Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
yanglu
/
nanrui_ywk485
İzle 1
Yıldızla 0
Çatalla 0
Files Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: master
Dallar Biçim İmleri
nanrui_ywk485
/
test
/
fuzz.c

fuzz.c 4.1 KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. #define MG_ENABLE_SOCKET 0
    2. 

  2. #define MG_ENABLE_LOG 0
    3. 

  3. #define MG_ENABLE_LINES 1
    4. 

  4. #define MG_ENABLE_TCPIP 1
    5. 

  5. #define MG_IO_SIZE (32 * 1024 * 1024)  // Big IO size for fast resizes
    6. 

  6. 

  7. #include "mongoose.c"
    8. 

  8. 

  9. #include "driver_mock.c"
    10. 

  10. 

  11. #ifdef __cplusplus
    12. 

  12. extern "C" int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
    13. 

  13. #else
    14. 

  14. int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
    15. 

  15. #endif
    16. 

  16. 

  17. static void fn(struct mg_connection *c, int ev, void *ev_data) {
    18. 

  18.   struct mg_http_serve_opts opts = {.root_dir = "."};
    19. 

  19.   if (ev == MG_EV_HTTP_MSG) {
    20. 

  20.     mg_http_serve_dir(c, (struct mg_http_message *) ev_data, &opts);
    21. 

  21.   }
    22. 

  22. }
    23. 

  23. 

  24. int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    25. 

  25.   mg_log_set(MG_LL_INFO);
    26. 

  26. 

  27.   struct mg_dns_message dm;
    28. 

  28.   mg_dns_parse(data, size, &dm);
    29. 

  29.   mg_dns_parse(NULL, 0, &dm);
    30. 

  30. 

  31.   struct mg_http_message hm;
    32. 

  32.   if (mg_http_parse((const char *) data, size, &hm) > 0) {
    33. 

  33.     mg_crc32(0, hm.method.ptr, hm.method.len);
    34. 

  34.     mg_crc32(0, hm.uri.ptr, hm.uri.len);
    35. 

  35.     mg_crc32(0, hm.uri.ptr, hm.uri.len);
    36. 

  36.     for (size_t i = 0; i < sizeof(hm.headers) / sizeof(hm.headers[0]); i++) {
    37. 

  37.       struct mg_str *k = &hm.headers[i].name, *v = &hm.headers[i].value;
    38. 

  38.       mg_crc32(0, k->ptr, k->len);
    39. 

  39.       mg_crc32(0, v->ptr, v->len);
    40. 

  40.     }
    41. 

  41.   }
    42. 

  42.   mg_http_parse(NULL, 0, &hm);
    43. 

  43. 

  44.   struct mg_str body = mg_str_n((const char *) data, size);
    45. 

  45.   char tmp[256];
    46. 

  46.   mg_http_get_var(&body, "key", tmp, sizeof(tmp));
    47. 

  47.   mg_http_get_var(&body, "key", NULL, 0);
    48. 

  48.   mg_url_decode((char *) data, size, tmp, sizeof(tmp), 1);
    49. 

  49.   mg_url_decode((char *) data, size, tmp, 1, 1);
    50. 

  50.   mg_url_decode(NULL, 0, tmp, 1, 1);
    51. 

  51. 

  52.   struct mg_mqtt_message mm;
    53. 

  53.   if (mg_mqtt_parse(data, size, 0, &mm) == MQTT_OK) {
    54. 

  54.     mg_crc32(0, mm.topic.ptr, mm.topic.len);
    55. 

  55.     mg_crc32(0, mm.data.ptr, mm.data.len);
    56. 

  56.     mg_crc32(0, mm.dgram.ptr, mm.dgram.len);
    57. 

  57.   }
    58. 

  58.   mg_mqtt_parse(NULL, 0, 0, &mm);
    59. 

  59.   if (mg_mqtt_parse(data, size, 5, &mm) == MQTT_OK) {
    60. 

  60.     mg_crc32(0, mm.topic.ptr, mm.topic.len);
    61. 

  61.     mg_crc32(0, mm.data.ptr, mm.data.len);
    62. 

  62.     mg_crc32(0, mm.dgram.ptr, mm.dgram.len);
    63. 

  63.   }
    64. 

  64.   mg_mqtt_parse(NULL, 0, 5, &mm);
    65. 

  65. 

  66.   mg_sntp_parse(data, size);
    67. 

  67.   mg_sntp_parse(NULL, 0);
    68. 

  68. 

  69.   char buf[size * 4 / 3 + 5];  // At least 4 chars and nul termination
    70. 

  70.   mg_base64_decode((char *) data, size, buf, sizeof(buf));
    71. 

  71.   mg_base64_decode(NULL, 0, buf, sizeof(buf));
    72. 

  72.   mg_base64_encode(data, size, buf, sizeof(buf));
    73. 

  73.   mg_base64_encode(NULL, 0, buf, sizeof(buf));
    74. 

  74. 

  75.   mg_globmatch((char *) data, size, (char *) data, size);
    76. 

  76. 

  77.   struct mg_str k, v, s = mg_str_n((char *) data, size);
    78. 

  78.   while (mg_commalist(&s, &k, &v)) k.len = v.len = 0;
    79. 

  79. 

  80.   int n;
    81. 

  81.   mg_json_get(mg_str_n((char *) data, size), "$", &n);
    82. 

  82.   mg_json_get(mg_str_n((char *) data, size), "$.a.b", &n);
    83. 

  83.   mg_json_get(mg_str_n((char *) data, size), "$[0]", &n);
    84. 

  84. 

  85.   if (size > 0) {
    86. 

  86.     struct mg_tcpip_if mif = {.ip = 0x01020304,
    87. 

  87.                               .mask = 255,
    88. 

  88.                               .gw = 0x01010101,
    89. 

  89.                               .driver = &mg_tcpip_driver_mock};
    90. 

  90.     struct mg_mgr mgr;
    91. 

  91.     mg_mgr_init(&mgr);
    92. 

  92.     mg_tcpip_init(&mgr, &mif);
    93. 

  93. 

  94.     // Make a copy of the random data, in order to modify it
    95. 

  95.     void *pkt = malloc(size);
    96. 

  96.     struct eth *eth = (struct eth *) pkt;
    97. 

  97.     memcpy(pkt, data, size);
    98. 

  98.     if (size > sizeof(*eth)) {
    99. 

  99.       static size_t i;
    100. 

  100.       uint16_t eth_types[] = {0x800, 0x800, 0x806, 0x86dd};
    101. 

  101.       memcpy(eth->dst, mif.mac, 6);  // Set valid destination MAC
    102. 

  102.       eth->type = mg_htons(eth_types[i++]);
    103. 

  103.       if (i >= sizeof(eth_types) / sizeof(eth_types[0])) i = 0;
    104. 

  104.     }
    105. 

  105. 

  106.     mg_tcpip_rx(&mif, pkt, size);
    107. 

  107. 

  108.     // Test HTTP serving
    109. 

  109.     const char *url = "http://localhost:12345";
    110. 

  110.     struct mg_connection *c = mg_http_connect(&mgr, url, fn, NULL);
    111. 

  111.     mg_iobuf_add(&c->recv, 0, data, size);
    112. 

  112.     c->pfn(c, MG_EV_READ, NULL); // manually invoke protocol event handler
    113. 

  113. 

  114.     mg_mgr_free(&mgr);
    115. 

  115.     free(pkt);
    116. 

  116.     mg_tcpip_free(&mif);
    117. 

  117.   }
    118. 

  118. 

  119.   return 0;
    120. 

  120. }
    121. 

  121. 

  122. #if defined(MAIN)
    123. 

  123. int main(int argc, char *argv[]) {
    124. 

  124.   int res = EXIT_FAILURE;
    125. 

  125.   if (argc > 1) {
    126. 

  126.     size_t len = 0;
    127. 

  127.     char *buf = mg_file_read(&mg_fs_posix, argv[1], &len);
    128. 

  128.     if (buf != NULL) {
    129. 

  129.       LLVMFuzzerTestOneInput((uint8_t *) buf, len);
    130. 

  130.       res = EXIT_SUCCESS;
    131. 

  131.     }
    132. 

  132.     free(buf);
    133. 

  133.   }
    134. 

  134.   return res;
    135. 

  135. }
    136. 

  136. #endif
    137. 

  137.