/src/fuzz_proxy.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include <sys/time.h>
#include "syshead.h"
#include "interval.h"
#include "proxy.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#include "sig.h"

#include "fuzz_randomizer.h"

int LLVMFuzzerInitialize(int *argc, char ***argv)
{
    OPENSSL_malloc_init();
    SSL_library_init();
    ERR_load_crypto_strings();

    OpenSSL_add_all_algorithms();
    OpenSSL_add_ssl_algorithms();
    OpenSSL_add_all_digests();

    SSL_load_error_strings();
    return 1;
}


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

  char *tmp = NULL;
  char *tmp2 = NULL;

  if (size < 500) {
    return 0;
  }
  fuzz_random_init(data, size);

  struct gc_arena gc = gc_new();
  struct http_proxy_info pi;
  ssize_t generic_ssizet;
  struct signal_info signal_received = {0};
  // TODO: This coul be randomized
  register_signal(&signal_received, SIGUSR1, "remote-exit");
  struct buffer lookahead = alloc_buf(1024);
  struct event_timeout evt;

  memset(&evt, 0, sizeof(struct event_timeout));
  memset(&pi, 0, sizeof(struct http_proxy_info));
  memset(&pi, 0, sizeof(pi));

  generic_ssizet = 0;
  char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
  strcpy(pi.up.username, fuzz_usrnm);
  if (strlen(pi.up.username) == 0) {
    gc_free(&gc);
    free_buf(&lookahead);
    free(fuzz_usrnm);
    fuzz_random_destroy();
    return 0;
  }

  char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
  strcpy(pi.up.password, pswd);
  if (strlen(pi.up.password) == 0) {
    gc_free(&gc);
    free_buf(&lookahead);

    free(pswd);
    free(fuzz_usrnm);
    fuzz_random_destroy();
    return 0;
  }

  generic_ssizet = fuzz_randomizer_get_int(0, 3);
  switch (generic_ssizet) {
  case 0:
    pi.auth_method = HTTP_AUTH_NONE;
    break;
  case 1:
     pi.auth_method = HTTP_AUTH_BASIC;
    break;
  case 2:
    pi.auth_method = HTTP_AUTH_DIGEST;
    break;
  case 3:
    pi.auth_method = HTTP_AUTH_NTLM2;
    break;
  }
  pi.options.http_version = "1.1";

  generic_ssizet = fuzz_randomizer_get_int(0, 2);
  switch (generic_ssizet) {
  case 0:
    pi.options.auth_retry = PAR_NO;
    break;
  case 1:
    pi.options.auth_retry = PAR_ALL;
    break;
  case 2:
    pi.options.auth_retry = PAR_NCT;
    break;
  }

  char *tmp_authenticate = get_random_string();
  pi.proxy_authenticate = tmp_authenticate;

  //if (provider.ConsumeProbability<double>() < 0.5) {
    //tmp = get_modifiable_string(provider);
    tmp = get_random_string();
    pi.options.custom_headers[0].name = tmp;
    //if (provider.ConsumeProbability<double>() < 0.5) {
      //tmp2 = get_modifiable_string(provider);
      tmp2 = get_random_string();
      pi.options.custom_headers[0].content = tmp2;
    //}
  //}

  establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
                                &signal_received);
  free(pi.proxy_authenticate);
  gc_free(&gc);
  free_buf(&lookahead);

  if (tmp != NULL)  free(tmp);
  if (tmp2 != NULL) free(tmp2);

    free(pswd);
    free(fuzz_usrnm);
  fuzz_random_destroy();


  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include <sys/time.h>
15		#include "syshead.h"
16		#include "interval.h"
17		#include "proxy.h"
18		#include <openssl/err.h>
19		#include <openssl/ssl.h>
20		#include "sig.h"
21
22		#include "fuzz_randomizer.h"
23
24		int LLVMFuzzerInitialize(int argc, char **argv)
25	4	{
26	4	OPENSSL_malloc_init();
27	4	SSL_library_init();
28	4	ERR_load_crypto_strings();
29
30	4	OpenSSL_add_all_algorithms();
31	4	OpenSSL_add_ssl_algorithms();
32	4	OpenSSL_add_all_digests();
33
34	4	SSL_load_error_strings();
35	4	return 1;
36	4	}
37
38
39	453	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
40
41	453	char *tmp = NULL;
42	453	char *tmp2 = NULL;
43
44	453	if (size < 500) {
45	17	return 0;
46	17	}
47	436	fuzz_random_init(data, size);
48
49	436	struct gc_arena gc = gc_new();
50	436	struct http_proxy_info pi;
51	436	ssize_t generic_ssizet;
52	436	struct signal_info signal_received = {0};
53		// TODO: This coul be randomized
54	436	register_signal(&signal_received, SIGUSR1, "remote-exit");
55	436	struct buffer lookahead = alloc_buf(1024);
56	436	struct event_timeout evt;
57
58	436	memset(&evt, 0, sizeof(struct event_timeout));
59	436	memset(&pi, 0, sizeof(struct http_proxy_info));
60	436	memset(&pi, 0, sizeof(pi));
61
62	436	generic_ssizet = 0;
63	436	char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
64	436	strcpy(pi.up.username, fuzz_usrnm);
65	436	if (strlen(pi.up.username) == 0) {
66	4	gc_free(&gc);
67	4	free_buf(&lookahead);
68	4	free(fuzz_usrnm);
69	4	fuzz_random_destroy();
70	4	return 0;
71	4	}
72
73	432	char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
74	432	strcpy(pi.up.password, pswd);
75	432	if (strlen(pi.up.password) == 0) {
76	4	gc_free(&gc);
77	4	free_buf(&lookahead);
78
79	4	free(pswd);
80	4	free(fuzz_usrnm);
81	4	fuzz_random_destroy();
82	4	return 0;
83	4	}
84
85	428	generic_ssizet = fuzz_randomizer_get_int(0, 3);
86	428	switch (generic_ssizet) {
87	149	case 0:
88	149	pi.auth_method = HTTP_AUTH_NONE;
89	149	break;
90	25	case 1:
91	25	pi.auth_method = HTTP_AUTH_BASIC;
92	25	break;
93	233	case 2:
94	233	pi.auth_method = HTTP_AUTH_DIGEST;
95	233	break;
96	21	case 3:
97	21	pi.auth_method = HTTP_AUTH_NTLM2;
98	21	break;
99	428	}
100	428	pi.options.http_version = "1.1";
101
102	428	generic_ssizet = fuzz_randomizer_get_int(0, 2);
103	428	switch (generic_ssizet) {
104	114	case 0:
105	114	pi.options.auth_retry = PAR_NO;
106	114	break;
107	207	case 1:
108	207	pi.options.auth_retry = PAR_ALL;
109	207	break;
110	107	case 2:
111	107	pi.options.auth_retry = PAR_NCT;
112	107	break;
113	428	}
114
115	428	char *tmp_authenticate = get_random_string();
116	428	pi.proxy_authenticate = tmp_authenticate;
117
118		//if (provider.ConsumeProbability<double>() < 0.5) {
119		//tmp = get_modifiable_string(provider);
120	428	tmp = get_random_string();
121	428	pi.options.custom_headers[0].name = tmp;
122		//if (provider.ConsumeProbability<double>() < 0.5) {
123		//tmp2 = get_modifiable_string(provider);
124	428	tmp2 = get_random_string();
125	428	pi.options.custom_headers[0].content = tmp2;
126		//}
127		//}
128
129	428	establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
130	428	&signal_received);
131	428	free(pi.proxy_authenticate);
132	428	gc_free(&gc);
133	428	free_buf(&lookahead);
134
135	428	if (tmp != NULL) free(tmp);
136	428	if (tmp2 != NULL) free(tmp2);
137
138	428	free(pswd);
139	428	free(fuzz_usrnm);
140	428	fuzz_random_destroy();
141
142
143	428	return 0;
144	428	}

Coverage Report

Created: 2025-07-23 06:54