diff options
| author | Arjun <pkillarjun@protonmail.com> | 2024-06-12 10:34:09 +0530 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2024-06-14 15:11:38 +0100 |
| commit | a93d878e5c3a6c3476e77d021ae59dc937e3066c (patch) | |
| tree | f836d6883dea1b9ef766da925c0b76f8b8fc015d /fuzzing/nxt_http_h1p_fuzz.c | |
| parent | 965fc94e4910da14d13a2f10d997cc720b3f6127 (diff) | |
| download | unit-a93d878e5c3a6c3476e77d021ae59dc937e3066c.tar.gz unit-a93d878e5c3a6c3476e77d021ae59dc937e3066c.tar.bz2 | |
fuzzing: add fuzzing targets
Signed-off-by: Arjun <pkillarjun@protonmail.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to 'fuzzing/nxt_http_h1p_fuzz.c')
| -rw-r--r-- | fuzzing/nxt_http_h1p_fuzz.c | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/fuzzing/nxt_http_h1p_fuzz.c b/fuzzing/nxt_http_h1p_fuzz.c new file mode 100644 index 00000000..471e87a4 --- /dev/null +++ b/fuzzing/nxt_http_h1p_fuzz.c @@ -0,0 +1,85 @@ +/* + * Copyright (C) NGINX, Inc. + */ + +#include <nxt_main.h> + +/* DO NOT TRY THIS AT HOME! */ +#include "nxt_h1proto.c" + + +#define KMININPUTLENGTH 2 +#define KMAXINPUTLENGTH 1024 + + +extern int LLVMFuzzerInitialize(int *argc, char ***argv); +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + + +extern char **environ; + + +int +LLVMFuzzerInitialize(int *argc, char ***argv) +{ + nxt_int_t ret; + + if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) { + return NXT_ERROR; + } + + ret = nxt_http_fields_hash(&nxt_h1p_fields_hash, + nxt_h1p_fields, nxt_nitems(nxt_h1p_fields)); + if (ret != NXT_OK) { + return NXT_ERROR; + } + + return 0; +} + + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + nxt_mp_t *mp; + nxt_buf_mem_t buf; + nxt_http_request_t *r_h1p; + nxt_http_request_parse_t rp; + + if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { + return 0; + } + + mp = nxt_mp_create(1024, 128, 256, 32); + if (mp == NULL) { + return 0; + } + + nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); + if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { + goto failed; + } + + buf.start = (u_char *)data; + buf.end = (u_char *)data + size; + buf.pos = buf.start; + buf.free = buf.end; + + if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { + goto failed; + } + + r_h1p = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); + + if (r_h1p == NULL) { + goto failed; + } + + nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p); + +failed: + + nxt_mp_destroy(mp); + + return 0; +} |