[tor-commits] [tor/master] Port fuzz_http to use fuzzing_common.
nickm at torproject.org
nickm at torproject.org
Mon Jan 30 13:45:47 UTC 2017
commit 60769e710f1099168f7508fe6834e458ce435ad9
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Dec 13 19:41:03 2016 -0500
Port fuzz_http to use fuzzing_common.
Move common logic from fuzz_http to fuzzing_common.
---
src/test/fuzz/fuzz_descriptor.c | 6 ++
src/test/fuzz/fuzz_http.c | 120 ++++++++--------------------------------
src/test/fuzz/fuzzing.h | 1 +
src/test/fuzz/fuzzing_common.c | 52 +++++++++++++----
src/test/fuzz/include.am | 2 +-
5 files changed, 74 insertions(+), 107 deletions(-)
diff --git a/src/test/fuzz/fuzz_descriptor.c b/src/test/fuzz/fuzz_descriptor.c
index 1364bf4..12297fd 100644
--- a/src/test/fuzz/fuzz_descriptor.c
+++ b/src/test/fuzz/fuzz_descriptor.c
@@ -12,6 +12,12 @@ fuzz_init(void)
}
int
+fuzz_cleanup(void)
+{
+ return 0;
+}
+
+int
fuzz_main(const uint8_t *data, size_t sz)
{
routerinfo_t *ri;
diff --git a/src/test/fuzz/fuzz_http.c b/src/test/fuzz/fuzz_http.c
index abf5de8..ea63e83 100644
--- a/src/test/fuzz/fuzz_http.c
+++ b/src/test/fuzz/fuzz_http.c
@@ -4,6 +4,7 @@
#include "orconfig.h"
#define BUFFERS_PRIVATE
+#define DIRECTORY_PRIVATE
#include "or.h"
#include "backtrace.h"
@@ -13,11 +14,7 @@
#include "directory.h"
#include "torlog.h"
-/* Silence compiler warnings about a missing extern */
-extern const char tor_git_revision[];
-const char tor_git_revision[] = "";
-
-#define MAX_FUZZ_SIZE (2*MAX_HEADERS_SIZE + MAX_DIR_UL_SIZE)
+#include "fuzzing.h"
static int mock_get_options_calls = 0;
static or_options_t *mock_options = NULL;
@@ -47,101 +44,45 @@ mock_connection_write_to_buf_impl_(const char *string, size_t len,
zlib ? "Compressed " : "", len, conn, string);
}
-/* Read a directory command (including HTTP headers) from stdin, parse it, and
- * output what tor parsed */
int
-main(int c, char** v)
+fuzz_init(void)
{
- /* Disable logging by default to speed up fuzzing. */
- int loglevel = LOG_ERR;
-
- /* Initialise logging first */
- init_logging(1);
- configure_backtrace_handler(get_version());
-
- for (int i = 1; i < c; ++i) {
- if (!strcmp(v[i], "--warn")) {
- loglevel = LOG_WARN;
- } else if (!strcmp(v[i], "--notice")) {
- loglevel = LOG_NOTICE;
- } else if (!strcmp(v[i], "--info")) {
- loglevel = LOG_INFO;
- } else if (!strcmp(v[i], "--debug")) {
- loglevel = LOG_DEBUG;
- }
- }
-
- {
- log_severity_list_t s;
- memset(&s, 0, sizeof(s));
- set_log_severity_config(loglevel, LOG_ERR, &s);
- /* ALWAYS log bug warnings. */
- s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
- add_stream_log(&s, "", fileno(stdout));
- }
-
- /* Make BUG() and nonfatal asserts crash */
- tor_set_failed_assertion_callback(abort);
-
- /* Set up fake variables */
- dir_connection_t dir_conn;
- int rv = -1;
- ssize_t data_size = -1;
- char *stdin_buf = tor_malloc(MAX_FUZZ_SIZE+1);
-
- /* directory_handle_command checks some tor options
- * just make them all 0 */
mock_options = tor_malloc(sizeof(or_options_t));
reset_options(mock_options, &mock_get_options_calls);
MOCK(get_options, mock_get_options);
-
- /* Set up the fake connection */
- memset(&dir_conn, 0, sizeof(dir_connection_t));
- dir_conn.base_.type = CONN_TYPE_DIR;
-
/* Set up fake response handler */
MOCK(connection_write_to_buf_impl_, mock_connection_write_to_buf_impl_);
+ return 0;
+}
-/*
-afl extension - loop and reset state after parsing
-likely needs to reset the allocation data structures and counts as well
-#ifdef __AFL_HAVE_MANUAL_CONTROL
- while (__AFL_LOOP(1000)) {
-#endif
-*/
+int
+fuzz_cleanup(void)
+{
+ tor_free(mock_options);
+ UNMOCK(get_options);
+ UNMOCK(connection_write_to_buf_impl_);
+ return 0;
+}
- /* Initialise the data structures */
- memset(stdin_buf, 0, MAX_FUZZ_SIZE+1);
+int
+fuzz_main(const uint8_t *stdin_buf, size_t data_size)
+{
+ dir_connection_t dir_conn;
+ /* Set up the fake connection */
+ memset(&dir_conn, 0, sizeof(dir_connection_t));
+ dir_conn.base_.type = CONN_TYPE_DIR;
/* Apparently tor sets this before directory_handle_command() is called. */
dir_conn.base_.address = tor_strdup("replace-this-address.example.com");
-#ifdef __AFL_HAVE_MANUAL_CONTROL
- /* Tell AFL to pause and fork here - ignored if not using AFL */
- __AFL_INIT();
-#endif
-
- /* Read the data */
- data_size = read(STDIN_FILENO, stdin_buf, MAX_FUZZ_SIZE);
- tor_assert(data_size != -1);
- tor_assert(data_size <= MAX_FUZZ_SIZE);
- stdin_buf[data_size] = '\0';
- tor_assert(strlen(stdin_buf) >= 0);
- tor_assert(strlen(stdin_buf) <= MAX_FUZZ_SIZE);
-
- log_debug(LD_GENERAL, "Input-Length:\n%zu\n", data_size);
- log_debug(LD_GENERAL, "Input:\n%s\n", stdin_buf);
-
- /* Copy the stdin data into the buffer */
- tor_assert(data_size >= 0);
- dir_conn.base_.inbuf = buf_new_with_data(stdin_buf, (size_t)data_size);
+ dir_conn.base_.inbuf = buf_new_with_data((char*)stdin_buf, data_size);
if (!dir_conn.base_.inbuf) {
log_debug(LD_GENERAL, "Zero-Length-Input\n");
return 0;
}
/* Parse the headers */
- rv = directory_handle_command(&dir_conn);
+ int rv = directory_handle_command(&dir_conn);
/* TODO: check the output is correctly parsed based on the input */
@@ -152,23 +93,10 @@ likely needs to reset the allocation data structures and counts as well
log_debug(LD_GENERAL, "Result:\n%d\n", rv);
- /* Reset */
+ /* Reset. */
tor_free(dir_conn.base_.address);
-
buf_free(dir_conn.base_.inbuf);
dir_conn.base_.inbuf = NULL;
-/*
-#ifdef __AFL_HAVE_MANUAL_CONTROL
- }
-#endif
-*/
-
- /* Cleanup */
- tor_free(mock_options);
- UNMOCK(get_options);
-
- UNMOCK(connection_write_to_buf_impl_);
-
- tor_free(stdin_buf);
+ return 0;
}
diff --git a/src/test/fuzz/fuzzing.h b/src/test/fuzz/fuzzing.h
index fbd54da..794ed14 100644
--- a/src/test/fuzz/fuzzing.h
+++ b/src/test/fuzz/fuzzing.h
@@ -2,6 +2,7 @@
#define FUZZING_H
int fuzz_init(void);
+int fuzz_cleanup(void);
int fuzz_main(const uint8_t *data, size_t sz);
#endif /* FUZZING_H */
diff --git a/src/test/fuzz/fuzzing_common.c b/src/test/fuzz/fuzzing_common.c
index 51d519b..87affc4 100644
--- a/src/test/fuzz/fuzzing_common.c
+++ b/src/test/fuzz/fuzzing_common.c
@@ -1,8 +1,7 @@
#include "orconfig.h"
-#include "torint.h"
-#include "util.h"
-#include "torlog.h"
+#include "or.h"
#include "backtrace.h"
+#include "config.h"
#include "fuzzing.h"
extern const char tor_git_revision[];
@@ -28,23 +27,56 @@ int
main(int argc, char **argv)
{
size_t size;
- char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
tor_threads_init();
init_logging(1);
- if (argc > 1 && !strcmp(argv[1], "--info")) {
- log_severity_list_t sev;
- set_log_severity_config(LOG_INFO, LOG_ERR, &sev);
- add_stream_log(&sev, "stdout", 1);
- configure_backtrace_handler(NULL);
+ /* Disable logging by default to speed up fuzzing. */
+ int loglevel = LOG_ERR;
+
+ /* Initialise logging first */
+ init_logging(1);
+ configure_backtrace_handler(get_version());
+
+ for (int i = 1; i < argc; ++i) {
+ if (!strcmp(argv[i], "--warn")) {
+ loglevel = LOG_WARN;
+ } else if (!strcmp(argv[i], "--notice")) {
+ loglevel = LOG_NOTICE;
+ } else if (!strcmp(argv[i], "--info")) {
+ loglevel = LOG_INFO;
+ } else if (!strcmp(argv[i], "--debug")) {
+ loglevel = LOG_DEBUG;
+ }
}
- tor_assert(input);
+ {
+ log_severity_list_t s;
+ memset(&s, 0, sizeof(s));
+ set_log_severity_config(loglevel, LOG_ERR, &s);
+ /* ALWAYS log bug warnings. */
+ s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
+ add_stream_log(&s, "", fileno(stdout));
+ }
+
+ /* Make BUG() and nonfatal asserts crash */
+ tor_set_failed_assertion_callback(abort);
+
if (fuzz_init() < 0)
abort();
+
+#ifdef __AFL_HAVE_MANUAL_CONTROL
+ /* Tell AFL to pause and fork here - ignored if not using AFL */
+ __AFL_INIT();
+#endif
+
+ char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
+ tor_assert(input);
fuzz_main((const uint8_t*)input, size);
tor_free(input);
+
+ if (fuzz_cleanup() < 0)
+ abort();
return 0;
}
diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am
index 323798f..7948b20 100644
--- a/src/test/fuzz/include.am
+++ b/src/test/fuzz/include.am
@@ -21,7 +21,7 @@ FUZZING_LIBS = \
noinst_HEADERS += \
- src/test/fuzz/fuzzing_boilerplate.h
+ src/test/fuzz/fuzzing.h
src_test_fuzz_fuzz_descriptor_SOURCES = \
src/test/fuzz/fuzzing_common.c \
More information about the tor-commits
mailing list