piros
/
tor


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
							/* Copyright (c) 2016-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#include "orconfig.h"

#define BUFFERS_PRIVATE
#define CONNECTION_EDGE_PRIVATE

#include "or.h"
#include "backtrace.h"
#include "buffers.h"
#include "config.h"
#include "connection.h"
#include "connection_edge.h"
#include "proto_socks.h"
#include "torlog.h"

#include "entry_connection_st.h"

#include "fuzzing.h"

static void
mock_connection_write_to_buf_impl_(const char *string, size_t len,
                                   connection_t *conn, int compressed)
{
  log_debug(LD_GENERAL, "%sResponse:\n%u\nConnection: %p\n%s\n",
            compressed ? "Compressed " : "", (unsigned)len, conn, string);
}

static void
mock_connection_mark_unattached_ap_(entry_connection_t *conn, int endreason,
                                    int line, const char *file)
{
  (void)conn;
  (void)endreason;
  (void)line;
  (void)file;
}

static int
mock_connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn,
                                                 origin_circuit_t *circ,
                                                 crypt_path_t *cpath)
{
  (void)conn;
  (void)circ;
  (void)cpath;
  return 0;
}

int
fuzz_init(void)
{
  /* Set up fake response handler */
  MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
  /* Set up the fake handler functions */
  MOCK(connection_mark_unattached_ap_, mock_connection_mark_unattached_ap_);
  MOCK(connection_ap_rewrite_and_attach_if_allowed,
       mock_connection_ap_rewrite_and_attach_if_allowed);

  return 0;
}

int
fuzz_cleanup(void)
{
  UNMOCK(connection_write_to_buf_impl_);
  UNMOCK(connection_mark_unattached_ap_);
  UNMOCK(connection_ap_rewrite_and_attach_if_allowed);
  return 0;
}

int
fuzz_main(const uint8_t *stdin_buf, size_t data_size)
{
  entry_connection_t conn;

  /* Set up the fake connection */
  memset(&conn, 0, sizeof(conn));
  conn.edge_.base_.type = CONN_TYPE_AP;
  conn.edge_.base_.state = AP_CONN_STATE_HTTP_CONNECT_WAIT;
  conn.socks_request = tor_malloc_zero(sizeof(socks_request_t));
  conn.socks_request->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;

  conn.edge_.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
  if (!conn.edge_.base_.inbuf) {
    log_debug(LD_GENERAL, "Zero-Length-Input\n");
    goto done;
  }

  /* Parse the headers */
  int rv = connection_ap_process_http_connect(&conn);

  /* TODO: check the output is correctly parsed based on the input */

  log_debug(LD_GENERAL, "Result:\n%d\n", rv);

  goto done;

 done:
  /* Reset. */
  socks_request_free(conn.socks_request);
  buf_free(conn.edge_.base_.inbuf);
  conn.edge_.base_.inbuf = NULL;

  return 0;
}