-
Notifications
You must be signed in to change notification settings - Fork 337
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Arjun <pkillarjun@protonmail.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
- Loading branch information
1 parent
965fc94
commit a93d878
Showing
5 changed files
with
425 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
/* | ||
* Copyright (C) NGINX, Inc. | ||
*/ | ||
|
||
#include <nxt_main.h> | ||
|
||
|
||
#define KMININPUTLENGTH 2 | ||
#define KMAXINPUTLENGTH 128 | ||
|
||
|
||
extern int LLVMFuzzerInitialize(int *argc, char ***argv); | ||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); | ||
|
||
void nxt_base64_fuzz(const u_char *data, size_t size); | ||
void nxt_term_fuzz(const u_char *data, size_t size); | ||
void nxt_time_fuzz(const u_char *data, size_t size); | ||
void nxt_utf8_fuzz(const u_char *data, size_t size); | ||
|
||
|
||
extern char **environ; | ||
|
||
|
||
int | ||
LLVMFuzzerInitialize(int *argc, char ***argv) | ||
{ | ||
if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
return 0; | ||
} | ||
|
||
|
||
int | ||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
{ | ||
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { | ||
return 0; | ||
} | ||
|
||
nxt_base64_fuzz(data, size); | ||
nxt_term_fuzz(data, size); | ||
nxt_time_fuzz(data, size); | ||
nxt_utf8_fuzz(data, size); | ||
|
||
return 0; | ||
} | ||
|
||
|
||
void | ||
nxt_base64_fuzz(const u_char *data, size_t size) | ||
{ | ||
u_char buf[256]; | ||
ssize_t ret; | ||
|
||
/* | ||
* Validate base64 data before decoding. | ||
*/ | ||
ret = nxt_base64_decode(NULL, (u_char *)data, size); | ||
if (ret == NXT_ERROR) { | ||
return; | ||
} | ||
|
||
nxt_base64_decode(buf, (u_char *)data, size); | ||
} | ||
|
||
|
||
void | ||
nxt_term_fuzz(const u_char *data, size_t size) | ||
{ | ||
nxt_term_parse(data, size, 0); | ||
nxt_term_parse(data, size, 1); | ||
} | ||
|
||
|
||
void | ||
nxt_time_fuzz(const u_char *data, size_t size) | ||
{ | ||
nxt_time_parse(data, size); | ||
} | ||
|
||
|
||
void | ||
nxt_utf8_fuzz(const u_char *data, size_t size) | ||
{ | ||
const u_char *in; | ||
|
||
in = data; | ||
nxt_utf8_decode(&in, data + size); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/* | ||
* Copyright (C) NGINX, Inc. | ||
*/ | ||
|
||
#include <nxt_main.h> | ||
|
||
/* DO NOT TRY THIS AT HOME! */ | ||
#include "nxt_controller.c" | ||
|
||
|
||
#define KMININPUTLENGTH 2 | ||
#define KMAXINPUTLENGTH 1024 | ||
|
||
|
||
extern int LLVMFuzzerInitialize(int *argc, char ***argv); | ||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); | ||
|
||
|
||
extern char **environ; | ||
|
||
|
||
int | ||
LLVMFuzzerInitialize(int *argc, char ***argv) | ||
{ | ||
nxt_int_t ret; | ||
|
||
if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
ret = nxt_http_fields_hash(&nxt_controller_fields_hash, | ||
nxt_controller_request_fields, | ||
nxt_nitems(nxt_controller_request_fields)); | ||
if (ret != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
return 0; | ||
} | ||
|
||
|
||
int | ||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
{ | ||
nxt_mp_t *mp; | ||
nxt_buf_mem_t buf; | ||
nxt_controller_request_t *r_controller; | ||
nxt_http_request_parse_t rp; | ||
|
||
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { | ||
return 0; | ||
} | ||
|
||
mp = nxt_mp_create(1024, 128, 256, 32); | ||
if (mp == NULL) { | ||
return 0; | ||
} | ||
|
||
nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); | ||
if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { | ||
goto failed; | ||
} | ||
|
||
buf.start = (u_char *)data; | ||
buf.end = (u_char *)data + size; | ||
buf.pos = buf.start; | ||
buf.free = buf.end; | ||
|
||
if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { | ||
goto failed; | ||
} | ||
|
||
r_controller = nxt_mp_zget(mp, sizeof(nxt_controller_request_t)); | ||
|
||
if (r_controller == NULL) { | ||
goto failed; | ||
} | ||
|
||
nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash, | ||
r_controller); | ||
|
||
failed: | ||
|
||
nxt_mp_destroy(mp); | ||
|
||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* | ||
* Copyright (C) NGINX, Inc. | ||
*/ | ||
|
||
#include <nxt_main.h> | ||
|
||
/* DO NOT TRY THIS AT HOME! */ | ||
#include "nxt_h1proto.c" | ||
|
||
|
||
#define KMININPUTLENGTH 2 | ||
#define KMAXINPUTLENGTH 1024 | ||
|
||
|
||
extern int LLVMFuzzerInitialize(int *argc, char ***argv); | ||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); | ||
|
||
|
||
extern char **environ; | ||
|
||
|
||
int | ||
LLVMFuzzerInitialize(int *argc, char ***argv) | ||
{ | ||
nxt_int_t ret; | ||
|
||
if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
ret = nxt_http_fields_hash(&nxt_h1p_fields_hash, | ||
nxt_h1p_fields, nxt_nitems(nxt_h1p_fields)); | ||
if (ret != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
return 0; | ||
} | ||
|
||
|
||
int | ||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
{ | ||
nxt_mp_t *mp; | ||
nxt_buf_mem_t buf; | ||
nxt_http_request_t *r_h1p; | ||
nxt_http_request_parse_t rp; | ||
|
||
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { | ||
return 0; | ||
} | ||
|
||
mp = nxt_mp_create(1024, 128, 256, 32); | ||
if (mp == NULL) { | ||
return 0; | ||
} | ||
|
||
nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); | ||
if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { | ||
goto failed; | ||
} | ||
|
||
buf.start = (u_char *)data; | ||
buf.end = (u_char *)data + size; | ||
buf.pos = buf.start; | ||
buf.free = buf.end; | ||
|
||
if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { | ||
goto failed; | ||
} | ||
|
||
r_h1p = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); | ||
|
||
if (r_h1p == NULL) { | ||
goto failed; | ||
} | ||
|
||
nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p); | ||
|
||
failed: | ||
|
||
nxt_mp_destroy(mp); | ||
|
||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
/* | ||
* Copyright (C) NGINX, Inc. | ||
*/ | ||
|
||
#include <nxt_main.h> | ||
|
||
/* DO NOT TRY THIS AT HOME! */ | ||
#include "nxt_h1proto.c" | ||
|
||
|
||
#define KMININPUTLENGTH 2 | ||
#define KMAXINPUTLENGTH 1024 | ||
|
||
|
||
extern int LLVMFuzzerInitialize(int *argc, char ***argv); | ||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); | ||
|
||
|
||
extern char **environ; | ||
|
||
|
||
int | ||
LLVMFuzzerInitialize(int *argc, char ***argv) | ||
{ | ||
nxt_int_t ret; | ||
|
||
if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
ret = nxt_http_fields_hash(&nxt_h1p_peer_fields_hash, | ||
nxt_h1p_peer_fields, | ||
nxt_nitems(nxt_h1p_peer_fields)); | ||
if (ret != NXT_OK) { | ||
return NXT_ERROR; | ||
} | ||
|
||
return 0; | ||
} | ||
|
||
|
||
int | ||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
{ | ||
nxt_mp_t *mp; | ||
nxt_buf_mem_t buf; | ||
nxt_http_request_t *r_h1p_peer; | ||
nxt_http_request_parse_t rp; | ||
|
||
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { | ||
return 0; | ||
} | ||
|
||
mp = nxt_mp_create(1024, 128, 256, 32); | ||
if (mp == NULL) { | ||
return 0; | ||
} | ||
|
||
nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); | ||
if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { | ||
goto failed; | ||
} | ||
|
||
buf.start = (u_char *)data; | ||
buf.end = (u_char *)data + size; | ||
buf.pos = buf.start; | ||
buf.free = buf.end; | ||
|
||
if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { | ||
goto failed; | ||
} | ||
|
||
r_h1p_peer = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); | ||
|
||
if (r_h1p_peer == NULL) { | ||
goto failed; | ||
} | ||
|
||
nxt_http_fields_process(rp.fields, &nxt_h1p_peer_fields_hash, r_h1p_peer); | ||
|
||
failed: | ||
|
||
nxt_mp_destroy(mp); | ||
|
||
return 0; | ||
} |
Oops, something went wrong.