1 /*
2 * # Copyright 2020 Google Inc.
3 * #
4 * # Licensed under the Apache License, Version 2.0 (the "License");
5 * # you may not use this file except in compliance with the License.
6 * # You may obtain a copy of the License at
7 * #
8 * # http://www.apache.org/licenses/LICENSE-2.0
9 * #
10 * # Unless required by applicable law or agreed to in writing, software
11 * # distributed under the License is distributed on an "AS IS" BASIS,
12 * # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * # See the License for the specific language governing permissions and
14 * # limitations under the License.
15 * #
16 * ################################################################################
17 * */
18 #define HPACK_STANDALONE
19
20 #include <stdint.h>
21 #include <string.h>
22 #include <stdlib.h>
23 #include <ctype.h>
24 #include <inttypes.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <unistd.h>
28
29 #include <haproxy/chunk.h>
30 #include <haproxy/hpack-dec.h>
31
32 #define MAX_RQ_SIZE 65536
33 #define MAX_HDR_NUM 1000
34
35 char hex[MAX_RQ_SIZE*3+3]; // enough for "[ XX]* <CR> <LF> \0"
36 uint8_t buf[MAX_RQ_SIZE];
37
38 char trash_buf[MAX_RQ_SIZE];
39 char tmp_buf[MAX_RQ_SIZE];
40
41 struct buffer tmp = { .area = tmp_buf, .data = 0, .size = sizeof(tmp_buf) };
42
43 /* Empty function we dont need - we just need a callback */
debug_hexdump(FILE * out,const char * pfx,const char * buf,unsigned int baseaddr,int len)44 void debug_hexdump(FILE *out, const char *pfx, const char *buf,
45 unsigned int baseaddr, int len)
46 { }
47
48 // These must be included here
49 #include "../src/hpack-huff.c"
50 #include "../src/hpack-tbl.c"
51 #include "../src/hpack-dec.c"
52
53
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)54 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){
55 char *new_str = (char *)malloc(size+1);
56 struct hpack_dht *dht;
57 struct pool_head pool;
58 int dht_size = 4096;
59 if (new_str == NULL){
60 return 0;
61 }
62 memcpy(new_str, data, size);
63 new_str[size] = '\0';
64 struct http_hdr list[MAX_HDR_NUM];
65
66 pool.size = dht_size;
67 pool_head_hpack_tbl = &pool;
68 dht = hpack_dht_alloc();
69
70 if (dht != NULL)
71 {
72 hpack_decode_frame(dht, new_str, size, list,sizeof(list)/sizeof(list[0]), &tmp);
73 if (dht != NULL)
74 {
75 free(dht);
76 }
77 }
78 free(new_str);
79 return 0;
80 }
81