fix harnesses

mayhemheroes · Jan 24, 2025 · d0c54c9 · d0c54c9
1 parent 582ff2c
commit d0c54c9
Show file tree

Hide file tree

Showing 8 changed files with 59 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -31,6 +31,7 @@
 !/debian
 !/scripts
 !/reg-tests
+!/mayhem
 # Reject some generic files
 *.o
 *.a

diff --git a/mayhem/Dockerfile.haproxy b/mayhem/Dockerfile.haproxy
@@ -0,0 +1,12 @@
+FROM ubuntu AS builder
+
+RUN apt update -y && DEBIAN_FRONTEND=noninteractive apt install -y gcc make 
+RUN mkdir /work
+COPY . /work
+WORKDIR /work
+RUN make TARGET=linux-glibc 
+
+FROM ubuntu
+COPY --from=builder /work/haproxy /
+COPY --from=builder /work/mayhem/haproxy.cfg /
+RUN mkdir -p /var/lib/haproxy
diff --git a/mayhem/build.sh b/mayhem/build.sh
@@ -28,6 +28,9 @@ sed 's/int main(int argc/int main2(int argc/g' -i ./src/haproxy.c
 sed 's/dladdr(main,/dladdr(main2,/g' -i ./src/tools.c
 sed 's/(void*)main/(void*)main2/g' -i ./src/tools.c
 
+# make read_cfg visible
+sed 's/static int read_cfg/int read_cfg/' -i ./src/haproxy.c
+
 
 SETTINGS="-Iinclude -g -DUSE_POLL -DUSE_TPROXY -DCONFIG_HAPROXY_VERSION=\"\" -DCONFIG_HAPROXY_DATE=\"\""
 

diff --git a/mayhem/fuzz_cfg_parser.c b/mayhem/fuzz_cfg_parser.c
@@ -35,7 +35,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	fclose(fp);
 
 	// Fuzz the cfg parser
-	readcfgfile(filename);
+	read_cfg(filename);
 
 	unlink(filename);
 

diff --git a/mayhem/fuzz_cfg_parser.mayhemfile b/mayhem/fuzz_cfg_parser.mayhemfile
@@ -1,4 +1,5 @@
-project: PROJECT
+image: ghcr.io/mayhemheroes/haproxy:latest
+project: haproxy
 target: fuzz_cfg_parser
 cmds:
 - cmd: /out/fuzz_cfg_parser
diff --git a/mayhem/fuzz_hpack_decode.mayhemfile b/mayhem/fuzz_hpack_decode.mayhemfile
@@ -0,0 +1,5 @@
+image: ghcr.io/mayhemheroes/haproxy:latest
+project: haproxy
+target: fuzz_hpack_decode
+cmds:
+- cmd: /out/fuzz_hpack_decode
diff --git a/mayhem/haproxy.cfg b/mayhem/haproxy.cfg
@@ -0,0 +1,14 @@
+global
+   chroot /var/lib/haproxy
+   stats timeout 30s
+   user root
+   group root 
+
+defaults
+   timeout connect 5000
+   timeout client  50000
+   timeout server  50000
+
+frontend http_front
+   bind *:8080
+   mode http
diff --git a/mayhem/haproxy.mayhemfile b/mayhem/haproxy.mayhemfile
@@ -0,0 +1,21 @@
+image: ghcr.io/mayhemheroes/haproxy-bin:latest 
+duration: 600 
+project: haproxy 
+target: haproxy
+advanced_triage: true
+tasks:
+  - name: exploitability_factors
+  - name: behavior_testing
+  - name: coverage_analysis
+cmds:
+  - cmd: /haproxy -f /haproxy.cfg
+    network:
+      url: 'tcp://localhost:8080'
+      timeout: 2
+      client: false
+
+
+
+
+
+