diff --git a/fuzzing/internal/helper/export.go b/fuzzing/internal/helper/helper.go similarity index 83% rename from fuzzing/internal/helper/export.go rename to fuzzing/internal/helper/helper.go index db55fb9d..1513c3fa 100644 --- a/fuzzing/internal/helper/export.go +++ b/fuzzing/internal/helper/helper.go @@ -8,6 +8,14 @@ import ( "path/filepath" ) +// NthBit gets the n-th bit of a byte (counting starts at 0). +func NthBit(val uint8, n int) bool { + if n < 0 || n > 7 { + panic("invalid value for n") + } + return val>>n&0x1 == 1 +} + // WriteCorpusFile writes data to a corpus file in directory path. // The filename is calculated from the SHA1 sum of the file contents. func WriteCorpusFile(path string, data []byte) error { diff --git a/fuzzing/internal/helper/export_test.go b/fuzzing/internal/helper/helper_test.go similarity index 82% rename from fuzzing/internal/helper/export_test.go rename to fuzzing/internal/helper/helper_test.go index 3f6adc48..6bee7d91 100644 --- a/fuzzing/internal/helper/export_test.go +++ b/fuzzing/internal/helper/helper_test.go @@ -57,4 +57,16 @@ var _ = Describe("exporting", func() { Expect(WriteCorpusFile(subdir, []byte("lorem ipsum"))).To(Succeed()) Expect(subdir).To(BeADirectory()) }) + + It("gets the nth bit of a byte", func() { + const val = 0b10010001 + Expect(NthBit(val, 0)).To(BeTrue()) + Expect(NthBit(val, 1)).To(BeFalse()) + Expect(NthBit(val, 2)).To(BeFalse()) + Expect(NthBit(val, 3)).To(BeFalse()) + Expect(NthBit(val, 4)).To(BeTrue()) + Expect(NthBit(val, 5)).To(BeFalse()) + Expect(NthBit(val, 6)).To(BeFalse()) + Expect(NthBit(val, 7)).To(BeTrue()) + }) }) diff --git a/fuzzing/transportparameters/cmd/corpus.go b/fuzzing/transportparameters/cmd/corpus.go index c9105aef..8c88a6a8 100644 --- a/fuzzing/transportparameters/cmd/corpus.go +++ b/fuzzing/transportparameters/cmd/corpus.go @@ -1,14 +1,15 @@ package main import ( - "fmt" + "bytes" "log" "math" "math/rand" "net" - "os" "time" + "github.com/lucas-clemente/quic-go/fuzzing/internal/helper" + "github.com/lucas-clemente/quic-go/fuzzing/transportparameters" "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/wire" @@ -26,8 +27,7 @@ func getRandomValue() uint64 { } func main() { - rand.Seed(1337) - for i := 0; i < 20; i++ { + for i := 0; i < 30; i++ { tp := &wire.TransportParameters{ InitialMaxStreamDataBidiLocal: protocol.ByteCount(getRandomValue()), InitialMaxStreamDataBidiRemote: protocol.ByteCount(getRandomValue()), @@ -69,24 +69,21 @@ func main() { StatelessResetToken: token, } } - pers := protocol.PerspectiveServer + + var data []byte if rand.Int()%2 == 0 { - pers = protocol.PerspectiveClient + pers := protocol.PerspectiveServer + if rand.Int()%2 == 0 { + pers = protocol.PerspectiveClient + } + data = tp.Marshal(pers) + } else { + b := &bytes.Buffer{} + tp.MarshalForSessionTicket(b) + data = b.Bytes() } - if err := writeCorpusFile(fmt.Sprintf("tp%d", i), tp.Marshal(pers)); err != nil { + if err := helper.WriteCorpusFileWithPrefix("corpus", data, transportparameters.PrefixLen); err != nil { log.Fatal(err) } } } - -func writeCorpusFile(name string, data []byte) error { - file, err := os.Create("corpus/" + name) - if err != nil { - return err - } - data = append(getRandomData(2), data...) - if _, err := file.Write(data); err != nil { - return err - } - return file.Close() -} diff --git a/fuzzing/transportparameters/corpus/tp0 b/fuzzing/transportparameters/corpus/tp0 deleted file mode 100644 index d3c24448..00000000 Binary files a/fuzzing/transportparameters/corpus/tp0 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp1 b/fuzzing/transportparameters/corpus/tp1 deleted file mode 100644 index be6b122f..00000000 Binary files a/fuzzing/transportparameters/corpus/tp1 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp10 b/fuzzing/transportparameters/corpus/tp10 deleted file mode 100644 index 9a8d202b..00000000 Binary files a/fuzzing/transportparameters/corpus/tp10 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp11 b/fuzzing/transportparameters/corpus/tp11 deleted file mode 100644 index 561deb59..00000000 Binary files a/fuzzing/transportparameters/corpus/tp11 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp12 b/fuzzing/transportparameters/corpus/tp12 deleted file mode 100644 index 3d4ccd4d..00000000 Binary files a/fuzzing/transportparameters/corpus/tp12 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp13 b/fuzzing/transportparameters/corpus/tp13 deleted file mode 100644 index c43110c3..00000000 Binary files a/fuzzing/transportparameters/corpus/tp13 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp14 b/fuzzing/transportparameters/corpus/tp14 deleted file mode 100644 index a9693444..00000000 Binary files a/fuzzing/transportparameters/corpus/tp14 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp15 b/fuzzing/transportparameters/corpus/tp15 deleted file mode 100644 index e4da18fc..00000000 Binary files a/fuzzing/transportparameters/corpus/tp15 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp16 b/fuzzing/transportparameters/corpus/tp16 deleted file mode 100644 index 164fa983..00000000 Binary files a/fuzzing/transportparameters/corpus/tp16 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp17 b/fuzzing/transportparameters/corpus/tp17 deleted file mode 100644 index 8a9a1164..00000000 Binary files a/fuzzing/transportparameters/corpus/tp17 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp18 b/fuzzing/transportparameters/corpus/tp18 deleted file mode 100644 index ec202f0a..00000000 Binary files a/fuzzing/transportparameters/corpus/tp18 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp19 b/fuzzing/transportparameters/corpus/tp19 deleted file mode 100644 index 6557eac3..00000000 Binary files a/fuzzing/transportparameters/corpus/tp19 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp2 b/fuzzing/transportparameters/corpus/tp2 deleted file mode 100644 index 0966dc25..00000000 Binary files a/fuzzing/transportparameters/corpus/tp2 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp3 b/fuzzing/transportparameters/corpus/tp3 deleted file mode 100644 index d93ffcef..00000000 Binary files a/fuzzing/transportparameters/corpus/tp3 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp4 b/fuzzing/transportparameters/corpus/tp4 deleted file mode 100644 index 6802692a..00000000 Binary files a/fuzzing/transportparameters/corpus/tp4 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp5 b/fuzzing/transportparameters/corpus/tp5 deleted file mode 100644 index 1091419e..00000000 Binary files a/fuzzing/transportparameters/corpus/tp5 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp6 b/fuzzing/transportparameters/corpus/tp6 deleted file mode 100644 index 1b087fb9..00000000 Binary files a/fuzzing/transportparameters/corpus/tp6 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp7 b/fuzzing/transportparameters/corpus/tp7 deleted file mode 100644 index 5e1e148e..00000000 Binary files a/fuzzing/transportparameters/corpus/tp7 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp8 b/fuzzing/transportparameters/corpus/tp8 deleted file mode 100644 index 209384b5..00000000 Binary files a/fuzzing/transportparameters/corpus/tp8 and /dev/null differ diff --git a/fuzzing/transportparameters/corpus/tp9 b/fuzzing/transportparameters/corpus/tp9 deleted file mode 100644 index 8775295d..00000000 Binary files a/fuzzing/transportparameters/corpus/tp9 and /dev/null differ diff --git a/fuzzing/transportparameters/fuzz.go b/fuzzing/transportparameters/fuzz.go index 18b20eea..0b352953 100644 --- a/fuzzing/transportparameters/fuzz.go +++ b/fuzzing/transportparameters/fuzz.go @@ -4,28 +4,32 @@ import ( "bytes" "fmt" + "github.com/lucas-clemente/quic-go/fuzzing/internal/helper" "github.com/lucas-clemente/quic-go/internal/protocol" "github.com/lucas-clemente/quic-go/internal/wire" ) +// PrefixLen is the number of bytes used for configuration +const PrefixLen = 1 + +// Fuzz fuzzes the QUIC transport parameters. //go:generate go run ./cmd/corpus.go func Fuzz(data []byte) int { - if len(data) <= 1 { + if len(data) <= PrefixLen { return 0 } - if data[0]%2 == 0 { - return fuzzTransportParametersForSessionTicket(data[1:]) + if helper.NthBit(data[0], 0) { + return fuzzTransportParametersForSessionTicket(data[PrefixLen:]) } - return fuzzTransportParameters(data[1:]) + return fuzzTransportParameters(data[PrefixLen:], helper.NthBit(data[0], 1)) } -func fuzzTransportParameters(data []byte) int { - perspective := protocol.PerspectiveServer - if data[0]%2 == 1 { +func fuzzTransportParameters(data []byte, isServer bool) int { + perspective := protocol.PerspectiveClient + if isServer { perspective = protocol.PerspectiveServer } - data = data[1:] tp := &wire.TransportParameters{} if err := tp.Unmarshal(data, perspective); err != nil {