Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/projects/libzmq/socket_bind_fuzzer.cc

75 lines
2.5 KiB
C++
Raw Normal View History

libzmq: update maintainers, add network tests (#3710) * libzmq: add alternative mail address and other maintainer's address * libzmq: adjust zmq_z85_decode test The output buffer is not fixed in size, it depends on input size and the caller allocates it * libzmq: add tests for handshake engine on connect/bind Create localhost ipv4 TCP sockets to exercise libzmq's processing of data over the network. This connections should be rejected in the first part of the handshake (greeting) only, so more tests should be added to further mock the greeting and exercise deeper parts of the engine. https://rfc.zeromq.org/spec/37/ * libzmq: fix coverage build The combination of clang, coverage and automake is not happy at the moment, and binaries fail to link. We don't need to build any of the tools for these tests, so simply disable them. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21872
2020-04-26 03:27:48 +00:00
// Copyright 2020 Luca Boccassi <bluca@debian.org>
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <fuzzer/FuzzedDataProvider.h>
#include <cstddef>
#include <cstdint>
#include <string>
#include <assert.h>
#include <arpa/inet.h>
#include <unistd.h>
#include "include/zmq.h"
// Test that the ZMTP engine handles invalid handshake when binding
// https://rfc.zeromq.org/spec/37/
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
void *server, *ctx;
struct sockaddr_in ip4addr;
char endpoint[32];
size_t endpoint_len = 32, sent_bytes;
unsigned short port;
int client, rc, linger = 0;
ctx = zmq_ctx_new ();
assert(ctx);
server = zmq_socket(ctx, ZMQ_PUB);
assert(server);
rc = zmq_setsockopt (server, ZMQ_LINGER, &linger, sizeof(linger));
assert(rc == 0);
rc = zmq_bind(server, "tcp://127.0.0.1:*");
assert(rc == 0);
rc = zmq_getsockopt(server, ZMQ_LAST_ENDPOINT, endpoint, &endpoint_len);
assert(rc == 0);
rc = sscanf(endpoint, "tcp://127.0.0.1:%hu", &port);
assert(rc == 1);
ip4addr.sin_family = AF_INET;
ip4addr.sin_port = htons(port);
inet_pton(AF_INET, "127.0.0.1", &ip4addr.sin_addr);
client = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
assert(client >= 0);
rc = connect(client, reinterpret_cast<struct sockaddr *> (&ip4addr), sizeof(ip4addr));
assert(rc >= 0);
// Send as many bytes as possible, and then let the background I/O thread
// have some time to handle them.
// We should at least be able to send 33 bytes, which is the very first
// part of the ZMTP 3.x handshake. Otherwise something is not quite right
// in the localhost connection we set up.
sent_bytes = write(client, (const char *)data, size);
assert(size < 33 || sent_bytes >= 33);
usleep (static_cast<useconds_t> (250) * 1000);
close(client);
rc = zmq_close(server);
assert(rc == 0);
rc = zmq_ctx_term(ctx);
assert(rc == 0);
return 0;
}