net/ntlm/ntlm_client_fuzzer.cc - Issue 2904633002: Replace NTLMv1 implementation with a functionally equivalent one.

Side by Side Diff: net/ntlm/ntlm_client_fuzzer.cc

Issue 2904633002: Replace NTLMv1 implementation with a functionally equivalent one.

Patch Set: Cleanup Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <stddef.h>

	6 #include <stdint.h>

	7

	8 #include "net/ntlm/ntlm_client.h"

	9 #include "net/ntlm/ntlm_test_data.h"

	10

	11 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

	12 net::ntlm::NtlmClient client;

	13

	14 // The challenge message is the input to the fuzzer. This data would

	15 // normally come from the server. The returned Authenticate message is

	16 // ignored.

	17 client.GenerateAuthenticateMessage(

	18 net::ntlm::test::kNtlmDomain, net::ntlm::test::kUser,

	19 net::ntlm::test::kPassword, net::ntlm::test::kHostnameAscii,

	20 net::ntlm::test::kClientChallenge, net::ntlm::Buffer(data, size));
	mmenke 2017/07/20 19:44:50 Is there any benefit to fuzzing any of the other f Is there any benefit to fuzzing any of the other fields? Differing challenge flags in particular may be interesting. It's pretty easy to split up input - see base::FuzzedDataProvider. It has a bunch of options fox fixed-size input. For variable sized input, ConsumeRandomLengthString is the best way (And if some inputs can't possible be passed in, you can then just check for them and exit the test early, though that will make the fuzzer explore the space of your input validator, too). zentaro 2017/08/02 15:01:41 Done. Show quoted text On 2017/07/20 19:44:50, mmenke wrote: > Is there any benefit to fuzzing any of the other fields? Differing challenge > flags in particular may be interesting. > > It's pretty easy to split up input - see base::FuzzedDataProvider. It has a > bunch of options fox fixed-size input. For variable sized input, > ConsumeRandomLengthString is the best way (And if some inputs can't possible be > passed in, you can then just check for them and exit the test early, though that > will make the fuzzer explore the space of your input validator, too). Done.
	21 return 0;

	22 }
	asanka 2017/07/20 19:39:56 Given that the library is for explicit credentials Given that the library is for explicit credentials, and the credentials themselves are provided by extensions and other external sources (including URL embedded credentials currently), we'd need to consider the username/password to also be possibly unsafe inputs. As such, we'd need to fuzz the credentials as well in another fuzzer. This one could respond to a known valid server challenge with fuzzed credentials. asanka 2017/07/20 19:42:24 If the server is allowed to disable Unicode, then Show quoted text On 2017/07/20 19:39:56, asanka wrote: > Given that the library is for explicit credentials, and the credentials > themselves are provided by extensions and other external sources (including URL > embedded credentials currently), we'd need to consider the username/password to > also be possibly unsafe inputs. > > As such, we'd need to fuzz the credentials as well in another fuzzer. This one > could respond to a known valid server challenge with fuzzed credentials. If the server is allowed to disable Unicode, then we'd need at least two server challenges that we can fuzz each credential input against. zentaro 2017/08/02 15:01:41 Done. I think using the fuzzed data provider cover Show quoted text On 2017/07/20 19:39:56, asanka wrote: > Given that the library is for explicit credentials, and the credentials > themselves are provided by extensions and other external sources (including URL > embedded credentials currently), we'd need to consider the username/password to > also be possibly unsafe inputs. > > As such, we'd need to fuzz the credentials as well in another fuzzer. This one > could respond to a known valid server challenge with fuzzed credentials. Done. I think using the fuzzed data provider covers all the combinations of challenges (and hence challenge flags) and other inputs.
OLD	NEW

« net/ntlm/ntlm_client.cc ('K') | « net/ntlm/ntlm_client.cc ('k') | net/ntlm/ntlm_client_unittest.cc » ('j') | net/ntlm/ntlm_client_unittest.cc » ('J')