oss-fuzz ideal integration (#3430)
This commit is contained in:
parent
1d4705b0f6
commit
3fd4726d7f
|
@ -0,0 +1,32 @@
|
|||
name: CIFuzz
|
||||
on: [pull_request]
|
||||
jobs:
|
||||
Fuzzing:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
sanitizer: [address, undefined, memory]
|
||||
steps:
|
||||
- name: Build Fuzzers (${{ matrix.sanitizer }})
|
||||
id: build
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
||||
with:
|
||||
oss-fuzz-project-name: 'pjsip'
|
||||
dry-run: false
|
||||
language: c
|
||||
sanitizer: ${{ matrix.sanitizer }}
|
||||
- name: Run Fuzzers (${{ matrix.sanitizer }})
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||
with:
|
||||
oss-fuzz-project-name: 'pjsip'
|
||||
dry-run: false
|
||||
language: c
|
||||
fuzz-seconds: 300
|
||||
sanitizer: ${{ matrix.sanitizer }}
|
||||
- name: Upload Crash
|
||||
uses: actions/upload-artifact@v1
|
||||
if: failure() && steps.build.outcome == 'success'
|
||||
with:
|
||||
name: ${{ matrix.sanitizer }}-artifacts
|
||||
path: ./out/artifacts
|
|
@ -16,6 +16,10 @@ RTCP=fuzz-rtcp
|
|||
DNS=fuzz-dns
|
||||
H264=fuzz-h264
|
||||
VPX=fuzz-vpx
|
||||
HTTP=fuzz-http
|
||||
URL=fuzz-url
|
||||
URI=fuzz-uri
|
||||
CRYPTO=fuzz-crypto
|
||||
|
||||
EXTFLAGS=-Wall -Werror
|
||||
|
||||
|
@ -31,6 +35,10 @@ $(TARGET):
|
|||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(DNS).c
|
||||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(H264).c
|
||||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(VPX).c
|
||||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(HTTP).c
|
||||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(URL).c
|
||||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(URI).c
|
||||
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(CRYPTO).c
|
||||
|
||||
$(CXX) $(PJ_CFLAGS) -o $(JSON) $(JSON).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(XML) $(XML).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
|
@ -41,6 +49,10 @@ $(TARGET):
|
|||
$(CXX) $(PJ_CFLAGS) -o $(DNS) $(DNS).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(H264) $(H264).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(VPX) $(VPX).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(HTTP) $(HTTP).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(URL) $(URL).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(URI) $(URI).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
|
||||
$(CXX) $(PJ_CFLAGS) -o $(CRYPTO) $(CRYPTO).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) -lssl -lcrypto -lz
|
||||
|
||||
clean:
|
||||
rm $(JSON) $(XML) $(SDP) $(STUN) $(SIP) $(RTCP) $(DNS) $(H264) ($VPX) *.o
|
||||
rm $(JSON) $(XML) $(SDP) $(STUN) $(SIP) $(RTCP) $(DNS) $(H264) $(VPX) $(HTTP) $(URL) $(URI) $(CRYPTO) *.o
|
||||
|
|
|
@ -0,0 +1,178 @@
|
|||
/*
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
|
||||
#define OPENSSL_SUPPRESS_DEPRECATED 1
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <zlib.h>
|
||||
|
||||
#define kMinInputLength 10
|
||||
#define kMaxInputLength 1024
|
||||
|
||||
#define MAXSIZE 5120
|
||||
|
||||
void encode_base64_differential(const uint8_t *Data, size_t Size) {
|
||||
|
||||
//PJSIP
|
||||
char pj_output[MAXSIZE];
|
||||
int pj_output_len = MAXSIZE;
|
||||
|
||||
memset(pj_output, 0, MAXSIZE);
|
||||
pj_base64_encode(Data, Size, pj_output, &pj_output_len);
|
||||
|
||||
//OPENSSL
|
||||
BIO *bio, *bio_mem;
|
||||
char *ssl_output;
|
||||
int ssl_output_len;
|
||||
|
||||
bio = BIO_new(BIO_f_base64());
|
||||
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
|
||||
|
||||
bio_mem = BIO_new(BIO_s_mem());
|
||||
BIO_push(bio, bio_mem);
|
||||
|
||||
BIO_write(bio, Data, Size);
|
||||
BIO_flush(bio);
|
||||
|
||||
ssl_output_len = BIO_get_mem_data(bio_mem, &ssl_output);
|
||||
|
||||
//Differential
|
||||
int result = memcmp(pj_output, ssl_output, ssl_output_len);
|
||||
if(result != 0){
|
||||
abort();
|
||||
}
|
||||
BIO_free_all(bio);
|
||||
|
||||
//PJSIP Decode After encode.
|
||||
pj_str_t pj_input;
|
||||
uint8_t pj_output_dec[MAXSIZE];
|
||||
int pj_output_dec_len = MAXSIZE;
|
||||
|
||||
pj_input.ptr = pj_output;
|
||||
pj_input.slen = ssl_output_len;
|
||||
|
||||
memset(pj_output_dec, 0, MAXSIZE);
|
||||
pj_base64_decode(&pj_input, pj_output_dec, &pj_output_dec_len);
|
||||
|
||||
//Differential
|
||||
int result_dec = memcmp(pj_output_dec, Data, Size);
|
||||
if(result_dec != 0) {
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
void decode_base64_differential(const uint8_t *Data, size_t Size) {
|
||||
|
||||
//PJSIP
|
||||
pj_str_t pj_input;
|
||||
uint8_t pj_output[MAXSIZE];
|
||||
int pj_output_len = MAXSIZE;
|
||||
|
||||
pj_input.ptr = (char *)Data;
|
||||
pj_input.slen = Size;
|
||||
|
||||
memset(pj_output, 0, MAXSIZE);
|
||||
pj_base64_decode(&pj_input, pj_output, &pj_output_len);
|
||||
}
|
||||
|
||||
void md5_differential(const uint8_t *Data, size_t Size) {
|
||||
|
||||
//PJSIP
|
||||
pj_md5_context ctx;
|
||||
pj_uint8_t pj_md5_hash[MD5_DIGEST_LENGTH];
|
||||
|
||||
pj_md5_init(&ctx);
|
||||
pj_md5_update(&ctx, Data,Size);
|
||||
pj_md5_final(&ctx, pj_md5_hash);
|
||||
|
||||
//OPENSSL
|
||||
uint8_t ssl_md5_hash[MD5_DIGEST_LENGTH] = {};
|
||||
MD5(Data, Size, ssl_md5_hash);
|
||||
|
||||
//Differential
|
||||
int result = memcmp(pj_md5_hash, ssl_md5_hash, MD5_DIGEST_LENGTH);
|
||||
if(result != 0){
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
void sha1_differential(const uint8_t *Data, size_t Size) {
|
||||
|
||||
//PJSIP
|
||||
pj_sha1_context pj_sha;
|
||||
pj_uint8_t pj_sha_hash[SHA_DIGEST_LENGTH];
|
||||
|
||||
pj_sha1_init(&pj_sha);
|
||||
pj_sha1_update(&pj_sha,Data,Size);
|
||||
pj_sha1_final(&pj_sha,pj_sha_hash);
|
||||
|
||||
//OPENSSL
|
||||
uint8_t ssl_sha_hash[SHA_DIGEST_LENGTH] = {};
|
||||
|
||||
SHA_CTX ctx;
|
||||
SHA1_Init(&ctx);
|
||||
SHA1_Update(&ctx,Data,Size);
|
||||
SHA1_Final(ssl_sha_hash, &ctx);
|
||||
|
||||
//Differential
|
||||
int result = memcmp(pj_sha_hash, ssl_sha_hash, SHA_DIGEST_LENGTH);
|
||||
if(result != 0){
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
void crc32_differential(const uint8_t *Data, size_t Size) {
|
||||
|
||||
//PJSIP
|
||||
pj_uint32_t pj_crc;
|
||||
pj_crc = pj_crc32_calc(Data, Size);
|
||||
|
||||
//zlib
|
||||
uint32_t zlib_crc;
|
||||
zlib_crc = crc32(0L, Data, Size);
|
||||
|
||||
//Differential
|
||||
if (pj_crc != zlib_crc) {
|
||||
abort();
|
||||
}
|
||||
}
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
encode_base64_differential(Data, Size);
|
||||
decode_base64_differential(Data, Size);
|
||||
md5_differential(Data, Size);
|
||||
sha1_differential(Data, Size);
|
||||
crc32_differential(Data, Size);
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
/*
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
#include "../../pjlib-util/src/pjlib-util/http_client.c"
|
||||
|
||||
#define kMinInputLength 10
|
||||
#define kMaxInputLength 1024
|
||||
|
||||
pj_pool_factory *mem;
|
||||
|
||||
int http_parse(uint8_t *data, size_t Size) {
|
||||
|
||||
int ret;
|
||||
pj_pool_t *pool;
|
||||
pj_size_t rem;
|
||||
pj_http_resp response;
|
||||
|
||||
pool = pj_pool_create(mem, "http", 1000, 1000, NULL);
|
||||
|
||||
ret = http_response_parse(pool, &response, data, Size, &rem);
|
||||
|
||||
pj_pool_release(pool);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ret = 0;
|
||||
uint8_t *data;
|
||||
pj_caching_pool caching_pool;
|
||||
|
||||
/* Add NULL byte */
|
||||
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
|
||||
memcpy((void *)data, (void *)Data, Size);
|
||||
|
||||
/* init Calls */
|
||||
pj_init();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
pj_log_set_level(0);
|
||||
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
/* Call fuzzer */
|
||||
ret = http_parse(data, Size);
|
||||
|
||||
free(data);
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
return ret;
|
||||
}
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
|
||||
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -19,69 +18,74 @@
|
|||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
|
||||
#include <pjlib-util/json.h>
|
||||
#include <pj/log.h>
|
||||
#include <pj/string.h>
|
||||
|
||||
#define kMinInputLength 10
|
||||
#define kMaxInputLength 5120
|
||||
|
||||
pj_pool_factory *mem;
|
||||
|
||||
int Json_parse(char *DataFx,size_t Size){
|
||||
|
||||
int ret = 0;
|
||||
int Json_parse(uint8_t *data, size_t Size) {
|
||||
|
||||
pj_pool_t *pool;
|
||||
pj_json_elem *elem;
|
||||
pj_json_err_info err;
|
||||
|
||||
char *output;
|
||||
unsigned int output_size;
|
||||
|
||||
pool = pj_pool_create(mem, "json", 1000, 1000, NULL);
|
||||
|
||||
elem = pj_json_parse(pool, DataFx,(unsigned *)&Size, &err);
|
||||
elem = pj_json_parse(pool, (char *)data, (unsigned *)&Size, &err);
|
||||
if (!elem) {
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
if (!elem)
|
||||
ret = 1;
|
||||
output_size = Size * 2;
|
||||
output = pj_pool_alloc(pool, output_size);
|
||||
|
||||
if (pj_json_write(elem, output, &output_size)) {
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
pj_pool_release(pool);
|
||||
return 0;
|
||||
|
||||
return ret;
|
||||
on_error:
|
||||
pj_pool_release(pool);
|
||||
return 1;
|
||||
}
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{/*pjproject/pjlib-util/src/pjlib-util-test/json_test.c*/
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength){
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*Add Extra byte */
|
||||
char *DataFx;
|
||||
DataFx = (char *)calloc((Size+1),sizeof(char));
|
||||
memcpy((void *)DataFx,(void *)Data,Size);
|
||||
|
||||
/*init*/
|
||||
int ret = 0;
|
||||
uint8_t *data;
|
||||
pj_caching_pool caching_pool;
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
/* Add NULL byte */
|
||||
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
|
||||
memcpy((void *)data, (void *)Data, Size);
|
||||
|
||||
/* init Calls */
|
||||
pj_init();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
pj_log_set_level(0);
|
||||
|
||||
ret = pj_init();
|
||||
ret = pjlib_util_init();
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
pj_dump_config();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
/* Call fuzzer */
|
||||
ret = Json_parse(data, Size);
|
||||
|
||||
/*Calls*/
|
||||
ret = Json_parse(DataFx,Size);
|
||||
|
||||
free(DataFx);
|
||||
free(data);
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -35,6 +35,8 @@ int rtcp_parser(char *data, size_t size)
|
|||
pjmedia_rtcp_session session;
|
||||
|
||||
pjmedia_rtcp_session_setting_default(&setting);
|
||||
setting.clock_rate = 8000;
|
||||
setting.samples_per_frame = 160;
|
||||
pjmedia_rtcp_init2(&session, &setting);
|
||||
|
||||
pjmedia_rtcp_rx_rtcp(&session, data, size);
|
||||
|
@ -70,6 +72,8 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
|||
|
||||
free(data);
|
||||
pjmedia_event_mgr_destroy(pjmedia_event_mgr_instance());
|
||||
pj_pool_release(pool);
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
|
||||
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -20,11 +19,9 @@
|
|||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pj/compat/socket.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
|
||||
#include <pjnath.h>
|
||||
|
||||
#define kMinInputLength 10
|
||||
|
@ -32,58 +29,68 @@
|
|||
|
||||
pj_pool_factory *mem;
|
||||
|
||||
int stun_parse(char *DataFx,size_t Size){
|
||||
int ret = 0;
|
||||
int stun_parse(uint8_t *data,size_t Size) {
|
||||
|
||||
pj_status_t status;
|
||||
pj_pool_t *pool;
|
||||
pj_stun_msg *msg;
|
||||
pj_status_t status;
|
||||
pj_stun_auth_cred cred;
|
||||
|
||||
const pj_str_t USERNAME = {"A", 1};
|
||||
const pj_str_t PASSWORD = {"A", 1};
|
||||
|
||||
pool = pj_pool_create(mem, "decode_test", 1024, 1024, NULL);
|
||||
|
||||
status = pj_stun_msg_decode(pool, (pj_uint8_t*)DataFx,Size,
|
||||
PJ_STUN_IS_DATAGRAM | PJ_STUN_CHECK_PACKET,
|
||||
&msg, NULL, NULL);
|
||||
status = pj_stun_msg_decode(pool, data, Size, PJ_STUN_IS_DATAGRAM | PJ_STUN_CHECK_PACKET, &msg, NULL, NULL);
|
||||
if(status != PJ_SUCCESS){
|
||||
goto ret_error;
|
||||
}
|
||||
|
||||
if(status)
|
||||
ret = 1;
|
||||
pj_bzero(&cred, sizeof(cred));
|
||||
cred.type = PJ_STUN_AUTH_CRED_STATIC;
|
||||
cred.data.static_cred.username = USERNAME;
|
||||
cred.data.static_cred.data_type = PJ_STUN_PASSWD_PLAIN;
|
||||
cred.data.static_cred.data = PASSWORD;
|
||||
|
||||
pj_stun_authenticate_request(data, (unsigned)Size, msg, &cred, pool, NULL, NULL);
|
||||
|
||||
pj_pool_release(pool);
|
||||
return status;
|
||||
|
||||
return ret;
|
||||
ret_error:
|
||||
pj_pool_release(pool);
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{/*pjproject/pjnath/src/pjnath-test/stun.c*/
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength){
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*Add Extra byte */
|
||||
char *DataFx;
|
||||
DataFx = (char *)calloc((Size+1),sizeof(char));
|
||||
memcpy((void *)DataFx,(void *)Data,Size);
|
||||
|
||||
/*init*/
|
||||
int ret = 0;
|
||||
uint8_t *data;
|
||||
pj_caching_pool caching_pool;
|
||||
|
||||
/* Add NULL byte */
|
||||
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
|
||||
memcpy((void *)data, (void *)Data, Size);
|
||||
|
||||
/* init Calls */
|
||||
pj_init();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
pj_log_set_level(0);
|
||||
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
pj_log_set_level(0);
|
||||
/* Call fuzzer */
|
||||
ret = stun_parse(data, Size);
|
||||
|
||||
pj_init();
|
||||
free(data);
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
pj_dump_config();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0 );
|
||||
|
||||
pjlib_util_init();
|
||||
pjnath_init();
|
||||
|
||||
/*call*/
|
||||
ret = stun_parse(DataFx,Size);
|
||||
|
||||
free(DataFx);
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
/*
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
//#include <sip_uri.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
#include <pjsip.h>
|
||||
#include <pjsip/sip_types.h>
|
||||
|
||||
#include <pjsip.h>
|
||||
#include <pjlib.h>
|
||||
|
||||
|
||||
#define kMinInputLength 10
|
||||
#define kMaxInputLength 1024
|
||||
|
||||
/* Defined in sip_parser.c */
|
||||
void init_sip_parser(void);
|
||||
void deinit_sip_parser(void);
|
||||
|
||||
pj_pool_factory *mem;
|
||||
|
||||
int uri_parse(uint8_t *data, size_t Size) {
|
||||
|
||||
pj_status_t status = 0 ;
|
||||
pj_pool_t *pool;
|
||||
pjsip_uri *uri;
|
||||
|
||||
pool = pj_pool_create(mem, "uri", 1000, 1000, NULL);
|
||||
|
||||
uri = pjsip_parse_uri(pool, (char *)data, Size, 0);
|
||||
|
||||
if (!uri) {
|
||||
status = 1;
|
||||
}
|
||||
|
||||
pj_pool_release(pool);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ret = 0;
|
||||
uint8_t *data;
|
||||
pj_caching_pool caching_pool;
|
||||
|
||||
/* Add NULL byte */
|
||||
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
|
||||
memcpy((void *)data, (void *)Data, Size);
|
||||
|
||||
/* init Calls */
|
||||
pj_init();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
pj_log_set_level(0);
|
||||
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
init_sip_parser();
|
||||
|
||||
/* Call fuzzer */
|
||||
ret = uri_parse(data, Size);
|
||||
|
||||
free(data);
|
||||
deinit_sip_parser();
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
return ret;
|
||||
}
|
|
@ -0,0 +1,71 @@
|
|||
/*
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
|
||||
#define kMinInputLength 10
|
||||
#define kMaxInputLength 1024
|
||||
|
||||
pj_pool_factory *mem;
|
||||
|
||||
int url_parse(uint8_t *data, size_t Size) {
|
||||
|
||||
pj_str_t surl;
|
||||
pj_http_url hurl;
|
||||
|
||||
surl.ptr = (char *)data;
|
||||
surl.slen = Size;
|
||||
|
||||
return pj_http_req_parse_url(&surl, &hurl);
|
||||
}
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ret = 0;
|
||||
uint8_t *data;
|
||||
pj_caching_pool caching_pool;
|
||||
|
||||
/* Add NULL byte */
|
||||
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
|
||||
memcpy((void *)data, (void *)Data, Size);
|
||||
|
||||
/* init Calls */
|
||||
pj_init();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
pj_log_set_level(0);
|
||||
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
/* Call fuzzer */
|
||||
ret = url_parse(data, Size);
|
||||
|
||||
free(data);
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
return ret;
|
||||
}
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
|
||||
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
|
||||
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -19,66 +18,71 @@
|
|||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#include <pjlib.h>
|
||||
#include <pjlib-util.h>
|
||||
|
||||
#include <pjlib-util/xml.h>
|
||||
|
||||
#define kMinInputLength 10
|
||||
#define kMaxInputLength 5120
|
||||
|
||||
pj_pool_factory *mem;
|
||||
|
||||
int XML_parse(char *DataFx,size_t Size){
|
||||
int XML_parse(uint8_t *data, size_t Size) {
|
||||
|
||||
int ret = 0;
|
||||
pj_pool_t *pool;
|
||||
pj_xml_node *root;
|
||||
|
||||
char *output;
|
||||
size_t output_size;
|
||||
|
||||
pool = pj_pool_create(mem, "xml", 4096, 1024, NULL);
|
||||
root = pj_xml_parse(pool, (char *)data, Size);
|
||||
if (!root) {
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
root = pj_xml_parse(pool, DataFx, Size);
|
||||
|
||||
if (!root)
|
||||
ret += 1;
|
||||
output = (char*)pj_pool_zalloc(pool, Size + 512);
|
||||
output_size = pj_xml_print(root, output, Size + 512, PJ_TRUE);
|
||||
if (output_size < 1) {
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
pj_pool_release(pool);
|
||||
return 0;
|
||||
|
||||
return ret;
|
||||
on_error:
|
||||
pj_pool_release(pool);
|
||||
return 1;
|
||||
}
|
||||
|
||||
extern int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
{/*pjproject/pjlib-util/src/pjlib-util-test/xml.c*/
|
||||
{
|
||||
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength){
|
||||
if (Size < kMinInputLength || Size > kMaxInputLength) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*Add Extra byte */
|
||||
char *DataFx;
|
||||
DataFx = (char *)calloc((Size+1),sizeof(char));
|
||||
memcpy((void *)DataFx,(void *)Data,Size);
|
||||
|
||||
/*init*/
|
||||
int ret = 0;
|
||||
uint8_t *data;
|
||||
pj_caching_pool caching_pool;
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
/* Add NULL byte */
|
||||
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
|
||||
memcpy((void *)data, (void *)Data, Size);
|
||||
|
||||
/* init Calls */
|
||||
pj_init();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
|
||||
pj_log_set_level(0);
|
||||
|
||||
ret = pj_init();
|
||||
ret = pjlib_util_init();
|
||||
mem = &caching_pool.factory;
|
||||
|
||||
pj_dump_config();
|
||||
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0 );
|
||||
/*Calls fuzzer*/
|
||||
ret = XML_parse(data, Size);
|
||||
|
||||
/*Call*/
|
||||
ret = XML_parse(DataFx,Size);
|
||||
|
||||
free(DataFx);
|
||||
free(data);
|
||||
pj_caching_pool_destroy(&caching_pool);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue