Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(149)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/socks_client_socket_fuzzer.cc

Issue 1917503002: URLRequest fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fuzz
Patch Set: Update other fuzzers (Lost them in a merge) Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/fuzzed_socket_factory.cc ('K') | « net/socket/socks5_client_socket_fuzzer.cc ('k') | net/url_request/url_request_fuzzer.cc » ('j') | net/url_request/url_request_fuzzer.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stddef.h> 5 #include <stddef.h>
6 #include <stdint.h> 6 #include <stdint.h>
7 7
8 #include <memory> 8 #include <memory>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "net/base/address_list.h" 11 #include "net/base/address_list.h"
12 #include "net/base/fuzzed_data_provider.h"
12 #include "net/base/net_errors.h" 13 #include "net/base/net_errors.h"
13 #include "net/base/test_completion_callback.h" 14 #include "net/base/test_completion_callback.h"
14 #include "net/dns/host_resolver.h" 15 #include "net/dns/host_resolver.h"
15 #include "net/dns/mock_host_resolver.h" 16 #include "net/dns/mock_host_resolver.h"
16 #include "net/log/test_net_log.h" 17 #include "net/log/test_net_log.h"
17 #include "net/socket/client_socket_handle.h" 18 #include "net/socket/client_socket_handle.h"
18 #include "net/socket/fuzzed_socket.h" 19 #include "net/socket/fuzzed_socket.h"
19 #include "net/socket/socks_client_socket.h" 20 #include "net/socket/socks_client_socket.h"
20 21
21 // Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake. 22 // Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake.
22 // 23 //
23 // |data| is used to create a FuzzedSocket to fuzz reads and writes, see that 24 // |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
24 // class for details. 25 // class for details.
25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 26 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
26 // Use a test NetLog, to exercise logging code. 27 // Use a test NetLog, to exercise logging code.
27 net::BoundTestNetLog bound_test_net_log; 28 net::TestNetLog test_net_log;
29
30 net::FuzzedDataProvider data_provider(data, size);
28 31
29 // Consume the last byte of |data| to determine if the DNS lookup returns 32 // Consume the last byte of |data| to determine if the DNS lookup returns
30 // synchronously or asynchronously, and succeeds or fails, and returns an IPv4 33 // synchronously or asynchronously, and succeeds or fails, and returns an IPv4
31 // or IPv6 address. 34 // or IPv6 address.
32 net::MockHostResolver mock_host_resolver; 35 net::MockHostResolver mock_host_resolver;
33 scoped_refptr<net::RuleBasedHostResolverProc> rules( 36 scoped_refptr<net::RuleBasedHostResolverProc> rules(
34 new net::RuleBasedHostResolverProc(nullptr)); 37 new net::RuleBasedHostResolverProc(nullptr));
35 uint8_t resolver_result = 0; 38 mock_host_resolver.set_synchronous_mode(!!data_provider.ConsumeBits(1));
36 if (size > 0) { 39 switch (data_provider.ConsumeBits(7) % 3) {
eroman 2016/04/22 22:07:11 Shrug, I would use the minimal amount of bits here
mmenke 2016/04/27 19:53:25 Done.
37 resolver_result = data[size - 1];
38 size--;
39 }
40 mock_host_resolver.set_synchronous_mode(!!(resolver_result & 0x1));
41 switch ((resolver_result >> 1) % 3) {
42 case 0: 40 case 0:
43 rules->AddRule("*", "127.0.0.1"); 41 rules->AddRule("*", "127.0.0.1");
44 break; 42 break;
45 case 1: 43 case 1:
46 rules->AddRule("*", "::1"); 44 rules->AddRule("*", "::1");
47 break; 45 break;
48 case 2: 46 case 2:
49 rules->AddSimulatedFailure("*"); 47 rules->AddSimulatedFailure("*");
50 break; 48 break;
51 } 49 }
52 mock_host_resolver.set_rules(rules.get()); 50 mock_host_resolver.set_rules(rules.get());
53 51
54 net::TestCompletionCallback callback; 52 net::TestCompletionCallback callback;
55 std::unique_ptr<net::FuzzedSocket> fuzzed_socket( 53 std::unique_ptr<net::FuzzedSocket> fuzzed_socket(
56 new net::FuzzedSocket(data, size, bound_test_net_log.bound())); 54 new net::FuzzedSocket(&data_provider, &test_net_log));
57 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback())); 55 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
58 56
59 std::unique_ptr<net::ClientSocketHandle> socket_handle( 57 std::unique_ptr<net::ClientSocketHandle> socket_handle(
60 new net::ClientSocketHandle()); 58 new net::ClientSocketHandle());
61 socket_handle->SetSocket(std::move(fuzzed_socket)); 59 socket_handle->SetSocket(std::move(fuzzed_socket));
62 60
63 net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80)); 61 net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
64 net::SOCKSClientSocket socket(std::move(socket_handle), request_info, 62 net::SOCKSClientSocket socket(std::move(socket_handle), request_info,
65 net::DEFAULT_PRIORITY, &mock_host_resolver); 63 net::DEFAULT_PRIORITY, &mock_host_resolver);
66 int result = socket.Connect(callback.callback()); 64 int result = socket.Connect(callback.callback());
67 callback.GetResult(result); 65 callback.GetResult(result);
68 return 0; 66 return 0;
69 } 67 }
OLDNEW
« net/socket/fuzzed_socket_factory.cc ('K') | « net/socket/socks5_client_socket_fuzzer.cc ('k') | net/url_request/url_request_fuzzer.cc » ('j') | net/url_request/url_request_fuzzer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698