use fuzzing helper functions to generate transport parameter seed corpus

2025-04-03 20:27:35 +03:00 · 2020-08-25 13:16:03 +07:00 · 2020-08-25 13:16:03 +07:00 · a1c4daa212
commit a1c4daa212
parent 5090dd6199
24 changed files with 48 additions and 27 deletions
--- a/fuzzing/transportparameters/cmd/corpus.go
+++ b/fuzzing/transportparameters/cmd/corpus.go
@ -1,14 +1,15 @@
 package main

 import (
-	"fmt"
+	"bytes"
 	"log"
 	"math"
 	"math/rand"
 	"net"
-	"os"
 	"time"

+	"github.com/lucas-clemente/quic-go/fuzzing/internal/helper"
+	"github.com/lucas-clemente/quic-go/fuzzing/transportparameters"
 	"github.com/lucas-clemente/quic-go/internal/protocol"

 	"github.com/lucas-clemente/quic-go/internal/wire"
@ -26,8 +27,7 @@ func getRandomValue() uint64 {
 }

 func main() {
-	rand.Seed(1337)
-	for i := 0; i < 20; i++ {
+	for i := 0; i < 30; i++ {
 		tp := &wire.TransportParameters{
 			InitialMaxStreamDataBidiLocal:  protocol.ByteCount(getRandomValue()),
 			InitialMaxStreamDataBidiRemote: protocol.ByteCount(getRandomValue()),
@ -69,24 +69,21 @@ func main() {
 				StatelessResetToken: token,
 			}
 		}
-		pers := protocol.PerspectiveServer
+
+		var data []byte
 		if rand.Int()%2 == 0 {
-			pers = protocol.PerspectiveClient
+			pers := protocol.PerspectiveServer
+			if rand.Int()%2 == 0 {
+				pers = protocol.PerspectiveClient
+			}
+			data = tp.Marshal(pers)
+		} else {
+			b := &bytes.Buffer{}
+			tp.MarshalForSessionTicket(b)
+			data = b.Bytes()
 		}
-		if err := writeCorpusFile(fmt.Sprintf("tp%d", i), tp.Marshal(pers)); err != nil {
+		if err := helper.WriteCorpusFileWithPrefix("corpus", data, transportparameters.PrefixLen); err != nil {
 			log.Fatal(err)
 		}
 	}
 }
-
-func writeCorpusFile(name string, data []byte) error {
-	file, err := os.Create("corpus/" + name)
-	if err != nil {
-		return err
-	}
-	data = append(getRandomData(2), data...)
-	if _, err := file.Write(data); err != nil {
-		return err
-	}
-	return file.Close()
-}
--- a/fuzzing/transportparameters/corpus/tp0
+++ b/fuzzing/transportparameters/corpus/tp0
--- a/fuzzing/transportparameters/corpus/tp1
+++ b/fuzzing/transportparameters/corpus/tp1
--- a/fuzzing/transportparameters/corpus/tp10
+++ b/fuzzing/transportparameters/corpus/tp10
--- a/fuzzing/transportparameters/corpus/tp11
+++ b/fuzzing/transportparameters/corpus/tp11
--- a/fuzzing/transportparameters/corpus/tp12
+++ b/fuzzing/transportparameters/corpus/tp12
--- a/fuzzing/transportparameters/corpus/tp13
+++ b/fuzzing/transportparameters/corpus/tp13
--- a/fuzzing/transportparameters/corpus/tp14
+++ b/fuzzing/transportparameters/corpus/tp14
--- a/fuzzing/transportparameters/corpus/tp15
+++ b/fuzzing/transportparameters/corpus/tp15
--- a/fuzzing/transportparameters/corpus/tp16
+++ b/fuzzing/transportparameters/corpus/tp16
--- a/fuzzing/transportparameters/corpus/tp17
+++ b/fuzzing/transportparameters/corpus/tp17
--- a/fuzzing/transportparameters/corpus/tp18
+++ b/fuzzing/transportparameters/corpus/tp18
--- a/fuzzing/transportparameters/corpus/tp19
+++ b/fuzzing/transportparameters/corpus/tp19
--- a/fuzzing/transportparameters/corpus/tp2
+++ b/fuzzing/transportparameters/corpus/tp2
--- a/fuzzing/transportparameters/corpus/tp3
+++ b/fuzzing/transportparameters/corpus/tp3
--- a/fuzzing/transportparameters/corpus/tp4
+++ b/fuzzing/transportparameters/corpus/tp4
--- a/fuzzing/transportparameters/corpus/tp5
+++ b/fuzzing/transportparameters/corpus/tp5
--- a/fuzzing/transportparameters/corpus/tp6
+++ b/fuzzing/transportparameters/corpus/tp6
--- a/fuzzing/transportparameters/corpus/tp7
+++ b/fuzzing/transportparameters/corpus/tp7
--- a/fuzzing/transportparameters/corpus/tp8
+++ b/fuzzing/transportparameters/corpus/tp8
--- a/fuzzing/transportparameters/corpus/tp9
+++ b/fuzzing/transportparameters/corpus/tp9
--- a/fuzzing/transportparameters/fuzz.go
+++ b/fuzzing/transportparameters/fuzz.go
@ -4,28 +4,32 @@ import (
 	"bytes"
 	"fmt"

+	"github.com/lucas-clemente/quic-go/fuzzing/internal/helper"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 	"github.com/lucas-clemente/quic-go/internal/wire"
 )

+// PrefixLen is the number of bytes used for configuration
+const PrefixLen = 1
+
+// Fuzz fuzzes the QUIC transport parameters.
 //go:generate go run ./cmd/corpus.go
 func Fuzz(data []byte) int {
-	if len(data) <= 1 {
+	if len(data) <= PrefixLen {
 		return 0
 	}

-	if data[0]%2 == 0 {
-		return fuzzTransportParametersForSessionTicket(data[1:])
+	if helper.NthBit(data[0], 0) {
+		return fuzzTransportParametersForSessionTicket(data[PrefixLen:])
 	}
-	return fuzzTransportParameters(data[1:])
+	return fuzzTransportParameters(data[PrefixLen:], helper.NthBit(data[0], 1))
 }

-func fuzzTransportParameters(data []byte) int {
-	perspective := protocol.PerspectiveServer
-	if data[0]%2 == 1 {
+func fuzzTransportParameters(data []byte, isServer bool) int {
+	perspective := protocol.PerspectiveClient
+	if isServer {
 		perspective = protocol.PerspectiveServer
 	}
-	data = data[1:]

 	tp := &wire.TransportParameters{}
 	if err := tp.Unmarshal(data, perspective); err != nil {