fuzzing: added new basic target

Add fuzzing targets: 1. djb hash 2. murmur hash2 3. parse 4. sha1 5. uri decode, uri encode 6. utf8 casecmp 7. websocket base64 encode 8. websocket frame Signed-off-by: Arjun <[email protected]>
nginx · Jul 27, 2024 · 51675fc · 51675fc
1 parent 61c13ad
commit 51675fc
Showing 1 changed file with 143 additions and 1 deletion.
diff --git a/fuzzing/nxt_basic_fuzz.c b/fuzzing/nxt_basic_fuzz.c
@@ -3,19 +3,31 @@
  */
 
 #include <nxt_main.h>
+#include <nxt_sha1.h>
+#include <nxt_websocket.h>
+#include <nxt_websocket_header.h>
+#include <nxt_websocket_accept.c>
 
 
-#define KMININPUTLENGTH 2
+#define KMININPUTLENGTH 4
 #define KMAXINPUTLENGTH 128
 
 
 extern int LLVMFuzzerInitialize(int *argc, char ***argv);
 extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
 void nxt_base64_fuzz(const u_char *data, size_t size);
+void nxt_djb_hash_fuzz(const u_char *data, size_t size);
+void nxt_murmur_hash2_fuzz(const u_char *data, size_t size);
+void nxt_parse_fuzz(const u_char *data, size_t size);
+void nxt_sha1_fuzz(const u_char *data, size_t size);
+void nxt_sha1_update_fuzz(const u_char *data, size_t size);
 void nxt_term_fuzz(const u_char *data, size_t size);
 void nxt_time_fuzz(const u_char *data, size_t size);
+void nxt_uri_fuzz(const u_char *data, size_t size);
 void nxt_utf8_fuzz(const u_char *data, size_t size);
+void nxt_websocket_base64_fuzz(const u_char *data, size_t size);
+void nxt_websocket_frame_fuzz(const u_char *data, size_t size);
 
 
 extern char  **environ;
@@ -40,9 +52,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     }
 
     nxt_base64_fuzz(data, size);
+    nxt_djb_hash_fuzz(data, size);
+    nxt_murmur_hash2_fuzz(data, size);
+    nxt_parse_fuzz(data, size);
+    nxt_sha1_fuzz(data, size);
+    nxt_sha1_update_fuzz(data, size);
     nxt_term_fuzz(data, size);
     nxt_time_fuzz(data, size);
+    nxt_uri_fuzz(data, size);
     nxt_utf8_fuzz(data, size);
+    nxt_websocket_base64_fuzz(data, size);
+    nxt_websocket_frame_fuzz(data, size);
 
     return 0;
 }
@@ -66,6 +86,64 @@ nxt_base64_fuzz(const u_char *data, size_t size)
 }
 
 
+void
+nxt_djb_hash_fuzz(const u_char *data, size_t size)
+{
+    nxt_djb_hash(data, size);
+    nxt_djb_hash_lowcase(data, size);
+}
+
+
+void
+nxt_murmur_hash2_fuzz(const u_char *data, size_t size)
+{
+    nxt_murmur_hash2(data, size);
+    nxt_murmur_hash2_uint32(data);
+}
+
+
+void
+nxt_parse_fuzz(const u_char *data, size_t size)
+{
+    nxt_str_t  input;
+
+    input.start = (u_char *)data;
+    input.length = size;
+
+    nxt_int_parse(data, size);
+    nxt_size_t_parse(data, size);
+    nxt_size_parse(data, size);
+    nxt_off_t_parse(data, size);
+    nxt_str_int_parse(&input);
+    nxt_number_parse(&data, data + size);
+}
+
+
+void
+nxt_sha1_fuzz(const u_char *data, size_t size)
+{
+    u_char      bin_accept[20];
+    nxt_sha1_t  ctx;
+
+    nxt_sha1_init(&ctx);
+    nxt_sha1_update(&ctx, data, size);
+    nxt_sha1_final(bin_accept, &ctx);
+}
+
+
+void
+nxt_sha1_update_fuzz(const u_char *data, size_t size)
+{
+    u_char      bin_accept[20];
+    nxt_sha1_t  ctx;
+
+    nxt_sha1_init(&ctx);
+    nxt_sha1_update(&ctx, data, size);
+    nxt_sha1_update(&ctx, data, size);
+    nxt_sha1_final(bin_accept, &ctx);
+}
+
+
 void
 nxt_term_fuzz(const u_char *data, size_t size)
 {
@@ -81,11 +159,75 @@ nxt_time_fuzz(const u_char *data, size_t size)
 }
 
 
+void
+nxt_uri_fuzz(const u_char *data, size_t size)
+{
+    u_char  *dst;
+
+    dst = nxt_zalloc(size * 3);
+    if (dst == NULL) {
+        return;
+    }
+
+    nxt_decode_uri(dst, (u_char *)data, size);
+    nxt_decode_uri_plus(dst, (u_char *)data, size);
+
+    nxt_encode_uri(NULL, (u_char *)data, size);
+    nxt_encode_uri(dst, (u_char *)data, size);
+
+    nxt_free(dst);
+}
+
+
 void
 nxt_utf8_fuzz(const u_char *data, size_t size)
 {
     const u_char  *in;
 
     in = data;
     nxt_utf8_decode(&in, data + size);
+
+    nxt_utf8_casecmp((u_char *)"ABC АБВ ΑΒΓ",
+                    data,
+                    nxt_length("ABC АБВ ΑΒΓ"),
+                    size);
+}
+
+
+void
+nxt_websocket_base64_fuzz(const u_char *data, size_t size)
+{
+    u_char  *out;
+
+    out = nxt_zalloc(size * 2);
+    if (out == NULL) {
+        return;
+    }
+
+    nxt_websocket_base64_encode(out, data, size);
+
+    nxt_free(out);
+}
+
+
+void
+nxt_websocket_frame_fuzz(const u_char *data, size_t size)
+{
+    char  *input;
+
+    /*
+     * Resolve overwrites-const-input by using a copy of the data.
+     */
+    input = nxt_malloc(size);
+    if (input == NULL) {
+        return;
+    }
+
+    nxt_memcpy(input, data, size);
+
+    nxt_websocket_frame_init(input, 0);
+    nxt_websocket_frame_header_size(input);
+    nxt_websocket_frame_payload_len(input);
+
+    nxt_free(input);
 }