From 18ac3d0fd1fece16a142194f570c453f67e5b12f Mon Sep 17 00:00:00 2001 From: Omar Polo Date: Tue, 2 Jul 2024 21:43:54 +0000 Subject: fuzzying the proxy protocol too --- .gitignore | 5 +++-- regress/fuzz/Makefile | 21 +++++++++++++++++++-- regress/fuzz/proxy.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 4 deletions(-) create mode 100644 regress/fuzz/proxy.c diff --git a/.gitignore b/.gitignore index 01e7310..d1641ed 100644 --- a/.gitignore +++ b/.gitignore @@ -34,9 +34,10 @@ regress/puny-test regress/gmid.pid regress/fuzz/in -regress/fuzz/out -regress/fuzz/min regress/fuzz/iri +regress/fuzz/min +regress/fuzz/out +regress/fuzz/proxy site/gemini site/www diff --git a/regress/fuzz/Makefile b/regress/fuzz/Makefile index 88bffca..e8906b3 100644 --- a/regress/fuzz/Makefile +++ b/regress/fuzz/Makefile @@ -11,11 +11,17 @@ REG_COMPATS = ${COBJS:%=../../%} IRI_SRCS = iri.c ../../iri.c ../../utf8.c ../../log.c IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS} +PROXY_SRCS = proxy.c ../../proxy-proto.c +PROXY_OBJS = ${PROXY_SRCS:.c=.o} ${REG_COMPATS} + .PHONY: all data clean dist -all: fuzz +all: + @echo run ${MAKE} fuzz-iri to fuzz the IRI parser + @echo run ${MAKE} fuzz-proxy to fuzz the proxy v1 protocol parser -fuzz: iri +fuzz-iri: iri + rm -rf in out mkdir -p in out echo 'gemini://omarpolo.com/' > in/simple echo 'https://op:123@omarpolo.com/' > in/auth @@ -28,9 +34,20 @@ fuzz: iri echo 'http://omarpolo.com/////././' > in/slash afl-fuzz -i in -o out -- ./iri +fuzz-proxy: proxy + rm -rf in out + mkdir -p in out + printf 'PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n' >in/ipv4 + printf 'PROXY TCP6 fe80::1 fd4b:b287:5c6f:1f4::2 65535 65535\r\n' >in/ipv6 + printf 'PROXY UNKNOWN\r\n' > in/unknown + afl-fuzz -i in -o out -- ./proxy + iri: ${IRI_OBJS} ${CC} ${IRI_OBJS} -o $@ ${LIBS} ${LDFLAGS} +proxy: ${PROXY_OBJS} + ${CC} ${PROXY_OBJS} -o $@ ${LIBS} ${LDFLAGS} + .c.o: ${CC} -I../.. ${CFLAGS} -c $< -o $@ diff --git a/regress/fuzz/proxy.c b/regress/fuzz/proxy.c new file mode 100644 index 0000000..272332b --- /dev/null +++ b/regress/fuzz/proxy.c @@ -0,0 +1,46 @@ +#include +#include +#include + +#include "gmid.h" + +int +main(void) +{ + struct proxy_protocol_v1 pp1; + char buf[1024]; + char *line = NULL; + size_t consumed, linesize = 0; + ssize_t linelen; + + memset(&pp1, 0, sizeof(pp1)); + memset(buf, 0, sizeof(buf)); + + if ((linelen = getline(&line, &linesize, stdin)) == -1) + return (1); + + if (proxy_proto_v1_parse(&pp1, line, linelen, &consumed) != -1) { + switch (pp1.proto) { + case PROTO_V4: + inet_ntop(AF_INET, &pp1.srcaddr.v4, buf, sizeof(buf)); + break; + case PROTO_V6: + inet_ntop(AF_INET6, &pp1.srcaddr.v6, buf, sizeof(buf)); + break; + case PROTO_UNKNOWN: + strlcpy(buf, "UNKNOWN", sizeof(buf)); + break; + default: + abort(); + } + puts(buf); + } + + free(line); + if (ferror(stdin)) { + perror("getline"); + return (1); + } + + return (0); +} -- cgit v1.2.3