fuzz_http.c 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. /* Copyright (c) 2016-2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #define BUFFERS_PRIVATE
  5. #define DIRECTORY_PRIVATE
  6. #include "or.h"
  7. #include "backtrace.h"
  8. #include "buffers.h"
  9. #include "config.h"
  10. #include "connection.h"
  11. #include "directory.h"
  12. #include "torlog.h"
  13. #include "fuzzing.h"
  14. static void
  15. mock_connection_write_to_buf_impl_(const char *string, size_t len,
  16. connection_t *conn, int compressed)
  17. {
  18. log_debug(LD_GENERAL, "%sResponse:\n%u\nConnection: %p\n%s\n",
  19. compressed ? "Compressed " : "", (unsigned)len, conn, string);
  20. }
  21. static int
  22. mock_directory_handle_command_get(dir_connection_t *conn,
  23. const char *headers,
  24. const char *body,
  25. size_t body_len)
  26. {
  27. (void)conn;
  28. log_debug(LD_GENERAL, "Method:\nGET\n");
  29. if (headers) {
  30. log_debug(LD_GENERAL, "Header-Length:\n%u\n", (unsigned)strlen(headers));
  31. log_debug(LD_GENERAL, "Headers:\n%s\n", headers);
  32. }
  33. log_debug(LD_GENERAL, "Body-Length:\n%u\n", (unsigned)body_len);
  34. if (body) {
  35. log_debug(LD_GENERAL, "Body:\n%s\n", body);
  36. }
  37. /* Always tell the caller we succeeded */
  38. return 0;
  39. }
  40. static int
  41. mock_directory_handle_command_post(dir_connection_t *conn,
  42. const char *headers,
  43. const char *body,
  44. size_t body_len)
  45. {
  46. (void)conn;
  47. log_debug(LD_GENERAL, "Method:\nPOST\n");
  48. if (headers) {
  49. log_debug(LD_GENERAL, "Header-Length:\n%u\n", (unsigned)strlen(headers));
  50. log_debug(LD_GENERAL, "Headers:\n%s\n", headers);
  51. }
  52. log_debug(LD_GENERAL, "Body-Length:\n%u\n", (unsigned)body_len);
  53. if (body) {
  54. log_debug(LD_GENERAL, "Body:\n%s\n", body);
  55. }
  56. /* Always tell the caller we succeeded */
  57. return 0;
  58. }
  59. int
  60. fuzz_init(void)
  61. {
  62. /* Set up fake response handler */
  63. MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
  64. /* Set up the fake handler functions */
  65. MOCK(directory_handle_command_get, mock_directory_handle_command_get);
  66. MOCK(directory_handle_command_post, mock_directory_handle_command_post);
  67. return 0;
  68. }
  69. int
  70. fuzz_cleanup(void)
  71. {
  72. UNMOCK(connection_write_to_buf_impl_);
  73. UNMOCK(directory_handle_command_get);
  74. UNMOCK(directory_handle_command_post);
  75. return 0;
  76. }
  77. int
  78. fuzz_main(const uint8_t *stdin_buf, size_t data_size)
  79. {
  80. dir_connection_t dir_conn;
  81. /* Set up the fake connection */
  82. memset(&dir_conn, 0, sizeof(dir_connection_t));
  83. dir_conn.base_.type = CONN_TYPE_DIR;
  84. /* Apparently tor sets this before directory_handle_command() is called. */
  85. dir_conn.base_.address = tor_strdup("replace-this-address.example.com");
  86. dir_conn.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
  87. if (!dir_conn.base_.inbuf) {
  88. log_debug(LD_GENERAL, "Zero-Length-Input\n");
  89. goto done;
  90. }
  91. /* Parse the headers */
  92. int rv = directory_handle_command(&dir_conn);
  93. /* TODO: check the output is correctly parsed based on the input */
  94. /* Report the parsed origin address */
  95. if (dir_conn.base_.address) {
  96. log_debug(LD_GENERAL, "Address:\n%s\n", dir_conn.base_.address);
  97. }
  98. log_debug(LD_GENERAL, "Result:\n%d\n", rv);
  99. done:
  100. /* Reset. */
  101. tor_free(dir_conn.base_.address);
  102. buf_free(dir_conn.base_.inbuf);
  103. dir_conn.base_.inbuf = NULL;
  104. return 0;
  105. }