diff --git a/.gitignore b/.gitignore index 8cccd348..2923d563 100644 --- a/.gitignore +++ b/.gitignore @@ -11,7 +11,5 @@ fuzzing/*/crashers fuzzing/*/sonarprofile fuzzing/*/suppressions fuzzing/*/corpus/ -fuzzing/*-fuzz.zip !fuzzing/frames/single-frame* !fuzzing/frames/multiple-frame* -!fuzzing/header/header* diff --git a/fuzzing/header/cmd/corpus.go b/fuzzing/header/cmd/corpus.go index 6e3f1cd5..2422afcc 100644 --- a/fuzzing/header/cmd/corpus.go +++ b/fuzzing/header/cmd/corpus.go @@ -2,10 +2,11 @@ package main import ( "bytes" - "fmt" + "log" "math/rand" - "os" + "github.com/lucas-clemente/quic-go/fuzzing/header" + "github.com/lucas-clemente/quic-go/fuzzing/internal/helper" "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/wire" ) @@ -25,16 +26,14 @@ func getVNP(src, dest protocol.ConnectionID, numVersions int) []byte { } data, err := wire.ComposeVersionNegotiation(src, dest, versions) if err != nil { - panic(err) + log.Fatal(err) } return data } func main() { - rand.Seed(1337) - headers := []wire.Header{ - wire.Header{ // Initial without token + { // Initial without token IsLongHeader: true, SrcConnectionID: protocol.ConnectionID(getRandomData(3)), DestConnectionID: protocol.ConnectionID(getRandomData(8)), @@ -42,14 +41,14 @@ func main() { Length: protocol.ByteCount(rand.Intn(1000)), Version: version, }, - wire.Header{ // Initial without token, with zero-length src conn id + { // Initial without token, with zero-length src conn id IsLongHeader: true, DestConnectionID: protocol.ConnectionID(getRandomData(8)), Type: protocol.PacketTypeInitial, Length: protocol.ByteCount(rand.Intn(1000)), Version: version, }, - wire.Header{ // Initial with Token + { // Initial with Token IsLongHeader: true, SrcConnectionID: protocol.ConnectionID(getRandomData(10)), DestConnectionID: protocol.ConnectionID(getRandomData(19)), @@ -58,7 +57,7 @@ func main() { Version: version, Token: getRandomData(25), }, - wire.Header{ // Handshake packet + { // Handshake packet IsLongHeader: true, SrcConnectionID: protocol.ConnectionID(getRandomData(5)), DestConnectionID: protocol.ConnectionID(getRandomData(10)), @@ -66,14 +65,14 @@ func main() { Length: protocol.ByteCount(rand.Intn(1000)), Version: version, }, - wire.Header{ // Handshake packet, with zero-length src conn id + { // Handshake packet, with zero-length src conn id IsLongHeader: true, DestConnectionID: protocol.ConnectionID(getRandomData(12)), Type: protocol.PacketTypeHandshake, Length: protocol.ByteCount(rand.Intn(1000)), Version: version, }, - wire.Header{ // 0-RTT packet + { // 0-RTT packet IsLongHeader: true, SrcConnectionID: protocol.ConnectionID(getRandomData(8)), DestConnectionID: protocol.ConnectionID(getRandomData(9)), @@ -81,7 +80,7 @@ func main() { Length: protocol.ByteCount(rand.Intn(1000)), Version: version, }, - wire.Header{ // Retry Packet, with empty orig dest conn id + { // Retry Packet, with empty orig dest conn id IsLongHeader: true, SrcConnectionID: protocol.ConnectionID(getRandomData(8)), DestConnectionID: protocol.ConnectionID(getRandomData(9)), @@ -89,12 +88,12 @@ func main() { Token: getRandomData(1000), Version: version, }, - wire.Header{ // Short-Header + { // Short-Header DestConnectionID: protocol.ConnectionID(getRandomData(8)), }, } - for i, h := range headers { + for _, h := range headers { extHdr := &wire.ExtendedHeader{ Header: h, PacketNumberLen: protocol.PacketNumberLen(rand.Intn(4) + 1), @@ -102,7 +101,7 @@ func main() { } b := &bytes.Buffer{} if err := extHdr.Write(b, version); err != nil { - panic(err) + log.Fatal(err) } if h.Type == protocol.PacketTypeRetry { b.Write([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}) @@ -111,8 +110,8 @@ func main() { b.Write(make([]byte, h.Length)) } - if err := writeCorpusFile(fmt.Sprintf("header-%d", i), b.Bytes()); err != nil { - panic(err) + if err := helper.WriteCorpusFileWithPrefix("corpus", b.Bytes(), header.PrefixLen); err != nil { + log.Fatal(err) } } @@ -144,22 +143,9 @@ func main() { ), } - for i, vnp := range vnps { - if err := writeCorpusFile(fmt.Sprintf("vnp-%d", i), vnp); err != nil { - panic(err) + for _, vnp := range vnps { + if err := helper.WriteCorpusFileWithPrefix("corpus", vnp, header.PrefixLen); err != nil { + log.Fatal(err) } } - -} - -func writeCorpusFile(name string, data []byte) error { - file, err := os.Create("corpus/" + name) - if err != nil { - return err - } - data = append(getRandomData(1), data...) - if _, err := file.Write(data); err != nil { - return err - } - return file.Close() } diff --git a/fuzzing/header/corpus/header-0 b/fuzzing/header/corpus/header-0 deleted file mode 100644 index 9bf45bc0..00000000 Binary files a/fuzzing/header/corpus/header-0 and /dev/null differ diff --git a/fuzzing/header/corpus/header-1 b/fuzzing/header/corpus/header-1 deleted file mode 100644 index f553487e..00000000 Binary files a/fuzzing/header/corpus/header-1 and /dev/null differ diff --git a/fuzzing/header/corpus/header-2 b/fuzzing/header/corpus/header-2 deleted file mode 100644 index 178c6b6c..00000000 Binary files a/fuzzing/header/corpus/header-2 and /dev/null differ diff --git a/fuzzing/header/corpus/header-3 b/fuzzing/header/corpus/header-3 deleted file mode 100644 index b544ea2a..00000000 Binary files a/fuzzing/header/corpus/header-3 and /dev/null differ diff --git a/fuzzing/header/corpus/header-4 b/fuzzing/header/corpus/header-4 deleted file mode 100644 index 9a5db557..00000000 Binary files a/fuzzing/header/corpus/header-4 and /dev/null differ diff --git a/fuzzing/header/corpus/header-5 b/fuzzing/header/corpus/header-5 deleted file mode 100644 index d13e69ab..00000000 Binary files a/fuzzing/header/corpus/header-5 and /dev/null differ diff --git a/fuzzing/header/corpus/header-6 b/fuzzing/header/corpus/header-6 deleted file mode 100644 index aa8d1dca..00000000 --- a/fuzzing/header/corpus/header-6 +++ /dev/null @@ -1,2 +0,0 @@ -QGO aF'jae&aT*l -~f E!UsG x \ No newline at end of file diff --git a/fuzzing/header/corpus/header-7 b/fuzzing/header/corpus/header-7 deleted file mode 100644 index cd11f832..00000000 Binary files a/fuzzing/header/corpus/header-7 and /dev/null differ diff --git a/fuzzing/header/corpus/header-8 b/fuzzing/header/corpus/header-8 deleted file mode 100644 index fc5983ed..00000000 Binary files a/fuzzing/header/corpus/header-8 and /dev/null differ diff --git a/fuzzing/header/corpus/header-9 b/fuzzing/header/corpus/header-9 deleted file mode 100644 index dfaa9ab8..00000000 --- a/fuzzing/header/corpus/header-9 +++ /dev/null @@ -1 +0,0 @@ -E@1tQ \ No newline at end of file diff --git a/fuzzing/header/corpus/vnp-0 b/fuzzing/header/corpus/vnp-0 deleted file mode 100644 index a34a522c..00000000 Binary files a/fuzzing/header/corpus/vnp-0 and /dev/null differ diff --git a/fuzzing/header/corpus/vnp-1 b/fuzzing/header/corpus/vnp-1 deleted file mode 100644 index 472eb346..00000000 Binary files a/fuzzing/header/corpus/vnp-1 and /dev/null differ diff --git a/fuzzing/header/corpus/vnp-2 b/fuzzing/header/corpus/vnp-2 deleted file mode 100644 index c829a421..00000000 Binary files a/fuzzing/header/corpus/vnp-2 and /dev/null differ diff --git a/fuzzing/header/corpus/vnp-3 b/fuzzing/header/corpus/vnp-3 deleted file mode 100644 index e89bd6e9..00000000 Binary files a/fuzzing/header/corpus/vnp-3 and /dev/null differ diff --git a/fuzzing/header/corpus/vnp-4 b/fuzzing/header/corpus/vnp-4 deleted file mode 100644 index 339076bf..00000000 Binary files a/fuzzing/header/corpus/vnp-4 and /dev/null differ diff --git a/fuzzing/header/fuzz.go b/fuzzing/header/fuzz.go index 75b477f5..d3d937d8 100644 --- a/fuzzing/header/fuzz.go +++ b/fuzzing/header/fuzz.go @@ -10,13 +10,17 @@ import ( const version = protocol.VersionTLS +// PrefixLen is the number of bytes used for configuration +const PrefixLen = 1 + +// Fuzz fuzzes the QUIC header. //go:generate go run ./cmd/corpus.go func Fuzz(data []byte) int { - if len(data) < 1 { + if len(data) < PrefixLen { return 0 } connIDLen := int(data[0] % 21) - data = data[1:] + data = data[PrefixLen:] if wire.IsVersionNegotiationPacket(data) { return fuzzVNP(data)