fuzz_http_connect.c 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. /* Copyright (c) 2016-2018, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #define BUFFERS_PRIVATE
  5. #define CONNECTION_EDGE_PRIVATE
  6. #include "core/or/or.h"
  7. #include "lib/err/backtrace.h"
  8. #include "lib/container/buffers.h"
  9. #include "app/config/config.h"
  10. #include "core/mainloop/connection.h"
  11. #include "core/or/connection_edge.h"
  12. #include "core/proto/proto_socks.h"
  13. #include "lib/log/log.h"
  14. #include "core/or/entry_connection_st.h"
  15. #include "core/or/socks_request_st.h"
  16. #include "test/fuzz/fuzzing.h"
  17. static void
  18. mock_connection_write_to_buf_impl_(const char *string, size_t len,
  19. connection_t *conn, int compressed)
  20. {
  21. log_debug(LD_GENERAL, "%sResponse:\n%u\nConnection: %p\n%s\n",
  22. compressed ? "Compressed " : "", (unsigned)len, conn, string);
  23. }
  24. static void
  25. mock_connection_mark_unattached_ap_(entry_connection_t *conn, int endreason,
  26. int line, const char *file)
  27. {
  28. (void)conn;
  29. (void)endreason;
  30. (void)line;
  31. (void)file;
  32. }
  33. static int
  34. mock_connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn,
  35. origin_circuit_t *circ,
  36. crypt_path_t *cpath)
  37. {
  38. (void)conn;
  39. (void)circ;
  40. (void)cpath;
  41. return 0;
  42. }
  43. int
  44. fuzz_init(void)
  45. {
  46. /* Set up fake response handler */
  47. MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
  48. /* Set up the fake handler functions */
  49. MOCK(connection_mark_unattached_ap_, mock_connection_mark_unattached_ap_);
  50. MOCK(connection_ap_rewrite_and_attach_if_allowed,
  51. mock_connection_ap_rewrite_and_attach_if_allowed);
  52. return 0;
  53. }
  54. int
  55. fuzz_cleanup(void)
  56. {
  57. UNMOCK(connection_write_to_buf_impl_);
  58. UNMOCK(connection_mark_unattached_ap_);
  59. UNMOCK(connection_ap_rewrite_and_attach_if_allowed);
  60. return 0;
  61. }
  62. int
  63. fuzz_main(const uint8_t *stdin_buf, size_t data_size)
  64. {
  65. entry_connection_t conn;
  66. /* Set up the fake connection */
  67. memset(&conn, 0, sizeof(conn));
  68. conn.edge_.base_.type = CONN_TYPE_AP;
  69. conn.edge_.base_.state = AP_CONN_STATE_HTTP_CONNECT_WAIT;
  70. conn.socks_request = tor_malloc_zero(sizeof(socks_request_t));
  71. conn.socks_request->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;
  72. conn.edge_.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
  73. if (!conn.edge_.base_.inbuf) {
  74. log_debug(LD_GENERAL, "Zero-Length-Input\n");
  75. goto done;
  76. }
  77. /* Parse the headers */
  78. int rv = connection_ap_process_http_connect(&conn);
  79. /* TODO: check the output is correctly parsed based on the input */
  80. log_debug(LD_GENERAL, "Result:\n%d\n", rv);
  81. goto done;
  82. done:
  83. /* Reset. */
  84. socks_request_free(conn.socks_request);
  85. buf_free(conn.edge_.base_.inbuf);
  86. conn.edge_.base_.inbuf = NULL;
  87. return 0;
  88. }