1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5 http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12
13 #include "config.h"
14 #include <sys/time.h>
15 #include "syshead.h"
16 #include "interval.h"
17 #include "proxy.h"
18 #include <openssl/err.h>
19 #include <openssl/ssl.h>
20
21 #include "fuzz_randomizer.h"
22
LLVMFuzzerInitialize(int * argc,char *** argv)23 int LLVMFuzzerInitialize(int *argc, char ***argv)
24 {
25 OPENSSL_malloc_init();
26 SSL_library_init();
27 ERR_load_crypto_strings();
28
29 OpenSSL_add_all_algorithms();
30 OpenSSL_add_ssl_algorithms();
31 OpenSSL_add_all_digests();
32
33 SSL_load_error_strings();
34 return 1;
35 }
36
37
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)38 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
39
40 char *tmp = NULL;
41 char *tmp2 = NULL;
42
43 if (size < 500) {
44 return 0;
45 }
46 fuzz_random_init(data, size);
47
48 struct gc_arena gc = gc_new();
49 struct http_proxy_info pi;
50 ssize_t generic_ssizet;
51 int signal_received = 0;
52 struct buffer lookahead = alloc_buf(1024);
53 struct event_timeout evt;
54
55 memset(&evt, 0, sizeof(struct event_timeout));
56 memset(&pi, 0, sizeof(struct http_proxy_info));
57 memset(&pi, 0, sizeof(pi));
58
59 generic_ssizet = 0;
60 char *fuzz_usrnm = fuzz_random_get_string_max_length(USER_PASS_LEN);
61 strcpy(pi.up.username, fuzz_usrnm);
62 if (strlen(pi.up.username) == 0) {
63 gc_free(&gc);
64 free_buf(&lookahead);
65 free(fuzz_usrnm);
66 fuzz_random_destroy();
67 return 0;
68 }
69
70 char *pswd = fuzz_random_get_string_max_length(USER_PASS_LEN);
71 strcpy(pi.up.password, pswd);
72 if (strlen(pi.up.password) == 0) {
73 gc_free(&gc);
74 free_buf(&lookahead);
75
76 free(pswd);
77 free(fuzz_usrnm);
78 fuzz_random_destroy();
79 return 0;
80 }
81
82 generic_ssizet = fuzz_randomizer_get_int(0, 4);
83 switch (generic_ssizet) {
84 case 0:
85 pi.auth_method = HTTP_AUTH_NONE;
86 break;
87 case 1:
88 pi.auth_method = HTTP_AUTH_BASIC;
89 break;
90 case 2:
91 pi.auth_method = HTTP_AUTH_DIGEST;
92 break;
93 case 3:
94 pi.auth_method = HTTP_AUTH_NTLM;
95 break;
96 case 4:
97 pi.auth_method = HTTP_AUTH_NTLM2;
98 break;
99 }
100 pi.options.http_version = "1.1";
101
102 generic_ssizet = fuzz_randomizer_get_int(0, 4);
103 switch (generic_ssizet) {
104 case 0:
105 pi.options.auth_retry = PAR_NO;
106 break;
107 case 1:
108 pi.options.auth_retry = PAR_ALL;
109 break;
110 case 2:
111 pi.options.auth_retry = PAR_NCT;
112 break;
113 }
114
115 char *tmp_authenticate = get_random_string();
116 pi.proxy_authenticate = tmp_authenticate;
117
118 //if (provider.ConsumeProbability<double>() < 0.5) {
119 //tmp = get_modifiable_string(provider);
120 tmp = get_random_string();
121 pi.options.custom_headers[0].name = tmp;
122 //if (provider.ConsumeProbability<double>() < 0.5) {
123 //tmp2 = get_modifiable_string(provider);
124 tmp2 = get_random_string();
125 pi.options.custom_headers[0].content = tmp2;
126 //}
127 //}
128
129 establish_http_proxy_passthru(&pi, 0, "1.2.3.4", "777", &evt, &lookahead,
130 &signal_received);
131 free(pi.proxy_authenticate);
132 gc_free(&gc);
133 free_buf(&lookahead);
134
135 if (tmp != NULL) free(tmp);
136 if (tmp2 != NULL) free(tmp2);
137
138 free(pswd);
139 free(fuzz_usrnm);
140 fuzz_random_destroy();
141
142
143 return 0;
144 }
145