fuzz_http_connect.c 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. /* Copyright (c) 2016-2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #define BUFFERS_PRIVATE
  5. #define CONNECTION_EDGE_PRIVATE
  6. #include "or.h"
  7. #include "backtrace.h"
  8. #include "buffers.h"
  9. #include "config.h"
  10. #include "connection.h"
  11. #include "connection_edge.h"
  12. #include "proto_socks.h"
  13. #include "torlog.h"
  14. #include "fuzzing.h"
  15. static void
  16. mock_connection_write_to_buf_impl_(const char *string, size_t len,
  17. connection_t *conn, int compressed)
  18. {
  19. log_debug(LD_GENERAL, "%sResponse:\n%u\nConnection: %p\n%s\n",
  20. compressed ? "Compressed " : "", (unsigned)len, conn, string);
  21. }
  22. static void
  23. mock_connection_mark_unattached_ap_(entry_connection_t *conn, int endreason,
  24. int line, const char *file)
  25. {
  26. (void)conn;
  27. (void)endreason;
  28. (void)line;
  29. (void)file;
  30. }
  31. static int
  32. mock_connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn,
  33. origin_circuit_t *circ,
  34. crypt_path_t *cpath)
  35. {
  36. (void)conn;
  37. (void)circ;
  38. (void)cpath;
  39. return 0;
  40. }
  41. int
  42. fuzz_init(void)
  43. {
  44. /* Set up fake response handler */
  45. MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
  46. /* Set up the fake handler functions */
  47. MOCK(connection_mark_unattached_ap_, mock_connection_mark_unattached_ap_);
  48. MOCK(connection_ap_rewrite_and_attach_if_allowed,
  49. mock_connection_ap_rewrite_and_attach_if_allowed);
  50. return 0;
  51. }
  52. int
  53. fuzz_cleanup(void)
  54. {
  55. UNMOCK(connection_write_to_buf_impl_);
  56. UNMOCK(connection_mark_unattached_ap_);
  57. UNMOCK(connection_ap_rewrite_and_attach_if_allowed);
  58. return 0;
  59. }
  60. int
  61. fuzz_main(const uint8_t *stdin_buf, size_t data_size)
  62. {
  63. entry_connection_t conn;
  64. /* Set up the fake connection */
  65. memset(&conn, 0, sizeof(conn));
  66. conn.edge_.base_.type = CONN_TYPE_AP;
  67. conn.edge_.base_.state = AP_CONN_STATE_HTTP_CONNECT_WAIT;
  68. conn.socks_request = tor_malloc_zero(sizeof(socks_request_t));
  69. conn.socks_request->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;
  70. conn.edge_.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
  71. if (!conn.edge_.base_.inbuf) {
  72. log_debug(LD_GENERAL, "Zero-Length-Input\n");
  73. goto done;
  74. }
  75. /* Parse the headers */
  76. int rv = connection_ap_process_http_connect(&conn);
  77. /* TODO: check the output is correctly parsed based on the input */
  78. log_debug(LD_GENERAL, "Result:\n%d\n", rv);
  79. goto done;
  80. done:
  81. /* Reset. */
  82. socks_request_free(conn.socks_request);
  83. buf_free(conn.edge_.base_.inbuf);
  84. conn.edge_.base_.inbuf = NULL;
  85. return 0;
  86. }