fuzzing: Add uri_parser fuzzer setup

Author: Teufelchen1

fuzzing/uri_parser/Makefile

@@ -0,0 +1,5 @@
+include ../Makefile.fuzzing_common
+
+USEMODULE += uri_parser
+
+include $(RIOTBASE)/Makefile.include

fuzzing/uri_parser/input/input0.txt

@@ -0,0 +1 @@
+coap:///R@[2008::1]:5own//R@[2008::1]:5own/?v=1

fuzzing/uri_parser/input/input1.txt

@@ -0,0 +1 @@
+coap://user@[2001:db8::1]:12345

fuzzing/uri_parser/input/input2.txt

@@ -0,0 +1 @@
+ftp://riot-os.org:99/bar/foo

fuzzing/uri_parser/input/input3.txt

@@ -0,0 +1 @@
+http://riot-os.org:99/bar/foo

fuzzing/uri_parser/input/input4.txt

@@ -0,0 +1 @@
+coap://user@[2001:db8::1%eth0]:12345

fuzzing/uri_parser/main.c

@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2022 HAW Hamburg
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+#include <err.h>
+#include <unistd.h>
+
+#include "uri_parser.h"
+#include "fuzzing.h"
+
+int main(void)
+{
+    size_t input_len;
+    char *input_buf = (char *)fuzzing_read_bytes(STDIN_FILENO, &input_len);
+
+    if (input_buf == NULL) {
+        errx(EXIT_FAILURE, "fuzzing_read_bytes failed");
+    }
+
+    uri_parser_result_t uri_res;
+
+    uri_parser_process(&uri_res, input_buf, input_len);
+
+    exit(EXIT_SUCCESS);
+    return EXIT_SUCCESS;
+}

sys/fuzzing/fuzzing.c

@@ -23,6 +23,10 @@
 extern int fuzzing_netdev(gnrc_netif_t *);
 extern void fuzzing_netdev_wait(void);
 
+/* buffer sizes for reading from an fd */
+#define FUZZING_BSIZE 1024
+#define FUZZING_BSTEP 128
+
 /* used by gnrc_pktbuf_malloc to exit on free */
 gnrc_pktsnip_t *gnrc_pktbuf_fuzzptr = NULL;
 
@@ -48,40 +52,22 @@ fuzzing_init(ipv6_addr_t *addr, unsigned pfx_len)
 int
 fuzzing_read_packet(int fd, gnrc_pktsnip_t *pkt)
 {
-    ssize_t r;
-    size_t csiz, rsiz;
+    size_t rsiz;
 
     /* can only be called once currently */
     assert(gnrc_pktbuf_fuzzptr == NULL);
 
-    csiz = 0;
-    rsiz = FUZZING_BSIZE;
-    if (gnrc_pktbuf_realloc_data(pkt, rsiz)) {
-        return -ENOMEM;
-    }
-
-    while ((r = read(fd, &((char *)pkt->data)[csiz], rsiz)) > 0) {
-        assert((size_t)r <= rsiz);
-
-        csiz += r;
-        rsiz -= r;
-
-        if (rsiz == 0) {
-            if (gnrc_pktbuf_realloc_data(pkt, csiz + FUZZING_BSTEP)) {
-                return -ENOMEM;
-            }
-            rsiz += FUZZING_BSTEP;
-        }
-    }
-    if (r == -1) {
+    uint8_t *input = fuzzing_read_bytes(fd, &rsiz);
+    if (input == NULL) {
         return -errno;
     }
 
-    /* shrink packet to actual size */
-    if (gnrc_pktbuf_realloc_data(pkt, csiz)) {
+    if (gnrc_pktbuf_realloc_data(pkt, rsiz)) {
         return -ENOMEM;
     }
 
+    memcpy(pkt->data, input, rsiz);
+
     gnrc_pktbuf_fuzzptr = pkt;
     return 0;
 }
@@ -116,7 +102,7 @@ fuzzing_read_bytes(int fd, size_t *size)
         return NULL;
     }
 
-    /* shrink packet to actual size */
+    /* shrink buffer to actual size */
     if ((buffer = realloc(buffer, csiz)) == NULL) {
         return NULL;
     }

sys/include/fuzzing.h

@@ -26,17 +26,11 @@
 extern "C" {
 #endif
 
-
 #include <stdint.h>
 
 #include "net/ipv6/addr.h"
 #include "net/gnrc/pkt.h"
 
-
-/* buffer sizes for reading from an fd */
-#define FUZZING_BSIZE 1024
-#define FUZZING_BSTEP 128
-
 /**
  * @brief Initialize dummy network interface with given address.
  *
@@ -63,7 +57,7 @@ int fuzzing_read_packet(int fd, gnrc_pktsnip_t *pkt);
  *
  * @param fd File descriptor to read data from.
  * @param size Byte count of the data read.
- *            
+ *
  * @return pointer to the data on success, NULL otherwise.
  */
 uint8_t *fuzzing_read_bytes(int fd, size_t *size);