Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/socks_client_socket_fuzzer.cc

Issue 1917503002: URLRequest fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fuzz
Patch Set: Add missing include Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/base/fuzzed_data_provider.h ('K') | « net/socket/socks5_client_socket_fuzzer.cc ('k') | net/url_request/url_request_fuzzer.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stddef.h> 5 #include <stddef.h>
6 #include <stdint.h> 6 #include <stdint.h>
7 7
8 #include <memory> 8 #include <memory>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "net/base/address_list.h" 11 #include "net/base/address_list.h"
12 #include "net/base/fuzzed_data_provider.h"
12 #include "net/base/net_errors.h" 13 #include "net/base/net_errors.h"
13 #include "net/base/test_completion_callback.h" 14 #include "net/base/test_completion_callback.h"
14 #include "net/dns/host_resolver.h" 15 #include "net/dns/host_resolver.h"
15 #include "net/dns/mock_host_resolver.h" 16 #include "net/dns/mock_host_resolver.h"
16 #include "net/log/test_net_log.h" 17 #include "net/log/test_net_log.h"
17 #include "net/socket/client_socket_handle.h" 18 #include "net/socket/client_socket_handle.h"
18 #include "net/socket/fuzzed_socket.h" 19 #include "net/socket/fuzzed_socket.h"
19 #include "net/socket/socks_client_socket.h" 20 #include "net/socket/socks_client_socket.h"
20 21
21 // Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake. 22 // Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake.
22 // 23 //
23 // |data| is used to create a FuzzedSocket to fuzz reads and writes, see that 24 // |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
24 // class for details. 25 // class for details.
25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 26 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
26 // Use a test NetLog, to exercise logging code. 27 // Use a test NetLog, to exercise logging code.
27 net::BoundTestNetLog bound_test_net_log; 28 net::TestNetLog test_net_log;
28 29
29 // Consume the last byte of |data| to determine if the DNS lookup returns 30 net::FuzzedDataProvider data_provider(data, size);
30 // synchronously or asynchronously, and succeeds or fails, and returns an IPv4 31
31 // or IPv6 address. 32 // Determine if the DNS lookup returns synchronously or asynchronously,
33 // succeeds or fails, and returns an IPv4 or IPv6 address.
32 net::MockHostResolver mock_host_resolver; 34 net::MockHostResolver mock_host_resolver;
33 scoped_refptr<net::RuleBasedHostResolverProc> rules( 35 scoped_refptr<net::RuleBasedHostResolverProc> rules(
34 new net::RuleBasedHostResolverProc(nullptr)); 36 new net::RuleBasedHostResolverProc(nullptr));
35 uint8_t resolver_result = 0; 37 mock_host_resolver.set_synchronous_mode(data_provider.ConsumeBool());
36 if (size > 0) { 38 switch (data_provider.ConsumeValueInRange(0, 2)) {
37 resolver_result = data[size - 1];
38 size--;
39 }
40 mock_host_resolver.set_synchronous_mode(!!(resolver_result & 0x1));
41 switch ((resolver_result >> 1) % 3) {
42 case 0: 39 case 0:
43 rules->AddRule("*", "127.0.0.1"); 40 rules->AddRule("*", "127.0.0.1");
44 break; 41 break;
45 case 1: 42 case 1:
46 rules->AddRule("*", "::1"); 43 rules->AddRule("*", "::1");
47 break; 44 break;
48 case 2: 45 case 2:
49 rules->AddSimulatedFailure("*"); 46 rules->AddSimulatedFailure("*");
50 break; 47 break;
51 } 48 }
52 mock_host_resolver.set_rules(rules.get()); 49 mock_host_resolver.set_rules(rules.get());
53 50
54 net::TestCompletionCallback callback; 51 net::TestCompletionCallback callback;
55 std::unique_ptr<net::FuzzedSocket> fuzzed_socket( 52 std::unique_ptr<net::FuzzedSocket> fuzzed_socket(
56 new net::FuzzedSocket(data, size, bound_test_net_log.bound())); 53 new net::FuzzedSocket(&data_provider, &test_net_log));
57 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback())); 54 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
58 55
59 std::unique_ptr<net::ClientSocketHandle> socket_handle( 56 std::unique_ptr<net::ClientSocketHandle> socket_handle(
60 new net::ClientSocketHandle()); 57 new net::ClientSocketHandle());
61 socket_handle->SetSocket(std::move(fuzzed_socket)); 58 socket_handle->SetSocket(std::move(fuzzed_socket));
62 59
63 net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80)); 60 net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
64 net::SOCKSClientSocket socket(std::move(socket_handle), request_info, 61 net::SOCKSClientSocket socket(std::move(socket_handle), request_info,
65 net::DEFAULT_PRIORITY, &mock_host_resolver); 62 net::DEFAULT_PRIORITY, &mock_host_resolver);
66 int result = socket.Connect(callback.callback()); 63 int result = socket.Connect(callback.callback());
67 callback.GetResult(result); 64 callback.GetResult(result);
68 return 0; 65 return 0;
69 } 66 }
OLDNEW
« net/base/fuzzed_data_provider.h ('K') | « net/socket/socks5_client_socket_fuzzer.cc ('k') | net/url_request/url_request_fuzzer.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698