tomato/toxcore/forwarding_fuzz_test.cc
Green Sky ff3512a77e Squashed 'external/toxcore/c-toxcore/' changes from 55752a2e2ef..f785959eace
f785959eace chore: add to_string functions for netprof enums
a95b7957288 cleanup: Heap allocate network profile objects
a3c80149edd feat: Implement Tox network profiler
ac812871a2e feat: implement the last 2 missing network struct functions and make use of them
29d1043be0b test: friend request test now tests min/max message sizes
93aafd78c1f fix: friend requests with very long messages are no longer dropped
819aa2b2618 feat: Add option to disable DNS lookups in toxcore.
0ac23cee035 fix: windows use of REUSEADDR
7d2811d302d chore(ci): make bazel server shutdown faster
1dc399ba20d chore: Use vcpkg instead of conan in the MSVC build.
14d823165d9 chore: Migrate to conan 2.
bdd17c16787 cleanup: Allocate logger using tox memory allocator.
b396c061515 chore(deps): bump third_party/cmp from `2ac6bca` to `52bfcfa`
2e94da60d09 feat(net): add missing connect to network struct
41fb1839c7b chore: Add check to ensure version numbers agree.
934a8301113 chore: Release 0.2.20
3acef4bf044 fix: Add missing free in dht_get_nodes_response event.

git-subtree-dir: external/toxcore/c-toxcore
git-subtree-split: f785959eacebc59590f756b133b52601c335a1d1
2024-12-04 11:41:10 +01:00

101 lines
3.0 KiB
C++

#include "forwarding.h"
#include <cassert>
#include <cstring>
#include <memory>
#include <optional>
#include "../testing/fuzzing/fuzz_support.hh"
#include "../testing/fuzzing/fuzz_tox.hh"
namespace {
std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuzz_Data &input)
{
CONSUME_OR_RETURN_VAL(const uint8_t *ipp_packed, input, SIZE_IP_PORT, std::nullopt);
IP_Port ipp;
unpack_ip_port(&ipp, ipp_packed, SIZE_IP6, true);
CONSUME_OR_RETURN_VAL(const uint8_t *forwarder_packed, input, SIZE_IP_PORT, std::nullopt);
IP_Port forwarder;
unpack_ip_port(&forwarder, forwarder_packed, SIZE_IP6, true);
// 2 bytes: size of the request
CONSUME_OR_RETURN_VAL(const uint8_t *data_size_bytes, input, sizeof(uint16_t), std::nullopt);
uint16_t data_size;
std::memcpy(&data_size, data_size_bytes, sizeof(uint16_t));
// data bytes (max 64K)
CONSUME_OR_RETURN_VAL(const uint8_t *data, input, data_size, std::nullopt);
return {{ipp, forwarder, data, data_size}};
}
void TestSendForwardRequest(Fuzz_Data &input)
{
CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);
auto prep = prepare(input);
if (!prep.has_value()) {
return;
}
auto [ipp, forwarder, data, data_size] = prep.value();
// rest of the fuzz data is input for malloc and network
Fuzz_System sys(input);
Ptr<Logger> logger(logger_new(sys.mem.get()), logger_kill);
if (logger == nullptr) {
return;
}
Ptr<Networking_Core> net(new_networking_ex(logger.get(), sys.mem.get(), sys.ns.get(), &ipp.ip,
ipp.port, ipp.port + 100, nullptr),
kill_networking);
if (net == nullptr) {
return;
}
send_forward_request(net.get(), &forwarder, chain_keys, chain_length, data, data_size);
}
void TestForwardReply(Fuzz_Data &input)
{
CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);
auto prep = prepare(input);
if (!prep.has_value()) {
return;
}
auto [ipp, forwarder, data, data_size] = prep.value();
// rest of the fuzz data is input for malloc and network
Fuzz_System sys(input);
Ptr<Logger> logger(logger_new(sys.mem.get()), logger_kill);
if (logger == nullptr) {
return;
}
Ptr<Networking_Core> net(new_networking_ex(logger.get(), sys.mem.get(), sys.ns.get(), &ipp.ip,
ipp.port, ipp.port + 100, nullptr),
kill_networking);
if (net == nullptr) {
return;
}
forward_reply(net.get(), &forwarder, sendback, sendback_length, data, data_size);
}
} // namespace
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
fuzz_select_target<TestSendForwardRequest, TestForwardReply>(data, size);
return 0;
}