routerstatus fuzzing

src/test/fuzz/fuzz_vrs.c

@@ -0,0 +1,78 @@
+/* Copyright (c) 2016, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+#define ROUTERPARSE_PRIVATE
+#define NETWORKSTATUS_PRIVATE
+#include "or.h"
+#include "routerparse.h"
+#include "memarea.h"
+#include "microdesc.h"
+#include "networkstatus.h"
+#include "fuzzing.h"
+
+static void
+mock_dump_desc__nodump(const char *desc, const char *type)
+{
+  (void)desc;
+  (void)type;
+}
+
+static networkstatus_t *dummy_vote = NULL;
+static memarea_t *area = NULL;
+
+int
+fuzz_init(void)
+{
+  disable_signature_checking();
+  MOCK(dump_desc, mock_dump_desc__nodump);
+  ed25519_init();
+  area = memarea_new();
+  dummy_vote = tor_malloc_zero(sizeof(*dummy_vote));
+  dummy_vote->known_flags = smartlist_new();
+  smartlist_split_string(dummy_vote->known_flags,
+                         "Authority BadExit Exit Fast Guard HSDir "
+                         "NoEdConsensus Running Stable V2Dir Valid",
+                         " ", 0, 0);
+  return 0;
+}
+
+int
+fuzz_cleanup(void)
+{
+  tor_free(dummy_vote);
+  return 0;
+}
+
+int
+fuzz_main(const uint8_t *data, size_t sz)
+{
+  const char *str = tor_memdup_nulterm(data, sz), *s;
+  routerstatus_t *rs_ns = NULL, *rs_md = NULL, *rs_vote = NULL;
+  vote_routerstatus_t *vrs = tor_malloc_zero(sizeof(*vrs));
+  smartlist_t *tokens = smartlist_new();
+
+  s = str;
+  rs_ns = routerstatus_parse_entry_from_string(area, &s, tokens,
+                                               NULL, NULL, 26, FLAV_NS);
+  tor_assert(smartlist_len(tokens) == 0);
+
+  s = str;
+  rs_md = routerstatus_parse_entry_from_string(area, &s, tokens,
+                                               NULL, NULL, 26, FLAV_MICRODESC);
+  tor_assert(smartlist_len(tokens) == 0);
+
+  s = str;
+  rs_vote = routerstatus_parse_entry_from_string(area, &s, tokens,
+                                              dummy_vote, vrs, 26, FLAV_NS);
+  tor_assert(smartlist_len(tokens) == 0);
+
+  log_debug(LD_GENERAL,
+            "ns=%p, md=%p, vote=%p", rs_ns, rs_md, rs_vote);
+
+  routerstatus_free(rs_md);
+  routerstatus_free(rs_ns);
+  vote_routerstatus_free(vrs);
+  memarea_clear(area);
+  smartlist_free(tokens);
+  return 0;
+}
+

src/test/fuzz/include.am

@@ -79,6 +79,14 @@ src_test_fuzz_fuzz_microdesc_CFLAGS = $(FUZZING_CFLAGS)
 src_test_fuzz_fuzz_microdesc_LDFLAGS = $(FUZZING_LDFLAG)
 src_test_fuzz_fuzz_microdesc_LDADD = $(FUZZING_LIBS)
 
+src_test_fuzz_fuzz_vrs_SOURCES = \
+	src/test/fuzz/fuzzing_common.c \
+	src/test/fuzz/fuzz_vrs.c
+src_test_fuzz_fuzz_vrs_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_vrs_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_vrs_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_vrs_LDADD = $(FUZZING_LIBS)
+
 FUZZERS = \
 	src/test/fuzz/fuzz-consensus \
 	src/test/fuzz/fuzz-descriptor \
@@ -86,7 +94,9 @@ FUZZERS = \
 	src/test/fuzz/fuzz-http \
 	src/test/fuzz/fuzz-hsdescv2 \
 	src/test/fuzz/fuzz-iptsv2 \
-	src/test/fuzz/fuzz-microdesc
+	src/test/fuzz/fuzz-microdesc \
+	src/test/fuzz/fuzz-vrs
+
 
 LIBFUZZER = /home/nickm/build/libfuzz/libFuzzer.a
 LIBFUZZER_CPPFLAGS = $(FUZZING_CPPFLAGS) -DLLVM_FUZZ
@@ -144,6 +154,13 @@ src_test_fuzz_lf_fuzz_microdesc_CFLAGS = $(LIBFUZZER_CFLAGS)
 src_test_fuzz_lf_fuzz_microdesc_LDFLAGS = $(LIBFUZZER_LDFLAG)
 src_test_fuzz_lf_fuzz_microdesc_LDADD = $(LIBFUZZER_LIBS)
 
+src_test_fuzz_lf_fuzz_vrs_SOURCES = \
+	$(src_test_fuzz_fuzz_vrs_SOURCES)
+src_test_fuzz_lf_fuzz_vrs_CPPFLAGS = $(LIBFUZZER_CPPFLAGS)
+src_test_fuzz_lf_fuzz_vrs_CFLAGS = $(LIBFUZZER_CFLAGS)
+src_test_fuzz_lf_fuzz_vrs_LDFLAGS = $(LIBFUZZER_LDFLAG)
+src_test_fuzz_lf_fuzz_vrs_LDADD = $(LIBFUZZER_LIBS)
+
 LIBFUZZER_FUZZERS = \
 	src/test/fuzz/lf-fuzz-consensus \
 	src/test/fuzz/lf-fuzz-descriptor \
@@ -151,7 +168,8 @@ LIBFUZZER_FUZZERS = \
 	src/test/fuzz/lf-fuzz-http \
 	src/test/fuzz/lf-fuzz-hsdescv2 \
 	src/test/fuzz/lf-fuzz-iptsv2 \
-	src/test/fuzz/lf-fuzz-microdesc
+	src/test/fuzz/lf-fuzz-microdesc \
+	src/test/fuzz/lf-fuzz-vrs
 
 else
 LIBFUZZER_FUZZERS =
@@ -160,4 +178,3 @@ endif
 noinst_PROGRAMS += $(FUZZERS) $(LIBFUZZER_FUZZERS)
 fuzzers: $(FUZZERS) $(LIBFUZZER_FUZZERS)
 
-