/src/fuzz_proxy.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include <sys/time.h>
#include "syshead.h"
#include "interval.h"
#include "proxy.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#include "sig.h"

#include "fuzz_randomizer.h"

int LLVMFuzzerInitialize(int *argc, char ***argv)
{
    OPENSSL_malloc_init();
    SSL_library_init();
    ERR_load_crypto_strings();

    OpenSSL_add_all_algorithms();
    OpenSSL_add_ssl_algorithms();
    OpenSSL_add_all_digests();

    SSL_load_error_strings();
    return 1;
}


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

  char *tmp = NULL;
  char *tmp2 = NULL;

  if (size < 500) {
    return 0;
  }
  fuzz_random_init(data, size);

  struct gc_arena gc = gc_new();
  struct http_proxy_info pi;
  ssize_t generic_ssizet;
  struct signal_info signal_received = {0};
  // TODO: This coul be randomized
  register_signal(&signal_received, SIGUSR1, "remote-exit");
  struct buffer lookahead = alloc_buf(1024);
  struct event_timeout evt;

  memset(&evt, 0, sizeof(struct event_timeout));
  memset(&pi, 0, sizeof(struct http_proxy_info));
  memset(&pi, 0, sizeof(pi));

  generic_ssizet = 0;
  char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
  strcpy(pi.up.username, fuzz_usrnm);
  if (strlen(pi.up.username) == 0) {
    gc_free(&gc);
    free_buf(&lookahead);
    free(fuzz_usrnm);
    fuzz_random_destroy();
    return 0;
  }

  char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
  strcpy(pi.up.password, pswd);
  if (strlen(pi.up.password) == 0) {
    gc_free(&gc);
    free_buf(&lookahead);

    free(pswd);
    free(fuzz_usrnm);
    fuzz_random_destroy();
    return 0;
  }

  generic_ssizet = fuzz_randomizer_get_int(0, 3);
  switch (generic_ssizet) {
  case 0:
    pi.auth_method = HTTP_AUTH_NONE;
    break;
  case 1:
     pi.auth_method = HTTP_AUTH_BASIC;
    break;
  case 2:
    pi.auth_method = HTTP_AUTH_DIGEST;
    break;
  case 3:
    pi.auth_method = HTTP_AUTH_NTLM2;
    break;
  }
  pi.options.http_version = "1.1";

  generic_ssizet = fuzz_randomizer_get_int(0, 2);
  switch (generic_ssizet) {
  case 0:
    pi.options.auth_retry = PAR_NO;
    break;
  case 1:
    pi.options.auth_retry = PAR_ALL;
    break;
  case 2:
    pi.options.auth_retry = PAR_NCT;
    break;
  }

  char *tmp_authenticate = get_random_string();
  pi.proxy_authenticate = tmp_authenticate;

  //if (provider.ConsumeProbability<double>() < 0.5) {
    //tmp = get_modifiable_string(provider);
    tmp = get_random_string();
    pi.options.custom_headers[0].name = tmp;
    //if (provider.ConsumeProbability<double>() < 0.5) {
      //tmp2 = get_modifiable_string(provider);
      tmp2 = get_random_string();
      pi.options.custom_headers[0].content = tmp2;
    //}
  //}

  establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
                                &signal_received);
  free(pi.proxy_authenticate);
  gc_free(&gc);
  free_buf(&lookahead);

  if (tmp != NULL)  free(tmp);
  if (tmp2 != NULL) free(tmp2);

    free(pswd);
    free(fuzz_usrnm);
  fuzz_random_destroy();


  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include <sys/time.h>
15		#include "syshead.h"
16		#include "interval.h"
17		#include "proxy.h"
18		#include <openssl/err.h>
19		#include <openssl/ssl.h>
20		#include "sig.h"
21
22		#include "fuzz_randomizer.h"
23
24		int LLVMFuzzerInitialize(int argc, char **argv)
25	4	{
26	4	OPENSSL_malloc_init();
27	4	SSL_library_init();
28	4	ERR_load_crypto_strings();
29
30	4	OpenSSL_add_all_algorithms();
31	4	OpenSSL_add_ssl_algorithms();
32	4	OpenSSL_add_all_digests();
33
34	4	SSL_load_error_strings();
35	4	return 1;
36	4	}
37
38
39	427	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
40
41	427	char *tmp = NULL;
42	427	char *tmp2 = NULL;
43
44	427	if (size < 500) {
45	17	return 0;
46	17	}
47	410	fuzz_random_init(data, size);
48
49	410	struct gc_arena gc = gc_new();
50	410	struct http_proxy_info pi;
51	410	ssize_t generic_ssizet;
52	410	struct signal_info signal_received = {0};
53		// TODO: This coul be randomized
54	410	register_signal(&signal_received, SIGUSR1, "remote-exit");
55	410	struct buffer lookahead = alloc_buf(1024);
56	410	struct event_timeout evt;
57
58	410	memset(&evt, 0, sizeof(struct event_timeout));
59	410	memset(&pi, 0, sizeof(struct http_proxy_info));
60	410	memset(&pi, 0, sizeof(pi));
61
62	410	generic_ssizet = 0;
63	410	char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
64	410	strcpy(pi.up.username, fuzz_usrnm);
65	410	if (strlen(pi.up.username) == 0) {
66	4	gc_free(&gc);
67	4	free_buf(&lookahead);
68	4	free(fuzz_usrnm);
69	4	fuzz_random_destroy();
70	4	return 0;
71	4	}
72
73	406	char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
74	406	strcpy(pi.up.password, pswd);
75	406	if (strlen(pi.up.password) == 0) {
76	4	gc_free(&gc);
77	4	free_buf(&lookahead);
78
79	4	free(pswd);
80	4	free(fuzz_usrnm);
81	4	fuzz_random_destroy();
82	4	return 0;
83	4	}
84
85	402	generic_ssizet = fuzz_randomizer_get_int(0, 3);
86	402	switch (generic_ssizet) {
87	160	case 0:
88	160	pi.auth_method = HTTP_AUTH_NONE;
89	160	break;
90	26	case 1:
91	26	pi.auth_method = HTTP_AUTH_BASIC;
92	26	break;
93	196	case 2:
94	196	pi.auth_method = HTTP_AUTH_DIGEST;
95	196	break;
96	20	case 3:
97	20	pi.auth_method = HTTP_AUTH_NTLM2;
98	20	break;
99	402	}
100	402	pi.options.http_version = "1.1";
101
102	402	generic_ssizet = fuzz_randomizer_get_int(0, 2);
103	402	switch (generic_ssizet) {
104	151	case 0:
105	151	pi.options.auth_retry = PAR_NO;
106	151	break;
107	133	case 1:
108	133	pi.options.auth_retry = PAR_ALL;
109	133	break;
110	118	case 2:
111	118	pi.options.auth_retry = PAR_NCT;
112	118	break;
113	402	}
114
115	402	char *tmp_authenticate = get_random_string();
116	402	pi.proxy_authenticate = tmp_authenticate;
117
118		//if (provider.ConsumeProbability<double>() < 0.5) {
119		//tmp = get_modifiable_string(provider);
120	402	tmp = get_random_string();
121	402	pi.options.custom_headers[0].name = tmp;
122		//if (provider.ConsumeProbability<double>() < 0.5) {
123		//tmp2 = get_modifiable_string(provider);
124	402	tmp2 = get_random_string();
125	402	pi.options.custom_headers[0].content = tmp2;
126		//}
127		//}
128
129	402	establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
130	402	&signal_received);
131	402	free(pi.proxy_authenticate);
132	402	gc_free(&gc);
133	402	free_buf(&lookahead);
134
135	402	if (tmp != NULL) free(tmp);
136	402	if (tmp2 != NULL) free(tmp2);
137
138	402	free(pswd);
139	402	free(fuzz_usrnm);
140	402	fuzz_random_destroy();
141
142
143	402	return 0;
144	402	}

Coverage Report

Created: 2025-08-31 07:02