/src/fuzz_proxy.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include <sys/time.h>
#include "syshead.h"
#include "interval.h"
#include "proxy.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#include "sig.h"

#include "fuzz_randomizer.h"

int LLVMFuzzerInitialize(int *argc, char ***argv)
{
    OPENSSL_malloc_init();
    SSL_library_init();
    ERR_load_crypto_strings();

    OpenSSL_add_all_algorithms();
    OpenSSL_add_ssl_algorithms();
    OpenSSL_add_all_digests();

    SSL_load_error_strings();
    return 1;
}


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

  char *tmp = NULL;
  char *tmp2 = NULL;

  if (size < 500) {
    return 0;
  }
  fuzz_random_init(data, size);

  struct gc_arena gc = gc_new();
  struct http_proxy_info pi;
  ssize_t generic_ssizet;
  struct signal_info signal_received = {0};
  // TODO: This coul be randomized
  register_signal(&signal_received, SIGUSR1, "remote-exit");
  struct buffer lookahead = alloc_buf(1024);
  struct event_timeout evt;

  memset(&evt, 0, sizeof(struct event_timeout));
  memset(&pi, 0, sizeof(struct http_proxy_info));
  memset(&pi, 0, sizeof(pi));

  generic_ssizet = 0;
  char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
  strcpy(pi.up.username, fuzz_usrnm);
  if (strlen(pi.up.username) == 0) {
    gc_free(&gc);
    free_buf(&lookahead);
    free(fuzz_usrnm);
    fuzz_random_destroy();
    return 0;
  }

  char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
  strcpy(pi.up.password, pswd);
  if (strlen(pi.up.password) == 0) {
    gc_free(&gc);
    free_buf(&lookahead);

    free(pswd);
    free(fuzz_usrnm);
    fuzz_random_destroy();
    return 0;
  }

  generic_ssizet = fuzz_randomizer_get_int(0, 3);
  switch (generic_ssizet) {
  case 0:
    pi.auth_method = HTTP_AUTH_NONE;
    break;
  case 1:
     pi.auth_method = HTTP_AUTH_BASIC;
    break;
  case 2:
    pi.auth_method = HTTP_AUTH_DIGEST;
    break;
  case 3:
    pi.auth_method = HTTP_AUTH_NTLM2;
    break;
  }
  pi.options.http_version = "1.1";

  generic_ssizet = fuzz_randomizer_get_int(0, 2);
  switch (generic_ssizet) {
  case 0:
    pi.options.auth_retry = PAR_NO;
    break;
  case 1:
    pi.options.auth_retry = PAR_ALL;
    break;
  case 2:
    pi.options.auth_retry = PAR_NCT;
    break;
  }

  char *tmp_authenticate = get_random_string();
  pi.proxy_authenticate = tmp_authenticate;

  //if (provider.ConsumeProbability<double>() < 0.5) {
    //tmp = get_modifiable_string(provider);
    tmp = get_random_string();
    pi.options.custom_headers[0].name = tmp;
    //if (provider.ConsumeProbability<double>() < 0.5) {
      //tmp2 = get_modifiable_string(provider);
      tmp2 = get_random_string();
      pi.options.custom_headers[0].content = tmp2;
    //}
  //}

  establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
                                &signal_received);
  free(pi.proxy_authenticate);
  gc_free(&gc);
  free_buf(&lookahead);

  if (tmp != NULL)  free(tmp);
  if (tmp2 != NULL) free(tmp2);

    free(pswd);
    free(fuzz_usrnm);
  fuzz_random_destroy();


  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include <sys/time.h>
15		#include "syshead.h"
16		#include "interval.h"
17		#include "proxy.h"
18		#include <openssl/err.h>
19		#include <openssl/ssl.h>
20		#include "sig.h"
21
22		#include "fuzz_randomizer.h"
23
24		int LLVMFuzzerInitialize(int argc, char **argv)
25	4	{
26	4	OPENSSL_malloc_init();
27	4	SSL_library_init();
28	4	ERR_load_crypto_strings();
29
30	4	OpenSSL_add_all_algorithms();
31	4	OpenSSL_add_ssl_algorithms();
32	4	OpenSSL_add_all_digests();
33
34	4	SSL_load_error_strings();
35	4	return 1;
36	4	}
37
38
39	483	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
40
41	483	char *tmp = NULL;
42	483	char *tmp2 = NULL;
43
44	483	if (size < 500) {
45	17	return 0;
46	17	}
47	466	fuzz_random_init(data, size);
48
49	466	struct gc_arena gc = gc_new();
50	466	struct http_proxy_info pi;
51	466	ssize_t generic_ssizet;
52	466	struct signal_info signal_received = {0};
53		// TODO: This coul be randomized
54	466	register_signal(&signal_received, SIGUSR1, "remote-exit");
55	466	struct buffer lookahead = alloc_buf(1024);
56	466	struct event_timeout evt;
57
58	466	memset(&evt, 0, sizeof(struct event_timeout));
59	466	memset(&pi, 0, sizeof(struct http_proxy_info));
60	466	memset(&pi, 0, sizeof(pi));
61
62	466	generic_ssizet = 0;
63	466	char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
64	466	strcpy(pi.up.username, fuzz_usrnm);
65	466	if (strlen(pi.up.username) == 0) {
66	3	gc_free(&gc);
67	3	free_buf(&lookahead);
68	3	free(fuzz_usrnm);
69	3	fuzz_random_destroy();
70	3	return 0;
71	3	}
72
73	463	char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
74	463	strcpy(pi.up.password, pswd);
75	463	if (strlen(pi.up.password) == 0) {
76	1	gc_free(&gc);
77	1	free_buf(&lookahead);
78
79	1	free(pswd);
80	1	free(fuzz_usrnm);
81	1	fuzz_random_destroy();
82	1	return 0;
83	1	}
84
85	462	generic_ssizet = fuzz_randomizer_get_int(0, 3);
86	462	switch (generic_ssizet) {
87	146	case 0:
88	146	pi.auth_method = HTTP_AUTH_NONE;
89	146	break;
90	35	case 1:
91	35	pi.auth_method = HTTP_AUTH_BASIC;
92	35	break;
93	252	case 2:
94	252	pi.auth_method = HTTP_AUTH_DIGEST;
95	252	break;
96	29	case 3:
97	29	pi.auth_method = HTTP_AUTH_NTLM2;
98	29	break;
99	462	}
100	462	pi.options.http_version = "1.1";
101
102	462	generic_ssizet = fuzz_randomizer_get_int(0, 2);
103	462	switch (generic_ssizet) {
104	223	case 0:
105	223	pi.options.auth_retry = PAR_NO;
106	223	break;
107	102	case 1:
108	102	pi.options.auth_retry = PAR_ALL;
109	102	break;
110	137	case 2:
111	137	pi.options.auth_retry = PAR_NCT;
112	137	break;
113	462	}
114
115	462	char *tmp_authenticate = get_random_string();
116	462	pi.proxy_authenticate = tmp_authenticate;
117
118		//if (provider.ConsumeProbability<double>() < 0.5) {
119		//tmp = get_modifiable_string(provider);
120	462	tmp = get_random_string();
121	462	pi.options.custom_headers[0].name = tmp;
122		//if (provider.ConsumeProbability<double>() < 0.5) {
123		//tmp2 = get_modifiable_string(provider);
124	462	tmp2 = get_random_string();
125	462	pi.options.custom_headers[0].content = tmp2;
126		//}
127		//}
128
129	462	establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
130	462	&signal_received);
131	462	free(pi.proxy_authenticate);
132	462	gc_free(&gc);
133	462	free_buf(&lookahead);
134
135	462	if (tmp != NULL) free(tmp);
136	462	if (tmp2 != NULL) free(tmp2);
137
138	462	free(pswd);
139	462	free(fuzz_usrnm);
140	462	fuzz_random_destroy();
141
142
143	462	return 0;
144	462	}

Coverage Report

Created: 2026-02-14 06:40