Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1880)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/socks5_client_socket_fuzzer.cc

Issue 1854813004: Add SOCKS4 and SOCKS5 fuzzers. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Return OK on read close, remove log spam Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/fuzzed_socket.cc ('K') | « net/socket/fuzzed_socket.cc ('k') | net/socket/socks_client_socket.cc » ('j') | net/socket/socks_client_socket_fuzzer.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/socks5_client_socket_fuzzer.cc
diff --git a/net/socket/socks5_client_socket_fuzzer.cc b/net/socket/socks5_client_socket_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..290db9002c959de8e8dc83f4033a8d1f597c8071
--- /dev/null
+++ b/net/socket/socks5_client_socket_fuzzer.cc
@@ -0,0 +1,46 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/socket/socks5_client_socket.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
+#include "base/message_loop/message_loop.h"
+#include "net/base/address_list.h"
+#include "net/base/net_errors.h"
+#include "net/base/test_completion_callback.h"
+#include "net/log/test_net_log.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/fuzzed_socket.h"
+
+// Fuzzer for Socks5ClientSocket. Only covers the SOCKS5 greeet and
+// handshake.
+//
+// |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
+// class for details.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ // Needed for thread checks and waits.
+ base::MessageLoopForIO message_loop;
+
+ // Use a test NetLog, to exercise logging code.
+ net::BoundTestNetLog bound_test_net_log;
+
+ net::TestCompletionCallback callback;
+ scoped_ptr<net::FuzzedSocket> fuzzed_socket(
+ new net::FuzzedSocket(data, size, bound_test_net_log.bound()));
+ CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
+
+ scoped_ptr<net::ClientSocketHandle> socket_handle(
+ new net::ClientSocketHandle());
+ socket_handle->SetSocket(std::move(fuzzed_socket));
+
+ net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
eroman 2016/04/14 17:56:28 Fuzzing different host portpairs would be a useful
mmenke 2016/04/14 19:01:51 Makes sense, but let's skip that, for now. I'm no
eroman 2016/04/14 19:32:39 In theory the hostname comes from a normalized GUR
+ net::SOCKS5ClientSocket socket(std::move(socket_handle), request_info);
+ int result = socket.Connect(callback.callback());
+ callback.GetResult(result);
+ return 0;
+}
« net/socket/fuzzed_socket.cc ('K') | « net/socket/fuzzed_socket.cc ('k') | net/socket/socks_client_socket.cc » ('j') | net/socket/socks_client_socket_fuzzer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698