Fuzz introspector: FuzzStun
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
36 36 1 :

['stun_produce_integrity_key_str']

36 114 stun_check_message_integrity_str call site: 00028 /src/coturn/src/client/ns_turn_msg.c:1969
8 72 7 :

['stun_calculate_hmac', 'stun_get_command_message_len_str', 'stun_set_command_message_len_str', 'memcmp', 'get_hmackey_size', 'strlen', 'stun_attr_get_value']

8 72 stun_check_message_integrity_by_key_str call site: 00062 /src/coturn/src/client/ns_turn_msg.c:1906
8 72 7 :

['stun_calculate_hmac', 'stun_get_command_message_len_str', 'stun_set_command_message_len_str', 'memcmp', 'get_hmackey_size', 'strlen', 'stun_attr_get_value']

8 72 stun_check_message_integrity_by_key_str call site: 00062 /src/coturn/src/client/ns_turn_msg.c:1911
8 72 7 :

['stun_calculate_hmac', 'stun_get_command_message_len_str', 'stun_set_command_message_len_str', 'memcmp', 'get_hmackey_size', 'strlen', 'stun_attr_get_value']

8 72 stun_check_message_integrity_by_key_str call site: 00062 /src/coturn/src/client/ns_turn_msg.c:1916
4 4 1 :

['get_hmackey_size']

6 38 stun_check_message_integrity_by_key_str call site: 00064 /src/coturn/src/client/ns_turn_msg.c:1939
2 2 1 :

['EVP_sha256']

4 4 stun_calculate_hmac call site: 00068 /src/coturn/src/client/ns_turn_msg.c:121
2 2 1 :

['EVP_sha384']

4 4 stun_calculate_hmac call site: 00069 /src/coturn/src/client/ns_turn_msg.c:130
2 2 1 :

['EVP_sha512']

4 4 stun_calculate_hmac call site: 00070 /src/coturn/src/client/ns_turn_msg.c:139
0 0 None 2 4 stun_is_command_message_full_check_str call site: 00023 /src/coturn/src/client/ns_turn_msg.c:491
0 0 None 2 2 stun_check_message_integrity_by_key_str call site: 00075 /src/coturn/src/client/ns_turn_msg.c:1952
0 0 None 0 21 stun_attr_get_next_str call site: 00015 /src/coturn/src/client/ns_turn_msg.c:1431
0 0 None 0 6 stun_is_command_message_full_check_str call site: 00006 /src/coturn/src/client/ns_turn_msg.c:481

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 stun_is_command_message_full_check_str [function] [call site] 00001
2 stun_is_command_message_str [function] [call site] 00002
3 ntohs [call site] 00003
3 ntohl [call site] 00004
3 ntohs [call site] 00005
2 stun_attr_get_first_by_type_str [function] [call site] 00006
3 stun_attr_get_first_str [function] [call site] 00007
4 stun_get_command_message_len_str [function] [call site] 00008
5 ntohs [call site] 00009
4 stun_attr_check_valid [function] [call site] 00010
5 stun_attr_get_len [function] [call site] 00011
6 ntohs [call site] 00012
3 stun_attr_get_type [function] [call site] 00013
4 ntohs [call site] 00014
3 stun_attr_get_next_str [function] [call site] 00015
4 stun_attr_get_first_str [function] [call site] 00016
4 stun_get_command_message_len_str [function] [call site] 00017
4 stun_attr_get_len [function] [call site] 00018
4 stun_attr_check_valid [function] [call site] 00019
2 stun_get_method_str [function] [call site] 00020
3 ntohs [call site] 00021
2 stun_attr_get_len [function] [call site] 00022
2 stun_attr_get_value [function] [call site] 00023
3 ntohs [call site] 00024
2 ns_crc32 [function] [call site] 00025
2 ntohl [call site] 00026
1 strcpy [call site] 00027
1 stun_check_message_integrity_str [function] [call site] 00028
2 strncpy [call site] 00029
2 stun_produce_integrity_key_str [function] [call site] 00030
3 ERR_clear_error [call site] 00031
3 strlen [call site] 00032
3 strlen [call site] 00033
3 strlen [call site] 00034
3 strncpy [call site] 00035
3 strncpy [call site] 00036
3 strncpy [call site] 00037
3 EVP_MD_CTX_new [call site] 00038
3 EVP_sha256 [call site] 00039
3 EVP_DigestUpdate [call site] 00040
3 EVP_DigestFinal [call site] 00041
3 EVP_MD_CTX_free [call site] 00042
3 EVP_MD_CTX_new [call site] 00043
3 EVP_sha384 [call site] 00044
3 EVP_DigestUpdate [call site] 00045
3 EVP_DigestFinal [call site] 00046
3 EVP_MD_CTX_free [call site] 00047
3 EVP_MD_CTX_new [call site] 00048
3 EVP_sha512 [call site] 00049
3 EVP_DigestUpdate [call site] 00050
3 EVP_DigestFinal [call site] 00051
3 EVP_MD_CTX_free [call site] 00052
3 EVP_MD_CTX_new [call site] 00053
3 FIPS_mode [call site] 00054
3 EVP_MD_CTX_set_flags [call site] 00055
3 EVP_md5 [call site] 00056
3 EVP_DigestUpdate [call site] 00057
3 EVP_DigestFinal [call site] 00058
3 EVP_MD_CTX_free [call site] 00059
2 stun_check_message_integrity_by_key_str [function] [call site] 00060
3 stun_attr_get_first_by_type_str [function] [call site] 00061
3 stun_attr_get_len [function] [call site] 00062
3 stun_get_command_message_len_str [function] [call site] 00063
3 stun_set_command_message_len_str [function] [call site] 00064
4 ntohs [call site] 00065
3 strlen [call site] 00066
3 stun_calculate_hmac [function] [call site] 00067
4 ERR_clear_error [call site] 00068
4 EVP_sha256 [call site] 00069
4 EVP_sha384 [call site] 00070
4 EVP_sha512 [call site] 00071
4 EVP_sha1 [call site] 00072
3 get_hmackey_size [function] [call site] 00073
3 stun_set_command_message_len_str [function] [call site] 00074
3 stun_attr_get_value [function] [call site] 00075
3 memcmp [call site] 00076