fuzz_http_connect.c 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. /* Copyright (c) 2016-2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #define BUFFERS_PRIVATE
  5. #define CONNECTION_EDGE_PRIVATE
  6. #include "or.h"
  7. #include "backtrace.h"
  8. #include "buffers.h"
  9. #include "config.h"
  10. #include "connection.h"
  11. #include "connection_edge.h"
  12. #include "torlog.h"
  13. #include "fuzzing.h"
  14. static void
  15. mock_connection_write_to_buf_impl_(const char *string, size_t len,
  16. connection_t *conn, int compressed)
  17. {
  18. log_debug(LD_GENERAL, "%sResponse:\n%u\nConnection: %p\n%s\n",
  19. compressed ? "Compressed " : "", (unsigned)len, conn, string);
  20. }
  21. static void
  22. mock_connection_mark_unattached_ap_(entry_connection_t *conn, int endreason,
  23. int line, const char *file)
  24. {
  25. (void)conn;
  26. (void)endreason;
  27. (void)line;
  28. (void)file;
  29. }
  30. static int
  31. mock_connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn,
  32. origin_circuit_t *circ,
  33. crypt_path_t *cpath)
  34. {
  35. (void)conn;
  36. (void)circ;
  37. (void)cpath;
  38. return 0;
  39. }
  40. int
  41. fuzz_init(void)
  42. {
  43. /* Set up fake response handler */
  44. MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
  45. /* Set up the fake handler functions */
  46. MOCK(connection_mark_unattached_ap_, mock_connection_mark_unattached_ap_);
  47. MOCK(connection_ap_rewrite_and_attach_if_allowed,
  48. mock_connection_ap_rewrite_and_attach_if_allowed);
  49. return 0;
  50. }
  51. int
  52. fuzz_cleanup(void)
  53. {
  54. UNMOCK(connection_write_to_buf_impl_);
  55. UNMOCK(connection_mark_unattached_ap_);
  56. UNMOCK(connection_ap_rewrite_and_attach_if_allowed);
  57. return 0;
  58. }
  59. int
  60. fuzz_main(const uint8_t *stdin_buf, size_t data_size)
  61. {
  62. entry_connection_t conn;
  63. /* Set up the fake connection */
  64. memset(&conn, 0, sizeof(conn));
  65. conn.edge_.base_.type = CONN_TYPE_AP;
  66. conn.edge_.base_.state = AP_CONN_STATE_HTTP_CONNECT_WAIT;
  67. conn.socks_request = tor_malloc_zero(sizeof(socks_request_t));
  68. conn.socks_request->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;
  69. conn.edge_.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
  70. if (!conn.edge_.base_.inbuf) {
  71. log_debug(LD_GENERAL, "Zero-Length-Input\n");
  72. goto done;
  73. }
  74. /* Parse the headers */
  75. int rv = connection_ap_process_http_connect(&conn);
  76. /* TODO: check the output is correctly parsed based on the input */
  77. log_debug(LD_GENERAL, "Result:\n%d\n", rv);
  78. goto done;
  79. done:
  80. /* Reset. */
  81. socks_request_free(conn.socks_request);
  82. buf_free(conn.edge_.base_.inbuf);
  83. conn.edge_.base_.inbuf = NULL;
  84. return 0;
  85. }