summaryrefslogtreecommitdiff
path: root/src/test/fuzz/fuzz_http_connect.c
blob: 68f58387ed0517872db58579f8d39730c21f87fc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/* Copyright (c) 2016-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#include "orconfig.h"

#define BUFFERS_PRIVATE
#define CONNECTION_EDGE_PRIVATE

#include "or.h"
#include "backtrace.h"
#include "buffers.h"
#include "config.h"
#include "connection.h"
#include "connection_edge.h"
#include "torlog.h"

#include "fuzzing.h"

static void
mock_connection_write_to_buf_impl_(const char *string, size_t len,
                                   connection_t *conn, int compressed)
{
  log_debug(LD_GENERAL, "%sResponse:\n%u\nConnection: %p\n%s\n",
            compressed ? "Compressed " : "", (unsigned)len, conn, string);
}

static void
mock_connection_mark_unattached_ap_(entry_connection_t *conn, int endreason,
                                    int line, const char *file)
{
  (void)conn;
  (void)endreason;
  (void)line;
  (void)file;
}

static int
mock_connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn,
                                                 origin_circuit_t *circ,
                                                 crypt_path_t *cpath)
{
  (void)conn;
  (void)circ;
  (void)cpath;
  return 0;
}

int
fuzz_init(void)
{
  /* Set up fake response handler */
  MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
  /* Set up the fake handler functions */
  MOCK(connection_mark_unattached_ap_, mock_connection_mark_unattached_ap_);
  MOCK(connection_ap_rewrite_and_attach_if_allowed,
       mock_connection_ap_rewrite_and_attach_if_allowed);

  return 0;
}

int
fuzz_cleanup(void)
{
  UNMOCK(connection_write_to_buf_impl_);
  UNMOCK(connection_mark_unattached_ap_);
  UNMOCK(connection_ap_rewrite_and_attach_if_allowed);
  return 0;
}

int
fuzz_main(const uint8_t *stdin_buf, size_t data_size)
{
  entry_connection_t conn;

  /* Set up the fake connection */
  memset(&conn, 0, sizeof(conn));
  conn.edge_.base_.type = CONN_TYPE_AP;
  conn.edge_.base_.state = AP_CONN_STATE_HTTP_CONNECT_WAIT;
  conn.socks_request = tor_malloc_zero(sizeof(socks_request_t));
  conn.socks_request->listener_type = CONN_TYPE_AP_HTTP_CONNECT_LISTENER;

  conn.edge_.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
  if (!conn.edge_.base_.inbuf) {
    log_debug(LD_GENERAL, "Zero-Length-Input\n");
    goto done;
  }

  /* Parse the headers */
  int rv = connection_ap_process_http_connect(&conn);

  /* TODO: check the output is correctly parsed based on the input */

  log_debug(LD_GENERAL, "Result:\n%d\n", rv);

  goto done;

 done:
  /* Reset. */
  socks_request_free(conn.socks_request);
  buf_free(conn.edge_.base_.inbuf);
  conn.edge_.base_.inbuf = NULL;

  return 0;
}