aboutsummaryrefslogtreecommitdiff
path: root/projects/apache-httpd/fuzz_preq.c
diff options
context:
space:
mode:
Diffstat (limited to 'projects/apache-httpd/fuzz_preq.c')
-rw-r--r--projects/apache-httpd/fuzz_preq.c84
1 files changed, 84 insertions, 0 deletions
diff --git a/projects/apache-httpd/fuzz_preq.c b/projects/apache-httpd/fuzz_preq.c
new file mode 100644
index 000000000..2d8d9215f
--- /dev/null
+++ b/projects/apache-httpd/fuzz_preq.c
@@ -0,0 +1,84 @@
+/* Copyright 2021 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+#include "apr.h"
+#include "apr_file_io.h"
+#include "apr_poll.h"
+#include "apr_portable.h"
+#include "apr_proc_mutex.h"
+#include "apr_signal.h"
+#include "apr_strings.h"
+#include "apr_thread_mutex.h"
+#include "apr_thread_proc.h"
+
+#define APR_WANT_STRFUNC
+#include "apr_file_io.h"
+#include "apr_fnmatch.h"
+#include "apr_want.h"
+
+#include "apr_poll.h"
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "ap_expr.h"
+#include "ap_listen.h"
+#include "ap_provider.h"
+#include "ap_regex.h"
+
+#include "ada_fuzz_header.h"
+#include "apreq_parser.h"
+
+apr_status_t hookfunc(apreq_hook_t *hook, apreq_param_t *param,
+ apr_bucket_brigade *bb) {
+ return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ af_gb_init();
+
+ const uint8_t *data2 = data;
+ size_t size2 = size;
+
+ /* get random data for the fuzzer */
+ char *new_str = af_gb_get_null_terminated(&data2, &size2);
+ char *new_str2 = af_gb_get_null_terminated(&data2, &size2);
+
+ if (new_str != NULL && new_str2 != NULL) {
+ apr_pool_initialize();
+ apr_pool_t *v = NULL;
+ apr_pool_create(&v, NULL);
+
+ apr_bucket_alloc_t *bucket = apr_bucket_alloc_create(v);
+ apr_bucket_brigade *brigade = apr_brigade_create(v, bucket);
+ apr_brigade_write(brigade, NULL, NULL, new_str, strlen(new_str));
+
+ apreq_parser_t parser;
+ parser.content_type = new_str2;
+ parser.temp_dir = "/tmp/";
+ parser.brigade_limit = 10;
+ parser.pool = v;
+ parser.ctx = NULL;
+ parser.bucket_alloc = bucket;
+
+ parser.hook = apreq_hook_make(parser.pool, hookfunc, NULL, parser.ctx);
+
+ apr_table_t *table = apr_table_make(parser.pool, 10);
+ if (af_get_short(&data2, &size2) % 2 == 0) {
+ apreq_parse_multipart(&parser, table, brigade);
+ } else {
+ apreq_parse_urlencoded(&parser, table, brigade);
+ }
+
+ apr_pool_terminate();
+ }
+ af_gb_cleanup();
+ return 0;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 18:13:47 +0000