Line | Count | Source |
1 | | /* Copyright 2021 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | |
13 | | #include "config.h" |
14 | | #include "syshead.h" |
15 | | #include "init.h" |
16 | | #include "packet_id.h" |
17 | | |
18 | | #include "fuzz_randomizer.h" |
19 | | |
20 | 1.00k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
21 | 1.00k | fuzz_random_init(data, size); |
22 | | |
23 | 1.00k | struct packet_id pid; |
24 | 1.00k | struct packet_id_net pin; |
25 | 1.00k | const int seq_backtrack = 10; |
26 | 1.00k | const int time_backtrack = 10; |
27 | | |
28 | 1.00k | packet_id_init(&pid, seq_backtrack, time_backtrack, "name", 0); |
29 | | |
30 | 1.00k | int total_sends = fuzz_randomizer_get_int(0, 10); |
31 | 4.41k | for (int i = 0; i < total_sends; i++) { |
32 | 3.41k | update_time(); |
33 | 3.41k | pin.time = fuzz_randomizer_get_int(0, 0xfffffff); |
34 | 3.41k | pin.id = fuzz_randomizer_get_int(0, 0xfffffff); |
35 | | |
36 | 3.41k | packet_id_reap_test(&pid.rec); |
37 | 3.41k | bool test = packet_id_test(&pid.rec, &pin); |
38 | 3.41k | if (test) { |
39 | 891 | packet_id_add(&pid.rec, &pin); |
40 | 891 | } |
41 | 3.41k | } |
42 | 1.00k | packet_id_free(&pid); |
43 | | |
44 | | // packet id send |
45 | 1.00k | char *tmp2 = get_random_string(); |
46 | 1.00k | if (strlen(tmp2) > sizeof(struct packet_id_send)) { |
47 | 282 | struct packet_id_send pidsend; |
48 | 282 | memcpy(&pidsend, tmp2, sizeof(struct packet_id_send)); |
49 | | |
50 | 282 | time_t tv_sec = (time_t)pidsend.time; |
51 | 282 | if (localtime(&tv_sec) != NULL) { |
52 | 220 | struct buffer iv_buffer; |
53 | 220 | buf_set_write(&iv_buffer, tmp2, strlen(tmp2)); |
54 | 220 | packet_id_write(&pidsend, &iv_buffer, false, false); |
55 | 220 | packet_id_write(&pidsend, &iv_buffer, false, true); |
56 | 220 | packet_id_write(&pidsend, &iv_buffer, true, true); |
57 | 220 | packet_id_write(&pidsend, &iv_buffer, true, false); |
58 | 220 | } |
59 | 282 | } |
60 | 1.00k | free(tmp2); |
61 | | |
62 | 1.00k | struct gc_arena gc; |
63 | 1.00k | gc = gc_new(); |
64 | 1.00k | struct buffer buf; |
65 | 1.00k | char *tmp = get_random_string(); |
66 | 1.00k | buf = string_alloc_buf(tmp, &gc); |
67 | 1.00k | free(tmp); |
68 | 1.00k | packet_id_read(&pid, &buf, false); |
69 | 1.00k | packet_id_read(&pid, &buf, true); |
70 | 1.00k | gc_free(&gc); |
71 | | |
72 | 1.00k | char filename[256]; |
73 | 1.00k | sprintf(filename, "/tmp/libfuzzer.%d", getpid()); |
74 | | |
75 | 1.00k | FILE *fp = fopen(filename, "wb"); |
76 | 1.00k | if (!fp) { |
77 | 0 | return 0; |
78 | 0 | } |
79 | 1.00k | fwrite(data, size, 1, fp); |
80 | 1.00k | fclose(fp); |
81 | | |
82 | 1.00k | struct packet_id_persist p; |
83 | 1.00k | memset(&p, 0, sizeof(struct packet_id_persist)); |
84 | 1.00k | packet_id_persist_init(&p); |
85 | 1.00k | packet_id_persist_load(&p, filename); |
86 | 1.00k | time_t p_time = (time_t)p.time; |
87 | 1.00k | if (localtime(&p_time) != NULL) { |
88 | 747 | gc = gc_new(); |
89 | 747 | p.id_last_written = fuzz_randomizer_get_int(0, 0xfffffff); |
90 | | //packet_id_persist_print(&p, &gc); |
91 | 747 | packet_id_persist_save(&p); |
92 | 747 | gc_free(&gc); |
93 | 747 | } |
94 | | |
95 | 1.00k | packet_id_persist_close(&p); |
96 | 1.00k | unlink(filename); |
97 | | |
98 | 1.00k | fuzz_random_destroy(); |
99 | 1.00k | return 0; |
100 | 1.00k | } |