81b1e4f6348 chore: Release v0.2.21-rc.1 9303e2e49a1 chore: Update the pkgsrc versions in the update-versions tool 71ec4b3b1e9 chore: Update the version-sync script to work in a post-tox.api.h world 66da842f753 chore: Add version update script compatible with ci-tools. 199878f7660 chore: Use new bazel script for circle ci. 8278e9cda46 chore: Add release issue template and workflow. a9bb3a1c4d1 chore: Fix alpine-s390x build. 6e0a641272e chore: Add a source tarball deploy workflow. 4adebe4d8b1 chore: Don't upload ios/macos variants in deploy workflows. 18f1d858ccb chore: Move one of the 3 freebsd builds to post-submit. 432ab60c002 feat: Add a Makefile for the single file deploy build. a86c0011fd5 chore: Add deploy job for single C file library. 2e7495e8f2a docs: Update changelog format to use the new clog-compatible way. a682da99e84 chore: Export wasmExports from the wasm binary. 12f34cdff27 chore: Add wasm to the nightly binary deploys. 1451029613f chore: Add strict-abi support for macOS/iOS. c53c30e09d9 chore: Add time option to manual fuzz trigger. 2ccecdc2a1a chore: Add remaining fuzz tests to cflite. 4626c2e230e test: Add a Net_Crypto fuzz test. b4a0e617c48 refactor: Use IP string length from ip_ntoa instead of strlen. b85b91f22f6 cleanup: rename getnodes/sendnodes to nodes request/response This change alignes the naming to be closer to the spec and make it less ambiguous. This change also changes the naming of some private/experimental marked APIs. - tox_callback_dht_nodes_response() - tox_dht_nodes_request() - Tox_Event_Dht_Get_Nodes_Response f1991aaa029 perf: Use stack allocation for strerror rendering. 3984211ccbf cleanup: remove kicked peers from saved peers list 26a991ed2be fix: ip to string function not accepting tcp families 712861f2e6d cleanup: Make websockify output qtox-compatible logging. 01932ea2f73 chore: Add opus and vpx to the toxcore wasm build. d29c42ef631 refactor: don't fully discard received DHT nodes. This is mostly forward thinking, where we might introduce other ip families, in addition to ipv4, ipv6, tcp_ipv4 etc. 21e2325934f chore: Fix xcframework tarball creation. b10c8b766ba chore: Fix xcframework checksum creation. 93787a9322e chore: Add ios/macos framework build. 9f723f891d3 fix: run do_gca also in bootstrap nodes 496cc703556 chore: Support arm64 iphone simulator. aa0e2a8e928 chore: Add support for more iOS architectures. 13ad8e81cbf chore: Add binary deploy workflows. c8344726378 refactor: Move tox_log_level out into its own file. 8799bea76c3 cleanup: Mark events/dispatch headers as experimental. d4164edb548 refactor: Remove tox_types.h; use `struct` tags instead. d408c982090 refactor: Move `Tox_Options` to `tox_options.h`. 5ab42d41209 chore: Move most cirrus jobs to circleci. 463eeae1144 cleanup: Avoid clashing with global define `DEBUG`. 92cc1e91747 refactor: Make Tox_Options own the passed proxy host and savedata. f276b397226 test: Add some more asserts for I/O and alloc to succeed. edb4dfc4869 fix: Don't crash on malloc failures in bin_unpack. be457d5d0b2 cleanup: Use tox memory for bin_unpack and net_strerror. git-subtree-dir: external/toxcore/c-toxcore git-subtree-split: 81b1e4f6348124784088591c4fe9ab41e273031d
101 lines
3.1 KiB
C++
101 lines
3.1 KiB
C++
#include "forwarding.h"
|
|
|
|
#include <cassert>
|
|
#include <cstring>
|
|
#include <memory>
|
|
#include <optional>
|
|
|
|
#include "../testing/fuzzing/fuzz_support.hh"
|
|
#include "../testing/fuzzing/fuzz_tox.hh"
|
|
|
|
namespace {
|
|
|
|
std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuzz_Data &input)
|
|
{
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *ipp_packed, input, SIZE_IP_PORT, std::nullopt);
|
|
IP_Port ipp{};
|
|
unpack_ip_port(&ipp, ipp_packed, SIZE_IP6, true);
|
|
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *forwarder_packed, input, SIZE_IP_PORT, std::nullopt);
|
|
IP_Port forwarder{};
|
|
unpack_ip_port(&forwarder, forwarder_packed, SIZE_IP6, true);
|
|
|
|
// 2 bytes: size of the request
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *data_size_bytes, input, sizeof(uint16_t), std::nullopt);
|
|
uint16_t data_size;
|
|
std::memcpy(&data_size, data_size_bytes, sizeof(uint16_t));
|
|
|
|
// data bytes (max 64K)
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *data, input, data_size, std::nullopt);
|
|
|
|
return {{ipp, forwarder, data, data_size}};
|
|
}
|
|
|
|
void TestSendForwardRequest(Fuzz_Data &input)
|
|
{
|
|
CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
|
|
const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
|
|
CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);
|
|
|
|
const auto prep = prepare(input);
|
|
if (!prep.has_value()) {
|
|
return;
|
|
}
|
|
const auto [ipp, forwarder, data, data_size] = prep.value();
|
|
|
|
// rest of the fuzz data is input for malloc and network
|
|
Fuzz_System sys(input);
|
|
|
|
const Ptr<Logger> logger(logger_new(sys.mem.get()), logger_kill);
|
|
if (logger == nullptr) {
|
|
return;
|
|
}
|
|
|
|
const Ptr<Networking_Core> net(new_networking_ex(logger.get(), sys.mem.get(), sys.ns.get(),
|
|
&ipp.ip, ipp.port, ipp.port + 100, nullptr),
|
|
kill_networking);
|
|
if (net == nullptr) {
|
|
return;
|
|
}
|
|
|
|
send_forward_request(net.get(), &forwarder, chain_keys, chain_length, data, data_size);
|
|
}
|
|
|
|
void TestForwardReply(Fuzz_Data &input)
|
|
{
|
|
CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
|
|
CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);
|
|
|
|
const auto prep = prepare(input);
|
|
if (!prep.has_value()) {
|
|
return;
|
|
}
|
|
const auto [ipp, forwarder, data, data_size] = prep.value();
|
|
|
|
// rest of the fuzz data is input for malloc and network
|
|
Fuzz_System sys(input);
|
|
|
|
const Ptr<Logger> logger(logger_new(sys.mem.get()), logger_kill);
|
|
if (logger == nullptr) {
|
|
return;
|
|
}
|
|
|
|
const Ptr<Networking_Core> net(new_networking_ex(logger.get(), sys.mem.get(), sys.ns.get(),
|
|
&ipp.ip, ipp.port, ipp.port + 100, nullptr),
|
|
kill_networking);
|
|
if (net == nullptr) {
|
|
return;
|
|
}
|
|
|
|
forward_reply(net.get(), &forwarder, sendback, sendback_length, data, data_size);
|
|
}
|
|
|
|
} // namespace
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|
{
|
|
fuzz_select_target<TestSendForwardRequest, TestForwardReply>(data, size);
|
|
return 0;
|
|
}
|