Tha_14/tomato-testing
1
0
Fork 0
forked from Green-Sky/tomato
Code Pull Requests Actions Packages Releases Activity
8eb4892b49
tomato-testing/toxcore/forwarding_fuzz_test.cc
Green Sky 8eb4892b49 Squashed 'external/toxcore/c-toxcore/' changes from 8f0d505f9a..6d634674a9 
6d634674a9 cleanup: Remove old type-ordered event getters.
d1d48d1dfc feat: add ngc events
994ffecc6b refactor: Make event dispatch ordered by receive time.
812f931d5f fix: Make sure there's enough space for CONSUME1 in fuzzers.
50f1b30fa9 test: Add fuzz tests to the coverage run.
df76f5cf47 chore: Move from gcov to llvm source-based coverage.
072e3beb3f fix: issues with packet broadcast error reporting
6b6718e4d2 cleanup: Make group packet entry creation less error-prone
5b9c420ce1 refactor: packet broadcast functions now return errors
af4cb31028 refactor: Use `operator==` for equality tests of `Node_format`.
9592d590cf refactor(test): Slightly nicer C++ interface to tox Random.
c66e10fb7a refactor: Minor refactoring of get_close_nodes functions.
ebc9643862 fix: don't pass garbage data buffer to packet send functions
32b68cffca cleanup: Some more test cleanups, removing overly smart code.
0426624dcb refactor: Assign malloc return to a local variable first.
afc38f2458 test: Add more unit tests for `add_to_list`.
05ce5c1ab9 test: Add "infer" CI check to github, remove from circle.
REVERT: 8f0d505f9a feat: add ngc events
REVERT: 9b8216e70c refactor: Make event dispatch ordered by receive time.

git-subtree-dir: external/toxcore/c-toxcore
git-subtree-split: 6d634674a929edb0ab70689dcbcb195b3547be13
2024-01-12 21:30:48 +01:00

95 lines
2.9 KiB
C++
Raw Blame History

#include "forwarding.h"
#include <cassert>
#include <cstring>
#include <memory>
#include <optional>
#include "../testing/fuzzing/fuzz_support.h"
#include "../testing/fuzzing/fuzz_tox.h"
namespace {
std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuzz_Data &input)
{
CONSUME_OR_RETURN_VAL(const uint8_t *ipp_packed, input, SIZE_IP_PORT, std::nullopt);
IP_Port ipp;
unpack_ip_port(&ipp, ipp_packed, SIZE_IP6, true);
CONSUME_OR_RETURN_VAL(const uint8_t *forwarder_packed, input, SIZE_IP_PORT, std::nullopt);
IP_Port forwarder;
unpack_ip_port(&forwarder, forwarder_packed, SIZE_IP6, true);
// 2 bytes: size of the request
CONSUME_OR_RETURN_VAL(const uint8_t *data_size_bytes, input, sizeof(uint16_t), std::nullopt);
uint16_t data_size;
std::memcpy(&data_size, data_size_bytes, sizeof(uint16_t));
// data bytes (max 64K)
CONSUME_OR_RETURN_VAL(const uint8_t *data, input, data_size, std::nullopt);
return {{ipp, forwarder, data, data_size}};
}
void TestSendForwardRequest(Fuzz_Data &input)
{
CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);
auto prep = prepare(input);
if (!prep.has_value()) {
return;
}
auto [ipp, forwarder, data, data_size] = prep.value();
// rest of the fuzz data is input for malloc and network
Fuzz_System sys(input);
Ptr<Logger> logger(logger_new(), logger_kill);
Ptr<Networking_Core> net(new_networking_ex(logger.get(), sys.mem.get(), sys.ns.get(), &ipp.ip,
ipp.port, ipp.port + 100, nullptr),
kill_networking);
if (net == nullptr) {
return;
}
send_forward_request(net.get(), &forwarder, chain_keys, chain_length, data, data_size);
}
void TestForwardReply(Fuzz_Data &input)
{
CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);
auto prep = prepare(input);
if (!prep.has_value()) {
return;
}
auto [ipp, forwarder, data, data_size] = prep.value();
// rest of the fuzz data is input for malloc and network
Fuzz_System sys(input);
Ptr<Logger> logger(logger_new(), logger_kill);
Ptr<Networking_Core> net(new_networking_ex(logger.get(), sys.mem.get(), sys.ns.get(), &ipp.ip,
ipp.port, ipp.port + 100, nullptr),
kill_networking);
if (net == nullptr) {
return;
}
forward_reply(net.get(), &forwarder, sendback, sendback_length, data, data_size);
}
} // namespace
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
fuzz_select_target(data, size, TestSendForwardRequest, TestForwardReply);
return 0;
}
View Git Blame Copy Permalink