summaryrefslogtreecommitdiff
path: root/fuzz/fuzz_server.c
blob: ae72d8ec21a1f59062772916d22e8d1f343b9855 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

// Copyright 2007 - 2022, Alan Antonuk and the rabbitmq-c contributors.
// SPDX-License-Identifier: mit

#include <arpa/inet.h>
#include <netinet/in.h>
#include <pthread.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>

#include <rabbitmq-c/amqp.h>
#include <rabbitmq-c/tcp_socket.h>

struct Fuzzer {
  int socket;
  uint16_t port;
  pthread_t thread;

  uint64_t size;
  uint8_t *buffer;
};
typedef struct Fuzzer Fuzzer;

#define PORT 8080
#define kMinInputLength 9
#define kMaxInputLength 1024

void client(Fuzzer *fuzzer);

void fuzzinit(Fuzzer *fuzzer) {
  struct sockaddr_in server_addr;
  fuzzer->socket = socket(AF_INET, SOCK_STREAM, 0);
  server_addr.sin_family = AF_INET;
  server_addr.sin_port = htons(fuzzer->port);
  server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
  setsockopt(fuzzer->socket, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int));
  bind(fuzzer->socket, (struct sockaddr *)&server_addr, sizeof(server_addr));
  listen(fuzzer->socket, 1);
}

void *Server(void *args) {
  Fuzzer *fuzzer = (Fuzzer *)args;

  int client;
  char clientData[10240];
  struct sockaddr_in clientAddr;
  uint32_t clientSZ = sizeof(clientAddr);

  client = accept(fuzzer->socket, (struct sockaddr *)&clientAddr, &clientSZ);

  recv(client, clientData, sizeof(clientData), 0);
  send(client, fuzzer->buffer, fuzzer->size, 0);

  shutdown(client, SHUT_RDWR);
  close(client);

  pthread_exit(NULL);
}

void clean(Fuzzer *fuzzer) {
  shutdown(fuzzer->socket, SHUT_RDWR);
  close(fuzzer->socket);
  free(fuzzer);
}

extern int LLVMFuzzerTestOneInput(const char *data, size_t size) {

  if (size < kMinInputLength || size > kMaxInputLength) {
    return 0;
  }

  Fuzzer *fuzzer = (Fuzzer *)malloc(sizeof(Fuzzer));
  fuzzer->port = PORT;

  fuzzinit(fuzzer);

  pthread_create(&fuzzer->thread, NULL, Server, fuzzer);

  client(fuzzer);

  pthread_join(fuzzer->thread, NULL);

  clean(fuzzer);

  return 0;
}

void client(Fuzzer *fuzzer) {
  char const *hostname;
  int status;
  amqp_socket_t *socket = NULL;
  amqp_connection_state_t conn;

  hostname = "localhost";

  conn = amqp_new_connection();

  socket = amqp_tcp_socket_new(conn);
  if (!socket) {
    exit(1);
  }

  status = amqp_socket_open(socket, hostname, fuzzer->port);
  if (status) {
    exit(1);
  }

  amqp_login(conn, "/", 0, 131072, 0, AMQP_SASL_METHOD_PLAIN, "guest", "guest");

  amqp_destroy_connection(conn);
}
View Lorry Controller Status