From 7336e67a99dc38bb0029ce8c55ad0bbe806e20d6 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Mon, 1 Jun 2020 12:37:40 -0700 Subject: [PATCH 01/20] Add basic h2o mayhem target --- h20-cve-2018-0608/Dockerfile | 16 +++ h20-cve-2018-0608/h2o-fuzzer-http1.dict | 126 ++++++++++++++++++++++++ h20-cve-2018-0608/h2o-fuzzer-http2.dict | 126 ++++++++++++++++++++++++ h20-cve-2018-0608/h2o.conf | 30 ++++++ h20-cve-2018-0608/mayhem/h2o/Mayhemfile | 12 +++ 5 files changed, 310 insertions(+) create mode 100644 h20-cve-2018-0608/Dockerfile create mode 100644 h20-cve-2018-0608/h2o-fuzzer-http1.dict create mode 100644 h20-cve-2018-0608/h2o-fuzzer-http2.dict create mode 100644 h20-cve-2018-0608/h2o.conf create mode 100644 h20-cve-2018-0608/mayhem/h2o/Mayhemfile diff --git a/h20-cve-2018-0608/Dockerfile b/h20-cve-2018-0608/Dockerfile new file mode 100644 index 0000000..015e32a --- /dev/null +++ b/h20-cve-2018-0608/Dockerfile @@ -0,0 +1,16 @@ +FROM ubuntu + + +RUN export DEBIAN_FRONTEND="noninteractive" && \ + apt-get update && \ + apt-get install -y clang cmake build-essential git libssl-dev zlib1g-dev + +WORKDIR /h2o +RUN git clone https://github.com/h2o/h2o . && \ + git checkout 69506c9e2defa4922f62f389c76d89e9274b3cc1 && \ + git checkout HEAD^ && \ + mkdir build && cd build && cmake .. && make + +COPY h2o.conf . +COPY h2o-fuzzer-http1.dict . +COPY h2o-fuzzer-http2.dict . diff --git a/h20-cve-2018-0608/h2o-fuzzer-http1.dict b/h20-cve-2018-0608/h2o-fuzzer-http1.dict new file mode 100644 index 0000000..1d76d71 --- /dev/null +++ b/h20-cve-2018-0608/h2o-fuzzer-http1.dict @@ -0,0 +1,126 @@ +POST="POST" +GET="GET" +FOO="FOO" +post="post" +get="post" +foo="foo" +slash="/" +url="http://foo" +version="HTTP/1.1" +content_length="Content-Length" +transfer_encoding="Transfer-Encoding" +text="text" +semicolon=";" +comma="," +hdr1="Header" +hdr2="Hea-Der" +colon=":" +minus="-" +zero="0" +one="1" +minus_one="-1" +small_size="123" +small_positive_size="+123" +small_negative_size="-123" +medium_size="12345" +medium_positive_size="+12345" +medium_negative_size="-12345" +large_size="999999999" +large_positive_size="+999999999" +large_negative_size="-999999999" +float_size="123.456" +chunked="chunked" +gzip="gzip" +nul="\x00" +bs="\x08" +ht="\x09" +nl="\x0A" +vt="\x0B" +np="\x0C" +cr="\x0D" +crlf="\x0D\x0A" +space="\x20" +del="\x7F" +hi="\x80" +ff="\xFF" +curl="HTTP/1.0" +curl="100" +curl="200" +curl="301" +curl="400" +curl="Server:" +curl="Last-Modified:" +curl="Content-Type:" +curl="text/html" +curl="charset=UTF-8" +curl="Accept-Ranges:" +curl="bytes" +curl="Content-Length:" +curl="Transfer-Encoding:" +curl="compress" +curl="exi" +curl="gzip" +curl="identity" +curl="pack200-gzip" +curl="br" +curl="deflate" +curl="bzip2" +curl="lzma" +curl="xz" +curl="Content-Encoding:" +curl="chunked" +curl="Connection:" +curl="close" +curl="Date:" +curl="Expires:" +curl="Fri, 31 Dec 1999 23:59:59 GMT" +curl="Cache-Control:" +curl="no-cache" +curl="no-store" +curl="must-revalidate" +curl="Pragma:" +curl="no-cache" +curl="Host:" +vdf="Accept" +vdf="Accept-Charset" +vdf="Accept-Encoding" +vdf="Accept-Language" +vdf="Accept-Datetime" +vdf="Authorization" +vdf="Cache-Control" +vdf="Connection" +vdf="Cookie" +vdf="Content-Length" +vdf="Content-MD5" +vdf="Content-Type" +vdf="Date" +vdf="Expect" +vdf="Forwarded" +vdf="From" +vdf="Host" +vdf="If-Match" +vdf="If-Modified-Since" +vdf="If-None-Match" +vdf="If-Range" +vdf="If-Unmodified-Since" +vdf="Max-Forwards" +vdf="Origin" +vdf="Proxy-Authorization" +vdf="Range" +vdf="TE" +vdf="User-Agent" +vdf="Upgrade" +vdf="Via" +vdf="Warning" +vdf="X-Requested-With" +vdf="X-Forwarded-Host" +vdf="X-Forwarded-Host" +vdf="X-Forwarded-Proto" +vdf="Front-End-Https" +vdf="X-HTTP-Method-Override" +vdf="X-Att-Deviceid" +vdf="x-wap-profile" +vdf="Proxy-Connection" +vdf="X-UIDH" +vdf="X-XSRF-TOKEN" +vdf="X-Csrf-Token" diff --git a/h20-cve-2018-0608/h2o-fuzzer-http2.dict b/h20-cve-2018-0608/h2o-fuzzer-http2.dict new file mode 100644 index 0000000..1d76d71 --- /dev/null +++ b/h20-cve-2018-0608/h2o-fuzzer-http2.dict @@ -0,0 +1,126 @@ +POST="POST" +GET="GET" +FOO="FOO" +post="post" +get="post" +foo="foo" +slash="/" +url="http://foo" +version="HTTP/1.1" +content_length="Content-Length" +transfer_encoding="Transfer-Encoding" +text="text" +semicolon=";" +comma="," +hdr1="Header" +hdr2="Hea-Der" +colon=":" +minus="-" +zero="0" +one="1" +minus_one="-1" +small_size="123" +small_positive_size="+123" +small_negative_size="-123" +medium_size="12345" +medium_positive_size="+12345" +medium_negative_size="-12345" +large_size="999999999" +large_positive_size="+999999999" +large_negative_size="-999999999" +float_size="123.456" +chunked="chunked" +gzip="gzip" +nul="\x00" +bs="\x08" +ht="\x09" +nl="\x0A" +vt="\x0B" +np="\x0C" +cr="\x0D" +crlf="\x0D\x0A" +space="\x20" +del="\x7F" +hi="\x80" +ff="\xFF" +curl="HTTP/1.0" +curl="100" +curl="200" +curl="301" +curl="400" +curl="Server:" +curl="Last-Modified:" +curl="Content-Type:" +curl="text/html" +curl="charset=UTF-8" +curl="Accept-Ranges:" +curl="bytes" +curl="Content-Length:" +curl="Transfer-Encoding:" +curl="compress" +curl="exi" +curl="gzip" +curl="identity" +curl="pack200-gzip" +curl="br" +curl="deflate" +curl="bzip2" +curl="lzma" +curl="xz" +curl="Content-Encoding:" +curl="chunked" +curl="Connection:" +curl="close" +curl="Date:" +curl="Expires:" +curl="Fri, 31 Dec 1999 23:59:59 GMT" +curl="Cache-Control:" +curl="no-cache" +curl="no-store" +curl="must-revalidate" +curl="Pragma:" +curl="no-cache" +curl="Host:" +vdf="Accept" +vdf="Accept-Charset" +vdf="Accept-Encoding" +vdf="Accept-Language" +vdf="Accept-Datetime" +vdf="Authorization" +vdf="Cache-Control" +vdf="Connection" +vdf="Cookie" +vdf="Content-Length" +vdf="Content-MD5" +vdf="Content-Type" +vdf="Date" +vdf="Expect" +vdf="Forwarded" +vdf="From" +vdf="Host" +vdf="If-Match" +vdf="If-Modified-Since" +vdf="If-None-Match" +vdf="If-Range" +vdf="If-Unmodified-Since" +vdf="Max-Forwards" +vdf="Origin" +vdf="Proxy-Authorization" +vdf="Range" +vdf="TE" +vdf="User-Agent" +vdf="Upgrade" +vdf="Via" +vdf="Warning" +vdf="X-Requested-With" +vdf="X-Forwarded-Host" +vdf="X-Forwarded-Host" +vdf="X-Forwarded-Proto" +vdf="Front-End-Https" +vdf="X-HTTP-Method-Override" +vdf="X-Att-Deviceid" +vdf="x-wap-profile" +vdf="Proxy-Connection" +vdf="X-UIDH" +vdf="X-XSRF-TOKEN" +vdf="X-Csrf-Token" diff --git a/h20-cve-2018-0608/h2o.conf b/h20-cve-2018-0608/h2o.conf new file mode 100644 index 0000000..337bae4 --- /dev/null +++ b/h20-cve-2018-0608/h2o.conf @@ -0,0 +1,30 @@ +# to find out the configuration commands, run: h2o --help + +listen: 8080 +num-threads: 4 +#listen: +# port: 8081 +# ssl: +# certificate-file: examples/h2o/server.crt +# key-file: examples/h2o/server.key +# minimum-version: TLSv1.2 +# cipher-preference: server +# cipher-suite: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" +# # Oldest compatible clients: Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8 +# # see: https://wiki.mozilla.org/Security/Server_Side_TLS +hosts: + "127.0.0.1.xip.io:8080": + paths: + /: + file.dir: examples/doc_root + access-log: /dev/stdout +# "alternate.127.0.0.1.xip.io:8081": +# listen: +# port: 8081 +# ssl: +# certificate-file: examples/h2o/alternate.crt +# key-file: examples/h2o/alternate.key +# paths: +# /: +# file.dir: examples/doc_root.alternate +# access-log: /dev/stdout diff --git a/h20-cve-2018-0608/mayhem/h2o/Mayhemfile b/h20-cve-2018-0608/mayhem/h2o/Mayhemfile new file mode 100644 index 0000000..9d5c6b8 --- /dev/null +++ b/h20-cve-2018-0608/mayhem/h2o/Mayhemfile @@ -0,0 +1,12 @@ +version: '1.4' +project: h2o +target: h2o +cmds: +- cmd: /h2o -c /h2o.conf + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + network: + is_client: false + timeout: 2.0 + url: tcp://localhost:8080 + timeout: 15 From d1ab6b28bc66f10223a52ca6b84ff72866425c6b Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Tue, 2 Jun 2020 10:16:02 -0700 Subject: [PATCH 02/20] Add remaining fuzz targets to h2o --- h20-cve-2018-0608/Dockerfile | 16 - h2o-cve-2018-0608/CMakeLists.txt | 648 ++++++++++++++++++ h2o-cve-2018-0608/Dockerfile | 27 + .../h2o-fuzzer-http1.dict | 0 .../h2o-fuzzer-http2.dict | 0 .../h2o.conf | 0 h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile | 14 + h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile | 14 + h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile | 12 + .../mayhem/h2o/Mayhemfile | 2 +- h2o-cve-2018-0608/standalone.cc | 31 + 11 files changed, 747 insertions(+), 17 deletions(-) delete mode 100644 h20-cve-2018-0608/Dockerfile create mode 100644 h2o-cve-2018-0608/CMakeLists.txt create mode 100644 h2o-cve-2018-0608/Dockerfile rename {h20-cve-2018-0608 => h2o-cve-2018-0608}/h2o-fuzzer-http1.dict (100%) rename {h20-cve-2018-0608 => h2o-cve-2018-0608}/h2o-fuzzer-http2.dict (100%) rename {h20-cve-2018-0608 => h2o-cve-2018-0608}/h2o.conf (100%) create mode 100644 h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile create mode 100644 h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile create mode 100644 h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile rename {h20-cve-2018-0608 => h2o-cve-2018-0608}/mayhem/h2o/Mayhemfile (84%) create mode 100644 h2o-cve-2018-0608/standalone.cc diff --git a/h20-cve-2018-0608/Dockerfile b/h20-cve-2018-0608/Dockerfile deleted file mode 100644 index 015e32a..0000000 --- a/h20-cve-2018-0608/Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -FROM ubuntu - - -RUN export DEBIAN_FRONTEND="noninteractive" && \ - apt-get update && \ - apt-get install -y clang cmake build-essential git libssl-dev zlib1g-dev - -WORKDIR /h2o -RUN git clone https://github.com/h2o/h2o . && \ - git checkout 69506c9e2defa4922f62f389c76d89e9274b3cc1 && \ - git checkout HEAD^ && \ - mkdir build && cd build && cmake .. && make - -COPY h2o.conf . -COPY h2o-fuzzer-http1.dict . -COPY h2o-fuzzer-http2.dict . diff --git a/h2o-cve-2018-0608/CMakeLists.txt b/h2o-cve-2018-0608/CMakeLists.txt new file mode 100644 index 0000000..6c29cb6 --- /dev/null +++ b/h2o-cve-2018-0608/CMakeLists.txt @@ -0,0 +1,648 @@ +# Copyright (c) 2014,2015 DeNA Co., Ltd., Kazuho Oku, Brian Stanback, Laurentiu Nicola, Masanori Ogino, Ryosuke Matsumoto, +# David Carlier +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +CMAKE_MINIMUM_REQUIRED(VERSION 2.8.11) +CMAKE_POLICY(SET CMP0003 NEW) + +PROJECT(h2o) + +SET(VERSION_MAJOR "2") +SET(VERSION_MINOR "2") +SET(VERSION_PATCH "4") +SET(VERSION_PRERELEASE "") +SET(VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}${VERSION_PRERELEASE}") +SET(LIBRARY_VERSION_MAJOR "0") +SET(LIBRARY_VERSION_MINOR "13") +SET(LIBRARY_VERSION_PATCH "4") +SET(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}${VERSION_PRERELEASE}") +SET(LIBRARY_SOVERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}") + +INCLUDE(GNUInstallDirs) + +CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/version.h.in ${CMAKE_CURRENT_SOURCE_DIR}/include/h2o/version.h) +CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/libh2o.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libh2o.pc @ONLY) +CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/libh2o-evloop.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libh2o-evloop.pc @ONLY) + +SET(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) + +FIND_PACKAGE(PkgConfig) +FIND_PACKAGE(Threads REQUIRED) + +FIND_PACKAGE(OpenSSL) +FIND_PACKAGE(ZLIB REQUIRED) + +INCLUDE(CheckCSourceCompiles) +CHECK_C_SOURCE_COMPILES(" +#include +int main(void) { +uint64_t a; +__sync_add_and_fetch(&a, 1); +return 0; +}" ARCH_SUPPORTS_64BIT_ATOMICS) + +SET(WITH_BUNDLED_SSL_DEFAULT "ON") +IF ((NOT UNIX) OR CYGWIN) + SET(WITH_BUNDLED_SSL_DEFAULT "OFF") +ENDIF ((NOT UNIX) OR CYGWIN) +IF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.2")) + SET(WITH_BUNDLED_SSL_DEFAULT "OFF") +ENDIF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.2")) +OPTION(WITH_BUNDLED_SSL "whether or not to use the bundled libressl" ${WITH_BUNDLED_SSL_DEFAULT}) + +OPTION(WITHOUT_LIBS "skip building libs even when possible" OFF) +OPTION(BUILD_SHARED_LIBS "whether to build a shared library" OFF) + +FIND_PROGRAM(RUBY ruby) +FIND_PROGRAM(BISON bison) +IF (RUBY AND BISON) + SET(WITH_MRUBY_DEFAULT "ON") +ELSE () + SET(WITH_MRUBY_DEFAULT "OFF") +ENDIF () +OPTION(WITH_MRUBY "whether or not to build with mruby support" ${WITH_MRUBY_DEFAULT}) + +OPTION(WITH_PICOTLS "whether or not to build with picotls" "ON") + +IF (WITH_BUNDLED_SSL) + SET(BUNDLED_SSL_INCLUDE_DIR "${CMAKE_CURRENT_BINARY_DIR}/libressl-build/include") + SET(BUNDLED_SSL_LIBRARIES "${CMAKE_CURRENT_BINARY_DIR}/libressl-build/lib/libssl.a" "${CMAKE_CURRENT_BINARY_DIR}/libressl-build/lib/libcrypto.a") + ADD_CUSTOM_TARGET(bundled-ssl make -f ${CMAKE_CURRENT_SOURCE_DIR}/misc/libressl.mk SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}/misc + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}) +ELSE (WITH_BUNDLED_SSL) + IF (NOT OPENSSL_FOUND) + IF ((NOT UNIX) OR CYGWIN) + MESSAGE(FATAL_ERROR "OpenSSL not found (and the bundled libressl cannot be used on this platform)") + ENDIF ((NOT UNIX) OR CYGWIN) + MESSAGE(FATAL_ERROR "OpenSSL not found (nor H2O was configured to used the bundled libressl)") + ENDIF (NOT OPENSSL_FOUND) + IF (OPENSSL_VERSION VERSION_LESS "1.0.2") + MESSAGE(WARNING "*********************************************************************** OpenSSL 1.0.2 is required for HTTP/2 interoperability with web browsers ***********************************************************************") + ENDIF (OPENSSL_VERSION VERSION_LESS "1.0.2") + IF(OPENSSL_VERSION VERSION_EQUAL "1.1.0" AND OPENSSL_VERSION STRLESS "1.1.0g") + MESSAGE(WARNING "*********************************************************************** OpenSSL 1.1.0 ~ 1.1.0f would cause session resumption failed when using external cache ***********************************************************************") + ENDIF(OPENSSL_VERSION VERSION_EQUAL "1.1.0" AND OPENSSL_VERSION STRLESS "1.1.0g") +ENDIF (WITH_BUNDLED_SSL) + +INCLUDE_DIRECTORIES( + include + deps/cloexec + deps/brotli/enc + deps/golombset + deps/libgkc + deps/libyrmcds + deps/klib + deps/neverbleed + deps/picohttpparser + deps/picotest + deps/yaml/include + deps/yoml) + +IF (PKG_CONFIG_FOUND) + PKG_CHECK_MODULES(LIBUV libuv>=1.0.0) + IF (LIBUV_FOUND) + INCLUDE_DIRECTORIES(${LIBUV_INCLUDE_DIRS}) + LINK_DIRECTORIES(${LIBUV_LIBRARY_DIRS}) + ENDIF (LIBUV_FOUND) +ENDIF (PKG_CONFIG_FOUND) +IF (NOT LIBUV_FOUND) + FIND_PACKAGE(LibUV) + IF (LIBUV_FOUND AND LIBUV_VERSION VERSION_LESS "1.0.0") + MESSAGE(STATUS "libuv found but ignored; is too old") + UNSET(LIBUV_FOUND) + ENDIF () + IF (LIBUV_FOUND) + INCLUDE_DIRECTORIES(${LIBUV_INCLUDE_DIR}) + ENDIF (LIBUV_FOUND) +ENDIF (NOT LIBUV_FOUND) +IF (NOT LIBUV_FOUND) + SET(LIBUV_LIBRARIES -luv) +ENDIF (NOT LIBUV_FOUND) +IF (DISABLE_LIBUV) + MESSAGE(STATUS "ignoring found libuv because of DISABLE_LIBUV") + SET(LIBUV_FOUND FALSE) +ENDIF(DISABLE_LIBUV) + +IF (PKG_CONFIG_FOUND) + PKG_CHECK_MODULES(WSLAY libwslay) + IF (WSLAY_FOUND) + INCLUDE_DIRECTORIES(${WSLAY_INCLUDE_DIRS}) + LINK_DIRECTORIES(${WSLAY_LIBRARY_DIRS}) + ENDIF (WSLAY_FOUND) +ENDIF (PKG_CONFIG_FOUND) +IF (NOT WSLAY_FOUND) + FIND_PACKAGE(Wslay) + IF (WSLAY_FOUND) + INCLUDE_DIRECTORIES(${WSLAY_INCLUDE_DIR}) + ENDIF (WSLAY_FOUND) +ENDIF (NOT WSLAY_FOUND) +IF (NOT WSLAY_FOUND) + SET(WSLAY_LIBRARIES -lwslay) +ENDIF (NOT WSLAY_FOUND) + +IF (ZLIB_FOUND) + INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS}) + LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS}) +ENDIF (ZLIB_FOUND) + +SET(CC_WARNING_FLAGS "-Wall -Wno-unused-value -Wno-unused-function") +IF ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") + IF (NOT ("${CMAKE_C_COMPILER_VERSION}" VERSION_LESS "4.6")) + SET(CC_WARNING_FLAGS "${CC_WARNING_FLAGS} -Wno-unused-but-set-variable") + ENDIF () + IF (NOT ("${CMAKE_C_COMPILER_VERSION}" VERSION_LESS "4.5")) + SET(CC_WARNING_FLAGS "${CC_WARNING_FLAGS} -Wno-unused-result") + ENDIF () +ENDIF () + +SET(CMAKE_C_FLAGS "-O2 -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS} -DH2O_ROOT=\"${CMAKE_INSTALL_PREFIX}\" -DH2O_CONFIG_PATH=\"${CMAKE_INSTALL_SYSCONFDIR}/h2o.conf\"") + +SET(LIBYAML_SOURCE_FILES + deps/yaml/src/api.c + deps/yaml/src/dumper.c + deps/yaml/src/emitter.c + deps/yaml/src/loader.c + deps/yaml/src/parser.c + deps/yaml/src/reader.c + deps/yaml/src/scanner.c + deps/yaml/src/writer.c) + +SET(BROTLI_SOURCE_FILES + deps/brotli/enc/backward_references.cc + deps/brotli/enc/block_splitter.cc + deps/brotli/enc/brotli_bit_stream.cc + deps/brotli/enc/compress_fragment.cc + deps/brotli/enc/compress_fragment_two_pass.cc + deps/brotli/enc/dictionary.cc + deps/brotli/enc/encode.cc + deps/brotli/enc/entropy_encode.cc + deps/brotli/enc/histogram.cc + deps/brotli/enc/literal_cost.cc + deps/brotli/enc/metablock.cc + deps/brotli/enc/static_dict.cc + deps/brotli/enc/streams.cc + deps/brotli/enc/utf8_util.cc + lib/handler/compress/brotli.cc) + +SET(PICOTLS_INCLUDE_DIRECTORIES + deps/picotls/deps/cifra/src/ext + deps/picotls/deps/cifra/src + deps/picotls/deps/micro-ecc + deps/picotls/include) + +SET(PICOTLS_SOURCE_FILES + deps/picotls/deps/micro-ecc/uECC.c + deps/picotls/deps/cifra/src/aes.c + deps/picotls/deps/cifra/src/blockwise.c + deps/picotls/deps/cifra/src/chacha20.c + deps/picotls/deps/cifra/src/chash.c + deps/picotls/deps/cifra/src/curve25519.c + deps/picotls/deps/cifra/src/drbg.c + deps/picotls/deps/cifra/src/hmac.c + deps/picotls/deps/cifra/src/gcm.c + deps/picotls/deps/cifra/src/gf128.c + deps/picotls/deps/cifra/src/modes.c + deps/picotls/deps/cifra/src/poly1305.c + deps/picotls/deps/cifra/src/sha256.c + deps/picotls/deps/cifra/src/sha512.c + deps/picotls/lib/picotls.c + deps/picotls/lib/cifra.c + deps/picotls/lib/uecc.c + deps/picotls/lib/openssl.c) + +SET(LIB_SOURCE_FILES + deps/cloexec/cloexec.c + deps/libgkc/gkc.c + deps/libyrmcds/close.c + deps/libyrmcds/connect.c + deps/libyrmcds/recv.c + deps/libyrmcds/send.c + deps/libyrmcds/send_text.c + deps/libyrmcds/socket.c + deps/libyrmcds/strerror.c + deps/libyrmcds/text_mode.c + deps/picohttpparser/picohttpparser.c + + lib/common/cache.c + lib/common/file.c + lib/common/filecache.c + lib/common/hostinfo.c + lib/common/http1client.c + lib/common/memcached.c + lib/common/memory.c + lib/common/multithread.c + lib/common/serverutil.c + lib/common/socket.c + lib/common/socketpool.c + lib/common/string.c + lib/common/time.c + lib/common/timeout.c + lib/common/url.c + + lib/core/config.c + lib/core/configurator.c + lib/core/context.c + lib/core/headers.c + lib/core/logconf.c + lib/core/proxy.c + lib/core/request.c + lib/core/token.c + lib/core/util.c + + lib/handler/access_log.c + lib/handler/chunked.c + lib/handler/compress.c + lib/handler/compress/gzip.c + lib/handler/errordoc.c + lib/handler/expires.c + lib/handler/fastcgi.c + lib/handler/file.c + lib/handler/headers.c + lib/handler/mimemap.c + lib/handler/proxy.c + lib/handler/redirect.c + lib/handler/reproxy.c + lib/handler/throttle_resp.c + lib/handler/status.c + lib/handler/headers_util.c + lib/handler/status/events.c + lib/handler/status/requests.c + lib/handler/http2_debug_state.c + lib/handler/status/durations.c + lib/handler/configurator/access_log.c + lib/handler/configurator/compress.c + lib/handler/configurator/errordoc.c + lib/handler/configurator/expires.c + lib/handler/configurator/fastcgi.c + lib/handler/configurator/file.c + lib/handler/configurator/headers.c + lib/handler/configurator/proxy.c + lib/handler/configurator/redirect.c + lib/handler/configurator/reproxy.c + lib/handler/configurator/throttle_resp.c + lib/handler/configurator/status.c + lib/handler/configurator/http2_debug_state.c + lib/handler/configurator/headers_util.c + + lib/http1.c + + lib/tunnel.c + + lib/http2/cache_digests.c + lib/http2/casper.c + lib/http2/connection.c + lib/http2/frame.c + lib/http2/hpack.c + lib/http2/scheduler.c + lib/http2/stream.c + lib/http2/http2_debug_state.c) + +SET(UNIT_TEST_SOURCE_FILES + ${LIB_SOURCE_FILES} + ${LIBYAML_SOURCE_FILES} + ${BROTLI_SOURCE_FILES} + deps/picotest/picotest.c + t/00unit/test.c + t/00unit/lib/common/cache.c + t/00unit/lib/common/hostinfo.c + t/00unit/lib/common/multithread.c + t/00unit/lib/common/serverutil.c + t/00unit/lib/common/socket.c + t/00unit/lib/common/string.c + t/00unit/lib/common/time.c + t/00unit/lib/common/url.c + t/00unit/lib/core/headers.c + t/00unit/lib/core/proxy.c + t/00unit/lib/core/util.c + t/00unit/lib/handler/compress.c + t/00unit/lib/handler/fastcgi.c + t/00unit/lib/handler/file.c + t/00unit/lib/handler/headers.c + t/00unit/lib/handler/mimemap.c + t/00unit/lib/handler/redirect.c + t/00unit/lib/http2/cache_digests.c + t/00unit/lib/http2/casper.c + t/00unit/lib/http2/hpack.c + t/00unit/lib/http2/scheduler.c + t/00unit/src/ssl.c + t/00unit/issues/293.c + t/00unit/issues/percent-encode-zero-byte.c) +LIST(REMOVE_ITEM UNIT_TEST_SOURCE_FILES + lib/common/cache.c + lib/common/hostinfo.c + lib/common/multithread.c + lib/common/serverutil.c + lib/common/socket.c + lib/common/string.c + lib/common/time.c + lib/common/url.c + lib/core/headers.c + lib/core/proxy.c + lib/core/util.c + lib/handler/compress.c + lib/handler/compress/gzip.c + lib/handler/fastcgi.c + lib/handler/file.c + lib/handler/headers.c + lib/handler/mimemap.c + lib/handler/redirect.c + lib/http2/cache_digests.c + lib/http2/casper.c + lib/http2/hpack.c + lib/http2/scheduler.c) + +SET(EXTRA_LIBS ${EXTRA_LIBS} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) + +IF (ZLIB_FOUND) + LIST(INSERT EXTRA_LIBS 0 ${ZLIB_LIBRARIES}) +ENDIF (ZLIB_FOUND) + +IF (WSLAY_FOUND) + ADD_LIBRARY(libh2o lib/websocket.c ${LIB_SOURCE_FILES}) + ADD_LIBRARY(libh2o-evloop lib/websocket.c ${LIB_SOURCE_FILES}) +ELSE () + ADD_LIBRARY(libh2o ${LIB_SOURCE_FILES}) + ADD_LIBRARY(libh2o-evloop ${LIB_SOURCE_FILES}) +ENDIF (WSLAY_FOUND) + +SET_TARGET_PROPERTIES(libh2o PROPERTIES + OUTPUT_NAME h2o + VERSION ${LIBRARY_VERSION} + SOVERSION ${LIBRARY_SOVERSION}) +TARGET_LINK_LIBRARIES(libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) +SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES + OUTPUT_NAME h2o-evloop + COMPILE_FLAGS "-DH2O_USE_LIBUV=0" + VERSION ${LIBRARY_VERSION} + SOVERSION ${LIBRARY_SOVERSION}) +TARGET_LINK_LIBRARIES(libh2o-evloop ${EXTRA_LIBS}) + +IF (OPENSSL_FOUND) + TARGET_INCLUDE_DIRECTORIES(libh2o PUBLIC ${OPENSSL_INCLUDE_DIR}) + TARGET_INCLUDE_DIRECTORIES(libh2o-evloop PUBLIC ${OPENSSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(libh2o ${OPENSSL_LIBRARIES}) + TARGET_LINK_LIBRARIES(libh2o-evloop ${OPENSSL_LIBRARIES}) + IF (LIBUV_FOUND AND NOT WITHOUT_LIBS) + INSTALL(TARGETS libh2o DESTINATION ${CMAKE_INSTALL_LIBDIR}) + ELSE () + SET_TARGET_PROPERTIES(libh2o PROPERTIES EXCLUDE_FROM_ALL 1) + ENDIF () + IF (NOT WITHOUT_LIBS) + INSTALL(TARGETS libh2o-evloop DESTINATION ${CMAKE_INSTALL_LIBDIR}) + ELSE () + SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES EXCLUDE_FROM_ALL 1) + ENDIF() +ELSE (OPENSSL_FOUND) + SET_TARGET_PROPERTIES(libh2o PROPERTIES EXCLUDE_FROM_ALL 1) + SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES EXCLUDE_FROM_ALL 1) +ENDIF (OPENSSL_FOUND) + +ADD_CUSTOM_TARGET(lib-examples DEPENDS examples-http1client examples-simple examples-socket-client) +IF (WSLAY_FOUND) + ADD_DEPENDENCIES(lib-examples examples-websocket) +ENDIF (WSLAY_FOUND) + +ADD_EXECUTABLE(examples-http1client examples/libh2o/http1client.c) +SET_TARGET_PROPERTIES(examples-http1client PROPERTIES + EXCLUDE_FROM_ALL 1) +TARGET_LINK_LIBRARIES(examples-http1client libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) + +ADD_EXECUTABLE(examples-socket-client examples/libh2o/socket-client.c) +SET_TARGET_PROPERTIES(examples-socket-client PROPERTIES + EXCLUDE_FROM_ALL 1) +TARGET_LINK_LIBRARIES(examples-socket-client libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) + +ADD_EXECUTABLE(examples-simple examples/libh2o/simple.c) +SET_TARGET_PROPERTIES(examples-simple PROPERTIES + EXCLUDE_FROM_ALL 1) +TARGET_LINK_LIBRARIES(examples-simple libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) + +ADD_EXECUTABLE(examples-websocket lib/websocket.c examples/libh2o/websocket.c) +SET_TARGET_PROPERTIES(examples-websocket PROPERTIES + EXCLUDE_FROM_ALL 1) +TARGET_LINK_LIBRARIES(examples-websocket libh2o ${LIBUV_LIBRARIES} ${WSLAY_LIBRARIES} ${EXTRA_LIBS}) + +ADD_EXECUTABLE(examples-latency-optimization examples/libh2o/latency-optimization.c) +SET_TARGET_PROPERTIES(examples-latency-optimization PROPERTIES + COMPILE_FLAGS "-DH2O_USE_LIBUV=0" + EXCLUDE_FROM_ALL 1) +TARGET_LINK_LIBRARIES(examples-latency-optimization libh2o-evloop ${EXTRA_LIBS}) + +# standalone server directly links to libh2o using evloop +SET(STANDALONE_SOURCE_FILES + ${LIB_SOURCE_FILES} + ${LIBYAML_SOURCE_FILES} + ${BROTLI_SOURCE_FILES} + deps/neverbleed/neverbleed.c + src/main.c + src/ssl.c) +SET(STANDALONE_COMPILE_FLAGS "-DH2O_USE_LIBUV=0 -DH2O_USE_BROTLI=1") +IF (WITH_MRUBY) + IF (${CMAKE_C_COMPILER_ID} STREQUAL "Clang") + SET(MRUBY_TOOLCHAIN "clang") + ELSE () + SET(MRUBY_TOOLCHAIN "gcc") + ENDIF () + ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby) + LIST(APPEND STANDALONE_SOURCE_FILES + lib/handler/mruby.c + lib/handler/mruby/chunked.c + lib/handler/mruby/http_request.c + lib/handler/configurator/mruby.c) + SET(STANDALONE_COMPILE_FLAGS "${STANDALONE_COMPILE_FLAGS} -DH2O_USE_MRUBY=1") +ENDIF (WITH_MRUBY) +IF (WITH_PICOTLS) + LIST(APPEND STANDALONE_SOURCE_FILES ${PICOTLS_SOURCE_FILES}) + SET(STANDALONE_COMPILE_FLAGS "${STANDALONE_COMPILE_FLAGS} -DH2O_USE_PICOTLS=1") + INCLUDE_DIRECTORIES(${PICOTLS_INCLUDE_DIRECTORIES}) +ENDIF () +ADD_EXECUTABLE(h2o ${STANDALONE_SOURCE_FILES}) +SET_TARGET_PROPERTIES(h2o PROPERTIES COMPILE_FLAGS ${STANDALONE_COMPILE_FLAGS}) +IF (WITH_BUNDLED_SSL) + TARGET_INCLUDE_DIRECTORIES(h2o BEFORE PUBLIC ${BUNDLED_SSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(h2o ${BUNDLED_SSL_LIBRARIES}) + ADD_DEPENDENCIES(h2o bundled-ssl) +ELSE (WITH_BUNDLED_SSL) + IF (OPENSSL_FOUND) + TARGET_INCLUDE_DIRECTORIES(h2o PUBLIC ${OPENSSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(h2o ${OPENSSL_LIBRARIES}) + ENDIF (OPENSSL_FOUND) +ENDIF (WITH_BUNDLED_SSL) +IF (WITH_MRUBY) + TARGET_INCLUDE_DIRECTORIES(h2o BEFORE PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby/include ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby-input-stream/src) + # note: the paths need to be determined before libmruby.flags.mak is generated + TARGET_LINK_LIBRARIES(h2o + "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a" + "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.1/.libs/libonigmo.a" + "m") + ADD_DEPENDENCIES(h2o mruby) +ENDIF (WITH_MRUBY) +TARGET_LINK_LIBRARIES(h2o ${EXTRA_LIBS}) + +INSTALL(TARGETS h2o + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) + +IF (NOT WITHOUT_LIBS) + INSTALL(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} FILES_MATCHING PATTERN "*.h") + IF (LIBUV_FOUND) + INSTALL(FILES "${CMAKE_BINARY_DIR}/libh2o.pc" DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + ENDIF () + INSTALL(FILES "${CMAKE_BINARY_DIR}/libh2o-evloop.pc" DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) +ENDIF () + +INSTALL(PROGRAMS share/h2o/annotate-backtrace-symbols share/h2o/fastcgi-cgi share/h2o/fetch-ocsp-response share/h2o/kill-on-close share/h2o/setuidgid share/h2o/start_server DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o) +INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o) +INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status) +INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE) +INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples) +IF (WITH_MRUBY) + INSTALL(DIRECTORY share/h2o/mruby DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o) +ENDIF (WITH_MRUBY) + +# tests +ADD_EXECUTABLE(t-00unit-evloop.t ${UNIT_TEST_SOURCE_FILES}) +SET_TARGET_PROPERTIES(t-00unit-evloop.t PROPERTIES + COMPILE_FLAGS "-DH2O_USE_LIBUV=0 -DH2O_USE_BROTLI=1 -DH2O_UNITTEST=1" + EXCLUDE_FROM_ALL 1) +TARGET_LINK_LIBRARIES(t-00unit-evloop.t ${EXTRA_LIBS}) + +IF (LIBUV_FOUND) + ADD_EXECUTABLE(t-00unit-libuv.t ${UNIT_TEST_SOURCE_FILES}) + SET_TARGET_PROPERTIES(t-00unit-libuv.t PROPERTIES + COMPILE_FLAGS "-DH2O_USE_BROTLI=1 -DH2O_UNITTEST=1" + EXCLUDE_FROM_ALL 1) + TARGET_LINK_LIBRARIES(t-00unit-libuv.t ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) +ENDIF (LIBUV_FOUND) + +IF (WITH_BUNDLED_SSL) + TARGET_INCLUDE_DIRECTORIES(t-00unit-evloop.t BEFORE PUBLIC ${BUNDLED_SSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(t-00unit-evloop.t ${BUNDLED_SSL_LIBRARIES}) + ADD_DEPENDENCIES(t-00unit-evloop.t bundled-ssl) + IF (LIBUV_FOUND) + TARGET_INCLUDE_DIRECTORIES(t-00unit-libuv.t BEFORE PUBLIC ${BUNDLED_SSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(t-00unit-libuv.t ${BUNDLED_SSL_LIBRARIES}) + ADD_DEPENDENCIES(t-00unit-libuv.t bundled-ssl) + ENDIF (LIBUV_FOUND) +ELSE (WITH_BUNDLED_SSL) + IF (OPENSSL_FOUND) + TARGET_INCLUDE_DIRECTORIES(t-00unit-evloop.t PUBLIC ${OPENSSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(t-00unit-evloop.t ${OPENSSL_LIBRARIES}) + IF (LIBUV_FOUND) + TARGET_INCLUDE_DIRECTORIES(t-00unit-libuv.t PUBLIC ${OPENSSL_INCLUDE_DIR}) + TARGET_LINK_LIBRARIES(t-00unit-libuv.t ${OPENSSL_LIBRARIES}) + ENDIF (LIBUV_FOUND) + ENDIF (OPENSSL_FOUND) +ENDIF (WITH_BUNDLED_SSL) + +ADD_CUSTOM_TARGET(check env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -v t/*.t + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + DEPENDS h2o t-00unit-evloop.t) +IF (LIBUV_FOUND) + ADD_DEPENDENCIES(check t-00unit-libuv.t) + IF (OPENSSL_FOUND) + ADD_DEPENDENCIES(check lib-examples) + ENDIF () +ENDIF () + +ADD_CUSTOM_TARGET(check-as-root env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -v t/90root-*.t + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + +IF (BUILD_FUZZER) + IF(NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang") + MESSAGE(FATAL_ERROR "The fuzzer needs clang as a compiler") + ENDIF() + + ADD_EXECUTABLE(h2o-fuzzer-http1 fuzz/driver.cc fuzz/standalone.cc) + ADD_EXECUTABLE(h2o-fuzzer-http2 fuzz/driver.cc fuzz/standalone.cc) + ADD_EXECUTABLE(h2o-fuzzer-url fuzz/driver_url.cc fuzz/standalone.cc) + + SET(FUZZ_COMPILE_FLAGS "") + SET(FUZZ_LIBS "") + + SET_TARGET_PROPERTIES(h2o-fuzzer-http1 PROPERTIES COMPILE_FLAGS "-DHTTP1") + SET_TARGET_PROPERTIES(h2o-fuzzer-http2 PROPERTIES COMPILE_FLAGS "-DHTTP2") + + IF (FUZZER_STANDALONE) + SET(FUZZ_COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS} -DSTANDALONE") + set_target_properties(h2o-fuzzer-http1 PROPERTIES SUFFIX "-standalone") + set_target_properties(h2o-fuzzer-http2 PROPERTIES SUFFIX "-standalone") + set_target_properties(h2o-fuzzer-url PROPERTIES SUFFIX "-standalone") + ELSE () + IF (OSS_FUZZ) + # Use https://github.com/google/oss-fuzz compatible options + SET(LIB_FUZZER FuzzingEngine) + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-omit-frame-pointer") + SET(CMAKE_CXX _FLAGS "${CMAKE_CXX_FLAGS} -fno-omit-frame-pointer") + ELSE () + # Default non-oss-fuzz options + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-omit-frame-pointer -fsanitize=address,fuzzer-no-link") + SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-omit-frame-pointer -fsanitize=address,fuzzer-no-link") + ENDIF (OSS_FUZZ) + + TARGET_LINK_OPTIONS(h2o-fuzzer-http1 PRIVATE "-fsanitize=address,fuzzer") + TARGET_LINK_OPTIONS(h2o-fuzzer-http2 PRIVATE "-fsanitize=address,fuzzer") + TARGET_LINK_OPTIONS(h2o-fuzzer-url PRIVATE "-fsanitize=address,fuzzer") + + SET(FUZZ_LIBS "${LIB_FUZZER}") + ENDIF () + + SET_TARGET_PROPERTIES(h2o-fuzzer-http1 PROPERTIES COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS} -DHTTP1") + SET_TARGET_PROPERTIES(h2o-fuzzer-http2 PROPERTIES COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS} -DHTTP2") + SET_TARGET_PROPERTIES(h2o-fuzzer-url PROPERTIES COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS}") + + TARGET_LINK_LIBRARIES(h2o-fuzzer-http1 libh2o-evloop ${EXTRA_LIBS} ${FUZZ_LIBS}) + TARGET_LINK_LIBRARIES(h2o-fuzzer-http2 libh2o-evloop ${EXTRA_LIBS} ${FUZZ_LIBS}) + TARGET_LINK_LIBRARIES(h2o-fuzzer-url libh2o-evloop ${EXTRA_LIBS} ${FUZZ_LIBS}) +ENDIF (BUILD_FUZZER) + +IF (NOT ARCH_SUPPORTS_64BIT_ATOMICS) + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DH2O_NO_64BIT_ATOMICS") +ENDIF (NOT ARCH_SUPPORTS_64BIT_ATOMICS) + +# environment-specific tweaks +IF (APPLE) + SET_SOURCE_FILES_PROPERTIES(lib/socket.c lib/websocket.c src/main.c examples/simple.c examples/websocket.c PROPERTIES COMPILE_FLAGS -Wno-deprecated-declarations) +ELSEIF (CMAKE_SYSTEM_NAME STREQUAL "Linux") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread -D_GNU_SOURCE") + IF (WITH_BUNDLED_SSL) + TARGET_LINK_LIBRARIES(h2o "rt") + TARGET_LINK_LIBRARIES(t-00unit-evloop.t "rt") + IF (LIBUV_FOUND) + TARGET_LINK_LIBRARIES(t-00unit-libuv.t "rt") + ENDIF (LIBUV_FOUND) + ENDIF (WITH_BUNDLED_SSL) +ELSEIF ("${CMAKE_SYSTEM_NAME}" MATCHES "SunOS") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthreads -D_POSIX_PTHREAD_SEMANTICS") + TARGET_LINK_LIBRARIES(h2o "socket" "nsl") + TARGET_LINK_LIBRARIES(t-00unit-evloop.t "socket" "nsl") + IF (LIBUV_FOUND) + TARGET_LINK_LIBRARIES(t-00unit-libuv.t "socket" "nsl") + ENDIF (LIBUV_FOUND) +ELSE () + # for FreeBSD, etc. + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread") +ENDIF () + +# Retain CXX_FLAGS for std c++ compatiability across fuzz build/test environments +IF (NOT OSS_FUZZ) + SET(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS}") +ENDIF (NOT OSS_FUZZ) diff --git a/h2o-cve-2018-0608/Dockerfile b/h2o-cve-2018-0608/Dockerfile new file mode 100644 index 0000000..7eb3ddc --- /dev/null +++ b/h2o-cve-2018-0608/Dockerfile @@ -0,0 +1,27 @@ +FROM ubuntu + +RUN export DEBIAN_FRONTEND="noninteractive" && \ + apt-get update && \ + apt-get install -y clang cmake build-essential git libssl-dev zlib1g-dev + +WORKDIR /h2o +RUN git clone https://github.com/h2o/h2o . && \ + git checkout 69506c9e2defa4922f62f389c76d89e9274b3cc1 && \ + git checkout HEAD^ +COPY CMakeLists.txt . +COPY standalone.cc fuzz + +RUN mkdir /fuzz + +RUN rm -rf build && mkdir build && cd build && \ + CC=clang CXX=clang++ cmake -DBUILD_FUZZER=1 -DFUZZER_STANDALONE=1 .. && make && \ + mv h2o h2o-fuzzer-http1-standalone h2o-fuzzer-http2-standalone h2o-fuzzer-url-standalone /fuzz + +RUN rm -rf build && mkdir build && cd build && \ + CC=clang CXX=clang++ cmake -DBUILD_FUZZER=1 .. && make && \ + mv h2o-fuzzer-http1 h2o-fuzzer-http2 h2o-fuzzer-url /fuzz + +WORKDIR /fuzz +COPY h2o.conf . +COPY h2o-fuzzer-http1.dict . +COPY h2o-fuzzer-http2.dict . diff --git a/h20-cve-2018-0608/h2o-fuzzer-http1.dict b/h2o-cve-2018-0608/h2o-fuzzer-http1.dict similarity index 100% rename from h20-cve-2018-0608/h2o-fuzzer-http1.dict rename to h2o-cve-2018-0608/h2o-fuzzer-http1.dict diff --git a/h20-cve-2018-0608/h2o-fuzzer-http2.dict b/h2o-cve-2018-0608/h2o-fuzzer-http2.dict similarity index 100% rename from h20-cve-2018-0608/h2o-fuzzer-http2.dict rename to h2o-cve-2018-0608/h2o-fuzzer-http2.dict diff --git a/h20-cve-2018-0608/h2o.conf b/h2o-cve-2018-0608/h2o.conf similarity index 100% rename from h20-cve-2018-0608/h2o.conf rename to h2o-cve-2018-0608/h2o.conf diff --git a/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile new file mode 100644 index 0000000..427b6fa --- /dev/null +++ b/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile @@ -0,0 +1,14 @@ +version: '1.4' +project: h2o +target: h2o-http1 +cmds: +- cmd: /fuzz/h2o-fuzzer-http1_standalone @@ + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + max_length: 16384 + dictionary: /fuzz/h2o-fuzzer-http1.dict +- cmd: /fuzz/h2o-fuzzer-http1 + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + max_length: 16384 + dictionary: /fuzz/h2o-fuzzer-http1.dict diff --git a/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile new file mode 100644 index 0000000..66f1f68 --- /dev/null +++ b/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile @@ -0,0 +1,14 @@ +version: '1.4' +project: h2o +target: h2o-http2 +cmds: +- cmd: /fuzz/h2o-fuzzer-http2_standalone @@ + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + max_length: 16384 + dictionary: /fuzz/h2o-fuzzer-http2.dict +- cmd: /fuzz/h2o-fuzzer-http2 + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + max_length: 16384 + dictionary: /fuzz/h2o-fuzzer-http2.dict diff --git a/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile new file mode 100644 index 0000000..714766a --- /dev/null +++ b/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile @@ -0,0 +1,12 @@ +version: '1.4' +project: h2o +target: h2o-url +cmds: +- cmd: /fuzz/h2o-fuzzer-url_standalone @@ + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + max_length: 4096 +- cmd: /fuzz/h2o-fuzzer-url + env: + LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu + max_length: 4096 diff --git a/h20-cve-2018-0608/mayhem/h2o/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile similarity index 84% rename from h20-cve-2018-0608/mayhem/h2o/Mayhemfile rename to h2o-cve-2018-0608/mayhem/h2o/Mayhemfile index 9d5c6b8..c85e6ff 100644 --- a/h20-cve-2018-0608/mayhem/h2o/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile @@ -2,7 +2,7 @@ version: '1.4' project: h2o target: h2o cmds: -- cmd: /h2o -c /h2o.conf +- cmd: /fuzz/h2o -c /fuzz/h2o.conf env: LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu network: diff --git a/h2o-cve-2018-0608/standalone.cc b/h2o-cve-2018-0608/standalone.cc new file mode 100644 index 0000000..01ac1fd --- /dev/null +++ b/h2o-cve-2018-0608/standalone.cc @@ -0,0 +1,31 @@ +#ifdef STANDALONE + +#include +#include + +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); + +int main(int argc, char **argv) { + uint8_t *data; + size_t size; + + if (argc != 2) return 1; + + std::ifstream file (argv[1], std::ios::in | std::ios::binary | std::ios::ate); + if (!file.is_open()) return 1; + + size = file.tellg(); + data = new uint8_t[size]; + file.seekg(0, std::ios::beg); + file.read((char *)data, size); + file.close(); + + LLVMFuzzerTestOneInput(data, size); + + return 0; +} + +#endif From c4e07c05e68b61ad31ad9b64ccb80f534a67789c Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Tue, 2 Jun 2020 11:18:44 -0700 Subject: [PATCH 03/20] Add base image name and fix standalone cmd path --- h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile | 3 ++- h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile | 3 ++- h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile | 3 ++- h2o-cve-2018-0608/mayhem/h2o/Mayhemfile | 1 + 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile index 427b6fa..b2a99b0 100644 --- a/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile @@ -1,8 +1,9 @@ version: '1.4' +baseimage: $MAYHEM_DOCKER_REGISTRY/h2o project: h2o target: h2o-http1 cmds: -- cmd: /fuzz/h2o-fuzzer-http1_standalone @@ +- cmd: /fuzz/h2o-fuzzer-http1-standalone @@ env: LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu max_length: 16384 diff --git a/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile index 66f1f68..b82956a 100644 --- a/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile @@ -1,8 +1,9 @@ version: '1.4' +baseimage: $MAYHEM_DOCKER_REGISTRY/h2o project: h2o target: h2o-http2 cmds: -- cmd: /fuzz/h2o-fuzzer-http2_standalone @@ +- cmd: /fuzz/h2o-fuzzer-http2-standalone @@ env: LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu max_length: 16384 diff --git a/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile index 714766a..e367cdf 100644 --- a/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile @@ -1,8 +1,9 @@ version: '1.4' +baseimage: $MAYHEM_DOCKER_REGISTRY/h2o project: h2o target: h2o-url cmds: -- cmd: /fuzz/h2o-fuzzer-url_standalone @@ +- cmd: /fuzz/h2o-fuzzer-url-standalone @@ env: LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu max_length: 4096 diff --git a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile index c85e6ff..636b1ea 100644 --- a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile @@ -1,4 +1,5 @@ version: '1.4' +baseimage: $MAYHEM_DOCKER_REGISTRY/h2o project: h2o target: h2o cmds: From 439d55dd3940c8d38d2e848c94a2e705ec11baea Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 09:20:27 -0700 Subject: [PATCH 04/20] Remove alternate fuzzers (just keep h2o binary) --- h2o-cve-2018-0608/Dockerfile | 16 +-- h2o-cve-2018-0608/h2o-fuzzer-http1.dict | 126 ------------------ h2o-cve-2018-0608/h2o-fuzzer-http2.dict | 126 ------------------ h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile | 15 --- h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile | 15 --- h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile | 13 -- h2o-cve-2018-0608/standalone.cc | 31 ----- 7 files changed, 3 insertions(+), 339 deletions(-) delete mode 100644 h2o-cve-2018-0608/h2o-fuzzer-http1.dict delete mode 100644 h2o-cve-2018-0608/h2o-fuzzer-http2.dict delete mode 100644 h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile delete mode 100644 h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile delete mode 100644 h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile delete mode 100644 h2o-cve-2018-0608/standalone.cc diff --git a/h2o-cve-2018-0608/Dockerfile b/h2o-cve-2018-0608/Dockerfile index 7eb3ddc..3354ecf 100644 --- a/h2o-cve-2018-0608/Dockerfile +++ b/h2o-cve-2018-0608/Dockerfile @@ -8,20 +8,10 @@ WORKDIR /h2o RUN git clone https://github.com/h2o/h2o . && \ git checkout 69506c9e2defa4922f62f389c76d89e9274b3cc1 && \ git checkout HEAD^ -COPY CMakeLists.txt . -COPY standalone.cc fuzz -RUN mkdir /fuzz - -RUN rm -rf build && mkdir build && cd build && \ - CC=clang CXX=clang++ cmake -DBUILD_FUZZER=1 -DFUZZER_STANDALONE=1 .. && make && \ - mv h2o h2o-fuzzer-http1-standalone h2o-fuzzer-http2-standalone h2o-fuzzer-url-standalone /fuzz - -RUN rm -rf build && mkdir build && cd build && \ - CC=clang CXX=clang++ cmake -DBUILD_FUZZER=1 .. && make && \ - mv h2o-fuzzer-http1 h2o-fuzzer-http2 h2o-fuzzer-url /fuzz +RUN mkdir build && cd build && \ + CC=clang CXX=clang++ cmake -E env CXXFLAGS="-fsanitize=address" cmake .. && make WORKDIR /fuzz +RUN mv /h2o/build/h2o . COPY h2o.conf . -COPY h2o-fuzzer-http1.dict . -COPY h2o-fuzzer-http2.dict . diff --git a/h2o-cve-2018-0608/h2o-fuzzer-http1.dict b/h2o-cve-2018-0608/h2o-fuzzer-http1.dict deleted file mode 100644 index 1d76d71..0000000 --- a/h2o-cve-2018-0608/h2o-fuzzer-http1.dict +++ /dev/null @@ -1,126 +0,0 @@ -POST="POST" -GET="GET" -FOO="FOO" -post="post" -get="post" -foo="foo" -slash="/" -url="http://foo" -version="HTTP/1.1" -content_length="Content-Length" -transfer_encoding="Transfer-Encoding" -text="text" -semicolon=";" -comma="," -hdr1="Header" -hdr2="Hea-Der" -colon=":" -minus="-" -zero="0" -one="1" -minus_one="-1" -small_size="123" -small_positive_size="+123" -small_negative_size="-123" -medium_size="12345" -medium_positive_size="+12345" -medium_negative_size="-12345" -large_size="999999999" -large_positive_size="+999999999" -large_negative_size="-999999999" -float_size="123.456" -chunked="chunked" -gzip="gzip" -nul="\x00" -bs="\x08" -ht="\x09" -nl="\x0A" -vt="\x0B" -np="\x0C" -cr="\x0D" -crlf="\x0D\x0A" -space="\x20" -del="\x7F" -hi="\x80" -ff="\xFF" -curl="HTTP/1.0" -curl="100" -curl="200" -curl="301" -curl="400" -curl="Server:" -curl="Last-Modified:" -curl="Content-Type:" -curl="text/html" -curl="charset=UTF-8" -curl="Accept-Ranges:" -curl="bytes" -curl="Content-Length:" -curl="Transfer-Encoding:" -curl="compress" -curl="exi" -curl="gzip" -curl="identity" -curl="pack200-gzip" -curl="br" -curl="deflate" -curl="bzip2" -curl="lzma" -curl="xz" -curl="Content-Encoding:" -curl="chunked" -curl="Connection:" -curl="close" -curl="Date:" -curl="Expires:" -curl="Fri, 31 Dec 1999 23:59:59 GMT" -curl="Cache-Control:" -curl="no-cache" -curl="no-store" -curl="must-revalidate" -curl="Pragma:" -curl="no-cache" -curl="Host:" -vdf="Accept" -vdf="Accept-Charset" -vdf="Accept-Encoding" -vdf="Accept-Language" -vdf="Accept-Datetime" -vdf="Authorization" -vdf="Cache-Control" -vdf="Connection" -vdf="Cookie" -vdf="Content-Length" -vdf="Content-MD5" -vdf="Content-Type" -vdf="Date" -vdf="Expect" -vdf="Forwarded" -vdf="From" -vdf="Host" -vdf="If-Match" -vdf="If-Modified-Since" -vdf="If-None-Match" -vdf="If-Range" -vdf="If-Unmodified-Since" -vdf="Max-Forwards" -vdf="Origin" -vdf="Proxy-Authorization" -vdf="Range" -vdf="TE" -vdf="User-Agent" -vdf="Upgrade" -vdf="Via" -vdf="Warning" -vdf="X-Requested-With" -vdf="X-Forwarded-Host" -vdf="X-Forwarded-Host" -vdf="X-Forwarded-Proto" -vdf="Front-End-Https" -vdf="X-HTTP-Method-Override" -vdf="X-Att-Deviceid" -vdf="x-wap-profile" -vdf="Proxy-Connection" -vdf="X-UIDH" -vdf="X-XSRF-TOKEN" -vdf="X-Csrf-Token" diff --git a/h2o-cve-2018-0608/h2o-fuzzer-http2.dict b/h2o-cve-2018-0608/h2o-fuzzer-http2.dict deleted file mode 100644 index 1d76d71..0000000 --- a/h2o-cve-2018-0608/h2o-fuzzer-http2.dict +++ /dev/null @@ -1,126 +0,0 @@ -POST="POST" -GET="GET" -FOO="FOO" -post="post" -get="post" -foo="foo" -slash="/" -url="http://foo" -version="HTTP/1.1" -content_length="Content-Length" -transfer_encoding="Transfer-Encoding" -text="text" -semicolon=";" -comma="," -hdr1="Header" -hdr2="Hea-Der" -colon=":" -minus="-" -zero="0" -one="1" -minus_one="-1" -small_size="123" -small_positive_size="+123" -small_negative_size="-123" -medium_size="12345" -medium_positive_size="+12345" -medium_negative_size="-12345" -large_size="999999999" -large_positive_size="+999999999" -large_negative_size="-999999999" -float_size="123.456" -chunked="chunked" -gzip="gzip" -nul="\x00" -bs="\x08" -ht="\x09" -nl="\x0A" -vt="\x0B" -np="\x0C" -cr="\x0D" -crlf="\x0D\x0A" -space="\x20" -del="\x7F" -hi="\x80" -ff="\xFF" -curl="HTTP/1.0" -curl="100" -curl="200" -curl="301" -curl="400" -curl="Server:" -curl="Last-Modified:" -curl="Content-Type:" -curl="text/html" -curl="charset=UTF-8" -curl="Accept-Ranges:" -curl="bytes" -curl="Content-Length:" -curl="Transfer-Encoding:" -curl="compress" -curl="exi" -curl="gzip" -curl="identity" -curl="pack200-gzip" -curl="br" -curl="deflate" -curl="bzip2" -curl="lzma" -curl="xz" -curl="Content-Encoding:" -curl="chunked" -curl="Connection:" -curl="close" -curl="Date:" -curl="Expires:" -curl="Fri, 31 Dec 1999 23:59:59 GMT" -curl="Cache-Control:" -curl="no-cache" -curl="no-store" -curl="must-revalidate" -curl="Pragma:" -curl="no-cache" -curl="Host:" -vdf="Accept" -vdf="Accept-Charset" -vdf="Accept-Encoding" -vdf="Accept-Language" -vdf="Accept-Datetime" -vdf="Authorization" -vdf="Cache-Control" -vdf="Connection" -vdf="Cookie" -vdf="Content-Length" -vdf="Content-MD5" -vdf="Content-Type" -vdf="Date" -vdf="Expect" -vdf="Forwarded" -vdf="From" -vdf="Host" -vdf="If-Match" -vdf="If-Modified-Since" -vdf="If-None-Match" -vdf="If-Range" -vdf="If-Unmodified-Since" -vdf="Max-Forwards" -vdf="Origin" -vdf="Proxy-Authorization" -vdf="Range" -vdf="TE" -vdf="User-Agent" -vdf="Upgrade" -vdf="Via" -vdf="Warning" -vdf="X-Requested-With" -vdf="X-Forwarded-Host" -vdf="X-Forwarded-Host" -vdf="X-Forwarded-Proto" -vdf="Front-End-Https" -vdf="X-HTTP-Method-Override" -vdf="X-Att-Deviceid" -vdf="x-wap-profile" -vdf="Proxy-Connection" -vdf="X-UIDH" -vdf="X-XSRF-TOKEN" -vdf="X-Csrf-Token" diff --git a/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile deleted file mode 100644 index b2a99b0..0000000 --- a/h2o-cve-2018-0608/mayhem/h2o-http1/Mayhemfile +++ /dev/null @@ -1,15 +0,0 @@ -version: '1.4' -baseimage: $MAYHEM_DOCKER_REGISTRY/h2o -project: h2o -target: h2o-http1 -cmds: -- cmd: /fuzz/h2o-fuzzer-http1-standalone @@ - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu - max_length: 16384 - dictionary: /fuzz/h2o-fuzzer-http1.dict -- cmd: /fuzz/h2o-fuzzer-http1 - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu - max_length: 16384 - dictionary: /fuzz/h2o-fuzzer-http1.dict diff --git a/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile deleted file mode 100644 index b82956a..0000000 --- a/h2o-cve-2018-0608/mayhem/h2o-http2/Mayhemfile +++ /dev/null @@ -1,15 +0,0 @@ -version: '1.4' -baseimage: $MAYHEM_DOCKER_REGISTRY/h2o -project: h2o -target: h2o-http2 -cmds: -- cmd: /fuzz/h2o-fuzzer-http2-standalone @@ - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu - max_length: 16384 - dictionary: /fuzz/h2o-fuzzer-http2.dict -- cmd: /fuzz/h2o-fuzzer-http2 - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu - max_length: 16384 - dictionary: /fuzz/h2o-fuzzer-http2.dict diff --git a/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile deleted file mode 100644 index e367cdf..0000000 --- a/h2o-cve-2018-0608/mayhem/h2o-url/Mayhemfile +++ /dev/null @@ -1,13 +0,0 @@ -version: '1.4' -baseimage: $MAYHEM_DOCKER_REGISTRY/h2o -project: h2o -target: h2o-url -cmds: -- cmd: /fuzz/h2o-fuzzer-url-standalone @@ - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu - max_length: 4096 -- cmd: /fuzz/h2o-fuzzer-url - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu - max_length: 4096 diff --git a/h2o-cve-2018-0608/standalone.cc b/h2o-cve-2018-0608/standalone.cc deleted file mode 100644 index 01ac1fd..0000000 --- a/h2o-cve-2018-0608/standalone.cc +++ /dev/null @@ -1,31 +0,0 @@ -#ifdef STANDALONE - -#include -#include - -#include -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); - -int main(int argc, char **argv) { - uint8_t *data; - size_t size; - - if (argc != 2) return 1; - - std::ifstream file (argv[1], std::ios::in | std::ios::binary | std::ios::ate); - if (!file.is_open()) return 1; - - size = file.tellg(); - data = new uint8_t[size]; - file.seekg(0, std::ios::beg); - file.read((char *)data, size); - file.close(); - - LLVMFuzzerTestOneInput(data, size); - - return 0; -} - -#endif From 1a8c4f27f4da526d37484c3415205693b42d9674 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 09:25:27 -0700 Subject: [PATCH 05/20] Add starting corpus and crashing poc --- ...ffd2407b39cec230c9aa477faa3fd6090bdf3ace71a399ff5b | 5 +++++ h2o-cve-2018-0608/mayhem/h2o/poc/crashing-input | 11 +++++++++++ 2 files changed, 16 insertions(+) create mode 100644 h2o-cve-2018-0608/mayhem/h2o/corpus/39086fd5db5386ffd2407b39cec230c9aa477faa3fd6090bdf3ace71a399ff5b create mode 100644 h2o-cve-2018-0608/mayhem/h2o/poc/crashing-input diff --git a/h2o-cve-2018-0608/mayhem/h2o/corpus/39086fd5db5386ffd2407b39cec230c9aa477faa3fd6090bdf3ace71a399ff5b b/h2o-cve-2018-0608/mayhem/h2o/corpus/39086fd5db5386ffd2407b39cec230c9aa477faa3fd6090bdf3ace71a399ff5b new file mode 100644 index 0000000..75373a9 --- /dev/null +++ b/h2o-cve-2018-0608/mayhem/h2o/corpus/39086fd5db5386ffd2407b39cec230c9aa477faa3fd6090bdf3ace71a399ff5b @@ -0,0 +1,5 @@ +GET / HTTP/1.1 +User-Agent: curl/7.35.0 +Host: localhost:8080 +Accept: */* + diff --git a/h2o-cve-2018-0608/mayhem/h2o/poc/crashing-input b/h2o-cve-2018-0608/mayhem/h2o/poc/crashing-input new file mode 100644 index 0000000..9c643fe --- /dev/null +++ b/h2o-cve-2018-0608/mayhem/h2o/poc/crashing-input @@ -0,0 +1,11 @@ +GET /pages"222222222222222es HTTP/1.1 + +Upgrade: host-pagUUUUUUUUUUUUUUUU8UU2222222222222es HTTP/1.1 + +Upgrade: host-pagUUUUUUUUUUUUUUUU8UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU9TT6/ HTTP/1.1 +User-Agent: curl/L.5.1 + +dpgrade: hostUUUUUUUUUUUIUUUUUUUUUUUgUUUUUUUUUUUUUUUU8UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU9TT6/ HTTP/1.1 +User-Agent: cur hostUUUUUUUUUUUIUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUMUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUpUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU^UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU\UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUEUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU9TT6/ HTTP/1.1 +User-Agent: curl/L.5.1TTF/onAA + From 0bf53fd6c48d90417d7e3cb0ec5d1628415bb56b Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 09:38:47 -0700 Subject: [PATCH 06/20] Simplify dockerfile --- h2o-cve-2018-0608/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/h2o-cve-2018-0608/Dockerfile b/h2o-cve-2018-0608/Dockerfile index 3354ecf..91e48b0 100644 --- a/h2o-cve-2018-0608/Dockerfile +++ b/h2o-cve-2018-0608/Dockerfile @@ -2,15 +2,14 @@ FROM ubuntu RUN export DEBIAN_FRONTEND="noninteractive" && \ apt-get update && \ - apt-get install -y clang cmake build-essential git libssl-dev zlib1g-dev + apt-get install -y cmake build-essential git libssl-dev zlib1g-dev WORKDIR /h2o RUN git clone https://github.com/h2o/h2o . && \ git checkout 69506c9e2defa4922f62f389c76d89e9274b3cc1 && \ git checkout HEAD^ -RUN mkdir build && cd build && \ - CC=clang CXX=clang++ cmake -E env CXXFLAGS="-fsanitize=address" cmake .. && make +RUN mkdir build && cd build && cmake .. && make WORKDIR /fuzz RUN mv /h2o/build/h2o . From 90c3578a0ecba88c5efe4a24a82af7c762ce7bd0 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 09:39:05 -0700 Subject: [PATCH 07/20] Add readme for h2o --- h2o-cve-2018-0608/README.md | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 h2o-cve-2018-0608/README.md diff --git a/h2o-cve-2018-0608/README.md b/h2o-cve-2018-0608/README.md new file mode 100644 index 0000000..b505a66 --- /dev/null +++ b/h2o-cve-2018-0608/README.md @@ -0,0 +1,43 @@ +# h2o memory corruption CVE example + +This repo replicates finding a memory corruption bug inside h2o with fuzzing. + +> Note: since this finds the bug in an unmodified h2o binary +> (a *network target*), it can only be found by fuzzers that support network +> fuzzing (such as Mayhem). + +## To build + +Assuming you just want to build the docker image, run from the project +directory (`h2o-cve-2018-0608`): + +```bash +docker build -t forallsecure/h2o-cve-2018-0608 . +``` + +## Get from Dockerhub + +If you don't want to build locally, you can pull a pre-built image +directly from dockerhub: + +```bash +docker pull forallsecure/h2o-cve-2018-0608 +``` + + +## Run under Mayhem + +From the project directory (`h2o-cve-2018-0608`) run: + +```bash +mayhem run mayhem/h2o +``` + +## POC + +We have included a proof of concept output under the `poc` +directory. + +Note: Fuzzing has some degree of non-determinism, so when you run +yourself you may not get exactly this file. This is expected; your +output should still trigger the memory corruption bug. From 54eea7723a458df7ecf29917500df8f5026c941a Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 09:52:16 -0700 Subject: [PATCH 08/20] Use multistage build for docker image --- h2o-cve-2018-0608/Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/h2o-cve-2018-0608/Dockerfile b/h2o-cve-2018-0608/Dockerfile index 91e48b0..b6d6605 100644 --- a/h2o-cve-2018-0608/Dockerfile +++ b/h2o-cve-2018-0608/Dockerfile @@ -1,8 +1,13 @@ -FROM ubuntu +FROM ubuntu AS base + +RUN apt-get update && \ + apt-get install -y libssl-dev zlib1g-dev + +FROM base AS builder RUN export DEBIAN_FRONTEND="noninteractive" && \ apt-get update && \ - apt-get install -y cmake build-essential git libssl-dev zlib1g-dev + apt-get install -y cmake build-essential git WORKDIR /h2o RUN git clone https://github.com/h2o/h2o . && \ @@ -11,6 +16,8 @@ RUN git clone https://github.com/h2o/h2o . && \ RUN mkdir build && cd build && cmake .. && make +FROM base + WORKDIR /fuzz -RUN mv /h2o/build/h2o . +COPY --from=builder /h2o/build/h2o . COPY h2o.conf . From 8675655f73aae3d7a67a983a9875104f58f6a568 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 09:53:01 -0700 Subject: [PATCH 09/20] Change mayhemfile baseimage to use forallsecure dockerhub --- h2o-cve-2018-0608/mayhem/h2o/Mayhemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile index 636b1ea..4db9f2f 100644 --- a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile @@ -1,7 +1,7 @@ version: '1.4' -baseimage: $MAYHEM_DOCKER_REGISTRY/h2o -project: h2o +project: h2o-cve-2018-0608 target: h2o +baseimage: forallsecure/h2o-cve-2018-0608 cmds: - cmd: /fuzz/h2o -c /fuzz/h2o.conf env: From cd708a5b3b66572bc60227c2d6e1b387339e5e4b Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 10:03:23 -0700 Subject: [PATCH 10/20] Move push logic from docker_publish to external script in .github --- .github/push.sh | 21 +++++++++++++ .github/workflows/docker_publish.yml | 45 ++-------------------------- 2 files changed, 24 insertions(+), 42 deletions(-) create mode 100755 .github/push.sh diff --git a/.github/push.sh b/.github/push.sh new file mode 100755 index 0000000..6a80b89 --- /dev/null +++ b/.github/push.sh @@ -0,0 +1,21 @@ +# Pushes image to logged in docker registry (tagged with github ref) + +IMAGE_ID=$1 + +# Change all uppercase to lowercase +IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') + +# Strip git ref prefix from version +VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + +# Strip "v" prefix from tag name +[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') + +# Use docker `latest` tag convention +[ "$VERSION" == "master" ] && VERSION=latest + +echo IMAGE_ID=$IMAGE_ID +echo VERSION=$VERSION + +docker tag $IMAGE_ID $IMAGE_ID:$VERSION +docker push $IMAGE_ID:$VERSION diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml index 01479cd..9484fc2 100644 --- a/.github/workflows/docker_publish.yml +++ b/.github/workflows/docker_publish.yml @@ -9,7 +9,6 @@ on: jobs: openssl-cve-2014-0160: - runs-on: ubuntu-latest steps: @@ -21,30 +20,11 @@ jobs: run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin - name: Push the docker image - run: | - IMAGE_ID=forallsecure/openssl-cve-2014-0160 - - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag $IMAGE_ID $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION + run: ./.github/push.sh forallsecure/openssl-cve-2014-0160 cereal-cve-2020-11104-11105: - runs-on: ubuntu-latest + steps: - uses: actions/checkout@v2 - name: Build the Docker image @@ -54,23 +34,4 @@ jobs: run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin - name: Push the docker image - run: | - IMAGE_ID=forallsecure/cereal-cve-2020-11104-11105 - - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag $IMAGE_ID $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION + run: ./.github/push.sh forallsecure/cereal-cve-2020-11104-11105 From 9228e5e7cfd36ab23422c06339bfa8394a83bd3f Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 10:05:06 -0700 Subject: [PATCH 11/20] Add h2o cve to docker_publish.yml --- .github/workflows/docker_publish.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml index 9484fc2..2bb9fcd 100644 --- a/.github/workflows/docker_publish.yml +++ b/.github/workflows/docker_publish.yml @@ -1,4 +1,4 @@ -name: Published on Dockerhub +name: Publish on Dockerhub on: push: @@ -7,10 +7,8 @@ on: branches: [ master ] jobs: - openssl-cve-2014-0160: runs-on: ubuntu-latest - steps: - uses: actions/checkout@v2 - name: Build the Docker image @@ -24,7 +22,6 @@ jobs: cereal-cve-2020-11104-11105: runs-on: ubuntu-latest - steps: - uses: actions/checkout@v2 - name: Build the Docker image @@ -35,3 +32,16 @@ jobs: - name: Push the docker image run: ./.github/push.sh forallsecure/cereal-cve-2020-11104-11105 + + h2o-cve-2018-0608: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Build the Docker image + run: ./mayhemit.sh --build h2o-cve-2018-0608 + + - name: Log into the registry + run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin + + - name: Push the docker image + run: ./.github/push.sh forallsecure/h2o-cve-2018-0608 From eb47ebed51a0223485bf68fdc177095c2d7d5818 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 10:17:43 -0700 Subject: [PATCH 12/20] Add shebang and set ex to push.sh --- .github/push.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/push.sh b/.github/push.sh index 6a80b89..4577e42 100755 --- a/.github/push.sh +++ b/.github/push.sh @@ -1,5 +1,8 @@ +#! /bin/bash # Pushes image to logged in docker registry (tagged with github ref) +set -xe + IMAGE_ID=$1 # Change all uppercase to lowercase From d9f1113e9054de5e800ce9bcdbcb717469ee3930 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 12:54:17 -0700 Subject: [PATCH 13/20] Remove now-unused modified CMakeLists.txt --- h2o-cve-2018-0608/CMakeLists.txt | 648 ------------------------------- 1 file changed, 648 deletions(-) delete mode 100644 h2o-cve-2018-0608/CMakeLists.txt diff --git a/h2o-cve-2018-0608/CMakeLists.txt b/h2o-cve-2018-0608/CMakeLists.txt deleted file mode 100644 index 6c29cb6..0000000 --- a/h2o-cve-2018-0608/CMakeLists.txt +++ /dev/null @@ -1,648 +0,0 @@ -# Copyright (c) 2014,2015 DeNA Co., Ltd., Kazuho Oku, Brian Stanback, Laurentiu Nicola, Masanori Ogino, Ryosuke Matsumoto, -# David Carlier -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -CMAKE_MINIMUM_REQUIRED(VERSION 2.8.11) -CMAKE_POLICY(SET CMP0003 NEW) - -PROJECT(h2o) - -SET(VERSION_MAJOR "2") -SET(VERSION_MINOR "2") -SET(VERSION_PATCH "4") -SET(VERSION_PRERELEASE "") -SET(VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}${VERSION_PRERELEASE}") -SET(LIBRARY_VERSION_MAJOR "0") -SET(LIBRARY_VERSION_MINOR "13") -SET(LIBRARY_VERSION_PATCH "4") -SET(LIBRARY_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}${VERSION_PRERELEASE}") -SET(LIBRARY_SOVERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}") - -INCLUDE(GNUInstallDirs) - -CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/version.h.in ${CMAKE_CURRENT_SOURCE_DIR}/include/h2o/version.h) -CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/libh2o.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libh2o.pc @ONLY) -CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/libh2o-evloop.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libh2o-evloop.pc @ONLY) - -SET(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) - -FIND_PACKAGE(PkgConfig) -FIND_PACKAGE(Threads REQUIRED) - -FIND_PACKAGE(OpenSSL) -FIND_PACKAGE(ZLIB REQUIRED) - -INCLUDE(CheckCSourceCompiles) -CHECK_C_SOURCE_COMPILES(" -#include -int main(void) { -uint64_t a; -__sync_add_and_fetch(&a, 1); -return 0; -}" ARCH_SUPPORTS_64BIT_ATOMICS) - -SET(WITH_BUNDLED_SSL_DEFAULT "ON") -IF ((NOT UNIX) OR CYGWIN) - SET(WITH_BUNDLED_SSL_DEFAULT "OFF") -ENDIF ((NOT UNIX) OR CYGWIN) -IF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.2")) - SET(WITH_BUNDLED_SSL_DEFAULT "OFF") -ENDIF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.2")) -OPTION(WITH_BUNDLED_SSL "whether or not to use the bundled libressl" ${WITH_BUNDLED_SSL_DEFAULT}) - -OPTION(WITHOUT_LIBS "skip building libs even when possible" OFF) -OPTION(BUILD_SHARED_LIBS "whether to build a shared library" OFF) - -FIND_PROGRAM(RUBY ruby) -FIND_PROGRAM(BISON bison) -IF (RUBY AND BISON) - SET(WITH_MRUBY_DEFAULT "ON") -ELSE () - SET(WITH_MRUBY_DEFAULT "OFF") -ENDIF () -OPTION(WITH_MRUBY "whether or not to build with mruby support" ${WITH_MRUBY_DEFAULT}) - -OPTION(WITH_PICOTLS "whether or not to build with picotls" "ON") - -IF (WITH_BUNDLED_SSL) - SET(BUNDLED_SSL_INCLUDE_DIR "${CMAKE_CURRENT_BINARY_DIR}/libressl-build/include") - SET(BUNDLED_SSL_LIBRARIES "${CMAKE_CURRENT_BINARY_DIR}/libressl-build/lib/libssl.a" "${CMAKE_CURRENT_BINARY_DIR}/libressl-build/lib/libcrypto.a") - ADD_CUSTOM_TARGET(bundled-ssl make -f ${CMAKE_CURRENT_SOURCE_DIR}/misc/libressl.mk SOURCE_DIR=${CMAKE_CURRENT_SOURCE_DIR}/misc - WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}) -ELSE (WITH_BUNDLED_SSL) - IF (NOT OPENSSL_FOUND) - IF ((NOT UNIX) OR CYGWIN) - MESSAGE(FATAL_ERROR "OpenSSL not found (and the bundled libressl cannot be used on this platform)") - ENDIF ((NOT UNIX) OR CYGWIN) - MESSAGE(FATAL_ERROR "OpenSSL not found (nor H2O was configured to used the bundled libressl)") - ENDIF (NOT OPENSSL_FOUND) - IF (OPENSSL_VERSION VERSION_LESS "1.0.2") - MESSAGE(WARNING "*********************************************************************** OpenSSL 1.0.2 is required for HTTP/2 interoperability with web browsers ***********************************************************************") - ENDIF (OPENSSL_VERSION VERSION_LESS "1.0.2") - IF(OPENSSL_VERSION VERSION_EQUAL "1.1.0" AND OPENSSL_VERSION STRLESS "1.1.0g") - MESSAGE(WARNING "*********************************************************************** OpenSSL 1.1.0 ~ 1.1.0f would cause session resumption failed when using external cache ***********************************************************************") - ENDIF(OPENSSL_VERSION VERSION_EQUAL "1.1.0" AND OPENSSL_VERSION STRLESS "1.1.0g") -ENDIF (WITH_BUNDLED_SSL) - -INCLUDE_DIRECTORIES( - include - deps/cloexec - deps/brotli/enc - deps/golombset - deps/libgkc - deps/libyrmcds - deps/klib - deps/neverbleed - deps/picohttpparser - deps/picotest - deps/yaml/include - deps/yoml) - -IF (PKG_CONFIG_FOUND) - PKG_CHECK_MODULES(LIBUV libuv>=1.0.0) - IF (LIBUV_FOUND) - INCLUDE_DIRECTORIES(${LIBUV_INCLUDE_DIRS}) - LINK_DIRECTORIES(${LIBUV_LIBRARY_DIRS}) - ENDIF (LIBUV_FOUND) -ENDIF (PKG_CONFIG_FOUND) -IF (NOT LIBUV_FOUND) - FIND_PACKAGE(LibUV) - IF (LIBUV_FOUND AND LIBUV_VERSION VERSION_LESS "1.0.0") - MESSAGE(STATUS "libuv found but ignored; is too old") - UNSET(LIBUV_FOUND) - ENDIF () - IF (LIBUV_FOUND) - INCLUDE_DIRECTORIES(${LIBUV_INCLUDE_DIR}) - ENDIF (LIBUV_FOUND) -ENDIF (NOT LIBUV_FOUND) -IF (NOT LIBUV_FOUND) - SET(LIBUV_LIBRARIES -luv) -ENDIF (NOT LIBUV_FOUND) -IF (DISABLE_LIBUV) - MESSAGE(STATUS "ignoring found libuv because of DISABLE_LIBUV") - SET(LIBUV_FOUND FALSE) -ENDIF(DISABLE_LIBUV) - -IF (PKG_CONFIG_FOUND) - PKG_CHECK_MODULES(WSLAY libwslay) - IF (WSLAY_FOUND) - INCLUDE_DIRECTORIES(${WSLAY_INCLUDE_DIRS}) - LINK_DIRECTORIES(${WSLAY_LIBRARY_DIRS}) - ENDIF (WSLAY_FOUND) -ENDIF (PKG_CONFIG_FOUND) -IF (NOT WSLAY_FOUND) - FIND_PACKAGE(Wslay) - IF (WSLAY_FOUND) - INCLUDE_DIRECTORIES(${WSLAY_INCLUDE_DIR}) - ENDIF (WSLAY_FOUND) -ENDIF (NOT WSLAY_FOUND) -IF (NOT WSLAY_FOUND) - SET(WSLAY_LIBRARIES -lwslay) -ENDIF (NOT WSLAY_FOUND) - -IF (ZLIB_FOUND) - INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS}) - LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS}) -ENDIF (ZLIB_FOUND) - -SET(CC_WARNING_FLAGS "-Wall -Wno-unused-value -Wno-unused-function") -IF ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU") - IF (NOT ("${CMAKE_C_COMPILER_VERSION}" VERSION_LESS "4.6")) - SET(CC_WARNING_FLAGS "${CC_WARNING_FLAGS} -Wno-unused-but-set-variable") - ENDIF () - IF (NOT ("${CMAKE_C_COMPILER_VERSION}" VERSION_LESS "4.5")) - SET(CC_WARNING_FLAGS "${CC_WARNING_FLAGS} -Wno-unused-result") - ENDIF () -ENDIF () - -SET(CMAKE_C_FLAGS "-O2 -g ${CC_WARNING_FLAGS} ${CMAKE_C_FLAGS} -DH2O_ROOT=\"${CMAKE_INSTALL_PREFIX}\" -DH2O_CONFIG_PATH=\"${CMAKE_INSTALL_SYSCONFDIR}/h2o.conf\"") - -SET(LIBYAML_SOURCE_FILES - deps/yaml/src/api.c - deps/yaml/src/dumper.c - deps/yaml/src/emitter.c - deps/yaml/src/loader.c - deps/yaml/src/parser.c - deps/yaml/src/reader.c - deps/yaml/src/scanner.c - deps/yaml/src/writer.c) - -SET(BROTLI_SOURCE_FILES - deps/brotli/enc/backward_references.cc - deps/brotli/enc/block_splitter.cc - deps/brotli/enc/brotli_bit_stream.cc - deps/brotli/enc/compress_fragment.cc - deps/brotli/enc/compress_fragment_two_pass.cc - deps/brotli/enc/dictionary.cc - deps/brotli/enc/encode.cc - deps/brotli/enc/entropy_encode.cc - deps/brotli/enc/histogram.cc - deps/brotli/enc/literal_cost.cc - deps/brotli/enc/metablock.cc - deps/brotli/enc/static_dict.cc - deps/brotli/enc/streams.cc - deps/brotli/enc/utf8_util.cc - lib/handler/compress/brotli.cc) - -SET(PICOTLS_INCLUDE_DIRECTORIES - deps/picotls/deps/cifra/src/ext - deps/picotls/deps/cifra/src - deps/picotls/deps/micro-ecc - deps/picotls/include) - -SET(PICOTLS_SOURCE_FILES - deps/picotls/deps/micro-ecc/uECC.c - deps/picotls/deps/cifra/src/aes.c - deps/picotls/deps/cifra/src/blockwise.c - deps/picotls/deps/cifra/src/chacha20.c - deps/picotls/deps/cifra/src/chash.c - deps/picotls/deps/cifra/src/curve25519.c - deps/picotls/deps/cifra/src/drbg.c - deps/picotls/deps/cifra/src/hmac.c - deps/picotls/deps/cifra/src/gcm.c - deps/picotls/deps/cifra/src/gf128.c - deps/picotls/deps/cifra/src/modes.c - deps/picotls/deps/cifra/src/poly1305.c - deps/picotls/deps/cifra/src/sha256.c - deps/picotls/deps/cifra/src/sha512.c - deps/picotls/lib/picotls.c - deps/picotls/lib/cifra.c - deps/picotls/lib/uecc.c - deps/picotls/lib/openssl.c) - -SET(LIB_SOURCE_FILES - deps/cloexec/cloexec.c - deps/libgkc/gkc.c - deps/libyrmcds/close.c - deps/libyrmcds/connect.c - deps/libyrmcds/recv.c - deps/libyrmcds/send.c - deps/libyrmcds/send_text.c - deps/libyrmcds/socket.c - deps/libyrmcds/strerror.c - deps/libyrmcds/text_mode.c - deps/picohttpparser/picohttpparser.c - - lib/common/cache.c - lib/common/file.c - lib/common/filecache.c - lib/common/hostinfo.c - lib/common/http1client.c - lib/common/memcached.c - lib/common/memory.c - lib/common/multithread.c - lib/common/serverutil.c - lib/common/socket.c - lib/common/socketpool.c - lib/common/string.c - lib/common/time.c - lib/common/timeout.c - lib/common/url.c - - lib/core/config.c - lib/core/configurator.c - lib/core/context.c - lib/core/headers.c - lib/core/logconf.c - lib/core/proxy.c - lib/core/request.c - lib/core/token.c - lib/core/util.c - - lib/handler/access_log.c - lib/handler/chunked.c - lib/handler/compress.c - lib/handler/compress/gzip.c - lib/handler/errordoc.c - lib/handler/expires.c - lib/handler/fastcgi.c - lib/handler/file.c - lib/handler/headers.c - lib/handler/mimemap.c - lib/handler/proxy.c - lib/handler/redirect.c - lib/handler/reproxy.c - lib/handler/throttle_resp.c - lib/handler/status.c - lib/handler/headers_util.c - lib/handler/status/events.c - lib/handler/status/requests.c - lib/handler/http2_debug_state.c - lib/handler/status/durations.c - lib/handler/configurator/access_log.c - lib/handler/configurator/compress.c - lib/handler/configurator/errordoc.c - lib/handler/configurator/expires.c - lib/handler/configurator/fastcgi.c - lib/handler/configurator/file.c - lib/handler/configurator/headers.c - lib/handler/configurator/proxy.c - lib/handler/configurator/redirect.c - lib/handler/configurator/reproxy.c - lib/handler/configurator/throttle_resp.c - lib/handler/configurator/status.c - lib/handler/configurator/http2_debug_state.c - lib/handler/configurator/headers_util.c - - lib/http1.c - - lib/tunnel.c - - lib/http2/cache_digests.c - lib/http2/casper.c - lib/http2/connection.c - lib/http2/frame.c - lib/http2/hpack.c - lib/http2/scheduler.c - lib/http2/stream.c - lib/http2/http2_debug_state.c) - -SET(UNIT_TEST_SOURCE_FILES - ${LIB_SOURCE_FILES} - ${LIBYAML_SOURCE_FILES} - ${BROTLI_SOURCE_FILES} - deps/picotest/picotest.c - t/00unit/test.c - t/00unit/lib/common/cache.c - t/00unit/lib/common/hostinfo.c - t/00unit/lib/common/multithread.c - t/00unit/lib/common/serverutil.c - t/00unit/lib/common/socket.c - t/00unit/lib/common/string.c - t/00unit/lib/common/time.c - t/00unit/lib/common/url.c - t/00unit/lib/core/headers.c - t/00unit/lib/core/proxy.c - t/00unit/lib/core/util.c - t/00unit/lib/handler/compress.c - t/00unit/lib/handler/fastcgi.c - t/00unit/lib/handler/file.c - t/00unit/lib/handler/headers.c - t/00unit/lib/handler/mimemap.c - t/00unit/lib/handler/redirect.c - t/00unit/lib/http2/cache_digests.c - t/00unit/lib/http2/casper.c - t/00unit/lib/http2/hpack.c - t/00unit/lib/http2/scheduler.c - t/00unit/src/ssl.c - t/00unit/issues/293.c - t/00unit/issues/percent-encode-zero-byte.c) -LIST(REMOVE_ITEM UNIT_TEST_SOURCE_FILES - lib/common/cache.c - lib/common/hostinfo.c - lib/common/multithread.c - lib/common/serverutil.c - lib/common/socket.c - lib/common/string.c - lib/common/time.c - lib/common/url.c - lib/core/headers.c - lib/core/proxy.c - lib/core/util.c - lib/handler/compress.c - lib/handler/compress/gzip.c - lib/handler/fastcgi.c - lib/handler/file.c - lib/handler/headers.c - lib/handler/mimemap.c - lib/handler/redirect.c - lib/http2/cache_digests.c - lib/http2/casper.c - lib/http2/hpack.c - lib/http2/scheduler.c) - -SET(EXTRA_LIBS ${EXTRA_LIBS} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS}) - -IF (ZLIB_FOUND) - LIST(INSERT EXTRA_LIBS 0 ${ZLIB_LIBRARIES}) -ENDIF (ZLIB_FOUND) - -IF (WSLAY_FOUND) - ADD_LIBRARY(libh2o lib/websocket.c ${LIB_SOURCE_FILES}) - ADD_LIBRARY(libh2o-evloop lib/websocket.c ${LIB_SOURCE_FILES}) -ELSE () - ADD_LIBRARY(libh2o ${LIB_SOURCE_FILES}) - ADD_LIBRARY(libh2o-evloop ${LIB_SOURCE_FILES}) -ENDIF (WSLAY_FOUND) - -SET_TARGET_PROPERTIES(libh2o PROPERTIES - OUTPUT_NAME h2o - VERSION ${LIBRARY_VERSION} - SOVERSION ${LIBRARY_SOVERSION}) -TARGET_LINK_LIBRARIES(libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) -SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES - OUTPUT_NAME h2o-evloop - COMPILE_FLAGS "-DH2O_USE_LIBUV=0" - VERSION ${LIBRARY_VERSION} - SOVERSION ${LIBRARY_SOVERSION}) -TARGET_LINK_LIBRARIES(libh2o-evloop ${EXTRA_LIBS}) - -IF (OPENSSL_FOUND) - TARGET_INCLUDE_DIRECTORIES(libh2o PUBLIC ${OPENSSL_INCLUDE_DIR}) - TARGET_INCLUDE_DIRECTORIES(libh2o-evloop PUBLIC ${OPENSSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(libh2o ${OPENSSL_LIBRARIES}) - TARGET_LINK_LIBRARIES(libh2o-evloop ${OPENSSL_LIBRARIES}) - IF (LIBUV_FOUND AND NOT WITHOUT_LIBS) - INSTALL(TARGETS libh2o DESTINATION ${CMAKE_INSTALL_LIBDIR}) - ELSE () - SET_TARGET_PROPERTIES(libh2o PROPERTIES EXCLUDE_FROM_ALL 1) - ENDIF () - IF (NOT WITHOUT_LIBS) - INSTALL(TARGETS libh2o-evloop DESTINATION ${CMAKE_INSTALL_LIBDIR}) - ELSE () - SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES EXCLUDE_FROM_ALL 1) - ENDIF() -ELSE (OPENSSL_FOUND) - SET_TARGET_PROPERTIES(libh2o PROPERTIES EXCLUDE_FROM_ALL 1) - SET_TARGET_PROPERTIES(libh2o-evloop PROPERTIES EXCLUDE_FROM_ALL 1) -ENDIF (OPENSSL_FOUND) - -ADD_CUSTOM_TARGET(lib-examples DEPENDS examples-http1client examples-simple examples-socket-client) -IF (WSLAY_FOUND) - ADD_DEPENDENCIES(lib-examples examples-websocket) -ENDIF (WSLAY_FOUND) - -ADD_EXECUTABLE(examples-http1client examples/libh2o/http1client.c) -SET_TARGET_PROPERTIES(examples-http1client PROPERTIES - EXCLUDE_FROM_ALL 1) -TARGET_LINK_LIBRARIES(examples-http1client libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) - -ADD_EXECUTABLE(examples-socket-client examples/libh2o/socket-client.c) -SET_TARGET_PROPERTIES(examples-socket-client PROPERTIES - EXCLUDE_FROM_ALL 1) -TARGET_LINK_LIBRARIES(examples-socket-client libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) - -ADD_EXECUTABLE(examples-simple examples/libh2o/simple.c) -SET_TARGET_PROPERTIES(examples-simple PROPERTIES - EXCLUDE_FROM_ALL 1) -TARGET_LINK_LIBRARIES(examples-simple libh2o ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) - -ADD_EXECUTABLE(examples-websocket lib/websocket.c examples/libh2o/websocket.c) -SET_TARGET_PROPERTIES(examples-websocket PROPERTIES - EXCLUDE_FROM_ALL 1) -TARGET_LINK_LIBRARIES(examples-websocket libh2o ${LIBUV_LIBRARIES} ${WSLAY_LIBRARIES} ${EXTRA_LIBS}) - -ADD_EXECUTABLE(examples-latency-optimization examples/libh2o/latency-optimization.c) -SET_TARGET_PROPERTIES(examples-latency-optimization PROPERTIES - COMPILE_FLAGS "-DH2O_USE_LIBUV=0" - EXCLUDE_FROM_ALL 1) -TARGET_LINK_LIBRARIES(examples-latency-optimization libh2o-evloop ${EXTRA_LIBS}) - -# standalone server directly links to libh2o using evloop -SET(STANDALONE_SOURCE_FILES - ${LIB_SOURCE_FILES} - ${LIBYAML_SOURCE_FILES} - ${BROTLI_SOURCE_FILES} - deps/neverbleed/neverbleed.c - src/main.c - src/ssl.c) -SET(STANDALONE_COMPILE_FLAGS "-DH2O_USE_LIBUV=0 -DH2O_USE_BROTLI=1") -IF (WITH_MRUBY) - IF (${CMAKE_C_COMPILER_ID} STREQUAL "Clang") - SET(MRUBY_TOOLCHAIN "clang") - ELSE () - SET(MRUBY_TOOLCHAIN "gcc") - ENDIF () - ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby) - LIST(APPEND STANDALONE_SOURCE_FILES - lib/handler/mruby.c - lib/handler/mruby/chunked.c - lib/handler/mruby/http_request.c - lib/handler/configurator/mruby.c) - SET(STANDALONE_COMPILE_FLAGS "${STANDALONE_COMPILE_FLAGS} -DH2O_USE_MRUBY=1") -ENDIF (WITH_MRUBY) -IF (WITH_PICOTLS) - LIST(APPEND STANDALONE_SOURCE_FILES ${PICOTLS_SOURCE_FILES}) - SET(STANDALONE_COMPILE_FLAGS "${STANDALONE_COMPILE_FLAGS} -DH2O_USE_PICOTLS=1") - INCLUDE_DIRECTORIES(${PICOTLS_INCLUDE_DIRECTORIES}) -ENDIF () -ADD_EXECUTABLE(h2o ${STANDALONE_SOURCE_FILES}) -SET_TARGET_PROPERTIES(h2o PROPERTIES COMPILE_FLAGS ${STANDALONE_COMPILE_FLAGS}) -IF (WITH_BUNDLED_SSL) - TARGET_INCLUDE_DIRECTORIES(h2o BEFORE PUBLIC ${BUNDLED_SSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(h2o ${BUNDLED_SSL_LIBRARIES}) - ADD_DEPENDENCIES(h2o bundled-ssl) -ELSE (WITH_BUNDLED_SSL) - IF (OPENSSL_FOUND) - TARGET_INCLUDE_DIRECTORIES(h2o PUBLIC ${OPENSSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(h2o ${OPENSSL_LIBRARIES}) - ENDIF (OPENSSL_FOUND) -ENDIF (WITH_BUNDLED_SSL) -IF (WITH_MRUBY) - TARGET_INCLUDE_DIRECTORIES(h2o BEFORE PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby/include ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby-input-stream/src) - # note: the paths need to be determined before libmruby.flags.mak is generated - TARGET_LINK_LIBRARIES(h2o - "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a" - "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.1/.libs/libonigmo.a" - "m") - ADD_DEPENDENCIES(h2o mruby) -ENDIF (WITH_MRUBY) -TARGET_LINK_LIBRARIES(h2o ${EXTRA_LIBS}) - -INSTALL(TARGETS h2o - RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} - LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}) - -IF (NOT WITHOUT_LIBS) - INSTALL(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} FILES_MATCHING PATTERN "*.h") - IF (LIBUV_FOUND) - INSTALL(FILES "${CMAKE_BINARY_DIR}/libh2o.pc" DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - ENDIF () - INSTALL(FILES "${CMAKE_BINARY_DIR}/libh2o-evloop.pc" DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) -ENDIF () - -INSTALL(PROGRAMS share/h2o/annotate-backtrace-symbols share/h2o/fastcgi-cgi share/h2o/fetch-ocsp-response share/h2o/kill-on-close share/h2o/setuidgid share/h2o/start_server DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o) -INSTALL(FILES share/h2o/ca-bundle.crt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o) -INSTALL(FILES share/h2o/status/index.html DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o/status) -INSTALL(DIRECTORY doc/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o PATTERN "Makefile" EXCLUDE PATTERN "README.md" EXCLUDE) -INSTALL(DIRECTORY examples/ DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/doc/h2o/examples) -IF (WITH_MRUBY) - INSTALL(DIRECTORY share/h2o/mruby DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/h2o) -ENDIF (WITH_MRUBY) - -# tests -ADD_EXECUTABLE(t-00unit-evloop.t ${UNIT_TEST_SOURCE_FILES}) -SET_TARGET_PROPERTIES(t-00unit-evloop.t PROPERTIES - COMPILE_FLAGS "-DH2O_USE_LIBUV=0 -DH2O_USE_BROTLI=1 -DH2O_UNITTEST=1" - EXCLUDE_FROM_ALL 1) -TARGET_LINK_LIBRARIES(t-00unit-evloop.t ${EXTRA_LIBS}) - -IF (LIBUV_FOUND) - ADD_EXECUTABLE(t-00unit-libuv.t ${UNIT_TEST_SOURCE_FILES}) - SET_TARGET_PROPERTIES(t-00unit-libuv.t PROPERTIES - COMPILE_FLAGS "-DH2O_USE_BROTLI=1 -DH2O_UNITTEST=1" - EXCLUDE_FROM_ALL 1) - TARGET_LINK_LIBRARIES(t-00unit-libuv.t ${LIBUV_LIBRARIES} ${EXTRA_LIBS}) -ENDIF (LIBUV_FOUND) - -IF (WITH_BUNDLED_SSL) - TARGET_INCLUDE_DIRECTORIES(t-00unit-evloop.t BEFORE PUBLIC ${BUNDLED_SSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(t-00unit-evloop.t ${BUNDLED_SSL_LIBRARIES}) - ADD_DEPENDENCIES(t-00unit-evloop.t bundled-ssl) - IF (LIBUV_FOUND) - TARGET_INCLUDE_DIRECTORIES(t-00unit-libuv.t BEFORE PUBLIC ${BUNDLED_SSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(t-00unit-libuv.t ${BUNDLED_SSL_LIBRARIES}) - ADD_DEPENDENCIES(t-00unit-libuv.t bundled-ssl) - ENDIF (LIBUV_FOUND) -ELSE (WITH_BUNDLED_SSL) - IF (OPENSSL_FOUND) - TARGET_INCLUDE_DIRECTORIES(t-00unit-evloop.t PUBLIC ${OPENSSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(t-00unit-evloop.t ${OPENSSL_LIBRARIES}) - IF (LIBUV_FOUND) - TARGET_INCLUDE_DIRECTORIES(t-00unit-libuv.t PUBLIC ${OPENSSL_INCLUDE_DIR}) - TARGET_LINK_LIBRARIES(t-00unit-libuv.t ${OPENSSL_LIBRARIES}) - ENDIF (LIBUV_FOUND) - ENDIF (OPENSSL_FOUND) -ENDIF (WITH_BUNDLED_SSL) - -ADD_CUSTOM_TARGET(check env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -v t/*.t - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} - DEPENDS h2o t-00unit-evloop.t) -IF (LIBUV_FOUND) - ADD_DEPENDENCIES(check t-00unit-libuv.t) - IF (OPENSSL_FOUND) - ADD_DEPENDENCIES(check lib-examples) - ENDIF () -ENDIF () - -ADD_CUSTOM_TARGET(check-as-root env H2O_ROOT=. BINARY_DIR=${CMAKE_CURRENT_BINARY_DIR} prove -v t/90root-*.t - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) - -IF (BUILD_FUZZER) - IF(NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang") - MESSAGE(FATAL_ERROR "The fuzzer needs clang as a compiler") - ENDIF() - - ADD_EXECUTABLE(h2o-fuzzer-http1 fuzz/driver.cc fuzz/standalone.cc) - ADD_EXECUTABLE(h2o-fuzzer-http2 fuzz/driver.cc fuzz/standalone.cc) - ADD_EXECUTABLE(h2o-fuzzer-url fuzz/driver_url.cc fuzz/standalone.cc) - - SET(FUZZ_COMPILE_FLAGS "") - SET(FUZZ_LIBS "") - - SET_TARGET_PROPERTIES(h2o-fuzzer-http1 PROPERTIES COMPILE_FLAGS "-DHTTP1") - SET_TARGET_PROPERTIES(h2o-fuzzer-http2 PROPERTIES COMPILE_FLAGS "-DHTTP2") - - IF (FUZZER_STANDALONE) - SET(FUZZ_COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS} -DSTANDALONE") - set_target_properties(h2o-fuzzer-http1 PROPERTIES SUFFIX "-standalone") - set_target_properties(h2o-fuzzer-http2 PROPERTIES SUFFIX "-standalone") - set_target_properties(h2o-fuzzer-url PROPERTIES SUFFIX "-standalone") - ELSE () - IF (OSS_FUZZ) - # Use https://github.com/google/oss-fuzz compatible options - SET(LIB_FUZZER FuzzingEngine) - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-omit-frame-pointer") - SET(CMAKE_CXX _FLAGS "${CMAKE_CXX_FLAGS} -fno-omit-frame-pointer") - ELSE () - # Default non-oss-fuzz options - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-omit-frame-pointer -fsanitize=address,fuzzer-no-link") - SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-omit-frame-pointer -fsanitize=address,fuzzer-no-link") - ENDIF (OSS_FUZZ) - - TARGET_LINK_OPTIONS(h2o-fuzzer-http1 PRIVATE "-fsanitize=address,fuzzer") - TARGET_LINK_OPTIONS(h2o-fuzzer-http2 PRIVATE "-fsanitize=address,fuzzer") - TARGET_LINK_OPTIONS(h2o-fuzzer-url PRIVATE "-fsanitize=address,fuzzer") - - SET(FUZZ_LIBS "${LIB_FUZZER}") - ENDIF () - - SET_TARGET_PROPERTIES(h2o-fuzzer-http1 PROPERTIES COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS} -DHTTP1") - SET_TARGET_PROPERTIES(h2o-fuzzer-http2 PROPERTIES COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS} -DHTTP2") - SET_TARGET_PROPERTIES(h2o-fuzzer-url PROPERTIES COMPILE_FLAGS "${FUZZ_COMPILE_FLAGS}") - - TARGET_LINK_LIBRARIES(h2o-fuzzer-http1 libh2o-evloop ${EXTRA_LIBS} ${FUZZ_LIBS}) - TARGET_LINK_LIBRARIES(h2o-fuzzer-http2 libh2o-evloop ${EXTRA_LIBS} ${FUZZ_LIBS}) - TARGET_LINK_LIBRARIES(h2o-fuzzer-url libh2o-evloop ${EXTRA_LIBS} ${FUZZ_LIBS}) -ENDIF (BUILD_FUZZER) - -IF (NOT ARCH_SUPPORTS_64BIT_ATOMICS) - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DH2O_NO_64BIT_ATOMICS") -ENDIF (NOT ARCH_SUPPORTS_64BIT_ATOMICS) - -# environment-specific tweaks -IF (APPLE) - SET_SOURCE_FILES_PROPERTIES(lib/socket.c lib/websocket.c src/main.c examples/simple.c examples/websocket.c PROPERTIES COMPILE_FLAGS -Wno-deprecated-declarations) -ELSEIF (CMAKE_SYSTEM_NAME STREQUAL "Linux") - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread -D_GNU_SOURCE") - IF (WITH_BUNDLED_SSL) - TARGET_LINK_LIBRARIES(h2o "rt") - TARGET_LINK_LIBRARIES(t-00unit-evloop.t "rt") - IF (LIBUV_FOUND) - TARGET_LINK_LIBRARIES(t-00unit-libuv.t "rt") - ENDIF (LIBUV_FOUND) - ENDIF (WITH_BUNDLED_SSL) -ELSEIF ("${CMAKE_SYSTEM_NAME}" MATCHES "SunOS") - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthreads -D_POSIX_PTHREAD_SEMANTICS") - TARGET_LINK_LIBRARIES(h2o "socket" "nsl") - TARGET_LINK_LIBRARIES(t-00unit-evloop.t "socket" "nsl") - IF (LIBUV_FOUND) - TARGET_LINK_LIBRARIES(t-00unit-libuv.t "socket" "nsl") - ENDIF (LIBUV_FOUND) -ELSE () - # for FreeBSD, etc. - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread") -ENDIF () - -# Retain CXX_FLAGS for std c++ compatiability across fuzz build/test environments -IF (NOT OSS_FUZZ) - SET(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS}") -ENDIF (NOT OSS_FUZZ) From 5db463bc2be1e96c99503d1f64e54330e49ddfbc Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 14:49:34 -0700 Subject: [PATCH 14/20] Fix indentation in docker_publish --- .github/workflows/docker_publish.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/docker_publish.yml b/.github/workflows/docker_publish.yml index 2bb9fcd..ff38489 100644 --- a/.github/workflows/docker_publish.yml +++ b/.github/workflows/docker_publish.yml @@ -33,15 +33,15 @@ jobs: - name: Push the docker image run: ./.github/push.sh forallsecure/cereal-cve-2020-11104-11105 - h2o-cve-2018-0608: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Build the Docker image - run: ./mayhemit.sh --build h2o-cve-2018-0608 - - - name: Log into the registry - run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin - - - name: Push the docker image - run: ./.github/push.sh forallsecure/h2o-cve-2018-0608 + h2o-cve-2018-0608: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Build the Docker image + run: ./mayhemit.sh --build h2o-cve-2018-0608 + + - name: Log into the registry + run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin + + - name: Push the docker image + run: ./.github/push.sh forallsecure/h2o-cve-2018-0608 From b18d3eeb833b866d509383b5ad3ca45410e7d014 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 14:53:03 -0700 Subject: [PATCH 15/20] Remove unnecessary env specification in mayhemfile --- h2o-cve-2018-0608/mayhem/h2o/Mayhemfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile index 4db9f2f..11ede59 100644 --- a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile @@ -1,11 +1,9 @@ version: '1.4' -project: h2o-cve-2018-0608 +project: h2o-cve-2018-0608-envtest target: h2o baseimage: forallsecure/h2o-cve-2018-0608 cmds: - cmd: /fuzz/h2o -c /fuzz/h2o.conf - env: - LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu network: is_client: false timeout: 2.0 From 4519c28b166bbb594fa06a6b65ddd5f2bc762da3 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 14:57:12 -0700 Subject: [PATCH 16/20] Update ubuntu base image to specify version tag --- h2o-cve-2018-0608/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/h2o-cve-2018-0608/Dockerfile b/h2o-cve-2018-0608/Dockerfile index b6d6605..80b9f9c 100644 --- a/h2o-cve-2018-0608/Dockerfile +++ b/h2o-cve-2018-0608/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu AS base +FROM ubuntu:20.10 AS base RUN apt-get update && \ apt-get install -y libssl-dev zlib1g-dev From 86d82b51c51ca4bc0ac3761f7507023a276e4d9a Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 15:19:41 -0700 Subject: [PATCH 17/20] Improve readme intro with more detail (thanks david) --- h2o-cve-2018-0608/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/h2o-cve-2018-0608/README.md b/h2o-cve-2018-0608/README.md index b505a66..e57a720 100644 --- a/h2o-cve-2018-0608/README.md +++ b/h2o-cve-2018-0608/README.md @@ -1,6 +1,8 @@ # h2o memory corruption CVE example -This repo replicates finding a memory corruption bug inside h2o with fuzzing. +This repo replicates finding [CVE-2018-0608](https://nvd.nist.gov/vuln/detail/CVE-2018-0608), a memory corruption bug that may allow a remote attacker to run arbitrary code ([CVSS Score](https://nvd.nist.gov/vuln-metrics/cvss): 9.8). + +We reported this bug responsibly to the maintainers, with the follow-on issue tracking [here](https://github.com/h2o/h2o/issues/1775). > Note: since this finds the bug in an unmodified h2o binary > (a *network target*), it can only be found by fuzzers that support network From be1fadc419eacd82e67eb3a5650e60b536f8d156 Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 15:20:00 -0700 Subject: [PATCH 18/20] Add credit to Marlies Ruck to readme --- h2o-cve-2018-0608/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/h2o-cve-2018-0608/README.md b/h2o-cve-2018-0608/README.md index e57a720..3fb77a0 100644 --- a/h2o-cve-2018-0608/README.md +++ b/h2o-cve-2018-0608/README.md @@ -43,3 +43,5 @@ directory. Note: Fuzzing has some degree of non-determinism, so when you run yourself you may not get exactly this file. This is expected; your output should still trigger the memory corruption bug. + +This bug was originally found and [responsibly disclosed](https://github.com/h2o/h2o/issues/1775) by ForAllSecure employee [Marlies Ruck](https://blog.forallsecure.com/author/marlies-ruck). As such, this bug has since been [fixed](https://github.com/h2o/h2o/commit/69506c9e2defa4922f62f389c76d89e9274b3cc1) by project maintainers. From 597a7d3fffed52090f40965afa66d10c91919c4f Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Wed, 3 Jun 2020 15:22:35 -0700 Subject: [PATCH 19/20] Update note markdown to match formatting --- h2o-cve-2018-0608/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/h2o-cve-2018-0608/README.md b/h2o-cve-2018-0608/README.md index 3fb77a0..05c75a6 100644 --- a/h2o-cve-2018-0608/README.md +++ b/h2o-cve-2018-0608/README.md @@ -40,7 +40,7 @@ mayhem run mayhem/h2o We have included a proof of concept output under the `poc` directory. -Note: Fuzzing has some degree of non-determinism, so when you run +> Note: Fuzzing has some degree of non-determinism, so when you run yourself you may not get exactly this file. This is expected; your output should still trigger the memory corruption bug. From 1adb6e35173e6174d09666073eea8be15ffe6f5c Mon Sep 17 00:00:00 2001 From: Adam Van Prooyen Date: Fri, 5 Jun 2020 09:46:08 -0700 Subject: [PATCH 20/20] Remove envtest string from project name in mayhemfile --- h2o-cve-2018-0608/mayhem/h2o/Mayhemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile index 11ede59..9eaccbe 100644 --- a/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile +++ b/h2o-cve-2018-0608/mayhem/h2o/Mayhemfile @@ -1,5 +1,5 @@ version: '1.4' -project: h2o-cve-2018-0608-envtest +project: h2o-cve-2018-0608 target: h2o baseimage: forallsecure/h2o-cve-2018-0608 cmds: