Macros | Functions
curl_fuzzer.cc File Reference
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <curl/curl.h>
#include "curl_fuzzer.h"
Include dependency graph for curl_fuzzer.cc:

Go to the source code of this file.

Macros

#define FSINGLETONTLV(TLVNAME, FIELDNAME, OPTNAME)
 

Functions

void fuzz_free (void **ptr)
 If a pointer has been allocated, free that pointer. More...
 
int fuzz_get_first_tlv (FUZZ_DATA *fuzz, TLV *tlv)
 TLV access function - gets the first TLV from a data stream. More...
 
int fuzz_get_next_tlv (FUZZ_DATA *fuzz, TLV *tlv)
 TLV access function - gets the next TLV from a data stream. More...
 
int fuzz_get_tlv_comn (FUZZ_DATA *fuzz, TLV *tlv)
 Common TLV function for accessing TLVs in a data stream. More...
 
int fuzz_initialize_fuzz_data (FUZZ_DATA *fuzz, const uint8_t *data, size_t data_len)
 Initialize the local fuzz data structure. More...
 
static curl_socket_t fuzz_open_socket (void *ptr, curlsocktype purpose, struct curl_sockaddr *address)
 Function for providing a socket to CURL already primed with data. More...
 
int fuzz_parse_tlv (FUZZ_DATA *fuzz, TLV *tlv)
 Do different actions on the CURL handle for different received TLVs. More...
 
static size_t fuzz_read_callback (char *buffer, size_t size, size_t nitems, void *ptr)
 Callback function for doing data uploads. More...
 
static int fuzz_sockopt_callback (void *ptr, curl_socket_t curlfd, curlsocktype purpose)
 Callback function for setting socket options on the sockets created by fuzz_open_socket. More...
 
void fuzz_terminate_fuzz_data (FUZZ_DATA *fuzz)
 Terminate the fuzz data structure, including freeing any allocated memory. More...
 
char * fuzz_tlv_to_string (TLV *tlv)
 Converts a TLV data and length into an allocated string. More...
 
static size_t fuzz_write_callback (void *contents, size_t size, size_t nmemb, void *ptr)
 Callback function for handling data output quietly. More...
 
int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 Fuzzing entry point. More...
 
uint16_t to_u16 (uint8_t b[2])
 Utility function to convert 2 bytes to a u16 predictably. More...
 
uint32_t to_u32 (uint8_t b[4])
 Utility function to convert 4 bytes to a u32 predictably. More...
 

Macro Definition Documentation

#define FSINGLETONTLV (   TLVNAME,
  FIELDNAME,
  OPTNAME 
)
Value:
case TLVNAME: \
FCHECK(fuzz->FIELDNAME == NULL); \
fuzz->FIELDNAME = fuzz_tlv_to_string(tlv); \
FTRY(curl_easy_setopt(fuzz->easy, OPTNAME, fuzz->FIELDNAME)); \
break
FTRY
#define FTRY(FUNC)
Definition: curl_fuzzer.h:162
fuzz_tlv_to_string
char * fuzz_tlv_to_string(TLV *tlv)
Converts a TLV data and length into an allocated string.
Definition: curl_fuzzer.cc:434
curl_easy_setopt
#define curl_easy_setopt(handle, option, value)
Definition: typecheck-gcc.h:41
FCHECK
#define FCHECK(COND)
Definition: curl_fuzzer.h:172

Definition at line 181 of file curl_fuzzer.h.

Function Documentation

void fuzz_free ( void **  ptr)

If a pointer has been allocated, free that pointer.

Definition at line 196 of file curl_fuzzer.cc.

int fuzz_get_first_tlv ( FUZZ_DATA fuzz,
TLV tlv 
)

TLV access function - gets the first TLV from a data stream.

Definition at line 311 of file curl_fuzzer.cc.

int fuzz_get_next_tlv ( FUZZ_DATA fuzz,
TLV tlv 
)

TLV access function - gets the next TLV from a data stream.

Definition at line 322 of file curl_fuzzer.cc.

int fuzz_get_tlv_comn ( FUZZ_DATA fuzz,
TLV tlv 
)

Common TLV function for accessing TLVs in a data stream.

Definition at line 340 of file curl_fuzzer.cc.

int fuzz_initialize_fuzz_data ( FUZZ_DATA fuzz,
const uint8_t *  data,
size_t  data_len 
)

Initialize the local fuzz data structure.

Definition at line 113 of file curl_fuzzer.cc.

static curl_socket_t fuzz_open_socket ( void *  ptr,
curlsocktype  purpose,
struct curl_sockaddr address 
)
static

Function for providing a socket to CURL already primed with data.

Definition at line 207 of file curl_fuzzer.cc.

int fuzz_parse_tlv ( FUZZ_DATA fuzz,
TLV tlv 
)

Do different actions on the CURL handle for different received TLVs.

Definition at line 367 of file curl_fuzzer.cc.

static size_t fuzz_read_callback ( char *  buffer,
size_t  size,
size_t  nitems,
void *  ptr 
)
static

Callback function for doing data uploads.

Definition at line 262 of file curl_fuzzer.cc.

static int fuzz_sockopt_callback ( void *  ptr,
curl_socket_t  curlfd,
curlsocktype  purpose 
)
static

Callback function for setting socket options on the sockets created by fuzz_open_socket.

In our testbed the sockets are "already connected".

Definition at line 248 of file curl_fuzzer.cc.

void fuzz_terminate_fuzz_data ( FUZZ_DATA fuzz)

Terminate the fuzz data structure, including freeing any allocated memory.

Definition at line 166 of file curl_fuzzer.cc.

char* fuzz_tlv_to_string ( TLV tlv)

Converts a TLV data and length into an allocated string.

Definition at line 434 of file curl_fuzzer.cc.

static size_t fuzz_write_callback ( void *  contents,
size_t  size,
size_t  nmemb,
void *  ptr 
)
static

Callback function for handling data output quietly.

Definition at line 287 of file curl_fuzzer.cc.

int LLVMFuzzerTestOneInput ( const uint8_t *  data,
size_t  size 
)

Fuzzing entry point.

This function is passed a buffer containing a test case. This test case should drive the CURL API into making a request.

Definition at line 35 of file curl_fuzzer.cc.

uint16_t to_u16 ( uint8_t  b[2])

Utility function to convert 2 bytes to a u16 predictably.

Definition at line 103 of file curl_fuzzer.cc.

uint32_t to_u32 ( uint8_t  b[4])

Utility function to convert 4 bytes to a u32 predictably.

Definition at line 93 of file curl_fuzzer.cc.


rc_tagdetect_client
Author(s): Monika Florek-Jasinska , Raphael Schaller
autogenerated on Sat Feb 13 2021 03:42:17