From 465ba41116e701d59abb8796511bd848bfd37a91 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Tue, 17 Jul 2018 01:32:45 +0300 Subject: [PATCH] Add fuzzing harness via cargo-fuzz with three distinct targets --- fuzz/Cargo.toml | 30 +++++++++++++++++++ fuzz/fuzz_targets/parse_frame.rs | 12 ++++++++ fuzz/fuzz_targets/read_message_client.rs | 37 ++++++++++++++++++++++++ fuzz/fuzz_targets/read_message_server.rs | 37 ++++++++++++++++++++++++ 4 files changed, 116 insertions(+) create mode 100644 fuzz/Cargo.toml create mode 100644 fuzz/fuzz_targets/parse_frame.rs create mode 100644 fuzz/fuzz_targets/read_message_client.rs create mode 100644 fuzz/fuzz_targets/read_message_server.rs diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml new file mode 100644 index 0000000..efe5f81 --- /dev/null +++ b/fuzz/Cargo.toml @@ -0,0 +1,30 @@ + +[package] +name = "tungstenite-fuzz" +version = "0.0.1" +authors = ["Sergey \"Shnatsel\" Davidoff "] +publish = false + +[package.metadata] +cargo-fuzz = true + +[dependencies.tungstenite] +path = ".." +[dependencies.libfuzzer-sys] +git = "https://github.com/rust-fuzz/libfuzzer-sys.git" + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "parse_frame" +path = "fuzz_targets/parse_frame.rs" + +[[bin]] +name = "read_message_server" +path = "fuzz_targets/read_message_server.rs" + +[[bin]] +name = "read_message_client" +path = "fuzz_targets/read_message_client.rs" \ No newline at end of file diff --git a/fuzz/fuzz_targets/parse_frame.rs b/fuzz/fuzz_targets/parse_frame.rs new file mode 100644 index 0000000..1ed92ec --- /dev/null +++ b/fuzz/fuzz_targets/parse_frame.rs @@ -0,0 +1,12 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate tungstenite; + +use std::io::Cursor; + +fuzz_target!(|data: &[u8]| { + let vector: Vec = data.into(); + let mut cursor = Cursor::new(vector); + + tungstenite::protocol::frame::Frame::parse(&mut cursor); +}); diff --git a/fuzz/fuzz_targets/read_message_client.rs b/fuzz/fuzz_targets/read_message_client.rs new file mode 100644 index 0000000..15a423f --- /dev/null +++ b/fuzz/fuzz_targets/read_message_client.rs @@ -0,0 +1,37 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate tungstenite; + +use std::io; +use std::io::Cursor; +use tungstenite::WebSocket; +use tungstenite::protocol::Role; +//use std::result::Result; + +// FIXME: copypasted from tungstenite's protocol/mod.rs + +struct WriteMoc(Stream); + +impl io::Write for WriteMoc { + fn write(&mut self, buf: &[u8]) -> io::Result { + Ok(buf.len()) + } + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } +} + +impl io::Read for WriteMoc { + fn read(&mut self, buf: &mut [u8]) -> io::Result { + self.0.read(buf) + } +} + +// end of copypasta + +fuzz_target!(|data: &[u8]| { + //let vector: Vec = data.into(); + let cursor = Cursor::new(data); + let mut socket = WebSocket::from_raw_socket(WriteMoc(cursor), Role::Client, None); + socket.read_message(); +}); diff --git a/fuzz/fuzz_targets/read_message_server.rs b/fuzz/fuzz_targets/read_message_server.rs new file mode 100644 index 0000000..d96d649 --- /dev/null +++ b/fuzz/fuzz_targets/read_message_server.rs @@ -0,0 +1,37 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate tungstenite; + +use std::io; +use std::io::Cursor; +use tungstenite::WebSocket; +use tungstenite::protocol::Role; +//use std::result::Result; + +// FIXME: copypasted from tungstenite's protocol/mod.rs + +struct WriteMoc(Stream); + +impl io::Write for WriteMoc { + fn write(&mut self, buf: &[u8]) -> io::Result { + Ok(buf.len()) + } + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } +} + +impl io::Read for WriteMoc { + fn read(&mut self, buf: &mut [u8]) -> io::Result { + self.0.read(buf) + } +} + +// end of copypasta + +fuzz_target!(|data: &[u8]| { + //let vector: Vec = data.into(); + let cursor = Cursor::new(data); + let mut socket = WebSocket::from_raw_socket(WriteMoc(cursor), Role::Server, None); + socket.read_message(); +});