From 1b874927c1601586b33006b865fc6f10298adacf Mon Sep 17 00:00:00 2001
From: Mikhail Khachayants <mkhachaiants@gmail.com>
Date: Tue, 18 Jun 2024 22:23:01 +0300
Subject: [PATCH] Add fuzzing targets

---
 test/fuzz/http_request.cpp     |  25 ++++++++++++++++++
 test/fuzz/http_response.cpp    |  33 +++++++++++++++++++++++
 test/fuzz/seeds.tar            | Bin 0 -> 13312 bytes
 test/fuzz/websocket_server.cpp |  46 +++++++++++++++++++++++++++++++++
 4 files changed, 104 insertions(+)
 create mode 100644 test/fuzz/http_request.cpp
 create mode 100644 test/fuzz/http_response.cpp
 create mode 100644 test/fuzz/seeds.tar
 create mode 100644 test/fuzz/websocket_server.cpp

diff --git a/test/fuzz/http_request.cpp b/test/fuzz/http_request.cpp
new file mode 100644
index 00000000..1824a423
--- /dev/null
+++ b/test/fuzz/http_request.cpp
@@ -0,0 +1,25 @@
+//
+// Copyright (c) 2024 Mikhail Khachayants
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#include <boost/beast/http.hpp>
+#include <boost/beast/_experimental/test/stream.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    using namespace boost::beast;
+
+    error_code ec;
+    flat_buffer buffer;
+    net::io_context ioc;
+    test::stream stream{ioc, {reinterpret_cast<const char*>(data), size}};
+    stream.close_remote();
+
+    http::request_parser<http::dynamic_body> parser;
+    http::read(stream, buffer, parser, ec);
+
+    return 0;
+}
diff --git a/test/fuzz/http_response.cpp b/test/fuzz/http_response.cpp
new file mode 100644
index 00000000..5a10fb8b
--- /dev/null
+++ b/test/fuzz/http_response.cpp
@@ -0,0 +1,33 @@
+//
+// Copyright (c) 2024 Mikhail Khachayants
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#include <boost/beast/http.hpp>
+#include <boost/beast/_experimental/test/stream.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    using namespace boost::beast;
+
+    error_code ec;
+    flat_buffer buffer;
+    net::io_context ioc;
+    test::stream stream{ioc, {reinterpret_cast<const char*>(data), size}};
+    stream.close_remote();
+
+    http::chunk_extensions ce;
+    http::response_parser<http::dynamic_body> parser;
+
+    auto chunk_header_cb = [&ce](std::uint64_t, string_view extensions, error_code& ev)
+    {
+        ce.parse(extensions, ev);
+    };
+
+    parser.on_chunk_header(chunk_header_cb);
+    http::read(stream, buffer, parser, ec);
+
+    return 0;
+}
diff --git a/test/fuzz/seeds.tar b/test/fuzz/seeds.tar
new file mode 100644
index 0000000000000000000000000000000000000000..002a79a6d5a6680d88dc77172c40e7e7c35f2147
GIT binary patch
literal 13312
zcmXR;O-(7*XP_xCFfcGTH&tLTFfcSXH9)2fU_imp#LU>l*v#0(%s|1w(8$EZfI-2O
zrmlh-URqp|Sj1ppkegYYkq8yTMiG*S_ypuR5K94@5ra_-68{+`B?a+Csl^5PdBv$z
zPYtBRzoD^-f`Or_v9a-J{L>@7V2gjV)Z`?iMB`NRL^E?klN2LEla!Q{Bs1e=gS0eL
zV?$$0%VZOSREuO{-DhB6U}k0l${N`7zln(%DE}Loni!iJo0%vW7#SOw88Rps5NiP?
z>PC3}_Xr6I&^OdGR4_6yQ1JKW<#I_ZNwrc4F3r<XFf>r`PcBg~GB7kyFfz6>GP5!;
zS8(?Y;pGZWEh<YbvQls?NKDR1)i=^J(z8&|2u&)@D=F1f$jwiQFD}l33i}tN<^>1)
z=o{!+>RF`oa`_|{m+1QDr(~vOrlvq`GBQ&LPA!1iWMpMvVr6U!vB@<gG2Kc*$;33t
zOxMELMAyX9(AXe3+0f9!DA_=Xm&-9ZIklifHz+YLJ+;_MA*r$?wV0R7IX|x?HLpb1
zCp9m<B*RL<&<HG+mzrFXnV)B+keriWoC+2KD+{SCNVQTZNv$Z+&nU^w;pO7x@<`3e
z$yX@PFUm<#<mI9yfemiG*z&)rxv_DgnW2TDS(>GBifOX3k%@`1fq{8qN?K}4nwhCl
zYD%K9p_w7EJ|mR>O^poT`QOacNWs9!$kcQ+{}UU$6sg0={~r0pB~}Wl6^Xe8IjMTd
z`MJDYp~b01x{m3oc_mf~zWG&|IXQ{?rg{bn8sV9FDf#8a3VtC9h6Z{D)(YX7d1fZo
z3KbxtsLaa3LeD@`!96uOJ6|7EiWnFg7%I4B7Nw@;SLlNzVfoieK}%l?#?kdj%u6p#
zOi#5^NX^p?4c1A`vo5qX&@+WAaLr53Psz+nw^B&2$}G@PNJ&l0Ni4z0(1`^FIho0c
zpe(PSpInk!qFY>2l$w~!%N0_Tm{**ZTBM6GDLJDwFFQ2_TqvNI6TDm|yj<a#*_pgt
zro3DQsVSL>yj-rlTnd?ayj)<7#d^G42B30-qR1Ek&5-<Go|;sgpPZdq5?>51*{RzE
zB&GdlWM-~lU}$DwWH{RXqepVU5&tPhMk(fIMoH%8CKjnFDF%tjrY4rjsb=PB7M2F)
zi3X<02B}GjCTT=DkwE!xXl!Z@D*wU#KO+-kQ2Wo+)OfW0M^xZasL0(lL_vRz0<0R~
z<?_fcuCxNR@RD`IQ<H+hrGl<&MM-L2ab|vAu~k88QEqB+abkL^F0|OS);G{I1Zym@
z;^hi002Ap&i7Ba8@NxyUSPd-zOQYN3or-C5SZWc-UMmGdV^HyW=sybs1H=FSOy7JA
zdAZW8)EO8u6%-WyyD=~bFyw18T!XvB$;m0m(b3fj3>c{hC=770_Wu+BumJ=KMn?XD
z1!y7e3<CD{8urM*H6#F;OKmpDN(hFeH-->`!8YO)K+1pU_)lSJYH<m5>wZvxl2ZR0
znwo;fe+<n>$NxY<M{|rN{!@~SlFZCgOpKC~jE&5a49v}w3=GXI%`MUl63vrSQ;f|m
z(~J_$@C}xtI-5ZKZ(v|%466S@<3EN5=BA+jpP7;AX#I~GinQSc_y>n56d=|A__{{m
zKF%;6453XB4{B4f<o{I5l(a;1lhmXn10z$5)I@WWL=z)Z3uAM0i&Uc&gS6Bn%T#ky
z3+m;6Lj(BukD(!W{MX3b$Y?bG(<9-4+yC(F4{H6FSSh5WmZj$87o-;H<wAyg^zw_+
zVMDEm(V4U&uF=AP9+5;tJFw(`OQSSn(?m0KlN3usvy>ELOY`JpGvhR)WD66EG(*E=
z<3z(`lN8fbqFqIx{x>u>gxCKj1}32SA0yMz`5&T#mm-A$jv>w-3i|m;S*gh-(80f=
z)Z&uFf=vCyoYbO{V*TQh#FElt{p>V-LnBi|165;3KWBg6U__w-nS-%XKpt<+D$dX2
zax5*$$S=yQ0uRAjDL5q-XC^D8xQA7xc!X6&MR=C`h7^=WMFeFf8Ce#?Cv70JF&KtH
z2BvfJlM{0?@{3DA%HiX**{P`ox`{cNWvL)x@SF~O>c_y+h^v~5Q>iGwyg0Q)$%+%i
zNzTtnNi9xRvf_;9;^YJgadL8UDwR|gq$*h{C}rlAq^749Dd~VDIXRW`5_7@gj>*}1
z`Q<sODe0*xN+7vfu!?FB6G?k<Nl|8AI)-kae8^xl9-X)>_Ak#%EeiE?!O)7s$#55g
zHM--|SXz<{btzmEXo}81Ik~i`C^auR6=EkBCuc0kv*2(<4L2pY$E*~TLIYeJLtI^8
zMxq%78pkm)G%++XGByR7#>uIK5~fxPhEQR!!$Cf_QZO?$H8w#O2KmQI!4MScwIFwK
zan^Fxj#fqF6a-kxe`-(vF%T&K4NMK-<-f6s0ciZ!$k^OuwEag;e3GgM-2c-rEy&4F
zOhJ_Bkg^tO5|D;-fY5d&cnT28#yJBBlSfS3p-ce63xCWi1bO}s&-5S21bD3iUM0ZA
zWdff1<1&Rz{BgO0ru|^Eeq07aya|jY|63$kn5UW;8XH=g7$l{p8CaMlT38sHr<$Z#
znpqg8q@^V#nVMQ!m=K-R2<3lc14H=ukC8EW{@=vdY&8E99l#VQgyjF^{JfIH<dXQb
z{GwdFf(*oX5Z(?U`YIbU6HxX6x4tklV1;gZdATmg0^QQ0oK(;ZergIA7pP@r>y@9X
zYGeRfW}sG-3Lb>E4NlEVQ8hBi1xe)Rfyp#gBZJEP(jrwOgXF}L#GL%}($pcI`zVMw
zDrv=%{|!>iERvH_Qp}T#6AhBmj8jbwQ_T`n(~{E6LF<4L&CQdOO^p+YUj9e0{x>o)
zg5`f>&_Y22BV$8z^U?fIr6|U0jEk#}Yltf`9Y93ufJ*&6NF#$_hYqjvM<qu?U^E0q
LLtr!n$P57h03_(Q

literal 0
HcmV?d00001

diff --git a/test/fuzz/websocket_server.cpp b/test/fuzz/websocket_server.cpp
new file mode 100644
index 00000000..996c6391
--- /dev/null
+++ b/test/fuzz/websocket_server.cpp
@@ -0,0 +1,46 @@
+//
+// Copyright (c) 2024 Mikhail Khachayants
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#include <boost/beast/websocket.hpp>
+#include <boost/beast/_experimental/test/stream.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    using namespace boost::beast;
+
+    error_code ec;
+    flat_buffer buffer;
+    net::io_context ioc;
+    test::stream remote{ioc};
+
+    websocket::stream<test::stream> ws{
+        ioc, string_view{reinterpret_cast<const char*>(data), size}};
+
+    ws.set_option(websocket::stream_base::decorator(
+        [](websocket::response_type& res)
+        {
+            res.set(http::field::server, "websocket-server-sync");
+        }));
+
+    websocket::permessage_deflate pd;
+    pd.server_enable = (size % 2) != 0;
+    pd.compLevel = static_cast<int>(size % 9);
+    ws.set_option(pd);
+
+    ws.next_layer().connect(remote);
+    ws.next_layer().close_remote();
+    ws.accept(ec);
+
+    if(!ec)
+    {
+        ws.read(buffer, ec);
+        ws.text(ws.got_text());
+        ws.write(buffer.data(), ec);
+    }
+
+    return 0;
+}