/src/fuzz_preq.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include "apr.h"
#include "apr_file_io.h"
#include "apr_poll.h"
#include "apr_portable.h"
#include "apr_proc_mutex.h"
#include "apr_signal.h"
#include "apr_strings.h"
#include "apr_thread_mutex.h"
#include "apr_thread_proc.h"

#define APR_WANT_STRFUNC
#include "apr_file_io.h"
#include "apr_fnmatch.h"
#include "apr_want.h"

#include "apr_poll.h"
#include "apr_want.h"

#include "ap_config.h"
#include "ap_expr.h"
#include "ap_listen.h"
#include "ap_provider.h"
#include "ap_regex.h"

#include "ada_fuzz_header.h"
#include "apreq_parser.h"

apr_status_t hookfunc(apreq_hook_t *hook, apreq_param_t *param,
                      apr_bucket_brigade *bb) {
  return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  af_gb_init();

  const uint8_t *data2 = data;
  size_t size2 = size;

  /* get random data for the fuzzer */
  char *new_str = af_gb_get_null_terminated(&data2, &size2);
  char *new_str2 = af_gb_get_null_terminated(&data2, &size2);

  if (new_str != NULL && new_str2 != NULL) {
    apr_pool_initialize();
    apr_pool_t *v = NULL;
    apr_pool_create(&v, NULL);

    apr_bucket_alloc_t *bucket = apr_bucket_alloc_create(v);
    apr_bucket_brigade *brigade = apr_brigade_create(v, bucket);
    apr_brigade_write(brigade, NULL, NULL, new_str, strlen(new_str));

    apreq_parser_t parser;
    parser.content_type = new_str2;
    parser.temp_dir = "/tmp/";
    parser.brigade_limit = 10;
    parser.pool = v;
    parser.ctx = NULL;
    parser.bucket_alloc = bucket;

    parser.hook = apreq_hook_make(parser.pool, hookfunc, NULL, parser.ctx);

    apr_table_t *table = apr_table_make(parser.pool, 10);
    if (af_get_short(&data2, &size2) % 2 == 0) {
      apreq_parse_multipart(&parser, table, brigade);
    } else {
      apreq_parse_urlencoded(&parser, table, brigade);
    }

    apr_pool_terminate();
  }
  af_gb_cleanup();
  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12		#include "apr.h"
13		#include "apr_file_io.h"
14		#include "apr_poll.h"
15		#include "apr_portable.h"
16		#include "apr_proc_mutex.h"
17		#include "apr_signal.h"
18		#include "apr_strings.h"
19		#include "apr_thread_mutex.h"
20		#include "apr_thread_proc.h"
21
22		#define APR_WANT_STRFUNC
23		#include "apr_file_io.h"
24		#include "apr_fnmatch.h"
25		#include "apr_want.h"
26
27		#include "apr_poll.h"
28		#include "apr_want.h"
29
30		#include "ap_config.h"
31		#include "ap_expr.h"
32		#include "ap_listen.h"
33		#include "ap_provider.h"
34		#include "ap_regex.h"
35
36		#include "ada_fuzz_header.h"
37		#include "apreq_parser.h"
38
39		apr_status_t hookfunc(apreq_hook_t hook, apreq_param_t param,
40	1.14k	apr_bucket_brigade *bb) {
41	1.14k	return 0;
42	1.14k	}
43
44	1.07k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
45	1.07k	af_gb_init();
46
47	1.07k	const uint8_t *data2 = data;
48	1.07k	size_t size2 = size;
49
50		/* get random data for the fuzzer */
51	1.07k	char *new_str = af_gb_get_null_terminated(&data2, &size2);
52	1.07k	char *new_str2 = af_gb_get_null_terminated(&data2, &size2);
53
54	1.07k	if (new_str != NULL && new_str2 != NULL) {
55	1.06k	apr_pool_initialize();
56	1.06k	apr_pool_t *v = NULL;
57	1.06k	apr_pool_create(&v, NULL);
58
59	1.06k	apr_bucket_alloc_t *bucket = apr_bucket_alloc_create(v);
60	1.06k	apr_bucket_brigade *brigade = apr_brigade_create(v, bucket);
61	1.06k	apr_brigade_write(brigade, NULL, NULL, new_str, strlen(new_str));
62
63	1.06k	apreq_parser_t parser;
64	1.06k	parser.content_type = new_str2;
65	1.06k	parser.temp_dir = "/tmp/";
66	1.06k	parser.brigade_limit = 10;
67	1.06k	parser.pool = v;
68	1.06k	parser.ctx = NULL;
69	1.06k	parser.bucket_alloc = bucket;
70
71	1.06k	parser.hook = apreq_hook_make(parser.pool, hookfunc, NULL, parser.ctx);
72
73	1.06k	apr_table_t *table = apr_table_make(parser.pool, 10);
74	1.06k	if (af_get_short(&data2, &size2) % 2 == 0) {
75	895	apreq_parse_multipart(&parser, table, brigade);
76	895	} else {
77	165	apreq_parse_urlencoded(&parser, table, brigade);
78	165	}
79
80	1.06k	apr_pool_terminate();
81	1.06k	}
82	1.07k	af_gb_cleanup();
83	1.07k	return 0;
84	1.07k	}

Coverage Report

Created: 2023-03-26 06:28