/src/wget2/fuzz/libwget_cookie_fuzzer.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2017-2024 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of libwget. |
5 | | * |
6 | | * Libwget is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * Libwget is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with libwget. If not, see <https://www.gnu.org/licenses/>. |
18 | | */ |
19 | | |
20 | | #include <config.h> |
21 | | |
22 | | #include <assert.h> |
23 | | #include <stdio.h> |
24 | | #include <stdint.h> |
25 | | #include <stdlib.h> |
26 | | #include <string.h> |
27 | | |
28 | | #include "wget.h" |
29 | | #include "fuzzer.h" |
30 | | |
31 | | static void cookie_free(void *cookie) |
32 | 0 | { |
33 | 0 | if (cookie) |
34 | 0 | wget_cookie_free((wget_cookie **) &cookie); |
35 | 0 | } |
36 | | |
37 | | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |
38 | 1.66k | { |
39 | 1.66k | wget_cookie_db *db, *db2; |
40 | 1.66k | wget_cookie *cookie, *cookie2; |
41 | 1.66k | wget_iri *iri; |
42 | 1.66k | wget_vector *cookies; |
43 | 1.66k | char *in; |
44 | | |
45 | 1.66k | if (size > 1000) // same as max_len = 10000 in .options file |
46 | 11 | return 0; |
47 | | |
48 | 1.65k | in = (char *) malloc(size + 1); |
49 | 1.65k | assert(in != NULL); |
50 | | |
51 | | // 0 terminate |
52 | 1.65k | memcpy(in, data, size); |
53 | 1.65k | in[size] = 0; |
54 | | |
55 | 1.65k | wget_free(wget_cookie_to_setcookie(NULL)); |
56 | 1.65k | wget_cookie_store_cookie(NULL, NULL); |
57 | 1.65k | wget_cookie_db_save(NULL, NULL); |
58 | 1.65k | wget_cookie_db_load(NULL, NULL); |
59 | 1.65k | wget_cookie_create_request_header(NULL, NULL); |
60 | | |
61 | 1.65k | db = wget_cookie_db_init(NULL); |
62 | 1.65k | wget_cookie_set_keep_session_cookies(db, (size&1) == 0); |
63 | | |
64 | 1.65k | wget_cookie_parse_setcookie(in, &cookie); |
65 | 1.65k | wget_free(wget_cookie_to_setcookie(cookie)); |
66 | | |
67 | 1.65k | if (cookie) { |
68 | 1.58k | char fname[64]; |
69 | | |
70 | 1.58k | wget_cookie_check_psl(db, cookie); |
71 | 1.58k | iri = wget_iri_parse("x.y", "iso-8859-1"); |
72 | 1.58k | wget_cookie_normalize(iri, cookie); |
73 | | |
74 | 1.58k | wget_cookie_store_cookie(db, cookie); |
75 | | |
76 | 1.58k | wget_cookie_parse_setcookie(in, &cookie2); |
77 | 1.58k | cookies = wget_vector_create(4, NULL); |
78 | 1.58k | wget_vector_set_destructor(cookies, cookie_free); |
79 | 1.58k | wget_vector_add(cookies, cookie2); |
80 | 1.58k | wget_cookie_normalize_cookies(iri, cookies); |
81 | 1.58k | wget_cookie_store_cookies(db, cookies); |
82 | 1.58k | wget_http_free_cookies(&cookies); |
83 | | |
84 | 1.58k | wget_free(wget_cookie_create_request_header(db, iri)); |
85 | 1.58k | wget_iri_free(&iri); |
86 | | |
87 | | // test load & save functions |
88 | 1.58k | wget_snprintf(fname, sizeof(fname), "%d.tmp", getpid()); |
89 | 1.58k | wget_cookie_db_save(db, fname); |
90 | | |
91 | 1.58k | db2 = wget_cookie_db_init(NULL); |
92 | 1.58k | wget_cookie_db_load(db2, fname); |
93 | 1.58k | wget_cookie_db_free(&db2); |
94 | | |
95 | 1.58k | unlink(fname); |
96 | 1.58k | } |
97 | | |
98 | 1.65k | wget_cookie_db_load_psl(NULL, NULL); |
99 | 1.65k | wget_cookie_db_load_psl(db, "/dev/null"); |
100 | 1.65k | wget_cookie_db_load_psl(db, NULL); |
101 | | |
102 | | // wget_cookie_free(&cookie); |
103 | 1.65k | wget_cookie_db_free(&db); |
104 | | |
105 | 1.65k | free(in); |
106 | | |
107 | 1.65k | return 0; |
108 | 1.65k | } |