websockets: build a dedicated websocket fuzzer

Author: bagder

Makefile.am

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2021, Daniel Stenberg, <[email protected]>, et al.
+# Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -52,6 +52,7 @@ FUZZPROGS = curl_fuzzer \
 			curl_fuzzer_sftp \
 			curl_fuzzer_smb \
 			curl_fuzzer_smtp \
+			curl_fuzzer_ws \
 			curl_fuzzer_tftp
 FUZZLIBS = libstandaloneengine.a
 
@@ -119,6 +120,9 @@ curl_fuzzer_smtp_LDADD = $(COMMON_LDADD)
 curl_fuzzer_tftp_SOURCES = $(COMMON_SOURCES)
 curl_fuzzer_tftp_CXXFLAGS = $(COMMON_FLAGS) -DFUZZ_PROTOCOLS_TFTP
 curl_fuzzer_tftp_LDADD = $(COMMON_LDADD)
+curl_fuzzer_ws_SOURCES = $(COMMON_SOURCES)
+curl_fuzzer_ws_CXXFLAGS = $(COMMON_FLAGS) -DFUZZ_PROTOCOLS_WS
+curl_fuzzer_ws_LDADD = $(COMMON_LDADD)
 
 # Unit test fuzzers
 curl_fuzzer_fnmatch_SOURCES = fuzz_fnmatch.cc

curl_fuzzer.cc

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2017 - 2021, Max Dymond, <[email protected]>, et al.
+ * Copyright (C) 2017 - 2022, Max Dymond, <[email protected]>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -462,81 +462,78 @@ int fuzz_select(int nfds,
 }
 
 /**
- * Set allowed protocols based on the compile options
+ * Set allowed protocols based on the compile options.
+ *
+ * Note that it can only use ONE of the FUZZ_PROTOCOLS_* defines.a
  */
 int fuzz_set_allowed_protocols(FUZZ_DATA *fuzz)
 {
   int rc = 0;
-  unsigned long allowed_protocols = 0;
+  const char *allowed_protocols = "";
 
 #ifdef FUZZ_PROTOCOLS_ALL
   /* Do not allow telnet currently as it accepts input from stdin. */
-  allowed_protocols |= CURLPROTO_ALL & ~CURLPROTO_TELNET;
+  allowed_protocols =
+    "dict,file,ftp,ftps,gopher,gophers,http,https,imap,imaps,"
+    "ldap,ldaps,mqtt,pop3,pop3s,rtmp,rtmpe,rtmps,rtmpt,rtmpte,rtmpts,"
+    "rtsp,scp,sftp,smb,smbs,smtp,smtps,tftp";
 #endif
 #ifdef FUZZ_PROTOCOLS_DICT
-  allowed_protocols |= CURLPROTO_DICT;
+  allowed_protocols = "dict";
 #endif
 #ifdef FUZZ_PROTOCOLS_FILE
-  allowed_protocols |= CURLPROTO_FILE;
+  allowed_protocols = "file";
 #endif
 #ifdef FUZZ_PROTOCOLS_FTP
-  allowed_protocols |= CURLPROTO_FTP;
-  allowed_protocols |= CURLPROTO_FTPS;
+  allowed_protocols = "ftp,ftps";
 #endif
 #ifdef FUZZ_PROTOCOLS_GOPHER
-  allowed_protocols |= CURLPROTO_GOPHER;
+  allowed_protocols = "gopher,gophers";
 #endif
 #ifdef FUZZ_PROTOCOLS_HTTP
-  allowed_protocols |= CURLPROTO_HTTP;
+  allowed_protocols = "http";
 #endif
 #ifdef FUZZ_PROTOCOLS_HTTPS
-  allowed_protocols |= CURLPROTO_HTTPS;
+  allowed_protocols = "https";
 #endif
 #ifdef FUZZ_PROTOCOLS_IMAP
-  allowed_protocols |= CURLPROTO_IMAP;
-  allowed_protocols |= CURLPROTO_IMAPS;
+  allowed_protocols = "imap,imaps";
 #endif
 #ifdef FUZZ_PROTOCOLS_LDAP
-  allowed_protocols |= CURLPROTO_LDAP;
-  allowed_protocols |= CURLPROTO_LDAPS;
+  allowed_protocols = "ldap,ldaps";
 #endif
 #ifdef FUZZ_PROTOCOLS_MQTT
-  allowed_protocols |= CURLPROTO_MQTT;
+  allowed_protocols = "mqtt";
 #endif
 #ifdef FUZZ_PROTOCOLS_POP3
-  allowed_protocols |= CURLPROTO_POP3;
-  allowed_protocols |= CURLPROTO_POP3S;
+  allowed_protocols = "pop3,pop3s";
 #endif
 #ifdef FUZZ_PROTOCOLS_RTMP
-  allowed_protocols |= CURLPROTO_RTMP;
-  allowed_protocols |= CURLPROTO_RTMPE;
-  allowed_protocols |= CURLPROTO_RTMPS;
-  allowed_protocols |= CURLPROTO_RTMPT;
-  allowed_protocols |= CURLPROTO_RTMPTE;
-  allowed_protocols |= CURLPROTO_RTMPTS;
+  allowed_protocols = "rtmp,rtmpe,rtmps,rtmpt,rtmpte,rtmpts";
 #endif
 #ifdef FUZZ_PROTOCOLS_RTSP
-  allowed_protocols |= CURLPROTO_RTSP;
+  allowed_protocols = "rtsp";
 #endif
 #ifdef FUZZ_PROTOCOLS_SCP
-  allowed_protocols |= CURLPROTO_SCP;
+  allowed_protocols = "scp";
 #endif
 #ifdef FUZZ_PROTOCOLS_SFTP
-  allowed_protocols |= CURLPROTO_SFTP;
+  allowed_protocols = "sftp";
 #endif
 #ifdef FUZZ_PROTOCOLS_SMB
-  allowed_protocols |= CURLPROTO_SMB;
-  allowed_protocols |= CURLPROTO_SMBS;
+  allowed_protocols = "smb,smbs";
 #endif
 #ifdef FUZZ_PROTOCOLS_SMTP
-  allowed_protocols |= CURLPROTO_SMTP;
-  allowed_protocols |= CURLPROTO_SMTPS;
+  allowed_protocols = "smtp,smtps";
 #endif
 #ifdef FUZZ_PROTOCOLS_TFTP
-  allowed_protocols |= CURLPROTO_TFTP;
+  allowed_protocols = "tftp";
+#endif
+#ifdef FUZZ_PROTOCOLS_WS
+  allowed_protocols = "ws,wss";
 #endif
 
-  FTRY(curl_easy_setopt(fuzz->easy, CURLOPT_PROTOCOLS, allowed_protocols));
+  FTRY(curl_easy_setopt(fuzz->easy, CURLOPT_PROTOCOLS_STR, allowed_protocols));
 
 EXIT_LABEL:
 

scripts/fuzz_targets

@@ -1,3 +1,3 @@
 #!/bin/bash
 
-export FUZZ_TARGETS="curl_fuzzer_dict curl_fuzzer_file curl_fuzzer_ftp curl_fuzzer_gopher curl_fuzzer_http curl_fuzzer_https curl_fuzzer_imap curl_fuzzer_ldap curl_fuzzer_mqtt curl_fuzzer_pop3 curl_fuzzer_rtmp curl_fuzzer_rtsp curl_fuzzer_scp curl_fuzzer_sftp curl_fuzzer_smb curl_fuzzer_smtp curl_fuzzer_tftp curl_fuzzer"
+export FUZZ_TARGETS="curl_fuzzer_dict curl_fuzzer_file curl_fuzzer_ftp curl_fuzzer_gopher curl_fuzzer_http curl_fuzzer_https curl_fuzzer_imap curl_fuzzer_ldap curl_fuzzer_mqtt curl_fuzzer_pop3 curl_fuzzer_rtmp curl_fuzzer_rtsp curl_fuzzer_scp curl_fuzzer_sftp curl_fuzzer_smb curl_fuzzer_smtp curl_fuzzer_tftp curl_fuzzer_ws curl_fuzzer"

scripts/install_curl.sh

@@ -53,6 +53,7 @@ pushd ${SRCDIR}
             --enable-maintainer-mode \
             --disable-symbol-hiding \
             --enable-ipv6 \
+            --enable-websockets \
             --with-random=/dev/null \
             ${SSLOPTION} \
             ${NGHTTPOPTION} \