Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(70)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/socks_client_socket_fuzzer.cc

Issue 1854813004: Add SOCKS4 and SOCKS5 fuzzers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Response to comments Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/socks_client_socket.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/socks_client_socket.h"
6
7 #include <stddef.h>
8 #include <stdint.h>
9
10 #include "base/logging.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop/message_loop.h"
13 #include "net/base/address_list.h"
14 #include "net/base/net_errors.h"
15 #include "net/base/test_completion_callback.h"
16 #include "net/dns/host_resolver.h"
17 #include "net/dns/mock_host_resolver.h"
18 #include "net/log/test_net_log.h"
19 #include "net/socket/client_socket_handle.h"
20 #include "net/socket/fuzzed_socket.h"
21
22 // Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake.
23 //
24 // |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
25 // class for details.
26 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
27 // Needed for thread checks and waits.
28 base::MessageLoopForIO message_loop;
29
30 // Use a test NetLog, to exercise logging code.
31 net::BoundTestNetLog bound_test_net_log;
32
33 // Consume the last byte of |data| to determine if the DNS lookup returns
34 // synchronously or asynchronously, and succeeds or fails, and returns an IPv4
35 // or IPv6 address.
36 net::MockHostResolver mock_host_resolver;
37 scoped_refptr<net::RuleBasedHostResolverProc> rules(
38 new net::RuleBasedHostResolverProc(nullptr));
39 uint8_t resolver_result = 0;
40 if (size > 0) {
41 resolver_result = data[size - 1];
42 size--;
43 }
44 mock_host_resolver.set_synchronous_mode(!!(resolver_result & 0x1));
45 switch ((resolver_result >> 1) % 3) {
46 case 0:
47 rules->AddRule("*", "127.0.0.1");
48 break;
49 case 1:
50 rules->AddRule("*", "::1");
51 break;
52 case 2:
53 rules->AddSimulatedFailure("*");
54 break;
55 }
56 mock_host_resolver.set_rules(rules.get());
57
58 net::TestCompletionCallback callback;
59 scoped_ptr<net::FuzzedSocket> fuzzed_socket(
60 new net::FuzzedSocket(data, size, bound_test_net_log.bound()));
61 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
62
63 scoped_ptr<net::ClientSocketHandle> socket_handle(
64 new net::ClientSocketHandle());
65 socket_handle->SetSocket(std::move(fuzzed_socket));
66
67 net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
68 net::SOCKSClientSocket socket(std::move(socket_handle), request_info,
69 net::DEFAULT_PRIORITY, &mock_host_resolver);
70 int result = socket.Connect(callback.callback());
71 callback.GetResult(result);
72 return 0;
73 }
OLDNEW
« no previous file with comments | « net/socket/socks_client_socket.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698