/src/librabbitmq/fuzz/fuzz_server.c

Source (jump to first uncovered line)
// Copyright 2007 - 2022, Alan Antonuk and the rabbitmq-c contributors.
// SPDX-License-Identifier: mit

#include <arpa/inet.h>
#include <netinet/in.h>
#include <pthread.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>

#include <rabbitmq-c/amqp.h>
#include <rabbitmq-c/tcp_socket.h>

struct Fuzzer {
  int socket;
  uint16_t port;
  pthread_t thread;

  uint64_t size;
  uint8_t *buffer;
};
typedef struct Fuzzer Fuzzer;

#define PORT 8080
#define kMinInputLength 9
#define kMaxInputLength 1024

void client(Fuzzer *fuzzer);

void fuzzinit(Fuzzer *fuzzer) {
  struct sockaddr_in server_addr;
  fuzzer->socket = socket(AF_INET, SOCK_STREAM, 0);
  server_addr.sin_family = AF_INET;
  server_addr.sin_port = htons(fuzzer->port);
  server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
  setsockopt(fuzzer->socket, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int));
  bind(fuzzer->socket, (struct sockaddr *)&server_addr, sizeof(server_addr));
  listen(fuzzer->socket, 1);
}

void *Server(void *args) {
  Fuzzer *fuzzer = (Fuzzer *)args;

  int client;
  char clientData[10240];
  struct sockaddr_in clientAddr;
  uint32_t clientSZ = sizeof(clientAddr);

  client = accept(fuzzer->socket, (struct sockaddr *)&clientAddr, &clientSZ);

  recv(client, clientData, sizeof(clientData), 0);
  send(client, fuzzer->buffer, fuzzer->size, 0);

  shutdown(client, SHUT_RDWR);
  close(client);

  pthread_exit(NULL);
}

void clean(Fuzzer *fuzzer) {
  shutdown(fuzzer->socket, SHUT_RDWR);
  close(fuzzer->socket);
  free(fuzzer);
}

extern int LLVMFuzzerTestOneInput(const char *data, size_t size) {

  if (size < kMinInputLength || size > kMaxInputLength) {
    return 0;
  }

  Fuzzer *fuzzer = (Fuzzer *)malloc(sizeof(Fuzzer));
  fuzzer->port = PORT;

  fuzzinit(fuzzer);

  pthread_create(&fuzzer->thread, NULL, Server, fuzzer);

  client(fuzzer);

  pthread_join(fuzzer->thread, NULL);

  clean(fuzzer);

  return 0;
}

void client(Fuzzer *fuzzer) {
  char const *hostname;
  int status;
  amqp_socket_t *socket = NULL;
  amqp_connection_state_t conn;

  hostname = "localhost";

  conn = amqp_new_connection();

  socket = amqp_tcp_socket_new(conn);
  if (!socket) {
    exit(1);
  }

  status = amqp_socket_open(socket, hostname, fuzzer->port);
  if (status) {
    exit(1);
  }

  amqp_login(conn, "/", 0, 131072, 0, AMQP_SASL_METHOD_PLAIN, "guest", "guest");

  amqp_destroy_connection(conn);
}


Line	Count	Source (jump to first uncovered line)
1		// Copyright 2007 - 2022, Alan Antonuk and the rabbitmq-c contributors.
2		// SPDX-License-Identifier: mit
3
4		#include <arpa/inet.h>
5		#include <netinet/in.h>
6		#include <pthread.h>
7		#include <stdint.h>
8		#include <stdio.h>
9		#include <stdlib.h>
10		#include <string.h>
11		#include <sys/socket.h>
12		#include <unistd.h>
13
14		#include <rabbitmq-c/amqp.h>
15		#include <rabbitmq-c/tcp_socket.h>
16
17		struct Fuzzer {
18		int socket;
19		uint16_t port;
20		pthread_t thread;
21
22		uint64_t size;
23		uint8_t *buffer;
24		};
25		typedef struct Fuzzer Fuzzer;
26
27	0	#define PORT 8080
28	88	#define kMinInputLength 9
29	39	#define kMaxInputLength 1024
30
31		void client(Fuzzer *fuzzer);
32
33	0	void fuzzinit(Fuzzer *fuzzer) {
34	0	struct sockaddr_in server_addr;
35	0	fuzzer->socket = socket(AF_INET, SOCK_STREAM, 0);
36	0	server_addr.sin_family = AF_INET;
37	0	server_addr.sin_port = htons(fuzzer->port);
38	0	server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
39	0	setsockopt(fuzzer->socket, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int));
40	0	bind(fuzzer->socket, (struct sockaddr *)&server_addr, sizeof(server_addr));
41	0	listen(fuzzer->socket, 1);
42	0	}
43
44	0	void Server(void args) {
45	0	Fuzzer fuzzer = (Fuzzer )args;
46
47	0	int client;
48	0	char clientData[10240];
49	0	struct sockaddr_in clientAddr;
50	0	uint32_t clientSZ = sizeof(clientAddr);
51
52	0	client = accept(fuzzer->socket, (struct sockaddr *)&clientAddr, &clientSZ);
53
54	0	recv(client, clientData, sizeof(clientData), 0);
55	0	send(client, fuzzer->buffer, fuzzer->size, 0);
56
57	0	shutdown(client, SHUT_RDWR);
58	0	close(client);
59
60	0	pthread_exit(NULL);
61	0	}
62
63	0	void clean(Fuzzer *fuzzer) {
64	0	shutdown(fuzzer->socket, SHUT_RDWR);
65	0	close(fuzzer->socket);
66	0	free(fuzzer);
67	0	}
68
69	44	extern int LLVMFuzzerTestOneInput(const char *data, size_t size) {
70
71	44	if (size < kMinInputLength \|\| size > kMaxInputLength) {
72	44	return 0;
73	44	}
74
75	0	Fuzzer fuzzer = (Fuzzer )malloc(sizeof(Fuzzer));
76	0	fuzzer->port = PORT;
77
78	0	fuzzinit(fuzzer);
79
80	0	pthread_create(&fuzzer->thread, NULL, Server, fuzzer);
81
82	0	client(fuzzer);
83
84	0	pthread_join(fuzzer->thread, NULL);
85
86	0	clean(fuzzer);
87
88	0	return 0;
89	44	}
90
91	0	void client(Fuzzer *fuzzer) {
92	0	char const *hostname;
93	0	int status;
94	0	amqp_socket_t *socket = NULL;
95	0	amqp_connection_state_t conn;
96
97	0	hostname = "localhost";
98
99	0	conn = amqp_new_connection();
100
101	0	socket = amqp_tcp_socket_new(conn);
102	0	if (!socket) {
103	0	exit(1);
104	0	}
105
106	0	status = amqp_socket_open(socket, hostname, fuzzer->port);
107	0	if (status) {
108	0	exit(1);
109	0	}
110
111	0	amqp_login(conn, "/", 0, 131072, 0, AMQP_SASL_METHOD_PLAIN, "guest", "guest");
112
113	0	amqp_destroy_connection(conn);
114	0	}
115

Coverage Report

Created: 2023-03-26 06:02