darkhttpd/devel/fuzz_make_safe_uri.c

// Wrapper around make_safe_url() for fuzzing.
// Aborts if the output is deemed safe but contains /../ or /./
#include <stdio.h>

#define main _main_disabled_
#include "../darkhttpd.c"
#undef main

int main(void) {
    char *buf = NULL;
    size_t len = 0;
    ssize_t num_read = getline(&buf, &len, stdin);
    if (num_read == -1) return 1;
    int l = strlen(buf);
    if (l > 0) {
        buf[l-1] = '\0';
    }
    char* safe = make_safe_url(buf);
    if (safe) {
        if (strstr(safe, "/../") != NULL) abort();
        if (strstr(safe, "/./") != NULL) abort();
    }
    return 0;
}
/* vim:set ts=4 sw=4 sts=4 expandtab tw=78: */
Add a harness for fuzzing make_safe_uri() 2015-01-01 10:14:28 +03:00			`// Wrapper around make_safe_url() for fuzzing.`
			`// Aborts if the output is deemed safe but contains /../ or /./`
			`#include <stdio.h>`

cp test_make_safe_uri.c fuzz_make_safe_uri.c 2015-01-01 09:10:47 +03:00			`#define main _main_disabled_`
			`#include "../darkhttpd.c"`
			`#undef main`

Add a harness for fuzzing make_safe_uri() 2015-01-01 10:14:28 +03:00			`int main(void) {`
			`char *buf = NULL;`
			`size_t len = 0;`
			`ssize_t num_read = getline(&buf, &len, stdin);`
			`if (num_read == -1) return 1;`
			`int l = strlen(buf);`
			`if (l > 0) {`
			`buf[l-1] = '\0';`
cp test_make_safe_uri.c fuzz_make_safe_uri.c 2015-01-01 09:10:47 +03:00			`}`
Add a harness for fuzzing make_safe_uri() 2015-01-01 10:14:28 +03:00			`char* safe = make_safe_url(buf);`
			`if (safe) {`
			`if (strstr(safe, "/../") != NULL) abort();`
			`if (strstr(safe, "/./") != NULL) abort();`
cp test_make_safe_uri.c fuzz_make_safe_uri.c 2015-01-01 09:10:47 +03:00			`}`
			`return 0;`
			`}`
Add a harness for fuzzing make_safe_uri() 2015-01-01 10:14:28 +03:00			`/* vim:set ts=4 sw=4 sts=4 expandtab tw=78: */`