Add fuzzer for proxy v1

Author: ralight

.gitignore

@@ -61,6 +61,7 @@ fuzzing/broker/broker_fuzz_handle_unsubscribe
 fuzzing/broker/broker_fuzz_initial_packet
 fuzzing/broker/broker_fuzz_initial_packet_with_init
 fuzzing/broker/broker_fuzz_password_file
+fuzzing/broker/broker_fuzz_proxy_v1
 fuzzing/broker/broker_fuzz_proxy_v2
 fuzzing/broker/broker_fuzz_psk_file
 fuzzing/broker/broker_fuzz_queue_msg

fuzzing/broker/Makefile

@@ -6,6 +6,7 @@ include ${R}/fuzzing/config.mk
 FUZZERS:= \
 	broker_fuzz_acl_file \
 	broker_fuzz_password_file \
+	broker_fuzz_proxy_v1 \
 	broker_fuzz_proxy_v2 \
 	broker_fuzz_psk_file \
 	broker_fuzz_queue_msg \
@@ -49,6 +50,11 @@ broker_fuzz_password_file : broker_fuzz_password_file.cpp ${R}/src/mosquitto_bro
 	install $@ ${OUT}/$@
 	cp ${R}/fuzzing/corpora/broker_password_file_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
 
+broker_fuzz_proxy_v1 : broker_fuzz_proxy_v1.cpp ${R}/src/proxy_v1.o
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $< ${R}/src/proxy_v1.o $(LOCAL_LIBADD)
+	cp ${R}/fuzzing/corpora/broker_fuzz_proxy_v1_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
+	install $@ ${OUT}/$@
+
 broker_fuzz_proxy_v2 : broker_fuzz_proxy_v2.cpp ${R}/src/proxy_v2.o
 	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $< ${R}/src/proxy_v2.o $(LOCAL_LIBADD)
 	cp ${R}/fuzzing/corpora/broker_fuzz_proxy_v2_seed_corpus.zip ${OUT}/$@_seed_corpus.zip

fuzzing/broker/broker_fuzz_proxy_v1.cpp

@@ -0,0 +1,88 @@
+/*
+Copyright (c) 2025 Roger Light <roger@atchoo.org>
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+   https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+  http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+
+Contributors:
+   Roger Light - initial implementation and documentation.
+*/
+
+#include <cstdio>
+#include <cstdint>
+#include <cstdlib>
+#include <cstring>
+#include <sys/stat.h>
+#include <unistd.h>
+
+static const uint8_t *packet_data = NULL;
+static int packet_data_pos = 0;
+static int packet_data_remaining = 0;
+
+extern "C" {
+#include "mosquitto_broker_internal.h"
+
+ssize_t net__read(struct mosquitto *mosq, void *buf, size_t count)
+{
+	int res = count < packet_data_remaining?count:packet_data_remaining;
+	memcpy(buf, &packet_data[packet_data_pos], res);
+	packet_data_remaining -= res;
+	return res;
+}
+
+int net__socket_get_address(mosq_sock_t sock, char *buf, size_t len, uint16_t *remote_port)
+{
+	snprintf(buf, len, "localhost");
+	*remote_port = 1883;
+	return MOSQ_ERR_SUCCESS;
+}
+
+int http__context_init(struct mosquitto *context)
+{
+	context->transport = mosq_t_http;
+
+	return MOSQ_ERR_SUCCESS;
+}
+
+int log__printf(struct mosquitto *mosq, unsigned int priority, const char *fmt, ...)
+{
+	return MOSQ_ERR_SUCCESS;
+}
+
+}
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	struct mosquitto context{};
+	struct mosquitto__listener listener{};
+
+	packet_data = data;
+	packet_data_pos = 0;
+	packet_data_remaining = size;
+
+	context.listener = &listener;
+	context.proxy.cmd = -1;
+	context.transport = mosq_t_proxy_v1;
+
+	while(packet_data_remaining > 0 && context.transport != mosq_t_tcp){
+		int rc = proxy_v1__read(&context);
+		if(rc){
+			break;
+		}
+	}
+	free(context.address);
+	free(context.proxy.buf);
+	free(context.proxy.tls_version);
+	free(context.proxy.cipher);
+
+	return 0;
+}