mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-03 20:27:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

use the fuzzing helper functions to generate the header seed corpus

Browse source
This commit is contained in:
Marten Seemann 2020-08-25 12:41:40 +07:00
parent 9a8e39327b
commit 745e51ac4f
18 changed files with 25 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

52
fuzzing/header/cmd/corpus.go
View file

@ -2,10 +2,11 @@ package main
import (
"bytes"
"fmt"
"log"
"math/rand"
"os"
"github.com/lucas-clemente/quic-go/fuzzing/header"
"github.com/lucas-clemente/quic-go/fuzzing/internal/helper"
"github.com/lucas-clemente/quic-go/internal/protocol"
"github.com/lucas-clemente/quic-go/internal/wire"
)
@ -25,16 +26,14 @@ func getVNP(src, dest protocol.ConnectionID, numVersions int) []byte {
}
data, err := wire.ComposeVersionNegotiation(src, dest, versions)
if err != nil {
panic(err)
log.Fatal(err)
}
return data
}
func main() {
rand.Seed(1337)
headers := []wire.Header{
wire.Header{ // Initial without token
{ // Initial without token
IsLongHeader: true,
SrcConnectionID: protocol.ConnectionID(getRandomData(3)),
DestConnectionID: protocol.ConnectionID(getRandomData(8)),
@ -42,14 +41,14 @@ func main() {
Length: protocol.ByteCount(rand.Intn(1000)),
Version: version,
},
wire.Header{ // Initial without token, with zero-length src conn id
{ // Initial without token, with zero-length src conn id
IsLongHeader: true,
DestConnectionID: protocol.ConnectionID(getRandomData(8)),
Type: protocol.PacketTypeInitial,
Length: protocol.ByteCount(rand.Intn(1000)),
Version: version,
},
wire.Header{ // Initial with Token
{ // Initial with Token
IsLongHeader: true,
SrcConnectionID: protocol.ConnectionID(getRandomData(10)),
DestConnectionID: protocol.ConnectionID(getRandomData(19)),
@ -58,7 +57,7 @@ func main() {
Version: version,
Token: getRandomData(25),
},
wire.Header{ // Handshake packet
{ // Handshake packet
IsLongHeader: true,
SrcConnectionID: protocol.ConnectionID(getRandomData(5)),
DestConnectionID: protocol.ConnectionID(getRandomData(10)),
@ -66,14 +65,14 @@ func main() {
Length: protocol.ByteCount(rand.Intn(1000)),
Version: version,
},
wire.Header{ // Handshake packet, with zero-length src conn id
{ // Handshake packet, with zero-length src conn id
IsLongHeader: true,
DestConnectionID: protocol.ConnectionID(getRandomData(12)),
Type: protocol.PacketTypeHandshake,
Length: protocol.ByteCount(rand.Intn(1000)),
Version: version,
},
wire.Header{ // 0-RTT packet
{ // 0-RTT packet
IsLongHeader: true,
SrcConnectionID: protocol.ConnectionID(getRandomData(8)),
DestConnectionID: protocol.ConnectionID(getRandomData(9)),
@ -81,7 +80,7 @@ func main() {
Length: protocol.ByteCount(rand.Intn(1000)),
Version: version,
},
wire.Header{ // Retry Packet, with empty orig dest conn id
{ // Retry Packet, with empty orig dest conn id
IsLongHeader: true,
SrcConnectionID: protocol.ConnectionID(getRandomData(8)),
DestConnectionID: protocol.ConnectionID(getRandomData(9)),
@ -89,12 +88,12 @@ func main() {
Token: getRandomData(1000),
Version: version,
},
wire.Header{ // Short-Header
{ // Short-Header
DestConnectionID: protocol.ConnectionID(getRandomData(8)),
},
}
for i, h := range headers {
for _, h := range headers {
extHdr := &wire.ExtendedHeader{
Header: h,
PacketNumberLen: protocol.PacketNumberLen(rand.Intn(4) + 1),
@ -102,7 +101,7 @@ func main() {
}
b := &bytes.Buffer{}
if err := extHdr.Write(b, version); err != nil {
panic(err)
log.Fatal(err)
}
if h.Type == protocol.PacketTypeRetry {
b.Write([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16})
@ -111,8 +110,8 @@ func main() {
b.Write(make([]byte, h.Length))
}
if err := writeCorpusFile(fmt.Sprintf("header-%d", i), b.Bytes()); err != nil {
panic(err)
if err := helper.WriteCorpusFileWithPrefix("corpus", b.Bytes(), header.PrefixLen); err != nil {
log.Fatal(err)
}
}
@ -144,22 +143,9 @@ func main() {
),
}
for i, vnp := range vnps {
if err := writeCorpusFile(fmt.Sprintf("vnp-%d", i), vnp); err != nil {
panic(err)
for _, vnp := range vnps {
if err := helper.WriteCorpusFileWithPrefix("corpus", vnp, header.PrefixLen); err != nil {
log.Fatal(err)
}
}
}
func writeCorpusFile(name string, data []byte) error {
file, err := os.Create("corpus/" + name)
if err != nil {
return err
}
data = append(getRandomData(1), data...)
if _, err := file.Write(data); err != nil {
return err
}
return file.Close()
}

BIN
fuzzing/header/corpus/header-0
View file

Binary file not shown.

BIN
fuzzing/header/corpus/header-1
View file

Binary file not shown.

BIN
fuzzing/header/corpus/header-2
View file

Binary file not shown.

BIN
fuzzing/header/corpus/header-3
View file

Binary file not shown.

BIN
fuzzing/header/corpus/header-4
View file

Binary file not shown.

BIN
fuzzing/header/corpus/header-5
View file

Binary file not shown.

2
fuzzing/header/corpus/header-6
View file

@ -1,2 +0,0 @@
ÉðQGOÿ aF­'jaeÙñý&�aïT*l
Þ÷~Øfò »¡E!U‘sÓG x

BIN
fuzzing/header/corpus/header-7
View file

Binary file not shown.

BIN
fuzzing/header/corpus/header-8
View file

Binary file not shown.

1
fuzzing/header/corpus/header-9
View file

@ -1 +0,0 @@
E@�1tQ�����

BIN
fuzzing/header/corpus/vnp-0
View file

Binary file not shown.

BIN
fuzzing/header/corpus/vnp-1
View file

Binary file not shown.

BIN
fuzzing/header/corpus/vnp-2
View file

Binary file not shown.

BIN
fuzzing/header/corpus/vnp-3
View file

Binary file not shown.

BIN
fuzzing/header/corpus/vnp-4
View file

Binary file not shown.

8
fuzzing/header/fuzz.go
View file

@ -10,13 +10,17 @@ import (
const version = protocol.VersionTLS
// PrefixLen is the number of bytes used for configuration
const PrefixLen = 1
// Fuzz fuzzes the QUIC header.
//go:generate go run ./cmd/corpus.go
func Fuzz(data []byte) int {
if len(data) < 1 {
if len(data) < PrefixLen {
return 0
}
connIDLen := int(data[0] % 21)
data = data[1:]
data = data[PrefixLen:]
if wire.IsVersionNegotiationPacket(data) {
return fuzzVNP(data)