diff options
author | Arjun <pkillarjun@protonmail.com> | 2024-07-26 17:57:19 +0530 |
---|---|---|
committer | Andrew Clayton <a.clayton@nginx.com> | 2024-08-02 17:39:15 +0100 |
commit | 3667c3e2d257566c8e3dfb68fac7f09190db8db4 (patch) | |
tree | cfdff26f452d68a41f4f6f71c70192487b9e10af /fuzzing/nxt_basic_fuzz.c | |
parent | bc49274db06a9795d090bbbd22c074888a9ef583 (diff) | |
download | unit-3667c3e2d257566c8e3dfb68fac7f09190db8db4.tar.gz unit-3667c3e2d257566c8e3dfb68fac7f09190db8db4.tar.bz2 |
fuzzing: added new basic targets
Added fuzzing targets:
1. djb hash
2. murmur hash2
3. parse
4. sha1
5. uri decode, uri encode
6. utf8 casecmp
7. websocket base64 encode
8. websocket frame
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to '')
-rw-r--r-- | fuzzing/nxt_basic_fuzz.c | 147 |
1 files changed, 146 insertions, 1 deletions
diff --git a/fuzzing/nxt_basic_fuzz.c b/fuzzing/nxt_basic_fuzz.c index df3a1b6a..5f71a909 100644 --- a/fuzzing/nxt_basic_fuzz.c +++ b/fuzzing/nxt_basic_fuzz.c @@ -3,9 +3,15 @@ */ #include <nxt_main.h> +#include <nxt_sha1.h> +#include <nxt_websocket.h> +#include <nxt_websocket_header.h> +/* DO NOT TRY THIS AT HOME! */ +#include <nxt_websocket_accept.c> -#define KMININPUTLENGTH 2 + +#define KMININPUTLENGTH 4 #define KMAXINPUTLENGTH 128 @@ -13,9 +19,17 @@ extern int LLVMFuzzerInitialize(int *argc, char ***argv); extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); void nxt_base64_fuzz(const u_char *data, size_t size); +void nxt_djb_hash_fuzz(const u_char *data, size_t size); +void nxt_murmur_hash2_fuzz(const u_char *data, size_t size); +void nxt_parse_fuzz(const u_char *data, size_t size); +void nxt_sha1_fuzz(const u_char *data, size_t size); +void nxt_sha1_update_fuzz(const u_char *data, size_t size); void nxt_term_fuzz(const u_char *data, size_t size); void nxt_time_fuzz(const u_char *data, size_t size); +void nxt_uri_fuzz(const u_char *data, size_t size); void nxt_utf8_fuzz(const u_char *data, size_t size); +void nxt_websocket_base64_fuzz(const u_char *data, size_t size); +void nxt_websocket_frame_fuzz(const u_char *data, size_t size); extern char **environ; @@ -40,9 +54,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } nxt_base64_fuzz(data, size); + nxt_djb_hash_fuzz(data, size); + nxt_murmur_hash2_fuzz(data, size); + nxt_parse_fuzz(data, size); + nxt_sha1_fuzz(data, size); + nxt_sha1_update_fuzz(data, size); nxt_term_fuzz(data, size); nxt_time_fuzz(data, size); + nxt_uri_fuzz(data, size); nxt_utf8_fuzz(data, size); + nxt_websocket_base64_fuzz(data, size); + nxt_websocket_frame_fuzz(data, size); return 0; } @@ -67,6 +89,64 @@ nxt_base64_fuzz(const u_char *data, size_t size) void +nxt_djb_hash_fuzz(const u_char *data, size_t size) +{ + nxt_djb_hash(data, size); + nxt_djb_hash_lowcase(data, size); +} + + +void +nxt_murmur_hash2_fuzz(const u_char *data, size_t size) +{ + nxt_murmur_hash2(data, size); + nxt_murmur_hash2_uint32(data); +} + + +void +nxt_parse_fuzz(const u_char *data, size_t size) +{ + nxt_str_t input; + + input.start = (u_char *)data; + input.length = size; + + nxt_int_parse(data, size); + nxt_size_t_parse(data, size); + nxt_size_parse(data, size); + nxt_off_t_parse(data, size); + nxt_str_int_parse(&input); + nxt_number_parse(&data, data + size); +} + + +void +nxt_sha1_fuzz(const u_char *data, size_t size) +{ + u_char bin_accept[20]; + nxt_sha1_t ctx; + + nxt_sha1_init(&ctx); + nxt_sha1_update(&ctx, data, size); + nxt_sha1_final(bin_accept, &ctx); +} + + +void +nxt_sha1_update_fuzz(const u_char *data, size_t size) +{ + u_char bin_accept[20]; + nxt_sha1_t ctx; + + nxt_sha1_init(&ctx); + nxt_sha1_update(&ctx, data, size); + nxt_sha1_update(&ctx, data, size); + nxt_sha1_final(bin_accept, &ctx); +} + + +void nxt_term_fuzz(const u_char *data, size_t size) { nxt_term_parse(data, size, 0); @@ -82,10 +162,75 @@ nxt_time_fuzz(const u_char *data, size_t size) void +nxt_uri_fuzz(const u_char *data, size_t size) +{ + u_char *dst; + + dst = nxt_zalloc(size * 3); + if (dst == NULL) { + return; + } + + nxt_decode_uri(dst, (u_char *)data, size); + nxt_decode_uri_plus(dst, (u_char *)data, size); + + nxt_memzero(dst, size * 3); + nxt_encode_uri(NULL, (u_char *)data, size); + nxt_encode_uri(dst, (u_char *)data, size); + + nxt_free(dst); +} + + +void nxt_utf8_fuzz(const u_char *data, size_t size) { const u_char *in; in = data; nxt_utf8_decode(&in, data + size); + + nxt_utf8_casecmp((const u_char *)"ABC АБВ ΑΒΓ", + data, + nxt_length("ABC АБВ ΑΒΓ"), + size); +} + + +void +nxt_websocket_base64_fuzz(const u_char *data, size_t size) +{ + u_char *out; + + out = nxt_zalloc(size * 2); + if (out == NULL) { + return; + } + + nxt_websocket_base64_encode(out, data, size); + + nxt_free(out); +} + + +void +nxt_websocket_frame_fuzz(const u_char *data, size_t size) +{ + u_char *input; + + /* + * Resolve overwrites-const-input by using a copy of the data. + */ + input = nxt_malloc(size); + if (input == NULL) { + return; + } + + nxt_memcpy(input, data, size); + + nxt_websocket_frame_init(input, 0); + nxt_websocket_frame_header_size(input); + nxt_websocket_frame_payload_len(input); + + nxt_free(input); } |