RT_FAILURE(rc))
264 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query uint32_t value of \"%s\"", pszCfgItem);
265 else if (i64Val < 0 || (uint32_t)i64Val != (uint64_t)i64Val)
266 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_OUT_OF_RANGE, "JSON request malformed: Integer \"%s\" is out of range", pszCfgItem);
267 else
268 *pu32Val = (uint32_t)i64Val;
269
270 return rc;
271}
272
273
274/**
275 * Returns the configured input channel for the binary under test.
276 *
277 * @returns Selected input channel or RTFUZZOBSINPUTCHAN_INVALID if an error occurred.
278 * @param pszCfgItem The config item to resolve.
279 * @param hJsonCfg The JSON object containing the item.
280 * @param enmChanDef Default value if the item wasn't found.
281 * @param pErrInfo Where to store the error information on failure, optional.
282 */
283static RTFUZZOBSINPUTCHAN rtFuzzCmdMasterFuzzRunProcessCfgGetInputChan(const char *pszCfgItem, RTJSONVAL hJsonCfg, RTFUZZOBSINPUTCHAN enmChanDef, PRTERRINFO pErrInfo)
284{
285 RTFUZZOBSINPUTCHAN enmInputChan = RTFUZZOBSINPUTCHAN_INVALID;
286
287 RTJSONVAL hJsonVal;
288 int rc = RTJsonValueQueryByName(hJsonCfg, pszCfgItem, &hJsonVal);
289 if (rc == VERR_NOT_FOUND)
290 enmInputChan = enmChanDef;
291 else if (RT_SUCCESS(rc))
292 {
293 const char *pszBinary = RTJsonValueGetString(hJsonVal);
294 if (pszBinary)
295 {
296 if (!RTStrCmp(pszBinary, "File"))
297 enmInputChan = RTFUZZOBSINPUTCHAN_FILE;
298 else if (!RTStrCmp(pszBinary, "Stdin"))
299 enmInputChan = RTFUZZOBSINPUTCHAN_STDIN;
300 else if (!RTStrCmp(pszBinary, "FuzzingAware"))
301 enmInputChan = RTFUZZOBSINPUTCHAN_FUZZING_AWARE_CLIENT;
302 else
303 rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_PARAMETER, "JSON request malformed: \"%s\" for \"%s\" is not known", pszCfgItem, pszBinary);
304 }
305 else
306 rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: \"%s\" is not a string", pszCfgItem);
307
308 RTJsonValueRelease(hJsonVal);
309 }
310 else
311 rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query \"%s\"", pszCfgItem);
312
313 return enmInputChan;
314}
315
316
317/**
318 * Processes binary related configs for the given fuzzing run.
319 *
320 * @returns IPRT status code.
321 * @param pFuzzRun The fuzzing run.
322 * @param hJsonRoot The root node of the JSON request.
323 * @param pErrInfo Where to store the error information on failure, optional.
324 */
325static int rtFuzzCmdMasterFuzzRunProcessBinaryCfg(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
326{
327 RTJSONVAL hJsonVal;
328 int rc = RTJsonValueQueryByName(hJsonRoot, "BinaryPath", &hJsonVal);
329 if (RT_SUCCESS(rc))
330 {
331 const char *pszBinary = RTJsonValueGetString(hJsonVal);
332 if (RT_LIKELY(pszBinary))
333 {
334 RTFUZZOBSINPUTCHAN enmInputChan = rtFuzzCmdMasterFuzzRunProcessCfgGetInputChan("InputChannel", hJsonRoot, RTFUZZOBSINPUTCHAN_STDIN, pErrInfo);
335 if (enmInputChan != RTFUZZOBSINPUTCHAN_INVALID)
336 {
337 rc = RTFuzzObsSetTestBinary(pFuzzRun->hFuzzObs, pszBinary, enmInputChan);
338 if (RT_FAILURE(rc))
339 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Failed to add the binary path for the fuzzing run");
340 }
341 }
342 else
343 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: \"BinaryPath\" is not a string");
344 RTJsonValueRelease(hJsonVal);
345 }
346 else
347 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query value of \"BinaryPath\"");
348
349 return rc;
350}
351
352
353/**
354 * Processes argument related configs for the given fuzzing run.
355 *
356 * @returns IPRT status code.
357 * @param pFuzzRun The fuzzing run.
358 * @param hJsonRoot The root node of the JSON request.
359 * @param pErrInfo Where to store the error information on failure, optional.
360 */
361static int rtFuzzCmdMasterFuzzRunProcessArgCfg(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
362{
363 RTJSONVAL hJsonValArgArray;
364 int rc = RTJsonValueQueryByName(hJsonRoot, "Arguments", &hJsonValArgArray);
365 if (RT_SUCCESS(rc))
366 {
367 unsigned cArgs = 0;
368 rc = RTJsonValueQueryArraySize(hJsonValArgArray, &cArgs);
369 if (RT_SUCCESS(rc))
370 {
371 if (cArgs > 0)
372 {
373 const char **papszArgs = (const char **)RTMemAllocZ(cArgs * sizeof(const char *));
374 RTJSONVAL *pahJsonVal = (RTJSONVAL *)RTMemAllocZ(cArgs * sizeof(RTJSONVAL));
375 if (RT_LIKELY(papszArgs && pahJsonVal))
376 {
377 unsigned idx = 0;
378
379 for (idx = 0; idx < cArgs && RT_SUCCESS(rc); idx++)
380 {
381 rc = RTJsonValueQueryByIndex(hJsonValArgArray, idx, &pahJsonVal[idx]);
382 if (RT_SUCCESS(rc))
383 {
384 papszArgs[idx] = RTJsonValueGetString(pahJsonVal[idx]);
385 if (RT_UNLIKELY(!papszArgs[idx]))
386 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Argument %u is not a string", idx);
387 }
388 }
389
390 if (RT_SUCCESS(rc))
391 {
392 rc = RTFuzzObsSetTestBinaryArgs(pFuzzRun->hFuzzObs, papszArgs, cArgs);
393 if (RT_FAILURE(rc))
394 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Failed to set arguments for the fuzzing run");
395 }
396
397 /* Release queried values. */
398 while (idx > 0)
399 {
400 RTJsonValueRelease(pahJsonVal[idx - 1]);
401 idx--;
402 }
403 }
404 else
405 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NO_MEMORY, "Out of memory allocating memory for the argument vector");
406
407 if (papszArgs)
408 RTMemFree(papszArgs);
409 if (pahJsonVal)
410 RTMemFree(pahJsonVal);
411 }
412 }
413 else
414 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: \"Arguments\" is not an array");
415 RTJsonValueRelease(hJsonValArgArray);
416 }
417
418 return rc;
419}
420
421
422/**
423 * Processes process environment related configs for the given fuzzing run.
424 *
425 * @returns IPRT status code.
426 * @param pFuzzRun The fuzzing run.
427 * @param hJsonRoot The root node of the JSON request.
428 * @param pErrInfo Where to store the error information on failure, optional.
429 */
430static int rtFuzzCmdMasterFuzzRunProcessEnvironment(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
431{
432 RTJSONVAL hJsonValEnv;
433 int rc = RTJsonValueQueryByName(hJsonRoot, "Env", &hJsonValEnv);
434 if (RT_SUCCESS(rc))
435 {
436 bool fReplaceEnv = false; /* false means to append everything to the default block. */
437
438 rc = RTJsonValueQueryBooleanByName(hJsonRoot, "EnvReplace", &fReplaceEnv);
439 if ( RT_SUCCESS(rc)
440 || rc == VERR_NOT_FOUND)
441 {
442 RTJSONIT hEnvIt;
443 RTENV hEnv = NULL;
444
445 if (fReplaceEnv)
446 rc = RTEnvCreate(&hEnv);
447 else
448 rc = RTEnvClone(&hEnv, RTENV_DEFAULT);
449
450 if (RT_SUCCESS(rc))
451 {
452 rc = RTJsonIteratorBeginArray(hJsonValEnv, &hEnvIt);
453 if (RT_SUCCESS(rc))
454 {
455 do
456 {
457 RTJSONVAL hVal;
458 rc = RTJsonIteratorQueryValue(hEnvIt, &hVal, NULL);
459 if (RT_SUCCESS(rc))
460 {
461 const char *pszVar = RTJsonValueGetString(hVal);
462 if (RT_LIKELY(pszVar))
463 rc = RTEnvPutEx(hEnv, pszVar);
464 RTJsonValueRelease(hVal);
465 }
466 rc = RTJsonIteratorNext(hEnvIt);
467 } while (RT_SUCCESS(rc));
468
469 if ( rc == VERR_JSON_IS_EMPTY
470 || rc == VERR_JSON_ITERATOR_END)
471 rc = VINF_SUCCESS;
472 else
473 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to parse environment");
474
475 RTJsonIteratorFree(hEnvIt);
476 }
477 else if (rc == VERR_JSON_IS_EMPTY)
478 rc = VINF_SUCCESS;
479 else
480 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: \"Environment\" is not an array");
481
482 if (RT_SUCCESS(rc))
483 {
484 rc = RTFuzzObsSetTestBinaryEnv(pFuzzRun->hFuzzObs, hEnv);
485 AssertRC(rc);
486 }
487 else if (hEnv)
488 RTEnvDestroy(hEnv);
489 }
490 else
491 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to create environment block");
492 }
493 else
494 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query \"EnvReplace\"");
495
496 RTJsonValueRelease(hJsonValEnv);
497 }
498 else if (rc == VERR_NOT_FOUND)
499 rc = VINF_SUCCESS; /* Just keep using the default environment. */
500 else
501 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query the \"Environment\"");
502
503 return rc;
504}
505
506
507/**
508 * Processes process environment related configs for the given fuzzing run.
509 *
510 * @returns IPRT status code.
511 * @param pFuzzRun The fuzzing run.
512 * @param hJsonRoot The root node of the JSON request.
513 * @param pErrInfo Where to store the error information on failure, optional.
514 */
515static int rtFuzzCmdMasterFuzzRunProcessSanitizers(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
516{
517 RTJSONVAL hJsonValSan;
518 int rc = RTJsonValueQueryByName(hJsonRoot, "Sanitizers", &hJsonValSan);
519 if (RT_SUCCESS(rc))
520 {
521 uint32_t fSanitizers = 0;
522 RTJSONIT hSanIt;
523 rc = RTJsonIteratorBeginArray(hJsonValSan, &hSanIt);
524 if (RT_SUCCESS(rc))
525 {
526 do
527 {
528 RTJSONVAL hVal;
529 rc = RTJsonIteratorQueryValue(hSanIt, &hVal, NULL);
530 if (RT_SUCCESS(rc))
531 {
532 const char *pszSan = RTJsonValueGetString(hVal);
533 if (!RTStrICmp(pszSan, "Asan"))
534 fSanitizers |= RTFUZZOBS_SANITIZER_F_ASAN;
535 else if (!RTStrICmp(pszSan, "SanCov"))
536 fSanitizers |= RTFUZZOBS_SANITIZER_F_SANCOV;
537 else
538 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NOT_FOUND, "JSON request malformed: The sanitizer '%s' is not known", pszSan);
539 RTJsonValueRelease(hVal);
540 }
541 rc = RTJsonIteratorNext(hSanIt);
542 } while (RT_SUCCESS(rc));
543
544 if ( rc == VERR_JSON_IS_EMPTY
545 || rc == VERR_JSON_ITERATOR_END)
546 rc = VINF_SUCCESS;
547 else
548 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to parse sanitizers");
549
550 RTJsonIteratorFree(hSanIt);
551 }
552 else if (rc == VERR_JSON_IS_EMPTY)
553 rc = VINF_SUCCESS;
554 else
555 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: \"Sanitizers\" is not an array");
556
557 if (RT_SUCCESS(rc))
558 {
559 rc = RTFuzzObsSetTestBinarySanitizers(pFuzzRun->hFuzzObs, fSanitizers);
560 AssertRC(rc);
561 }
562
563 RTJsonValueRelease(hJsonValSan);
564 }
565 else if (rc == VERR_NOT_FOUND)
566 rc = VINF_SUCCESS; /* Just keep using the defaults. */
567 else
568 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query the \"Sanitizers\"");
569
570 return rc;
571}
572
573
574/**
575 * Processes the given seed and adds it to the input corpus.
576 *
577 * @returns IPRT status code.
578 * @param hFuzzCtx The fuzzing context handle.
579 * @param pszCompression Compression used for the seed.
580 * @param pszSeed The seed as a base64 encoded string.
581 * @param pErrInfo Where to store the error information on failure, optional.
582 */
583static int rtFuzzCmdMasterFuzzRunProcessSeed(RTFUZZCTX hFuzzCtx, const char *pszCompression, const char *pszSeed, PRTERRINFO pErrInfo)
584{
585 int rc = VINF_SUCCESS;
586 ssize_t cbSeedDecoded = RTBase64DecodedSize(pszSeed, NULL);
587 if (cbSeedDecoded > 0)
588 {
589 uint8_t *pbSeedDecoded = (uint8_t *)RTMemAllocZ(cbSeedDecoded);
590 if (RT_LIKELY(pbSeedDecoded))
591 {
592 rc = RTBase64Decode(pszSeed, pbSeedDecoded, cbSeedDecoded, NULL, NULL);
593 if (RT_SUCCESS(rc))
594 {
595 /* Decompress if applicable. */
596 if (!RTStrICmp(pszCompression, "None"))
597 rc = RTFuzzCtxCorpusInputAdd(hFuzzCtx, pbSeedDecoded, cbSeedDecoded);
598 else
599 {
600 RTVFSIOSTREAM hVfsIosSeed;
601 rc = RTVfsIoStrmFromBuffer(RTFILE_O_READ, pbSeedDecoded, cbSeedDecoded, &hVfsIosSeed);
602 if (RT_SUCCESS(rc))
603 {
604 RTVFSIOSTREAM hVfsDecomp = NIL_RTVFSIOSTREAM;
605
606 if (!RTStrICmp(pszCompression, "Gzip"))
607 rc = RTZipGzipDecompressIoStream(hVfsIosSeed, RTZIPGZIPDECOMP_F_ALLOW_ZLIB_HDR, &hVfsDecomp);
608 else
609 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Request error: Compression \"%s\" is not known", pszCompression);
610
611 if (RT_SUCCESS(rc))
612 {
613 RTVFSFILE hVfsFile;
614 rc = RTVfsMemFileCreate(hVfsDecomp, 2 * _1M, &hVfsFile);
615 if (RT_SUCCESS(rc))
616 {
617 rc = RTVfsFileSeek(hVfsFile, 0, RTFILE_SEEK_BEGIN, NULL);
618 if (RT_SUCCESS(rc))
619 {
620 /* The VFS file contains the buffer for the seed now. */
621 rc = RTFuzzCtxCorpusInputAddFromVfsFile(hFuzzCtx, hVfsFile);
622 if (RT_FAILURE(rc))
623 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to add input seed");
624 RTVfsFileRelease(hVfsFile);
625 }
626 else
627 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Request error: Failed to seek to the beginning of the seed");
628 }
629 else
630 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Request error: Failed to decompress input seed");
631
632 RTVfsIoStrmRelease(hVfsDecomp);
633 }
634
635 RTVfsIoStrmRelease(hVfsIosSeed);
636 }
637 else
638 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to create I/O stream from seed buffer");
639 }
640 }
641 else
642 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to decode the seed string");
643
644 RTMemFree(pbSeedDecoded);
645 }
646 else
647 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NO_MEMORY, "Request error: Failed to allocate %zd bytes of memory for the seed", cbSeedDecoded);
648 }
649 else
650 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: Couldn't find \"Seed\" doesn't contain a base64 encoded value");
651
652 return rc;
653}
654
655
656/**
657 * Processes a signle input seed for the given fuzzing run.
658 *
659 * @returns IPRT status code.
660 * @param pFuzzRun The fuzzing run.
661 * @param hJsonSeed The seed node of the JSON request.
662 * @param pErrInfo Where to store the error information on failure, optional.
663 */
664static int rtFuzzCmdMasterFuzzRunProcessInputSeedSingle(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonSeed, PRTERRINFO pErrInfo)
665{
666 RTFUZZCTX hFuzzCtx;
667 int rc = RTFuzzObsQueryCtx(pFuzzRun->hFuzzObs, &hFuzzCtx);
668 if (RT_SUCCESS(rc))
669 {
670 RTJSONVAL hJsonValComp;
671 rc = RTJsonValueQueryByName(hJsonSeed, "Compression", &hJsonValComp);
672 if (RT_SUCCESS(rc))
673 {
674 const char *pszCompression = RTJsonValueGetString(hJsonValComp);
675 if (RT_LIKELY(pszCompression))
676 {
677 RTJSONVAL hJsonValSeed;
678 rc = RTJsonValueQueryByName(hJsonSeed, "Seed", &hJsonValSeed);
679 if (RT_SUCCESS(rc))
680 {
681 const char *pszSeed = RTJsonValueGetString(hJsonValSeed);
682 if (RT_LIKELY(pszSeed))
683 rc = rtFuzzCmdMasterFuzzRunProcessSeed(hFuzzCtx, pszCompression, pszSeed, pErrInfo);
684 else
685 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: \"Seed\" value is not a string");
686
687 RTJsonValueRelease(hJsonValSeed);
688 }
689 else
690 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"Seed\" value");
691 }
692 else
693 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: \"Compression\" value is not a string");
694
695 RTJsonValueRelease(hJsonValComp);
696 }
697 else
698 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"Compression\" value");
699
700 RTFuzzCtxRelease(hFuzzCtx);
701 }
702 else
703 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Failed to query fuzzing context from observer");
704
705 return rc;
706}
707
708
709/**
710 * Processes the given seed file and adds it to the input corpus.
711 *
712 * @returns IPRT status code.
713 * @param hFuzzCtx The fuzzing context handle.
714 * @param pszCompression Compression used for the seed.
715 * @param pszSeed The seed as a base64 encoded string.
716 * @param pErrInfo Where to store the error information on failure, optional.
717 */
718static int rtFuzzCmdMasterFuzzRunProcessSeedFile(RTFUZZCTX hFuzzCtx, const char *pszCompression, const char *pszFile, PRTERRINFO pErrInfo)
719{
720 int rc = VINF_SUCCESS;
721
722 /* Decompress if applicable. */
723 if (!RTStrICmp(pszCompression, "None"))
724 rc = RTFuzzCtxCorpusInputAddFromFile(hFuzzCtx, pszFile);
725 else
726 {
727 RTVFSIOSTREAM hVfsIosSeed;
728 rc = RTVfsIoStrmOpenNormal(pszFile, RTFILE_O_OPEN | RTFILE_O_READ, &hVfsIosSeed);
729 if (RT_SUCCESS(rc))
730 {
731 RTVFSIOSTREAM hVfsDecomp = NIL_RTVFSIOSTREAM;
732
733 if (!RTStrICmp(pszCompression, "Gzip"))
734 rc = RTZipGzipDecompressIoStream(hVfsIosSeed, RTZIPGZIPDECOMP_F_ALLOW_ZLIB_HDR, &hVfsDecomp);
735 else
736 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Request error: Compression \"%s\" is not known", pszCompression);
737
738 if (RT_SUCCESS(rc))
739 {
740 RTVFSFILE hVfsFile;
741 rc = RTVfsMemFileCreate(hVfsDecomp, 2 * _1M, &hVfsFile);
742 if (RT_SUCCESS(rc))
743 {
744 rc = RTVfsFileSeek(hVfsFile, 0, RTFILE_SEEK_BEGIN, NULL);
745 if (RT_SUCCESS(rc))
746 {
747 /* The VFS file contains the buffer for the seed now. */
748 rc = RTFuzzCtxCorpusInputAddFromVfsFile(hFuzzCtx, hVfsFile);
749 if (RT_FAILURE(rc))
750 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to add input seed");
751 RTVfsFileRelease(hVfsFile);
752 }
753 else
754 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Request error: Failed to seek to the beginning of the seed");
755 }
756 else
757 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "Request error: Failed to decompress input seed");
758
759 RTVfsIoStrmRelease(hVfsDecomp);
760 }
761
762 RTVfsIoStrmRelease(hVfsIosSeed);
763 }
764 else
765 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to create I/O stream from seed buffer");
766 }
767
768 return rc;
769}
770
771
772/**
773 * Processes a signle input seed given as a file path for the given fuzzing run.
774 *
775 * @returns IPRT status code.
776 * @param pFuzzRun The fuzzing run.
777 * @param hJsonSeed The seed node of the JSON request.
778 * @param pErrInfo Where to store the error information on failure, optional.
779 */
780static int rtFuzzCmdMasterFuzzRunProcessInputSeedFileSingle(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonSeed, PRTERRINFO pErrInfo)
781{
782 RTFUZZCTX hFuzzCtx;
783 int rc = RTFuzzObsQueryCtx(pFuzzRun->hFuzzObs, &hFuzzCtx);
784 if (RT_SUCCESS(rc))
785 {
786 RTJSONVAL hJsonValComp;
787 rc = RTJsonValueQueryByName(hJsonSeed, "Compression", &hJsonValComp);
788 if (RT_SUCCESS(rc))
789 {
790 const char *pszCompression = RTJsonValueGetString(hJsonValComp);
791 if (RT_LIKELY(pszCompression))
792 {
793 RTJSONVAL hJsonValFile;
794 rc = RTJsonValueQueryByName(hJsonSeed, "File", &hJsonValFile);
795 if (RT_SUCCESS(rc))
796 {
797 const char *pszFile = RTJsonValueGetString(hJsonValFile);
798 if (RT_LIKELY(pszFile))
799 rc = rtFuzzCmdMasterFuzzRunProcessSeedFile(hFuzzCtx, pszCompression, pszFile, pErrInfo);
800 else
801 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: \"File\" value is not a string");
802
803 RTJsonValueRelease(hJsonValFile);
804 }
805 else
806 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"File\" value");
807 }
808 else
809 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_INVALID_STATE, "JSON request malformed: \"Compression\" value is not a string");
810
811 RTJsonValueRelease(hJsonValComp);
812 }
813 else
814 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"Compression\" value");
815
816 RTFuzzCtxRelease(hFuzzCtx);
817 }
818 else
819 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Failed to query fuzzing context from observer");
820
821 return rc;
822}
823
824
825/**
826 * Processes input seed related configs for the given fuzzing run.
827 *
828 * @returns IPRT status code.
829 * @param pFuzzRun The fuzzing run.
830 * @param hJsonRoot The root node of the JSON request.
831 * @param pErrInfo Where to store the error information on failure, optional.
832 */
833static int rtFuzzCmdMasterFuzzRunProcessInputSeeds(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
834{
835 RTJSONVAL hJsonValSeedArray;
836 int rc = RTJsonValueQueryByName(hJsonRoot, "InputSeeds", &hJsonValSeedArray);
837 if (RT_SUCCESS(rc))
838 {
839 RTJSONIT hIt;
840 rc = RTJsonIteratorBegin(hJsonValSeedArray, &hIt);
841 if (RT_SUCCESS(rc))
842 {
843 RTJSONVAL hJsonInpSeed;
844 while ( RT_SUCCESS(rc)
845 && RTJsonIteratorQueryValue(hIt, &hJsonInpSeed, NULL) != VERR_JSON_ITERATOR_END)
846 {
847 rc = rtFuzzCmdMasterFuzzRunProcessInputSeedSingle(pFuzzRun, hJsonInpSeed, pErrInfo);
848 RTJsonValueRelease(hJsonInpSeed);
849 if (RT_FAILURE(rc))
850 break;
851 rc = RTJsonIteratorNext(hIt);
852 }
853
854 if (rc == VERR_JSON_ITERATOR_END)
855 rc = VINF_SUCCESS;
856 }
857 else
858 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to create array iterator");
859
860 RTJsonValueRelease(hJsonValSeedArray);
861 }
862 else if (rc == VERR_NOT_FOUND)
863 rc = VINF_SUCCESS;
864
865 if (RT_SUCCESS(rc))
866 {
867 rc = RTJsonValueQueryByName(hJsonRoot, "InputSeedFiles", &hJsonValSeedArray);
868 if (RT_SUCCESS(rc))
869 {
870 RTJSONIT hIt;
871 rc = RTJsonIteratorBegin(hJsonValSeedArray, &hIt);
872 if (RT_SUCCESS(rc))
873 {
874 RTJSONVAL hJsonInpSeed;
875 while ( RT_SUCCESS(rc)
876 && RTJsonIteratorQueryValue(hIt, &hJsonInpSeed, NULL) != VERR_JSON_ITERATOR_END)
877 {
878 rc = rtFuzzCmdMasterFuzzRunProcessInputSeedFileSingle(pFuzzRun, hJsonInpSeed, pErrInfo);
879 RTJsonValueRelease(hJsonInpSeed);
880 if (RT_FAILURE(rc))
881 break;
882 rc = RTJsonIteratorNext(hIt);
883 }
884
885 if (rc == VERR_JSON_ITERATOR_END)
886 rc = VINF_SUCCESS;
887 }
888 else
889 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to create array iterator");
890
891 RTJsonValueRelease(hJsonValSeedArray);
892 }
893 else if (rc == VERR_NOT_FOUND)
894 rc = VINF_SUCCESS;
895 }
896
897 return rc;
898}
899
900
901/**
902 * Processes miscellaneous config items.
903 *
904 * @returns IPRT status code.
905 * @param pFuzzRun The fuzzing run.
906 * @param hJsonRoot The root node of the JSON request.
907 * @param pErrInfo Where to store the error information on failure, optional.
908 */
909static int rtFuzzCmdMasterFuzzRunProcessMiscCfg(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
910{
911 size_t cbTmp;
912 int rc = rtFuzzCmdMasterFuzzRunProcessCfgSizeDef(&cbTmp, "InputSeedMax", hJsonRoot, 0, pErrInfo);
913 if (RT_SUCCESS(rc))
914 {
915 RTFUZZCTX hFuzzCtx;
916 rc = RTFuzzObsQueryCtx(pFuzzRun->hFuzzObs, &hFuzzCtx);
917 AssertRC(rc);
918
919 rc = RTFuzzCtxCfgSetInputSeedMaximum(hFuzzCtx, cbTmp);
920 if (RT_FAILURE(rc))
921 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to set maximum input seed size to %zu", cbTmp);
922 }
923
924 if (RT_SUCCESS(rc))
925 rc = rtFuzzCmdMasterFuzzRunProcessCfgU32Def(&pFuzzRun->cProcs, "FuzzingProcs", hJsonRoot, 0, pErrInfo);
926 if (RT_SUCCESS(rc))
927 {
928 uint32_t msTimeoutMax = 0;
929 rc = rtFuzzCmdMasterFuzzRunProcessCfgU32Def(&msTimeoutMax, "TimeoutMax", hJsonRoot, 1000, pErrInfo);
930 if (RT_SUCCESS(rc))
931 rc = RTFuzzObsSetTestBinaryTimeout(pFuzzRun->hFuzzObs, msTimeoutMax);
932 }
933
934 return rc;
935}
936
937
938/**
939 * Processes target recording related configs for the given fuzzing run.
940 *
941 * @returns IPRT status code.
942 * @param pFuzzRun The fuzzing run.
943 * @param hJsonRoot The root node of the JSON request.
944 * @param pErrInfo Where to store the error information on failure, optional.
945 */
946static int rtFuzzCmdMasterFuzzRunProcessTgtRecFlags(PRTFUZZRUN pFuzzRun, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
947{
948 RTJSONVAL hJsonValTgt;
949 int rc = RTJsonValueQueryByName(hJsonRoot, "TgtRec", &hJsonValTgt);
950 if (RT_SUCCESS(rc))
951 {
952 uint32_t fTgtRecFlags = 0;
953 RTJSONIT hTgtIt;
954 rc = RTJsonIteratorBeginArray(hJsonValTgt, &hTgtIt);
955 if (RT_SUCCESS(rc))
956 {
957 do
958 {
959 RTJSONVAL hVal;
960 rc = RTJsonIteratorQueryValue(hTgtIt, &hVal, NULL);
961 if (RT_SUCCESS(rc))
962 {
963 const char *pszTgtRec = RTJsonValueGetString(hVal);
964 if (!RTStrICmp(pszTgtRec, "StdOut"))
965 fTgtRecFlags |= RTFUZZTGT_REC_STATE_F_STDOUT;
966 else if (!RTStrICmp(pszTgtRec, "StdErr"))
967 fTgtRecFlags |= RTFUZZTGT_REC_STATE_F_STDERR;
968 else if (!RTStrICmp(pszTgtRec, "ProcSts"))
969 fTgtRecFlags |= RTFUZZTGT_REC_STATE_F_PROCSTATUS;
970 else if (!RTStrICmp(pszTgtRec, "SanCov"))
971 fTgtRecFlags |= RTFUZZTGT_REC_STATE_F_SANCOV;
972 else
973 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NOT_FOUND, "JSON request malformed: The recording flags '%s' is not known", pszTgtRec);
974 RTJsonValueRelease(hVal);
975 }
976 rc = RTJsonIteratorNext(hTgtIt);
977 } while (RT_SUCCESS(rc));
978
979 if ( rc == VERR_JSON_IS_EMPTY
980 || rc == VERR_JSON_ITERATOR_END)
981 rc = VINF_SUCCESS;
982 else
983 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to parse target recording flags");
984
985 RTJsonIteratorFree(hTgtIt);
986 }
987 else if (rc == VERR_JSON_IS_EMPTY)
988 rc = VINF_SUCCESS;
989 else
990 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: \"TgtRec\" is not an array");
991
992 pFuzzRun->fTgtRecFlags = fTgtRecFlags;
993
994 RTJsonValueRelease(hJsonValTgt);
995 }
996 else if (rc == VERR_NOT_FOUND)
997 {
998 pFuzzRun->fTgtRecFlags = RTFUZZTGT_REC_STATE_F_PROCSTATUS;
999 rc = VINF_SUCCESS; /* Just keep using the defaults. */
1000 }
1001 else
1002 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Failed to query \"TgtRec\"");
1003
1004 return rc;
1005}
1006
1007
1008/**
1009 * Sets up the directories for the given fuzzing run.
1010 *
1011 * @returns IPRT status code.
1012 * @param pThis The fuzzing master command state.
1013 * @param pFuzzRun The fuzzing run to setup the directories for.
1014 * @param pErrInfo Where to store the error information on failure, optional.
1015 */
1016static int rtFuzzCmdMasterFuzzRunSetupDirectories(PRTFUZZCMDMASTER pThis, PRTFUZZRUN pFuzzRun, PRTERRINFO pErrInfo)
1017{
1018 /* Create temp directories. */
1019 char szTmpDir[RTPATH_MAX];
1020 int rc = RTPathJoin(&szTmpDir[0], sizeof(szTmpDir), pThis->pszTmpDir, pFuzzRun->pszId);
1021 AssertRC(rc);
1022 rc = RTDirCreate(szTmpDir, 0700, RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_SET
1023 | RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL);
1024 if (rc == VERR_ALREADY_EXISTS)
1025 {
1026 /* Clear the directory. */
1027 rc = RTDirRemoveRecursive(szTmpDir, RTDIRRMREC_F_CONTENT_ONLY);
1028 }
1029
1030 if (RT_SUCCESS(rc))
1031 {
1032 rc = RTFuzzObsSetTmpDirectory(pFuzzRun->hFuzzObs, szTmpDir);
1033 if (RT_SUCCESS(rc))
1034 {
1035 rc = RTPathJoin(&szTmpDir[0], sizeof(szTmpDir), pThis->pszResultsDir, pFuzzRun->pszId);
1036 AssertRC(rc);
1037 rc = RTDirCreate(szTmpDir, 0700, RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_SET
1038 | RTDIRCREATE_FLAGS_NOT_CONTENT_INDEXED_NOT_CRITICAL);
1039 if (RT_SUCCESS(rc) || rc == VERR_ALREADY_EXISTS)
1040 {
1041 rc = RTFuzzObsSetResultDirectory(pFuzzRun->hFuzzObs, szTmpDir);
1042 if (RT_FAILURE(rc))
1043 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to set results directory to %s", szTmpDir);
1044 }
1045 else
1046 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to create results directory %s", szTmpDir);
1047 }
1048 else
1049 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to set temporary directory to %s", szTmpDir);
1050 }
1051 else
1052 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to create temporary directory %s", szTmpDir);
1053
1054 return rc;
1055}
1056
1057
1058/**
1059 * Creates a new fuzzing run with the given ID.
1060 *
1061 * @returns IPRT status code.
1062 * @param pThis The fuzzing master command state.
1063 * @param pszId The ID to use.
1064 * @param hJsonRoot The root node of the JSON request.
1065 * @param pErrInfo Where to store the error information on failure, optional.
1066 */
1067static int rtFuzzCmdMasterCreateFuzzRunWithId(PRTFUZZCMDMASTER pThis, const char *pszId, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1068{
1069 int rc = VINF_SUCCESS;
1070 PRTFUZZRUN pFuzzRun = (PRTFUZZRUN)RTMemAllocZ(sizeof(*pFuzzRun));
1071 if (RT_LIKELY(pFuzzRun))
1072 {
1073 pFuzzRun->pszId = RTStrDup(pszId);
1074 if (RT_LIKELY(pFuzzRun->pszId))
1075 {
1076 rc = rtFuzzCmdMasterFuzzRunProcessTgtRecFlags(pFuzzRun, hJsonRoot, pErrInfo);
1077 if (RT_SUCCESS(rc))
1078 {
1079 rc = RTFuzzObsCreate(&pFuzzRun->hFuzzObs, RTFUZZCTXTYPE_BLOB, pFuzzRun->fTgtRecFlags);
1080 if (RT_SUCCESS(rc))
1081 {
1082 rc = rtFuzzCmdMasterFuzzRunProcessBinaryCfg(pFuzzRun, hJsonRoot, pErrInfo);
1083 if (RT_SUCCESS(rc))
1084 rc = rtFuzzCmdMasterFuzzRunProcessArgCfg(pFuzzRun, hJsonRoot, pErrInfo);
1085 if (RT_SUCCESS(rc))
1086 rc = rtFuzzCmdMasterFuzzRunProcessEnvironment(pFuzzRun, hJsonRoot, pErrInfo);
1087 if (RT_SUCCESS(rc))
1088 rc = rtFuzzCmdMasterFuzzRunProcessInputSeeds(pFuzzRun, hJsonRoot, pErrInfo);
1089 if (RT_SUCCESS(rc))
1090 rc = rtFuzzCmdMasterFuzzRunProcessMiscCfg(pFuzzRun, hJsonRoot, pErrInfo);
1091 if (RT_SUCCESS(rc))
1092 rc = rtFuzzCmdMasterFuzzRunProcessSanitizers(pFuzzRun, hJsonRoot, pErrInfo);
1093 if (RT_SUCCESS(rc))
1094 rc = rtFuzzCmdMasterFuzzRunSetupDirectories(pThis, pFuzzRun, pErrInfo);
1095
1096 if (RT_SUCCESS(rc))
1097 {
1098 /* Start fuzzing. */
1099 RTListAppend(&pThis->LstFuzzed, &pFuzzRun->NdFuzzed);
1100 rc = RTFuzzObsExecStart(pFuzzRun->hFuzzObs, pFuzzRun->cProcs);
1101 if (RT_SUCCESS(rc))
1102 {
1103 RTTIMESPEC TimeSpec;
1104 RTTimeNow(&TimeSpec);
1105 RTTimeLocalExplode(&pFuzzRun->TimeCreated, &TimeSpec);
1106 pFuzzRun->tsCreatedMs = RTTimeMilliTS();
1107 pFuzzRun->fStarted = true;
1108 }
1109 else
1110 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to start fuzzing with %Rrc", rc);
1111 }
1112 }
1113 }
1114 }
1115 else
1116 rc = VERR_NO_STR_MEMORY;
1117 }
1118 else
1119 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NO_MEMORY, "Request error: Out of memory allocating the fuzzer state");
1120
1121 return rc;
1122}
1123
1124
1125/**
1126 * Resolves the fuzzing run from the given ID config item and the given JSON request.
1127 *
1128 * @returns IPRT status code.
1129 * @param pThis The fuzzing master command state.
1130 * @param hJsonRoot The root node of the JSON request.
1131 * @param pszIdItem The JSON item which contains the ID of the fuzzing run.
1132 * @param ppFuzzRun Where to store the pointer to the fuzzing run on success.
1133 */
1134static int rtFuzzCmdMasterQueryFuzzRunFromJson(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, const char *pszIdItem, PRTERRINFO pErrInfo,
1135 PRTFUZZRUN *ppFuzzRun)
1136{
1137 RTJSONVAL hJsonValId;
1138 int rc = RTJsonValueQueryByName(hJsonRoot, pszIdItem, &hJsonValId);
1139 if (RT_SUCCESS(rc))
1140 {
1141 const char *pszId = RTJsonValueGetString(hJsonValId);
1142 if (pszId)
1143 {
1144 PRTFUZZRUN pFuzzRun = rtFuzzCmdMasterGetFuzzerById(pThis, pszId);
1145 if (pFuzzRun)
1146 *ppFuzzRun = pFuzzRun;
1147 else
1148 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NOT_FOUND, "Request error: The ID \"%s\" wasn't found", pszId);
1149 }
1150 else
1151 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_JSON_VALUE_INVALID_TYPE, "JSON request malformed: \"Id\" is not a string value");
1152
1153 RTJsonValueRelease(hJsonValId);
1154 }
1155 else
1156 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"Id\" value");
1157 return rc;
1158}
1159
1160
1161/**
1162 * Processes the "StartFuzzing" request.
1163 *
1164 * @returns IPRT status code.
1165 * @param pThis The fuzzing master command state.
1166 * @param hJsonRoot The root node of the JSON request.
1167 * @param pErrInfo Where to store the error information on failure, optional.
1168 */
1169static int rtFuzzCmdMasterProcessJsonReqStart(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1170{
1171 RTJSONVAL hJsonValId;
1172 int rc = RTJsonValueQueryByName(hJsonRoot, "Id", &hJsonValId);
1173 if (RT_SUCCESS(rc))
1174 {
1175 const char *pszId = RTJsonValueGetString(hJsonValId);
1176 if (pszId)
1177 {
1178 PRTFUZZRUN pFuzzRun = rtFuzzCmdMasterGetFuzzerById(pThis, pszId);
1179 if (!pFuzzRun)
1180 rc = rtFuzzCmdMasterCreateFuzzRunWithId(pThis, pszId, hJsonRoot, pErrInfo);
1181 else
1182 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_ALREADY_EXISTS, "Request error: The ID \"%s\" is already registered", pszId);
1183 }
1184 else
1185 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_JSON_VALUE_INVALID_TYPE, "JSON request malformed: \"Id\" is not a string value");
1186
1187 RTJsonValueRelease(hJsonValId);
1188 }
1189 else
1190 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"Id\" value");
1191 return rc;
1192}
1193
1194
1195/**
1196 * Processes the "StopFuzzing" request.
1197 *
1198 * @returns IPRT status code.
1199 * @param pThis The fuzzing master command state.
1200 * @param hJsonValRoot The root node of the JSON request.
1201 * @param pErrInfo Where to store the error information on failure, optional.
1202 */
1203static int rtFuzzCmdMasterProcessJsonReqStop(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1204{
1205 PRTFUZZRUN pFuzzRun;
1206 int rc = rtFuzzCmdMasterQueryFuzzRunFromJson(pThis, hJsonRoot, "Id", pErrInfo, &pFuzzRun);
1207 if (RT_SUCCESS(rc))
1208 {
1209 RTListNodeRemove(&pFuzzRun->NdFuzzed);
1210 RTFuzzObsExecStop(pFuzzRun->hFuzzObs);
1211 RTFuzzObsDestroy(pFuzzRun->hFuzzObs);
1212 RTStrFree(pFuzzRun->pszId);
1213 RTMemFree(pFuzzRun);
1214 }
1215
1216 return rc;
1217}
1218
1219
1220/**
1221 * Processes the "SuspendFuzzing" request.
1222 *
1223 * @returns IPRT status code.
1224 * @param pThis The fuzzing master command state.
1225 * @param hJsonValRoot The root node of the JSON request.
1226 * @param pErrInfo Where to store the error information on failure, optional.
1227 */
1228static int rtFuzzCmdMasterProcessJsonReqSuspend(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1229{
1230 PRTFUZZRUN pFuzzRun;
1231 int rc = rtFuzzCmdMasterQueryFuzzRunFromJson(pThis, hJsonRoot, "Id", pErrInfo, &pFuzzRun);
1232 if (RT_SUCCESS(rc))
1233 {
1234 if (pFuzzRun->fStarted)
1235 {
1236 rc = RTFuzzObsExecStop(pFuzzRun->hFuzzObs);
1237 if (RT_SUCCESS(rc))
1238 pFuzzRun->fStarted = false;
1239 else
1240 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Suspending the fuzzing process failed");
1241 }
1242 }
1243
1244 return rc;
1245}
1246
1247
1248/**
1249 * Processes the "ResumeFuzzing" request.
1250 *
1251 * @returns IPRT status code.
1252 * @param pThis The fuzzing master command state.
1253 * @param hJsonValRoot The root node of the JSON request.
1254 * @param pErrInfo Where to store the error information on failure, optional.
1255 */
1256static int rtFuzzCmdMasterProcessJsonReqResume(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1257{
1258 PRTFUZZRUN pFuzzRun;
1259 int rc = rtFuzzCmdMasterQueryFuzzRunFromJson(pThis, hJsonRoot, "Id", pErrInfo, &pFuzzRun);
1260 if (RT_SUCCESS(rc))
1261 {
1262 if (!pFuzzRun->fStarted)
1263 {
1264 rc = rtFuzzCmdMasterFuzzRunProcessCfgU32Def(&pFuzzRun->cProcs, "FuzzingProcs", hJsonRoot, pFuzzRun->cProcs, pErrInfo);
1265 if (RT_SUCCESS(rc))
1266 {
1267 rc = RTFuzzObsExecStart(pFuzzRun->hFuzzObs, pFuzzRun->cProcs);
1268 if (RT_SUCCESS(rc))
1269 pFuzzRun->fStarted = true;
1270 else
1271 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Resuming the fuzzing process failed");
1272 }
1273 }
1274 }
1275
1276 return rc;
1277}
1278
1279
1280/**
1281 * Processes the "SaveFuzzingState" request.
1282 *
1283 * @returns IPRT status code.
1284 * @param pThis The fuzzing master command state.
1285 * @param hJsonValRoot The root node of the JSON request.
1286 * @param pErrInfo Where to store the error information on failure, optional.
1287 */
1288static int rtFuzzCmdMasterProcessJsonReqSaveState(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1289{
1290 PRTFUZZRUN pFuzzRun;
1291 int rc = rtFuzzCmdMasterQueryFuzzRunFromJson(pThis, hJsonRoot, "Id", pErrInfo, &pFuzzRun);
1292 if (RT_SUCCESS(rc))
1293 {
1294 /* Suspend fuzzing, save and resume if not stopped. */
1295 if (pFuzzRun->fStarted)
1296 {
1297 rc = RTFuzzObsExecStop(pFuzzRun->hFuzzObs);
1298 if (RT_FAILURE(rc))
1299 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Suspending the fuzzing process failed");
1300 }
1301
1302 if (RT_SUCCESS(rc))
1303 {
1304 RTFUZZCTX hFuzzCtx;
1305 rc = RTFuzzObsQueryCtx(pFuzzRun->hFuzzObs, &hFuzzCtx);
1306 AssertRC(rc);
1307
1308 void *pvState = NULL;
1309 size_t cbState = 0;
1310 rc = RTFuzzCtxStateExportToMem(hFuzzCtx, &pvState, &cbState);
1311 if (RT_SUCCESS(rc))
1312 {
1313 /* Encode to base64. */
1314 size_t cbStateStr = RTBase64EncodedLength(cbState) + 1;
1315 char *pszState = (char *)RTMemAllocZ(cbStateStr);
1316 if (pszState)
1317 {
1318 rc = RTBase64Encode(pvState, cbState, pszState, cbStateStr, &cbStateStr);
1319 if (RT_SUCCESS(rc))
1320 {
1321 /* Strip all new lines from the srting. */
1322 size_t offStr = 0;
1323 while (offStr < cbStateStr)
1324 {
1325#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)
1326 char *pszEol = strchr(&pszState[offStr], '\r');
1327#else
1328 char *pszEol = strchr(&pszState[offStr], '\n');
1329#endif
1330 if (pszEol)
1331 {
1332 offStr += pszEol - &pszState[offStr];
1333 memmove(pszEol, &pszEol[RTBASE64_EOL_SIZE], cbStateStr - offStr - RTBASE64_EOL_SIZE);
1334 cbStateStr -= RTBASE64_EOL_SIZE;
1335 }
1336 else
1337 break;
1338 }
1339
1340 const char s_szState[] = "{ \"State\": %s }";
1341 pThis->pszResponse = RTStrAPrintf2(s_szState, pszState);
1342 if (RT_UNLIKELY(!pThis->pszResponse))
1343 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_BUFFER_OVERFLOW, "Request error: Response data buffer overflow", rc);
1344 }
1345 else
1346 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to encode the state as a base64 string");
1347 RTMemFree(pszState);
1348 }
1349 else
1350 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_NO_STR_MEMORY, "Request error: Failed to allocate a state string for the response");
1351 RTMemFree(pvState);
1352 }
1353 else
1354 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Exporting the state failed");
1355 }
1356
1357 if (pFuzzRun->fStarted)
1358 {
1359 int rc2 = RTFuzzObsExecStart(pFuzzRun->hFuzzObs, pFuzzRun->cProcs);
1360 if (RT_FAILURE(rc2))
1361 rtFuzzCmdMasterErrorRc(pErrInfo, rc2, "Request error: Resuming the fuzzing process failed");
1362 }
1363 }
1364
1365 return rc;
1366}
1367
1368
1369/**
1370 * Queries the statistics for the given fuzzing run and adds the result to the response.
1371 *
1372 * @returns IPRT static code.
1373 * @param pThis The fuzzing master command state.
1374 * @param pFuzzRun The fuzzing run.
1375 * @param pszIndent Indentation to use.
1376 * @param fLast Flags whether this is the last element in the list.
1377 * @param pErrInfo Where to store the error information on failure, optional.
1378 */
1379static int rtFuzzCmdMasterProcessQueryRunStats(PRTFUZZCMDMASTER pThis, PRTFUZZRUN pFuzzRun,
1380 const char *pszIndent, bool fLast, PRTERRINFO pErrInfo)
1381{
1382 RTFUZZOBSSTATS ObsStats;
1383 RTFUZZCTXSTATS CtxStats;
1384 RTFUZZCTX hFuzzCtx;
1385 RT_ZERO(ObsStats); RT_ZERO(CtxStats);
1386
1387 int rc = RTFuzzObsQueryCtx(pFuzzRun->hFuzzObs, &hFuzzCtx);
1388 if (RT_SUCCESS(rc))
1389 {
1390 rc = RTFuzzCtxQueryStats(hFuzzCtx, &CtxStats);
1391 RTFuzzCtxRelease(hFuzzCtx);
1392 }
1393
1394 if (RT_SUCCESS(rc))
1395 rc = RTFuzzObsQueryStats(pFuzzRun->hFuzzObs, &ObsStats);
1396 if (RT_SUCCESS(rc))
1397 {
1398 const char s_szStatsFmt[] = "%s{ \n"
1399 "%s \"Id\": \"%s\"\n"
1400 "%s \"TimeCreated\": \"%s\"\n"
1401 "%s \"UptimeSec\": %llu\n"
1402 "%s \"FuzzedInputsPerSec\": %u\n"
1403 "%s \"FuzzedInputs\": %u\n"
1404 "%s \"FuzzedInputsHang\": %u\n"
1405 "%s \"FuzzedInputsCrash\": %u\n"
1406 "%s \"MemoryUsage\": %zu\n"
1407 "%s \"CorpusSize\": %llu\n"
1408 "%s}%s\n";
1409 char aszTime[_1K]; RT_ZERO(aszTime);
1410 char aszStats[_4K]; RT_ZERO(aszStats);
1411
1412 if (RTTimeToString(&pFuzzRun->TimeCreated, aszTime, sizeof(aszTime)))
1413 {
1414 ssize_t cchStats = RTStrPrintf2(&aszStats[0], sizeof(aszStats),
1415 s_szStatsFmt, pszIndent,
1416 pszIndent, pFuzzRun->pszId,
1417 pszIndent, aszTime,
1418 pszIndent, (RTTimeMilliTS() - pFuzzRun->tsCreatedMs) / RT_MS_1SEC_64,
1419 pszIndent, ObsStats.cFuzzedInputsPerSec,
1420 pszIndent, ObsStats.cFuzzedInputs,
1421 pszIndent, ObsStats.cFuzzedInputsHang,
1422 pszIndent, ObsStats.cFuzzedInputsCrash,
1423 pszIndent, CtxStats.cbMemory,
1424 pszIndent, CtxStats.cMutations,
1425 pszIndent, fLast ? "" : ",");
1426 if (RT_LIKELY(cchStats > 0))
1427 {
1428 rc = RTStrAAppend(&pThis->pszResponse, &aszStats[0]);
1429 if (RT_FAILURE(rc))
1430 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to build statistics response", rc);
1431 }
1432 else
1433 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_BUFFER_OVERFLOW, "Request error: Response data buffer overflow");
1434 }
1435 else
1436 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_BUFFER_OVERFLOW, "Request error: Buffer overflow conerting time to string");
1437 }
1438 else
1439 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "Request error: Failed to query fuzzing statistics with %Rrc", rc);
1440
1441 return rc;
1442}
1443
1444
1445/**
1446 * Processes the "QueryStats" request.
1447 *
1448 * @returns IPRT status code.
1449 * @param pThis The fuzzing master command state.
1450 * @param hJsonValRoot The root node of the JSON request.
1451 * @param pErrInfo Where to store the error information on failure, optional.
1452 */
1453static int rtFuzzCmdMasterProcessJsonReqQueryStats(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1454{
1455 RTJSONVAL hJsonValId;
1456 int rc = RTJsonValueQueryByName(hJsonRoot, "Id", &hJsonValId);
1457 if (RT_SUCCESS(rc))
1458 {
1459 RTJsonValueRelease(hJsonValId);
1460 PRTFUZZRUN pFuzzRun;
1461 rc = rtFuzzCmdMasterQueryFuzzRunFromJson(pThis, hJsonRoot, "Id", pErrInfo, &pFuzzRun);
1462 if (RT_SUCCESS(rc))
1463 rc = rtFuzzCmdMasterProcessQueryRunStats(pThis, pFuzzRun, " ",
1464 true /*fLast*/, pErrInfo);
1465 }
1466 else if (rc == VERR_NOT_FOUND)
1467 {
1468 /* Id is not there, so collect statistics of all running jobs. */
1469 rc = RTStrAAppend(&pThis->pszResponse, " [\n");
1470 if (RT_SUCCESS(rc))
1471 {
1472 PRTFUZZRUN pRun = NULL;
1473 RTListForEach(&pThis->LstFuzzed, pRun, RTFUZZRUN, NdFuzzed)
1474 {
1475 bool fLast = RTListNodeIsLast(&pThis->LstFuzzed, &pRun->NdFuzzed);
1476 rc = rtFuzzCmdMasterProcessQueryRunStats(pThis, pRun, " ", fLast, pErrInfo);
1477 if (RT_FAILURE(rc))
1478 break;
1479 }
1480 if (RT_SUCCESS(rc))
1481 rc = RTStrAAppend(&pThis->pszResponse, " ]\n");
1482 }
1483 }
1484 else
1485 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't get \"Id\" value");
1486
1487 return rc;
1488}
1489
1490
1491/**
1492 * Processes a JSON request.
1493 *
1494 * @returns IPRT status code.
1495 * @param pThis The fuzzing master command state.
1496 * @param hJsonValRoot The root node of the JSON request.
1497 * @param pErrInfo Where to store the error information on failure, optional.
1498 */
1499static int rtFuzzCmdMasterProcessJsonReq(PRTFUZZCMDMASTER pThis, RTJSONVAL hJsonRoot, PRTERRINFO pErrInfo)
1500{
1501 RTJSONVAL hJsonValReq;
1502 int rc = RTJsonValueQueryByName(hJsonRoot, "Request", &hJsonValReq);
1503 if (RT_SUCCESS(rc))
1504 {
1505 const char *pszReq = RTJsonValueGetString(hJsonValReq);
1506 if (pszReq)
1507 {
1508 if (!RTStrCmp(pszReq, "StartFuzzing"))
1509 rc = rtFuzzCmdMasterProcessJsonReqStart(pThis, hJsonRoot, pErrInfo);
1510 else if (!RTStrCmp(pszReq, "StopFuzzing"))
1511 rc = rtFuzzCmdMasterProcessJsonReqStop(pThis, hJsonRoot, pErrInfo);
1512 else if (!RTStrCmp(pszReq, "SuspendFuzzing"))
1513 rc = rtFuzzCmdMasterProcessJsonReqSuspend(pThis, hJsonRoot, pErrInfo);
1514 else if (!RTStrCmp(pszReq, "ResumeFuzzing"))
1515 rc = rtFuzzCmdMasterProcessJsonReqResume(pThis, hJsonRoot, pErrInfo);
1516 else if (!RTStrCmp(pszReq, "SaveFuzzingState"))
1517 rc = rtFuzzCmdMasterProcessJsonReqSaveState(pThis, hJsonRoot, pErrInfo);
1518 else if (!RTStrCmp(pszReq, "QueryStats"))
1519 rc = rtFuzzCmdMasterProcessJsonReqQueryStats(pThis, hJsonRoot, pErrInfo);
1520 else if (!RTStrCmp(pszReq, "Shutdown"))
1521 pThis->fShutdown = true;
1522 else
1523 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_JSON_VALUE_INVALID_TYPE, "JSON request malformed: \"Request\" contains unknown value \"%s\"", pszReq);
1524 }
1525 else
1526 rc = rtFuzzCmdMasterErrorRc(pErrInfo, VERR_JSON_VALUE_INVALID_TYPE, "JSON request malformed: \"Request\" is not a string value");
1527
1528 RTJsonValueRelease(hJsonValReq);
1529 }
1530 else
1531 rc = rtFuzzCmdMasterErrorRc(pErrInfo, rc, "JSON request malformed: Couldn't find \"Request\" value");
1532
1533 return rc;
1534}
1535
1536
1537/**
1538 * Loads a fuzzing configuration for immediate startup from the given file.
1539 *
1540 * @returns IPRT status code.
1541 * @param pThis The fuzzing master command state.
1542 * @param pszFuzzCfg The fuzzing config to load.
1543 */
1544static int rtFuzzCmdMasterFuzzCfgLoadFromFile(PRTFUZZCMDMASTER pThis, const char *pszFuzzCfg)
1545{
1546 RTJSONVAL hJsonRoot;
1547 int rc = RTJsonParseFromFile(&hJsonRoot, pszFuzzCfg, NULL);
1548 if (RT_SUCCESS(rc))
1549 {
1550 rc = rtFuzzCmdMasterProcessJsonReqStart(pThis, hJsonRoot, NULL);
1551 RTJsonValueRelease(hJsonRoot);
1552 }
1553 else
1554 rc = rtFuzzCmdMasterErrorRc(NULL, rc, "JSON request malformed: Couldn't load file \"%s\"", pszFuzzCfg);
1555
1556 return rc;
1557}
1558
1559
1560/**
1561 * Destroys all running fuzzers for the given master state.
1562 *
1563 * @returns nothing.
1564 * @param pThis The fuzzing master command state.
1565 */
1566static void rtFuzzCmdMasterDestroy(PRTFUZZCMDMASTER pThis)
1567{
1568 RT_NOREF(pThis);
1569}
1570
1571
1572/**
1573 * Sends an ACK response to the client.
1574 *
1575 * @returns nothing.
1576 * @param hSocket The socket handle to send the ACK to.
1577 * @param pszResponse Additional response data.
1578 */
1579static void rtFuzzCmdMasterTcpSendAck(RTSOCKET hSocket, const char *pszResponse)
1580{
1581 const char s_szSucc[] = "{ \"Status\": \"ACK\" }\n";
1582 const char s_szSuccResp[] = "{ \"Status\": \"ACK\"\n \"Response\":\n";
1583 const char s_szSuccRespClose[] = "\n }\n";
1584 if (pszResponse)
1585 {
1586 RTSGSEG aSegs[3];
1587 RTSGBUF SgBuf;
1588 aSegs[0].pvSeg = (void *)s_szSuccResp;
1589 aSegs[0].cbSeg = sizeof(s_szSuccResp) - 1;
1590 aSegs[1].pvSeg = (void *)pszResponse;
1591 aSegs[1].cbSeg = strlen(pszResponse);
1592 aSegs[2].pvSeg = (void *)s_szSuccRespClose;
1593 aSegs[2].cbSeg = sizeof(s_szSuccRespClose) - 1;
1594
1595 RTSgBufInit(&SgBuf, &aSegs[0], RT_ELEMENTS(aSegs));
1596 RTTcpSgWrite(hSocket, &SgBuf);
1597 }
1598 else
1599 RTTcpWrite(hSocket, s_szSucc, sizeof(s_szSucc));
1600}
1601
1602
1603/**
1604 * Sends an NACK response to the client.
1605 *
1606 * @returns nothing.
1607 * @param hSocket The socket handle to send the ACK to.
1608 * @param pErrInfo Optional error information to send along.
1609 */
1610static void rtFuzzCmdMasterTcpSendNAck(RTSOCKET hSocket, PRTERRINFO pErrInfo)
1611{
1612 const char s_szFail[] = "{ \"Status\": \"NACK\" }\n";
1613 const char s_szFailInfo[] = "{ \"Status\": \"NACK\"\n \"Information\": \"%s\" }\n";
1614
1615 if (pErrInfo)
1616 {
1617 char szTmp[_1K];
1618 ssize_t cchResp = RTStrPrintf2(szTmp, sizeof(szTmp), s_szFailInfo, pErrInfo->pszMsg);
1619 if (cchResp > 0)
1620 RTTcpWrite(hSocket, szTmp, cchResp);
1621 else
1622 RTTcpWrite(hSocket, s_szFail, strlen(s_szFail));
1623 }
1624 else
1625 RTTcpWrite(hSocket, s_szFail, strlen(s_szFail));
1626}
1627
1628
1629/**
1630 * TCP server serving callback for a single connection.
1631 *
1632 * @returns IPRT status code.
1633 * @param hSocket The socket handle of the connection.
1634 * @param pvUser Opaque user data.
1635 */
1636static DECLCALLBACK(int) rtFuzzCmdMasterTcpServe(RTSOCKET hSocket, void *pvUser)
1637{
1638 PRTFUZZCMDMASTER pThis = (PRTFUZZCMDMASTER)pvUser;
1639 size_t cbReqMax = _32K;
1640 size_t cbReq = 0;
1641 uint8_t *pbReq = (uint8_t *)RTMemAllocZ(cbReqMax);
1642
1643 if (RT_LIKELY(pbReq))
1644 {
1645 uint8_t *pbCur = pbReq;
1646
1647 for (;;)
1648 {
1649 size_t cbThisRead = cbReqMax - cbReq;
1650 int rc = RTTcpRead(hSocket, pbCur, cbThisRead, &cbThisRead);
1651 if ( RT_SUCCESS(rc)
1652 && cbThisRead)
1653 {
1654 cbReq += cbThisRead;
1655
1656 /* Check for a zero terminator marking the end of the request. */
1657 uint8_t *pbEnd = (uint8_t *)memchr(pbCur, 0, cbThisRead);
1658 if (pbEnd)
1659 {
1660 /* Adjust request size, data coming after the zero terminiator is ignored right now. */
1661 cbReq -= cbThisRead - (pbEnd - pbCur) + 1;
1662
1663 RTJSONVAL hJsonReq;
1664 RTERRINFOSTATIC ErrInfo;
1665 RTErrInfoInitStatic(&ErrInfo);
1666
1667 rc = RTJsonParseFromBuf(&hJsonReq, pbReq, cbReq, &ErrInfo.Core);
1668 if (RT_SUCCESS(rc))
1669 {
1670 rc = rtFuzzCmdMasterProcessJsonReq(pThis, hJsonReq, &ErrInfo.Core);
1671 if (RT_SUCCESS(rc))
1672 rtFuzzCmdMasterTcpSendAck(hSocket, pThis->pszResponse);
1673 else
1674 rtFuzzCmdMasterTcpSendNAck(hSocket, &ErrInfo.Core);
1675 RTJsonValueRelease(hJsonReq);
1676 }
1677 else
1678 rtFuzzCmdMasterTcpSendNAck(hSocket, &ErrInfo.Core);
1679
1680 if (pThis->pszResponse)
1681 {
1682 RTStrFree(pThis->pszResponse);
1683 pThis->pszResponse = NULL;
1684 }
1685 break;
1686 }
1687 else if (cbReq == cbReqMax)
1688 {
1689 /* Try to increase the buffer. */
1690 uint8_t *pbReqNew = (uint8_t *)RTMemRealloc(pbReq, cbReqMax + _32K);
1691 if (RT_LIKELY(pbReqNew))
1692 {
1693 cbReqMax += _32K;
1694 pbReq = pbReqNew;
1695 pbCur = pbReq + cbReq;
1696 }
1697 else
1698 rtFuzzCmdMasterTcpSendNAck(hSocket, NULL);
1699 }
1700 else
1701 pbCur += cbThisRead;
1702 }
1703 else
1704 break;
1705 }
1706 }
1707 else
1708 rtFuzzCmdMasterTcpSendNAck(hSocket, NULL);
1709
1710 if (pbReq)
1711 RTMemFree(pbReq);
1712
1713 return pThis->fShutdown ? VERR_TCP_SERVER_STOP : VINF_SUCCESS;
1714}
1715
1716
1717/**
1718 * Mainloop for the fuzzing master.
1719 *
1720 * @returns Process exit code.
1721 * @param pThis The fuzzing master command state.
1722 * @param pszLoadCfg Initial config to load.
1723 */
1724static RTEXITCODE rtFuzzCmdMasterRun(PRTFUZZCMDMASTER pThis, const char *pszLoadCfg)
1725{
1726 if (pszLoadCfg)
1727 {
1728 int rc = rtFuzzCmdMasterFuzzCfgLoadFromFile(pThis, pszLoadCfg);
1729 if (RT_FAILURE(rc))
1730 return RTEXITCODE_FAILURE;
1731 }
1732
1733 /* Start up the control server. */
1734 int rc = RTTcpServerCreateEx(NULL, pThis->uPort, &pThis->hTcpSrv);
1735 if (RT_SUCCESS(rc))
1736 {
1737 do
1738 {
1739 rc = RTTcpServerListen(pThis->hTcpSrv, rtFuzzCmdMasterTcpServe, pThis);
1740 } while (rc != VERR_TCP_SERVER_STOP);
1741 }
1742
1743 RTTcpServerDestroy(pThis->hTcpSrv);
1744 rtFuzzCmdMasterDestroy(pThis);
1745 return RTEXITCODE_SUCCESS;
1746}
1747
1748
1749RTR3DECL(RTEXITCODE) RTFuzzCmdMaster(unsigned cArgs, char **papszArgs)
1750{
1751 /*
1752 * Parse the command line.
1753 */
1754 static const RTGETOPTDEF s_aOptions[] =
1755 {
1756 { "--fuzz-config", 'c', RTGETOPT_REQ_STRING },
1757 { "--temp-dir", 't', RTGETOPT_REQ_STRING },
1758 { "--results-dir", 'r', RTGETOPT_REQ_STRING },
1759 { "--listen-port", 'p', RTGETOPT_REQ_UINT16 },
1760 { "--daemonize", 'd', RTGETOPT_REQ_NOTHING },
1761 { "--daemonized", 'Z', RTGETOPT_REQ_NOTHING },
1762 { "--help", 'h', RTGETOPT_REQ_NOTHING },
1763 { "--version", 'V', RTGETOPT_REQ_NOTHING },
1764 };
1765
1766 RTEXITCODE rcExit = RTEXITCODE_SUCCESS;
1767 RTGETOPTSTATE GetState;
1768 int rc = RTGetOptInit(&GetState, cArgs, papszArgs, s_aOptions, RT_ELEMENTS(s_aOptions), 1,
1769 RTGETOPTINIT_FLAGS_OPTS_FIRST);
1770 if (RT_SUCCESS(rc))
1771 {
1772 /* Option variables: */
1773 bool fDaemonize = false;
1774 bool fDaemonized = false;
1775 const char *pszLoadCfg = NULL;
1776 RTFUZZCMDMASTER This;
1777
1778 RTListInit(&This.LstFuzzed);
1779 This.hTcpSrv = NIL_RTTCPSERVER;
1780 This.uPort = 4242;
1781 This.pszTmpDir = NULL;
1782 This.pszResultsDir = NULL;
1783 This.fShutdown = false;
1784 This.pszResponse = NULL;
1785
1786 /* Argument parsing loop. */
1787 bool fContinue = true;
1788 do
1789 {
1790 RTGETOPTUNION ValueUnion;
1791 int chOpt = RTGetOpt(&GetState, &ValueUnion);
1792 switch (chOpt)
1793 {
1794 case 0:
1795 fContinue = false;
1796 break;
1797
1798 case 'c':
1799 pszLoadCfg = ValueUnion.psz;
1800 break;
1801
1802 case 'p':
1803 This.uPort = ValueUnion.u16;
1804 break;
1805
1806 case 't':
1807 This.pszTmpDir = ValueUnion.psz;
1808 break;
1809
1810 case 'r':
1811 This.pszResultsDir = ValueUnion.psz;
1812 break;
1813
1814 case 'd':
1815 fDaemonize = true;
1816 break;
1817
1818 case 'Z':
1819 fDaemonized = true;
1820 fDaemonize = false;
1821 break;
1822
1823 case 'h':
1824 RTPrintf("Usage: to be written\nOption dump:\n");
1825 for (unsigned i = 0; i < RT_ELEMENTS(s_aOptions); i++)
1826 RTPrintf(" -%c,%s\n", s_aOptions[i].iShort, s_aOptions[i].pszLong);
1827 fContinue = false;
1828 break;
1829
1830 case 'V':
1831 RTPrintf("%sr%d\n", RTBldCfgVersion(), RTBldCfgRevision());
1832 fContinue = false;
1833 break;
1834
1835 default:
1836 rcExit = RTGetOptPrintError(chOpt, &ValueUnion);
1837 fContinue = false;
1838 break;
1839 }
1840 } while (fContinue);
1841
1842 if (rcExit == RTEXITCODE_SUCCESS)
1843 {
1844 /*
1845 * Daemonize ourselves if asked to.
1846 */
1847 if (fDaemonize)
1848 {
1849 rc = RTProcDaemonize(papszArgs, "--daemonized");
1850 if (RT_FAILURE(rc))
1851 return RTMsgErrorExit(RTEXITCODE_FAILURE, "RTProcDaemonize: %Rrc\n", rc);
1852 }
1853 else
1854 rcExit = rtFuzzCmdMasterRun(&This, pszLoadCfg);
1855 }
1856 }
1857 else
1858 rcExit = RTMsgErrorExit(RTEXITCODE_SYNTAX, "RTGetOptInit: %Rrc", rc);
1859 return rcExit;
1860}
1861
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette