/src/fluent-bit/tests/internal/fuzzers/signv4_fuzzer.c

Source
#include <fluent-bit/flb_info.h>
#include <fluent-bit/flb_mem.h>
#include <fluent-bit/flb_http_client.h>
#include <fluent-bit/flb_upstream.h>
#include <fluent-bit/flb_signv4.h>
#include <fluent-bit/flb_aws_credentials.h>
#include <monkey/mk_core.h>
#include <unistd.h>
#include <fluent-bit/flb_sds.h>
#include "flb_fuzz_header.h"

#define AWS_ACCESS_KEY_ID              "AWS_ACCESS_KEY_ID"
#define AWS_SECRET_ACCESS_KEY          "AWS_SECRET_ACCESS_KEY"
#define AWS_SESSION_TOKEN              "AWS_SESSION_TOKEN"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    if (size < 59) {
        return 0;
    }

    /* Set flb_malloc_mod to be fuzzer-data dependent */
    flb_malloc_p = 0;
    flb_malloc_mod = *(int*)data;
    data += 4;
    size -= 4;

    /* Avoid division by zero for modulo operations */
    if (flb_malloc_mod == 0) {
        flb_malloc_mod = 1;
    }

    char s3_mode = data[0];
    MOVE_INPUT(1)
    int method = (int)data[0];

    /* Prepare a general null-terminated string */
    char *uri             = get_null_terminated(50, &data, &size);
    char *null_terminated = get_null_terminated(size, &data, &size);

    /* Now begin the core work of the fuzzer */
    struct flb_config *config;
    struct mk_list *tests;
    struct flb_aws_provider *provider;
    config = flb_calloc(1, sizeof(struct flb_config));
    if (!config) {
        flb_free(uri);
        flb_free(null_terminated);
        return 0;
    }
    mk_list_init(&config->upstreams);
    provider = flb_aws_env_provider_create();

    /* Create the necessary http context */
    struct flb_upstream *http_u;
    struct flb_connection *http_u_conn = NULL;
    struct flb_http_client *http_c;
    struct flb_config *http_config;

    http_config = flb_config_init();
    if (http_config == NULL) {
        flb_aws_provider_destroy(provider);
        flb_free(uri);
        flb_free(null_terminated);
        flb_free(config);
        return 0;
    }

    http_u = flb_upstream_create(http_config, "127.0.0.1", 8001, 0, NULL);
    if (http_u != NULL) {
        http_u_conn = flb_calloc(1, sizeof(struct flb_connection));
        if (http_u_conn != NULL) {
            http_u_conn->upstream = http_u;

            http_c = flb_http_client(http_u_conn, method, uri,
                         null_terminated, size, "127.0.0.1", 8001, NULL, 0);
            if (http_c) {
                /* Call into the main target flb_signv4_do*/
                time_t t = 1440938160;
                char *region = "us-east-1";
                char *access_key = "AKIDEXAMPLE";
                char *service = "service";
                char *secret_key = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
                int ret = setenv(AWS_ACCESS_KEY_ID, access_key, 1);
                if (ret >= 0) {
                    ret = setenv(AWS_SECRET_ACCESS_KEY, secret_key, 1);
                    if (ret >= 0) {
                        flb_sds_t signature = flb_signv4_do(http_c, FLB_TRUE, FLB_FALSE,
                                    t, region, service, s3_mode, NULL, provider);
                        if (signature) {
                          flb_sds_destroy(signature);
                        }
                    }
                }
                flb_http_client_destroy(http_c);
            }
        }
        flb_upstream_destroy(http_u);
    }

    /* Cleanup */
    flb_config_exit(http_config);
    flb_aws_provider_destroy(provider);
    flb_free(config);

    flb_free(null_terminated);
    flb_free(http_u_conn);
    flb_free(uri);

    return 0;
}

Line	Count	Source
1		#include <fluent-bit/flb_info.h>
2		#include <fluent-bit/flb_mem.h>
3		#include <fluent-bit/flb_http_client.h>
4		#include <fluent-bit/flb_upstream.h>
5		#include <fluent-bit/flb_signv4.h>
6		#include <fluent-bit/flb_aws_credentials.h>
7		#include <monkey/mk_core.h>
8		#include <unistd.h>
9		#include <fluent-bit/flb_sds.h>
10		#include "flb_fuzz_header.h"
11
12	384	#define AWS_ACCESS_KEY_ID "AWS_ACCESS_KEY_ID"
13	384	#define AWS_SECRET_ACCESS_KEY "AWS_SECRET_ACCESS_KEY"
14		#define AWS_SESSION_TOKEN "AWS_SESSION_TOKEN"
15
16		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17	555	{
18	555	if (size < 59) {
19	19	return 0;
20	19	}
21
22		/* Set flb_malloc_mod to be fuzzer-data dependent */
23	536	flb_malloc_p = 0;
24	536	flb_malloc_mod = (int)data;
25	536	data += 4;
26	536	size -= 4;
27
28		/* Avoid division by zero for modulo operations */
29	536	if (flb_malloc_mod == 0) {
30	2	flb_malloc_mod = 1;
31	2	}
32
33	536	char s3_mode = data[0];
34	536	MOVE_INPUT(1)
35	536	int method = (int)data[0];
36
37		/* Prepare a general null-terminated string */
38	536	char *uri = get_null_terminated(50, &data, &size);
39	536	char *null_terminated = get_null_terminated(size, &data, &size);
40
41		/* Now begin the core work of the fuzzer */
42	536	struct flb_config *config;
43	536	struct mk_list *tests;
44	536	struct flb_aws_provider *provider;
45	536	config = flb_calloc(1, sizeof(struct flb_config));
46	536	if (!config) {
47	2	flb_free(uri);
48	2	flb_free(null_terminated);
49	2	return 0;
50	2	}
51	534	mk_list_init(&config->upstreams);
52	534	provider = flb_aws_env_provider_create();
53
54		/* Create the necessary http context */
55	534	struct flb_upstream *http_u;
56	534	struct flb_connection *http_u_conn = NULL;
57	534	struct flb_http_client *http_c;
58	534	struct flb_config *http_config;
59
60	534	http_config = flb_config_init();
61	534	if (http_config == NULL) {
62	144	flb_aws_provider_destroy(provider);
63	144	flb_free(uri);
64	144	flb_free(null_terminated);
65	144	flb_free(config);
66	144	return 0;
67	144	}
68
69	390	http_u = flb_upstream_create(http_config, "127.0.0.1", 8001, 0, NULL);
70	390	if (http_u != NULL) {
71	388	http_u_conn = flb_calloc(1, sizeof(struct flb_connection));
72	388	if (http_u_conn != NULL) {
73	387	http_u_conn->upstream = http_u;
74
75	387	http_c = flb_http_client(http_u_conn, method, uri,
76	387	null_terminated, size, "127.0.0.1", 8001, NULL, 0);
77	387	if (http_c) {
78		/* Call into the main target flb_signv4_do*/
79	384	time_t t = 1440938160;
80	384	char *region = "us-east-1";
81	384	char *access_key = "AKIDEXAMPLE";
82	384	char *service = "service";
83	384	char *secret_key = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
84	384	int ret = setenv(AWS_ACCESS_KEY_ID, access_key, 1);
85	384	if (ret >= 0) {
86	384	ret = setenv(AWS_SECRET_ACCESS_KEY, secret_key, 1);
87	384	if (ret >= 0) {
88	384	flb_sds_t signature = flb_signv4_do(http_c, FLB_TRUE, FLB_FALSE,
89	384	t, region, service, s3_mode, NULL, provider);
90	384	if (signature) {
91	298	flb_sds_destroy(signature);
92	298	}
93	384	}
94	384	}
95	384	flb_http_client_destroy(http_c);
96	384	}
97	387	}
98	388	flb_upstream_destroy(http_u);
99	388	}
100
101		/* Cleanup */
102	390	flb_config_exit(http_config);
103	390	flb_aws_provider_destroy(provider);
104	390	flb_free(config);
105
106	390	flb_free(null_terminated);
107	390	flb_free(http_u_conn);
108	390	flb_free(uri);
109
110	390	return 0;
111	534	}

Coverage Report

Created: 2025-06-24 08:09