Fuzz-test mg_http_var and base64

2024-12-26 22:41:03 +08:00 · 2020-12-07 18:52:40 +00:00 · 2020-12-07 18:52:40 +00:00 · d1b8f9e01f
commit d1b8f9e01f
parent 228acefa36
4 changed files with 13 additions and 45 deletions
--- a/8
+++ b/8
@ -15,9 +15,11 @@ EXAMPLE_TARGET ?= example
 .PHONY: ex test

 ifeq "$(SSL)" "MBEDTLS"
-MBEDTLSDIR ?= $(shell "$(brew --cellar mbedtls)/$(brew info mbedtls --json | jq -j .[0].installed[0].version)")
-CFLAGS += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLSDIR)/include -I/usr/include
-LDFLAGS ?= -L$(MBEDTLSDIR)/lib -lmbedtls -lmbedcrypto -lmbedx509
+MBEDTLS_DIR ?= $(shell brew --cellar mbedtls)
+MBEDTLS_VER ?= $(shell brew info mbedtls --json | jq -j .[0].installed[0].version)
+MBEDTLS ?= $(MBEDTLS_DIR)/$(MBEDTLS_VER)
+CFLAGS += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLS)/include -I/usr/include
+LDFLAGS ?= -L$(MBEDTLS)/lib -lmbedtls -lmbedcrypto -lmbedx509
 endif
 ifeq "$(SSL)" "OPENSSL"
 OPENSSLDIR ?= $(shell "$(brew --cellar openssl)/$(brew info openssl --json | jq -j .[0].installed[0].version)")
--- a/mongoose.c
+++ b/mongoose.c
@ -97,31 +97,10 @@ int mg_base64_final(char *to, int n) {
 }

 int mg_base64_encode(const unsigned char *p, int n, char *to) {
-#if 0
-  char buf[4];
-  int i, j, len = 0;
-  for (i = 0; i < n; i += 3) {
-    int a = p[i], b = i + 1 < n ? p[i + 1] : 0, c = i + 2 < n ? p[i + 2] : 0;
-    buf[0] = mg_b64idx(a >> 2);
-    buf[1] = mg_b64idx((a & 3) << 4 | (b >> 4));
-    buf[2] = mg_b64idx((b & 15) << 2 | (c >> 6));
-    buf[3] = mg_b64idx(c & 63);
-    j = 0;
-    if (i + 1 >= n) buf[2] = '=', j++;
-    if (i + 2 >= n) buf[3] = '=', j++;
-    memcpy(to + len, buf, sizeof(buf));
-    len += sizeof(buf);
-  }
-  to[len] = '\0';
-  printf("%d[%.*s] -> %d[%.*s]\n", n, n, p, len, len, to);
-  return len;
-#else
  int i, len = 0;
  for (i = 0; i < n; i++) len = mg_base64_update(p[i], to, len);
  len = mg_base64_final(to, len);
-  // printf("%d[%.*s] -> %d[%.*s]\n", n, n, p, len, len, to);
  return len;
-#endif
 }

 int mg_base64_decode(const char *src, int n, char *dst) {
--- a/src/base64.c
+++ b/src/base64.c
@ -58,31 +58,10 @@ int mg_base64_final(char *to, int n) {
 }

 int mg_base64_encode(const unsigned char *p, int n, char *to) {
-#if 0
-  char buf[4];
-  int i, j, len = 0;
-  for (i = 0; i < n; i += 3) {
-    int a = p[i], b = i + 1 < n ? p[i + 1] : 0, c = i + 2 < n ? p[i + 2] : 0;
-    buf[0] = mg_b64idx(a >> 2);
-    buf[1] = mg_b64idx((a & 3) << 4 | (b >> 4));
-    buf[2] = mg_b64idx((b & 15) << 2 | (c >> 6));
-    buf[3] = mg_b64idx(c & 63);
-    j = 0;
-    if (i + 1 >= n) buf[2] = '=', j++;
-    if (i + 2 >= n) buf[3] = '=', j++;
-    memcpy(to + len, buf, sizeof(buf));
-    len += sizeof(buf);
-  }
-  to[len] = '\0';
-  printf("%d[%.*s] -> %d[%.*s]\n", n, n, p, len, len, to);
-  return len;
-#else
  int i, len = 0;
  for (i = 0; i < n; i++) len = mg_base64_update(p[i], to, len);
  len = mg_base64_final(to, len);
-  // printf("%d[%.*s] -> %d[%.*s]\n", n, n, p, len, len, to);
  return len;
-#endif
 }

 int mg_base64_decode(const char *src, int n, char *dst) {
--- a/test/fuzz.c
+++ b/test/fuzz.c
@ -8,11 +8,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  struct mg_http_message hm;
  mg_http_parse((const char *) data, size, &hm);

+  struct mg_str body = mg_str_n((const char *) data, size);
+  char tmp[256];
+  mg_http_get_var(&body, "key", tmp, sizeof(tmp));
+
  struct mg_mqtt_message mm;
  mg_mqtt_parse(data, size, &mm);

  struct timeval tv;
  mg_sntp_parse(data, size, &tv);

+  char buf[size * 4 / 3 + 5];  // At least 4 chars and nul termination
+  mg_base64_decode((char *) data, size, buf);
+  mg_base64_encode(data, size, buf);
+
  return 0;
 }