webrtc/test/fuzzers/stun_parser_fuzzer.cc - Issue 2044523002: Add fuzzers for SDP and STUN parsing.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: webrtc/test/fuzzers/stun_parser_fuzzer.cc

Issue 2044523002: Add fuzzers for SDP and STUN parsing. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« webrtc/test/fuzzers/sdp_parser_fuzzer.cc ('K') | « webrtc/test/fuzzers/sdp_parser_fuzzer.cc ('k') | webrtc/test/fuzzers/stun_validator_fuzzer.cc » ('j') | webrtc/test/fuzzers/stun_validator_fuzzer.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (c) 2016 The WebRTC project authors. All Rights Reserved.	2 * Copyright (c) 2016 The WebRTC project authors. All Rights Reserved.

3 *	3 *

4 * Use of this source code is governed by a BSD-style license	4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source	5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found	6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may	7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.	8 * be found in the AUTHORS file in the root of the source tree.

9 */	9 */

10 #include "webrtc/modules/rtp_rtcp/source/rtp_packet_received.h"	10

	11 #include <stddef.h>

	12 #include <stdint.h>

	13

	14 #include "webrtc/p2p/base/stun.h"

11	15

12 namespace webrtc {	16 namespace webrtc {

	17 void FuzzOneInput(const uint8_t* data, size_t size) {

	18 auto message = reinterpret_cast<const char*>(data);

13	19

14 void FuzzOneInput(const uint8_t* data, size_t size) {	20 // Normally we'd check the integrity first; that's done elsewhere.
	pbos-webrtc 2016/06/06 16:20:42 "but integrity is fuzzed separately in stun_valida "but integrity is fuzzed separately in stun_validator_fuzzer.cc", or otherwise motivate why the attack surface is still valid. katrielc 2016/06/06 16:32:21 Done. Show quoted text On 2016/06/06 16:20:42, pbos-webrtc wrote: > "but integrity is fuzzed separately in stun_validator_fuzzer.cc", or otherwise > motivate why the attack surface is still valid. Done.
15 RtpPacketReceived packet;	21 std::unique_ptr<cricket::IceMessage> stun_msg(new cricket::IceMessage());

16	22 rtc::ByteBufferReader buf(message, size);

17 packet.Parse(data, size);	23 stun_msg->Read(&buf);

18

19 // Call packet accessors because they have extra checks.

20 packet.Marker();

21 packet.PayloadType();

22 packet.SequenceNumber();

23 packet.Timestamp();

24 packet.Ssrc();

25 packet.Csrcs();

26 }	24 }

27

28 } // namespace webrtc	25 } // namespace webrtc

29

OLD	NEW