From 241355ab11016d9cb0d3256ebe5a2333792fe202 Mon Sep 17 00:00:00 2001 From: Arjun Date: Sat, 27 Jul 2024 09:07:04 +0530 Subject: [PATCH] fuzzing: beautified controller and h1p-peer Signed-off-by: Arjun --- fuzzing/nxt_http_controller_fuzz.c | 36 +++++++++++++++++++----------- fuzzing/nxt_http_h1p_peer_fuzz.c | 31 ++++++++++++++++--------- 2 files changed, 44 insertions(+), 23 deletions(-) diff --git a/fuzzing/nxt_http_controller_fuzz.c b/fuzzing/nxt_http_controller_fuzz.c index eac54d7b0..5972b2976 100644 --- a/fuzzing/nxt_http_controller_fuzz.c +++ b/fuzzing/nxt_http_controller_fuzz.c @@ -43,6 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { nxt_mp_t *mp; + nxt_int_t rc; nxt_buf_mem_t buf; nxt_controller_request_t *r_controller; nxt_http_request_parse_t rp; @@ -51,27 +52,22 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } - mp = nxt_mp_create(1024, 128, 256, 32); - if (mp == NULL) { - return 0; - } - - nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { - goto failed; - } - buf.start = (u_char *)data; buf.end = (u_char *)data + size; buf.pos = buf.start; buf.free = buf.end; - if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { - goto failed; + + /* + * Create memory pool. + * Initialize 'nxt_controller_request_t' + */ + mp = nxt_mp_create(1024, 128, 256, 32); + if (mp == NULL) { + return 0; } r_controller = nxt_mp_zget(mp, sizeof(nxt_controller_request_t)); - if (r_controller == NULL) { goto failed; } @@ -84,6 +80,20 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) nxt_main_log.level = NXT_LOG_ALERT; r_controller->conn->log = nxt_main_log; + /* + * Process request and fields. + */ + nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); + + if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { + goto failed; + } + + rc = nxt_http_parse_request(&rp, &buf); + if (rc != NXT_DONE) { + goto failed; + } + nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash, r_controller); diff --git a/fuzzing/nxt_http_h1p_peer_fuzz.c b/fuzzing/nxt_http_h1p_peer_fuzz.c index 7b7222481..0db39c1e5 100644 --- a/fuzzing/nxt_http_h1p_peer_fuzz.c +++ b/fuzzing/nxt_http_h1p_peer_fuzz.c @@ -43,6 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { nxt_mp_t *mp; + nxt_int_t rc; nxt_buf_mem_t buf; nxt_http_request_t *r_h1p_peer; nxt_http_request_parse_t rp; @@ -51,28 +52,38 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } + buf.start = (u_char *)data; + buf.end = (u_char *)data + size; + buf.pos = buf.start; + buf.free = buf.end; + + + /* + * Create memory pool. + * Initialize 'nxt_http_request_t' + */ mp = nxt_mp_create(1024, 128, 256, 32); if (mp == NULL) { return 0; } - nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { + r_h1p_peer = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); + if (r_h1p_peer == NULL) { goto failed; } - buf.start = (u_char *)data; - buf.end = (u_char *)data + size; - buf.pos = buf.start; - buf.free = buf.end; - if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { + /* + * Process request and fields. + */ + nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); + + if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { goto failed; } - r_h1p_peer = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); - - if (r_h1p_peer == NULL) { + rc = nxt_http_parse_request(&rp, &buf); + if (rc != NXT_DONE) { goto failed; }