Chromium Code Reviews Chromium Code Reviews
Issue 2448603002:
Add simple HPKP and HSTS header parser fuzzers. (Closed)
| Index: net/http/http_security_headers_hpkp_fuzzer.cc |
| diff --git a/net/http/http_security_headers_hpkp_fuzzer.cc b/net/http/http_security_headers_hpkp_fuzzer.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..cc1b33609c97b5d5e00a44846d9d5571cd94cddd |
| --- /dev/null |
| +++ b/net/http/http_security_headers_hpkp_fuzzer.cc |
| @@ -0,0 +1,31 @@ |
| +// Copyright 2016 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include <stddef.h> |
| +#include <stdint.h> |
| +#include <string> |
| + |
| +#include "base/time/time.h" |
| +#include "net/base/hash_value.h" |
| +#include "net/http/http_security_headers.h" |
| +#include "net/ssl/ssl_info.h" |
| +#include "url/gurl.h" |
| + |
| +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| + std::string input(data, data + size); |
| + base::TimeDelta max_age; |
| + bool include_subdomains; |
| + net::HashValueVector spki_hashes; |
| + GURL report_uri; |
| + |
| + net::HashValue hash; |
| + hash.FromString("sha256/1111111111111111111111111111111111111111111="); |
|
aizatsky
2016/10/25 19:11:20
does this need to be a valid hash of anything? Wil
martijnc
2016/10/25 19:40:52
The hash is only compared to other hashes. Passing
|
| + |
| + net::SSLInfo ssl_info; |
| + ssl_info.public_key_hashes.push_back(hash); |
| + |
| + net::ParseHPKPHeader(input, ssl_info.public_key_hashes, &max_age, |
| + &include_subdomains, &spki_hashes, &report_uri); |
| + return 0; |
| +} |
