Google Git
Sign in
chromium / chromium / src.git / 0295b45b3351d71cf8366784d3c0762bbf870e2d / . / net / socket / socks_client_socket_fuzzer.cc
blob: feaa18282d1381c9f340f90af3b28425e9adfa30 [file] [log] [blame]
mmenke99b57172016-04-14 20:44:33[diff] [blame]1// Copyright 2016 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
mmenke99b57172016-04-14 20:44:33[diff] [blame]5#include <stddef.h>
6#include <stdint.h>
7
danakj655b66c2016-04-16 00:51:38[diff] [blame]8#include <memory>
9
mmenke99b57172016-04-14 20:44:33[diff] [blame]10#include "base/logging.h"
csharrisonf30fc95f2016-08-19 21:43:44[diff] [blame]11#include "base/test/fuzzed_data_provider.h"
mmenke99b57172016-04-14 20:44:33[diff] [blame]12#include "net/base/address_list.h"
13#include "net/base/net_errors.h"
14#include "net/base/test_completion_callback.h"
15#include "net/dns/host_resolver.h"
16#include "net/dns/mock_host_resolver.h"
17#include "net/log/test_net_log.h"
18#include "net/socket/client_socket_handle.h"
19#include "net/socket/fuzzed_socket.h"
danakj655b66c2016-04-16 00:51:38[diff] [blame]20#include "net/socket/socks_client_socket.h"
[email protected]27fb73c2018-01-11 13:27:24[diff] [blame]21#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
mmenke99b57172016-04-14 20:44:33[diff] [blame]22
23// Fuzzer for SocksClientSocket. Only covers the SOCKS4 handshake.
24//
25// |data| is used to create a FuzzedSocket to fuzz reads and writes, see that
26// class for details.
27extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
mmenke99b57172016-04-14 20:44:33[diff] [blame]28 // Use a test NetLog, to exercise logging code.
mmenkec951d412016-04-28 19:05:22[diff] [blame]29 net::TestNetLog test_net_log;
mmenke99b57172016-04-14 20:44:33[diff] [blame]30
csharrisonf30fc95f2016-08-19 21:43:44[diff] [blame]31 base::FuzzedDataProvider data_provider(data, size);
mmenkec951d412016-04-28 19:05:22[diff] [blame]32
33 // Determine if the DNS lookup returns synchronously or asynchronously,
34 // succeeds or fails, and returns an IPv4 or IPv6 address.
mmenke99b57172016-04-14 20:44:33[diff] [blame]35 net::MockHostResolver mock_host_resolver;
36 scoped_refptr<net::RuleBasedHostResolverProc> rules(
37 new net::RuleBasedHostResolverProc(nullptr));
mmenkec951d412016-04-28 19:05:22[diff] [blame]38 mock_host_resolver.set_synchronous_mode(data_provider.ConsumeBool());
mmenke91c17162016-06-02 16:03:23[diff] [blame]39 switch (data_provider.ConsumeInt32InRange(0, 2)) {
mmenke99b57172016-04-14 20:44:33[diff] [blame]40 case 0:
41 rules->AddRule("*", "127.0.0.1");
42 break;
43 case 1:
44 rules->AddRule("*", "::1");
45 break;
46 case 2:
47 rules->AddSimulatedFailure("*");
48 break;
49 }
50 mock_host_resolver.set_rules(rules.get());
51
52 net::TestCompletionCallback callback;
danakj655b66c2016-04-16 00:51:38[diff] [blame]53 std::unique_ptr<net::FuzzedSocket> fuzzed_socket(
mmenkec951d412016-04-28 19:05:22[diff] [blame]54 new net::FuzzedSocket(&data_provider, &test_net_log));
mmenke99b57172016-04-14 20:44:33[diff] [blame]55 CHECK_EQ(net::OK, fuzzed_socket->Connect(callback.callback()));
56
danakj655b66c2016-04-16 00:51:38[diff] [blame]57 std::unique_ptr<net::ClientSocketHandle> socket_handle(
mmenke99b57172016-04-14 20:44:33[diff] [blame]58 new net::ClientSocketHandle());
59 socket_handle->SetSocket(std::move(fuzzed_socket));
60
61 net::HostResolver::RequestInfo request_info(net::HostPortPair("foo", 80));
[email protected]27fb73c2018-01-11 13:27:24[diff] [blame]62
mmenke99b57172016-04-14 20:44:33[diff] [blame]63 net::SOCKSClientSocket socket(std::move(socket_handle), request_info,
[email protected]27fb73c2018-01-11 13:27:24[diff] [blame]64 net::DEFAULT_PRIORITY, &mock_host_resolver,
65 TRAFFIC_ANNOTATION_FOR_TESTS);
mmenke99b57172016-04-14 20:44:33[diff] [blame]66 int result = socket.Connect(callback.callback());
67 callback.GetResult(result);
68 return 0;
69}