| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/http/http_proxy_client_socket.h" |
| 6 |
| 7 #include <stddef.h> |
| 8 #include <stdint.h> |
| 9 |
| 10 #include <memory> |
| 11 #include <string> |
| 12 |
| 13 #include "base/logging.h" |
| 14 #include "base/message_loop/message_loop.h" |
| 15 #include "base/strings/utf_string_conversions.h" |
| 16 #include "net/base/address_list.h" |
| 17 #include "net/base/auth.h" |
| 18 #include "net/base/host_port_pair.h" |
| 19 #include "net/base/test_completion_callback.h" |
| 20 #include "net/http/http_auth_cache.h" |
| 21 #include "net/http/http_auth_handler_basic.h" |
| 22 #include "net/http/http_auth_handler_digest.h" |
| 23 #include "net/http/http_auth_handler_factory.h" |
| 24 #include "net/http/http_auth_scheme.h" |
| 25 #include "net/log/test_net_log.h" |
| 26 #include "net/socket/client_socket_handle.h" |
| 27 #include "net/socket/fuzzed_socket.h" |
| 28 #include "net/socket/next_proto.h" |
| 29 |
| 30 // Fuzzer for HttpProxyClientSocket only tests establishing a connection when |
| 31 // using the proxy as a tunnel. |
| 32 // |
| 33 // |data| is used to create a FuzzedSocket to fuzz reads and writes, see that |
| 34 // class for details. |
| 35 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 36 // Needed for thread checks and waits. |
| 37 base::MessageLoopForIO message_loop; |
| 38 |
| 39 // Use a test NetLog, to exercise logging code. |
| 40 net::BoundTestNetLog bound_test_net_log; |
| 41 |
| 42 // Use last byte to determine if the HttpProxyClientSocket should be told the |
| 43 // underlying socket is HTTPS. |
| 44 bool is_https_proxy = 0; |
| 45 if (size > 0) { |
| 46 is_https_proxy = !(data[size - 1] & 1); |
| 47 size--; |
| 48 } |
| 49 |
| 50 net::TestCompletionCallback callback; |
| 51 std::unique_ptr<net::FuzzedSocket> fuzzed_socket( |
| 52 new net::FuzzedSocket(data, size, bound_test_net_log.bound())); |
| 53 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback())); |
| 54 |
| 55 std::unique_ptr<net::ClientSocketHandle> socket_handle( |
| 56 new net::ClientSocketHandle()); |
| 57 socket_handle->SetSocket(std::move(fuzzed_socket)); |
| 58 |
| 59 // Create auth handler supporting basic and digest schemes. Other schemes can |
| 60 // make system calls, which doesn't seem like a great idea. |
| 61 net::HttpAuthCache auth_cache; |
| 62 net::HttpAuthHandlerRegistryFactory auth_handler_factory; |
| 63 auth_handler_factory.RegisterSchemeFactory( |
| 64 net::kBasicAuthScheme, new net::HttpAuthHandlerBasic::Factory()); |
| 65 auth_handler_factory.RegisterSchemeFactory( |
| 66 net::kDigestAuthScheme, new net::HttpAuthHandlerDigest::Factory()); |
| 67 |
| 68 scoped_refptr<net::HttpAuthController> auth_controller( |
| 69 new net::HttpAuthController(net::HttpAuth::AUTH_PROXY, |
| 70 GURL("http://proxy:42/"), &auth_cache, |
| 71 &auth_handler_factory)); |
| 72 net::HttpProxyClientSocket socket( |
| 73 socket_handle.release(), "Bond/007", net::HostPortPair("foo", 80), |
| 74 net::HostPortPair("proxy", 42), auth_controller.get(), true /* tunnel */, |
| 75 false /* using_spdy */, net::kProtoUnknown, nullptr /* proxy_delegate */, |
| 76 is_https_proxy); |
| 77 int result = socket.Connect(callback.callback()); |
| 78 result = callback.GetResult(result); |
| 79 |
| 80 // Repeatedly try to log in with the same credentials. |
| 81 while (result == net::ERR_PROXY_AUTH_REQUESTED) { |
| 82 auth_controller->ResetAuth(net::AuthCredentials( |
| 83 base::ASCIIToUTF16("user"), base::ASCIIToUTF16("pass"))); |
| 84 result = socket.RestartWithAuth(callback.callback()); |
| 85 result = callback.GetResult(result); |
| 86 } |
| 87 |
| 88 return 0; |
| 89 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1890193002:
Add a fuzzer for HttpProxyClientSocket. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master