forked from Green-Sky/tomato
565efa4f39
c9cdae001 fix(toxav): remove extra copy of video frame on encode 4f6d4546b test: Improve the fake network library. a2581e700 refactor(toxcore): generate `Friend_Request` and `Dht_Nodes_Response` 2aaa11770 refactor(toxcore): use Tox_Memory in generated events 5c367452b test(toxcore): fix incorrect mutex in tox_scenario_get_time 8f92e710f perf: Add a timed limit of number of cookie requests. 695b6417a test: Add some more simulated network support. 815ae9ce9 test(toxcore): fix thread-safety in scenario framework 6d85c754e test(toxcore): add unit tests for net_crypto 9c22e79cc test(support): add SimulatedEnvironment for deterministic testing f34fcb195 chore: Update windows Dockerfile to debian stable (trixie). ece0e8980 fix(group_moderation): allow validating unsorted sanction list signatures a4fa754d7 refactor: rename struct Packet to struct Net_Packet d6f330f85 cleanup: Fix some warnings from coverity. e206bffa2 fix(group_chats): fix sync packets reverting topics 0e4715598 test: Add new scenario testing framework. 668291f44 refactor(toxcore): decouple Network_Funcs from sockaddr via IP_Port fc4396cef fix: potential division by zero in toxav and unsafe hex parsing 8e8b352ab refactor: Add nullable annotations to struct members. 7740bb421 refactor: decouple net_crypto from DHT 1936d4296 test: add benchmark for toxav audio and video 46bfdc2df fix: correct printf format specifiers for unsigned integers REVERT: 1828c5356 fix(toxav): remove extra copy of video frame on encode git-subtree-dir: external/toxcore/c-toxcore git-subtree-split: c9cdae001341e701fca980c9bb9febfeb95d2902
115 lines
3.5 KiB
C++
115 lines
3.5 KiB
C++
#include "forwarding.h"
|
|
|
|
#include <cassert>
|
|
#include <cstring>
|
|
#include <memory>
|
|
#include <optional>
|
|
|
|
#include "../testing/support/public/fuzz_data.hh"
|
|
#include "../testing/support/public/fuzz_helpers.hh"
|
|
#include "../testing/support/public/simulated_environment.hh"
|
|
|
|
namespace {
|
|
|
|
using tox::test::configure_fuzz_memory_source;
|
|
using tox::test::Fuzz_Data;
|
|
using tox::test::SimulatedEnvironment;
|
|
|
|
constexpr uint16_t SIZE_IP_PORT = SIZE_IP6 + sizeof(uint16_t);
|
|
|
|
template <typename T>
|
|
using Ptr = std::unique_ptr<T, void (*)(T *)>;
|
|
|
|
std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuzz_Data &input)
|
|
{
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *ipp_packed, input, SIZE_IP_PORT, std::nullopt);
|
|
IP_Port ipp{};
|
|
unpack_ip_port(&ipp, ipp_packed, SIZE_IP6, true);
|
|
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *forwarder_packed, input, SIZE_IP_PORT, std::nullopt);
|
|
IP_Port forwarder{};
|
|
unpack_ip_port(&forwarder, forwarder_packed, SIZE_IP6, true);
|
|
|
|
// 2 bytes: size of the request
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *data_size_bytes, input, sizeof(uint16_t), std::nullopt);
|
|
uint16_t data_size;
|
|
std::memcpy(&data_size, data_size_bytes, sizeof(uint16_t));
|
|
|
|
// data bytes (max 64K)
|
|
CONSUME_OR_RETURN_VAL(const uint8_t *data, input, data_size, std::nullopt);
|
|
|
|
return {{ipp, forwarder, data, data_size}};
|
|
}
|
|
|
|
void TestSendForwardRequest(Fuzz_Data &input)
|
|
{
|
|
CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
|
|
const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
|
|
CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);
|
|
|
|
const auto prep = prepare(input);
|
|
if (!prep.has_value()) {
|
|
return;
|
|
}
|
|
const auto [ipp, forwarder, data, data_size] = prep.value();
|
|
|
|
SimulatedEnvironment env;
|
|
auto node = env.create_node(ipp.port);
|
|
configure_fuzz_memory_source(env.fake_memory(), input);
|
|
|
|
const Ptr<Logger> logger(logger_new(&node->c_memory), logger_kill);
|
|
if (logger == nullptr) {
|
|
return;
|
|
}
|
|
|
|
const Ptr<Networking_Core> net(
|
|
new_networking_ex(logger.get(), &node->c_memory, &node->c_network, &ipp.ip, ipp.port,
|
|
ipp.port + 100, nullptr),
|
|
kill_networking);
|
|
if (net == nullptr) {
|
|
return;
|
|
}
|
|
|
|
send_forward_request(net.get(), &forwarder, chain_keys, chain_length, data, data_size);
|
|
}
|
|
|
|
void TestForwardReply(Fuzz_Data &input)
|
|
{
|
|
CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
|
|
CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);
|
|
|
|
const auto prep = prepare(input);
|
|
if (!prep.has_value()) {
|
|
return;
|
|
}
|
|
const auto [ipp, forwarder, data, data_size] = prep.value();
|
|
|
|
SimulatedEnvironment env;
|
|
auto node = env.create_node(ipp.port);
|
|
configure_fuzz_memory_source(env.fake_memory(), input);
|
|
|
|
const Ptr<Logger> logger(logger_new(&node->c_memory), logger_kill);
|
|
if (logger == nullptr) {
|
|
return;
|
|
}
|
|
|
|
const Ptr<Networking_Core> net(
|
|
new_networking_ex(logger.get(), &node->c_memory, &node->c_network, &ipp.ip, ipp.port,
|
|
ipp.port + 100, nullptr),
|
|
kill_networking);
|
|
if (net == nullptr) {
|
|
return;
|
|
}
|
|
|
|
forward_reply(net.get(), &forwarder, sendback, sendback_length, data, data_size);
|
|
}
|
|
|
|
} // namespace
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|
{
|
|
tox::test::fuzz_select_target<TestSendForwardRequest, TestForwardReply>(data, size);
|
|
return 0;
|
|
}
|