Add a harness for fuzzing make_safe_uri()

2023-08-10 21:13:08 +03:00 · 2015-01-01 18:14:28 +11:00
parent e50accedb8
commit f24c9d0d59
18 changed files with 40 additions and 64 deletions
--- a/devel/fuzz_make_safe_uri.c
+++ b/devel/fuzz_make_safe_uri.c
@@ -1,72 +1,25 @@
+// Wrapper around make_safe_url() for fuzzing.
+// Aborts if the output is deemed safe but contains /../ or /./
+#include <stdio.h>
+
 #define main _main_disabled_
 #include "../darkhttpd.c"
 #undef main

-static void
-test(const char *input, const char *expected)
-{
-    char *tmp = xstrdup(input);
-    char *out = make_safe_url(tmp);
-
-    if (expected == NULL) {
-        if (out == NULL)
-            printf("PASS: \"%s\" is unsafe\n", input);
-        else
-            printf("FAIL: \"%s\" is unsafe, but got \"%s\"\n",
-                input, out);
+int main(void) {
+    char *buf = NULL;
+    size_t len = 0;
+    ssize_t num_read = getline(&buf, &len, stdin);
+    if (num_read == -1) return 1;
+    int l = strlen(buf);
+    if (l > 0) {
+        buf[l-1] = '\0';
    }
-    else if (out == NULL)
-        printf("FAIL: \"%s\" should become \"%s\", got unsafe\n",
-            input, expected);
-    else if (strcmp(out, expected) == 0)
-        printf("PASS: \"%s\" => \"%s\"\n", input, out);
-    else
-        printf("FAIL: \"%s\" => \"%s\", expecting \"%s\"\n",
-            input, out, expected);
-    free(tmp);
-}
-
-static char const *tests[] = {
-    "", NULL,
-    "/", "/",
-    "/.", "/",
-    "/./", "/",
-    "/../", NULL,
-    "/abc", "/abc",
-    "/abc/", "/abc/",
-    "/abc/.", "/abc",
-    "/abc/./", "/abc/",
-    "/abc/..", "/",
-    "/abc/../", "/",
-    "/abc/../def", "/def",
-    "/abc/../def/", "/def/",
-    "/abc/../def/..", "/",
-    "/abc/../def/../", "/",
-    "/abc/../def/../../", NULL,
-    "/abc/../def/.././", "/",
-    "/abc/../def/.././../", NULL,
-    "/a/b/c/../../d/", "/a/d/",
-    "/a/b/../../../c", NULL,
-    /* don't forget consolidate_slashes */
-    "//a///b////c/////", "/a/b/c/",
-    /* strip query params */
-    "/?a=b", "/",
-    "/index.html?", "/index.html",
-    "/index.html?a", "/index.html",
-    "/index.html?a=b", "/index.html",
-    NULL
-};
-
-int
-main(void)
-{
-    const char **curr = tests;
-
-    while (curr[0] != NULL) {
-        test(curr[0], curr[1]);
-        curr += 2;
+    char* safe = make_safe_url(buf);
+    if (safe) {
+        if (strstr(safe, "/../") != NULL) abort();
+        if (strstr(safe, "/./") != NULL) abort();
    }
-
    return 0;
 }
-/* vim:set tabstop=4 shiftwidth=4 expandtab tw=78: */
+/* vim:set ts=4 sw=4 sts=4 expandtab tw=78: */