/libfuzzer-workshop

Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

Primary LanguageC++Apache License 2.0Apache-2.0

libfuzzer-workshop

Materials of "Modern fuzzing of C/C++ Projects" workshop.

The first version of the workshop had been presented at ZeroNights'16 security conference.

Requirements

  • 2-3 hours of your time
  • Linux-based OS
  • C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code)
  • a recent version of clang compiler. Distributions from package managers are too old and most likely won't work (the workshop called "modern", right?), you have two options:
    • checkout llvm repository and build it yourself. To make it easy, feel free to use checkout_build_install_llvm.sh script, it has been tested on clean Ubuntu 16.04
    • a VirtualBox VM with working environment is available, credentials: fuzzer:zeronights
  • sudo apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev

Fuzzing experience is not required.

Contents

  1. An introduction to fuzz testing
  2. An example of traditional fuzzing
  3. Coverage-guided fuzzing
  4. Writing fuzzers (simple examples)
  5. Finding Heartbleed (CVE-2014-0160)
  6. Finding c-ares $100,000 bug (CVE-2016-5180)
  7. How to improve your fuzzer
  8. Fuzzing libxml2, learning how to improve the fuzzer and analyze performance
  9. Fuzzing libpng, learning an importance of seed corpus and other stuff
  10. Fuzzing re2
  11. Fuzzing pcre2
  12. Chromium integration & homework assignment

Most of the examples have been taken from libFuzzer tutorial and Fuzzer Test Suite.

Prerequisites

libFuzzer

Building libFuzzer is extreemly easy:

cd libFuzzer
Fuzzer/build.sh

libFuzzer repository could be found inside LLVM's compiler-rt project.

Links