mongoose/test/fuzz.c

100 lines
2.8 KiB
C
Raw Normal View History

2022-09-19 13:28:07 +01:00
#define MG_ENABLE_SOCKET 0
#define MG_ENABLE_LOG 0
#define MG_ENABLE_LINES 1
#define MG_ENABLE_MIP 1
#include "mongoose.c"
#include "driver_mock.c"
2020-12-13 16:56:30 +00:00
#ifdef __cplusplus
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
2021-10-22 19:41:26 +01:00
#else
int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
2020-12-13 16:56:30 +00:00
#endif
2020-12-05 11:26:32 +00:00
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
2022-08-01 11:19:32 +01:00
mg_log_set(MG_LL_NONE);
2020-12-05 11:26:32 +00:00
struct mg_dns_message dm;
mg_dns_parse(data, size, &dm);
2020-12-11 13:16:51 +00:00
mg_dns_parse(NULL, 0, &dm);
2020-12-05 11:26:32 +00:00
struct mg_http_message hm;
mg_http_parse((const char *) data, size, &hm);
2020-12-11 13:16:51 +00:00
mg_http_parse(NULL, 0, &hm);
2020-12-05 11:26:32 +00:00
2020-12-07 18:52:40 +00:00
struct mg_str body = mg_str_n((const char *) data, size);
char tmp[256];
mg_http_get_var(&body, "key", tmp, sizeof(tmp));
2020-12-13 16:33:46 +00:00
mg_http_get_var(&body, "key", NULL, 0);
2020-12-11 09:35:50 +00:00
mg_url_decode((char *) data, size, tmp, sizeof(tmp), 1);
mg_url_decode((char *) data, size, tmp, 1, 1);
2020-12-11 13:16:51 +00:00
mg_url_decode(NULL, 0, tmp, 1, 1);
2020-12-07 18:52:40 +00:00
2020-12-05 11:26:32 +00:00
struct mg_mqtt_message mm;
2022-06-28 11:31:13 +01:00
mg_mqtt_parse(data, size, 0, &mm);
mg_mqtt_parse(NULL, 0, 0, &mm);
mg_mqtt_parse(data, size, 5, &mm);
mg_mqtt_parse(NULL, 0, 5, &mm);
2020-12-05 11:26:32 +00:00
2021-12-21 21:50:18 +00:00
mg_sntp_parse(data, size);
mg_sntp_parse(NULL, 0);
2020-12-05 11:26:32 +00:00
2020-12-07 18:52:40 +00:00
char buf[size * 4 / 3 + 5]; // At least 4 chars and nul termination
2021-07-26 11:00:37 +01:00
mg_base64_decode((char *) data, (int) size, buf);
2020-12-11 13:16:51 +00:00
mg_base64_decode(NULL, 0, buf);
2021-07-26 11:00:37 +01:00
mg_base64_encode(data, (int) size, buf);
2020-12-11 13:16:51 +00:00
mg_base64_encode(NULL, 0, buf);
2020-12-07 18:52:40 +00:00
2020-12-24 09:07:55 +00:00
mg_globmatch((char *) data, size, (char *) data, size);
struct mg_str k, v, s = mg_str_n((char *) data, size);
2021-08-28 06:54:56 +01:00
while (mg_commalist(&s, &k, &v)) k.len = v.len = 0;
2020-12-24 09:07:55 +00:00
2022-06-09 12:39:48 +01:00
int n;
2022-07-30 07:55:26 +01:00
mg_json_get(mg_str_n((char *) data, size), "$", &n);
2022-09-19 13:28:07 +01:00
mg_json_get(mg_str_n((char *) data, size), "$.a.b", &n);
mg_json_get(mg_str_n((char *) data, size), "$[0]", &n);
2022-09-25 10:19:17 +01:00
if (size > 0) {
2022-09-29 16:53:11 +01:00
struct mip_cfg cfg = {0};
2022-09-25 10:19:17 +01:00
size_t pktlen = 1540;
char t[sizeof(struct mip_if) + pktlen * 2 + 0 /* qlen */];
struct mip_if *ifp = (struct mip_if *) t;
struct mg_mgr mgr;
mg_mgr_init(&mgr);
if_init(ifp, &mgr, &cfg, &mip_driver_mock, NULL, pktlen, 0);
// Make a copy of the random data, in order to modify it
uint8_t pkt[size];
struct eth *eth = (struct eth *) pkt;
memcpy(pkt, data, size);
if (size > sizeof(*eth)) {
2022-09-25 11:58:28 +01:00
static size_t i;
uint16_t eth_types[] = {0x800, 0x800, 0x806, 0x86dd};
2022-09-25 10:19:17 +01:00
memcpy(eth->dst, ifp->mac, 6); // Set valid destination MAC
2022-09-25 11:58:28 +01:00
eth->type = mg_htons(eth_types[i++]);
if (i >= sizeof(eth_types) / sizeof(eth_types[0])) i = 0;
2022-09-25 10:19:17 +01:00
}
mip_rx(ifp, (void *) pkt, size);
mgr.priv = NULL; // Don't let Mongoose free() ifp
mg_mgr_free(&mgr);
}
2022-06-09 12:39:48 +01:00
return 0;
}
2022-09-29 16:53:11 +01:00
#if defined(MAIN)
int main(int argc, char *argv[]) {
if (argc > 1) {
size_t len = 0;
char *buf = mg_file_read(&mg_fs_posix, argv[1], &len);
if (buf != NULL) LLVMFuzzerTestOneInput((uint8_t *) buf, len);
free(buf);
}
return 0;
}
#endif