commit d0fed6eb088ab7f0eec876aea0bb98327c77c2bb from: Omar Polo date: Tue Jul 02 17:47:49 2024 UTC initial support for fuzzying commit - bdfea70f305cae0cee71d79f097aff93a69bccf7 commit + d0fed6eb088ab7f0eec876aea0bb98327c77c2bb blob - 2a74d3a991d5e6bb4035539f72d73918c32985c2 blob + 01e731053dc0c5871f2108eae14a743c29d0300b --- .gitignore +++ .gitignore @@ -33,5 +33,10 @@ regress/iri_test regress/puny-test regress/gmid.pid +regress/fuzz/in +regress/fuzz/out +regress/fuzz/min +regress/fuzz/iri + site/gemini site/www blob - /dev/null blob + 88bffcaf6d2bc5e513bd72c81516167f6f286880 (mode 644) --- /dev/null +++ regress/fuzz/Makefile @@ -0,0 +1,38 @@ +DISTFILES = Makefile \ + iri.c + +include ../../config.mk + +CC = afl-clang + +COBJS = ${COMPATS:.c=.o} +REG_COMPATS = ${COBJS:%=../../%} + +IRI_SRCS = iri.c ../../iri.c ../../utf8.c ../../log.c +IRI_OBJS = ${IRI_SRCS:.c=.o} ${REG_COMPATS} + +.PHONY: all data clean dist + +all: fuzz + +fuzz: iri + mkdir -p in out + echo 'gemini://omarpolo.com/' > in/simple + echo 'https://op:123@omarpolo.com/' > in/auth + echo 'ftp://op@omarpolo.com/a/bb/c' > in/path + echo 'gemini://omarpolo.com/?some=val' > in/query + echo 'gemini://omarpolo.com/b/#xyz' > in/fragment + echo 'gemini://omarpolo.com/b/?x=y#xyz' > in/qf + echo 'ssh://omarpolo.com/%2F/' > in/enc + echo 'http://omarpolo.com/foo/.././' > in/dots + echo 'http://omarpolo.com/////././' > in/slash + afl-fuzz -i in -o out -- ./iri + +iri: ${IRI_OBJS} + ${CC} ${IRI_OBJS} -o $@ ${LIBS} ${LDFLAGS} + +.c.o: + ${CC} -I../.. ${CFLAGS} -c $< -o $@ + +clean: + rm -f *.o iri blob - /dev/null blob + c9672f4adedb385bdac9bed84881b8af44a06465 (mode 644) --- /dev/null +++ regress/fuzz/iri.c @@ -0,0 +1,35 @@ +#include +#include +#include + +#include "iri.h" + +int +main(void) +{ + struct iri iri; + const char *errstr = NULL; + char buf[64]; + char *line = NULL; + size_t linesize = 0; + ssize_t linelen; + + if ((linelen = getline(&line, &linesize, stdin)) == -1) + return (1); + + if (line[linelen-1] == '\n') + line[--linelen] = '\0'; + + if (parse_iri(line, &iri, &errstr)) { + if (serialize_iri(&iri, buf, sizeof(buf))) + puts(buf); + } + + free(line); + if (ferror(stdin)) { + perror("getline"); + return (1); + } + + return (0); +}