1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5 http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12
13 #include "config.h"
14 #include "syshead.h"
15 #include "init.h"
16 #include "packet_id.h"
17
18 #include "fuzz_randomizer.h"
19
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)20 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
21 fuzz_random_init(data, size);
22
23 struct packet_id pid;
24 struct packet_id_net pin;
25 const int seq_backtrack = 10;
26 const int time_backtrack = 10;
27
28 packet_id_init(&pid, seq_backtrack, time_backtrack, "name", 0);
29
30 int total_sends = fuzz_randomizer_get_int(0, 10);
31 for (int i = 0; i < total_sends; i++) {
32 update_time();
33 pin.time = fuzz_randomizer_get_int(0, 0xfffffff);
34 pin.id = fuzz_randomizer_get_int(0, 0xfffffff);
35
36 packet_id_reap_test(&pid.rec);
37 bool test = packet_id_test(&pid.rec, &pin);
38 if (test) {
39 packet_id_add(&pid.rec, &pin);
40 }
41 }
42 packet_id_free(&pid);
43
44 // packet id send
45 char *tmp2 = get_random_string();
46 if (strlen(tmp2) > sizeof(struct packet_id_send)) {
47 struct packet_id_send pidsend;
48 memcmp(&pidsend, tmp2, sizeof(struct packet_id_send));
49
50 struct timeval tv;
51 tv.tv_sec = pidsend.time;
52 tv.tv_usec = 0;
53 if (localtime(&tv)) {
54 struct buffer iv_buffer;
55 buf_set_write(&iv_buffer, tmp2, strlen(tmp2));
56 packet_id_write(&pidsend, &iv_buffer, false, false);
57 packet_id_write(&pidsend, &iv_buffer, false, true);
58 packet_id_write(&pidsend, &iv_buffer, true, true);
59 packet_id_write(&pidsend, &iv_buffer, true, false);
60 }
61 }
62 free(tmp2);
63
64 struct gc_arena gc;
65 gc = gc_new();
66 struct buffer buf;
67 char *tmp = get_random_string();
68 buf = string_alloc_buf(tmp, &gc);
69 free(tmp);
70 packet_id_read(&pid, &buf, false);
71 packet_id_read(&pid, &buf, true);
72 gc_free(&gc);
73
74 char filename[256];
75 sprintf(filename, "/tmp/libfuzzer.%d", getpid());
76
77 FILE *fp = fopen(filename, "wb");
78 if (!fp) {
79 return 0;
80 }
81 fwrite(data, size, 1, fp);
82 fclose(fp);
83
84 struct packet_id_persist p;
85 memset(&p, 0, sizeof(struct packet_id_persist));
86 packet_id_persist_init(&p);
87 packet_id_persist_load(&p, filename);
88 //p.time = NULL;
89 struct timeval tv;
90 tv.tv_sec = p.time;
91 tv.tv_usec = 0;
92 if (localtime(&tv) != NULL) {
93 gc = gc_new();
94 p.id_last_written = fuzz_randomizer_get_int(0, 0xfffffff);
95 //packet_id_persist_print(&p, &gc);
96 packet_id_persist_save(&p);
97 gc_free(&gc);
98 }
99
100 packet_id_persist_close(&p);
101
102 fuzz_random_destroy();
103 return 0;
104 }
105