diff options
author | Ryan Keane <rwkeane@google.com> | 2020-03-11 15:12:46 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-03-11 22:51:31 +0000 |
commit | 84bd9713ed32230a226cb400c486564db69eadd5 (patch) | |
tree | e7fa7cb82e92cce19433d1647bd69a6a1a65211c /discovery/mdns | |
parent | 1c693972f8845b4fbc3db259e0660ccc5ddddae0 (diff) | |
download | openscreen-84bd9713ed32230a226cb400c486564db69eadd5.tar.gz |
Discovery: Fuzz Tests
This CL adds 4 fuzz tests for mDNS Reader (the class which does all
deserialization from network bits into the MdnsMessage class instances):
- A message with a lot of answers (one of each record type, including
name compression)
- A message with multiple questions
- A message matching the mDNS Probe format (one question, multiple
answers in the authority records field)
- A message matching the expected response from a PTR query (one PTR
record in answers, multiple known answers in additional records)
Change-Id: Iacffce856fe824268f164c8fbf786e085da5c6a9
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/2095689
Commit-Queue: Ryan Keane <rwkeane@google.com>
Reviewed-by: Yuri Wiitala <miu@chromium.org>
Diffstat (limited to 'discovery/mdns')
-rw-r--r-- | discovery/mdns/fuzzer_seeds/multi_answer.bin | 20 | ||||
-rw-r--r-- | discovery/mdns/fuzzer_seeds/multi_question.bin | 7 | ||||
-rw-r--r-- | discovery/mdns/fuzzer_seeds/probe.bin | 10 | ||||
-rw-r--r-- | discovery/mdns/fuzzer_seeds/ptr_response.bin | 8 | ||||
-rw-r--r-- | discovery/mdns/mdns_reader_fuzztest.cc | 12 |
5 files changed, 57 insertions, 0 deletions
diff --git a/discovery/mdns/fuzzer_seeds/multi_answer.bin b/discovery/mdns/fuzzer_seeds/multi_answer.bin new file mode 100644 index 00000000..24ae31b1 --- /dev/null +++ b/discovery/mdns/fuzzer_seeds/multi_answer.bin @@ -0,0 +1,20 @@ +0010 0000 0000 0060 0000 0000 4047 5637 +4780 f537 5627 6796 3656 40f5 4736 0750 +c6f6 3616 c600 00f2 0810 0000 0050 0052 +5047 5637 4723 90f5 3756 2767 9636 5623 +40f5 4736 0760 c6f6 3616 c623 0000 6000 +8000 0004 1080 4756 3737 1646 6647 a0f5 +3756 2767 9636 1646 560c a100 1208 1000 +0000 5000 3200 1000 2000 3030 e656 77b0 +f5e6 5677 3756 2767 9636 5640 f557 4607 +60c6 f636 16c6 4300 7047 5667 6637 3747 +a0f5 3756 2767 9636 5616 370c a100 0108 +1000 0000 5000 b140 4756 3747 9026 2756 +1646 d3e6 f677 b086 56c6 c6f6 e277 f627 +c646 7047 5637 4666 7647 a0f5 3756 2767 +1637 9636 560c a100 1008 ff00 0000 5000 +400c 8a10 100c 2d00 c108 1000 0000 5000 +0100 1000 2000 3000 4000 5000 6000 7000 +8070 4756 4666 7637 47b0 f537 5627 3637 +1667 9636 560c a100 c008 ff00 0000 5000 +200c b7 diff --git a/discovery/mdns/fuzzer_seeds/multi_question.bin b/discovery/mdns/fuzzer_seeds/multi_question.bin new file mode 100644 index 00000000..2fffbdf6 --- /dev/null +++ b/discovery/mdns/fuzzer_seeds/multi_question.bin @@ -0,0 +1,7 @@ +0010 0000 0030 0000 0000 0000 4047 5637 +4780 f537 5627 6796 3656 40f5 4736 0750 +c6f6 3616 c600 00ff 0010 5047 5637 4723 +90f5 3756 2767 9636 5623 40f5 4736 0760 +c6f6 3616 c623 0000 ff00 1050 4756 3747 +3390 f537 5627 6796 3656 3340 f557 4607 +60c6 f636 16c6 3300 00ff 0010 diff --git a/discovery/mdns/fuzzer_seeds/probe.bin b/discovery/mdns/fuzzer_seeds/probe.bin new file mode 100644 index 00000000..5792536a --- /dev/null +++ b/discovery/mdns/fuzzer_seeds/probe.bin @@ -0,0 +1,10 @@ +0010 0000 0010 0000 0050 0000 4047 5637 +4780 f537 5627 6796 3656 40f5 4736 0750 +c6f6 3616 c600 00ff 08ff 0cc0 0012 0810 +0000 0050 0032 0010 0020 0030 30e6 5677 +b0f5 e656 7737 5627 6796 3656 40f5 5746 +0760 c6f6 3616 c643 000c c000 0108 1000 +0000 5000 1000 0cc0 0010 08ff 0000 0050 +0040 0c8a 1010 0cc0 00c1 0810 0000 0050 +0001 0010 0020 0030 0040 0050 0060 0070 +0080 0cc0 00c0 08ff 0000 0050 0020 0cc3 diff --git a/discovery/mdns/fuzzer_seeds/ptr_response.bin b/discovery/mdns/fuzzer_seeds/ptr_response.bin new file mode 100644 index 00000000..19a57275 --- /dev/null +++ b/discovery/mdns/fuzzer_seeds/ptr_response.bin @@ -0,0 +1,8 @@ +0010 0000 0000 0010 0000 0040 80f5 3756 +2767 9636 5640 f547 3607 50c6 f636 16c6 +0000 c008 ff00 0000 5000 7040 4756 3747 +0cc0 0cb2 0012 0810 0000 0050 0080 0010 +0020 0030 0cb2 0cb2 0001 0810 0000 0050 +0010 000c b200 1008 ff00 0000 5000 400c +8a10 100c b200 c108 1000 0000 5000 0100 +1000 2000 3000 4000 5000 6000 7000 80 diff --git a/discovery/mdns/mdns_reader_fuzztest.cc b/discovery/mdns/mdns_reader_fuzztest.cc new file mode 100644 index 00000000..d2e2eb72 --- /dev/null +++ b/discovery/mdns/mdns_reader_fuzztest.cc @@ -0,0 +1,12 @@ +// Copyright 2020 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "discovery/mdns/mdns_reader.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + openscreen::discovery::MdnsReader reader(data, size); + openscreen::discovery::MdnsMessage message; + reader.Read(&message); + return 0; +} |