From 48013d75fccf5b5ef237b7cf2f41fc3e6889dc7b Mon Sep 17 00:00:00 2001 From: akallabeth Date: Sun, 21 Apr 2024 12:35:00 +0200 Subject: [PATCH] [core,test] add fuzzer for receive functions --- libfreerdp/core/test/CMakeLists.txt | 4 +- libfreerdp/core/test/TestFuzzFastpath.c | 109 ++++++++++++++++++++++++ 2 files changed, 111 insertions(+), 2 deletions(-) create mode 100644 libfreerdp/core/test/TestFuzzFastpath.c diff --git a/libfreerdp/core/test/CMakeLists.txt b/libfreerdp/core/test/CMakeLists.txt index ebd8fef46..672924654 100644 --- a/libfreerdp/core/test/CMakeLists.txt +++ b/libfreerdp/core/test/CMakeLists.txt @@ -10,7 +10,8 @@ set(${MODULE_PREFIX}_TESTS TestSettings.c) set(FUZZERS - TestFuzzCryptoCertificateDataSetPEM.c + TestFuzzFastpath.c + TestFuzzCryptoCertificateDataSetPEM.c ) if(WITH_SAMPLE AND WITH_SERVER AND NOT WIN32) @@ -44,4 +45,3 @@ foreach(test ${${MODULE_PREFIX}_TESTS}) endforeach() set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "FreeRDP/Core/Test") - diff --git a/libfreerdp/core/test/TestFuzzFastpath.c b/libfreerdp/core/test/TestFuzzFastpath.c new file mode 100644 index 000000000..d0cbd4059 --- /dev/null +++ b/libfreerdp/core/test/TestFuzzFastpath.c @@ -0,0 +1,109 @@ +#include +#include "../fastpath.h" +#include "../surface.h" +#include "../window.h" +#include "../info.h" +#include "../multitransport.h" + +int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) +{ + freerdp_peer* client = calloc(1, sizeof(freerdp_peer)); + if (!client) + goto fail; + client->ContextSize = sizeof(rdpContext); + if (!freerdp_peer_context_new(client)) + goto fail; + + WINPR_ASSERT(client->context); + rdpRdp* rdp = client->context->rdp; + WINPR_ASSERT(rdp); + + wStream sbuffer = { 0 }; + wStream* s = Stream_StaticConstInit(&sbuffer, Data, Size); + + { + rdpFastPath* fastpath = rdp->fastpath; + WINPR_ASSERT(fastpath); + + fastpath_recv_updates(fastpath, s); + fastpath_recv_inputs(fastpath, s); + + UINT16 length = 0; + fastpath_read_header_rdp(fastpath, s, &length); + fastpath_decrypt(fastpath, s, &length); + } + + { + UINT16 length = 0; + UINT16 flags = 0; + UINT16 channelId = 0; + UINT16 tpktLength = 0; + UINT16 remainingLength = 0; + UINT16 type = 0; + UINT16 securityFlags = 0; + UINT32 share_id = 0; + BYTE compressed_type = 0; + BYTE btype = 0; + UINT16 compressed_len = 0; + rdp_read_security_header(rdp, s, &flags, &length); + rdp_read_header(rdp, s, &length, &channelId); + rdp_read_share_control_header(rdp, s, &tpktLength, &remainingLength, &type, &channelId); + rdp_read_share_data_header(rdp, s, &length, &btype, &share_id, &compressed_type, + &compressed_len); + rdp_recv_message_channel_pdu(rdp, s, securityFlags); + rdp_recv_out_of_sequence_pdu(rdp, s, type, length); + rdp_recv_callback(rdp->transport, s, rdp); + rdp_recv_enhanced_security_redirection_packet(rdp, s); + } + { + rdpUpdate* update = rdp->update; + UINT16 channelId = 0; + UINT16 length = 0; + UINT16 pduSource = 0; + UINT16 pduLength = 0; + update_recv_order(update, s); + update_recv_altsec_window_order(update, s); + update_recv_play_sound(update, s); + update_recv_pointer(update, s); + update_recv_surfcmds(update, s); + rdp_recv_get_active_header(rdp, s, &channelId, &length); + rdp_recv_demand_active(rdp, s, pduSource, length); + rdp_recv_confirm_active(rdp, s, pduLength); + } + { + rdpNla* nla = nla_new(rdp->context, rdp->transport); + nla_recv_pdu(nla, s); + nla_free(nla); + } + { + rdp_recv_heartbeat_packet(rdp, s); + rdp->state = CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE; + rdp_recv_client_info(rdp, s); + rdp_recv_save_session_info(rdp, s); + } + { + freerdp_is_valid_mcs_create_request(Data, Size); + freerdp_is_valid_mcs_create_response(Data, Size); + } + { + multitransport_recv_request(rdp->multitransport, s); + multitransport_recv_response(rdp->multitransport, s); + } + { + autodetect_recv_request_packet(rdp->autodetect, RDP_TRANSPORT_TCP, s); + autodetect_recv_response_packet(rdp->autodetect, RDP_TRANSPORT_TCP, s); + } + { + rdp_recv_deactivate_all(rdp, s); + rdp_recv_server_synchronize_pdu(rdp, s); + rdp_recv_client_synchronize_pdu(rdp, s); + + freerdp_settings_set_bool(rdp->settings, FreeRDP_ServerMode, FALSE); + rdp_recv_data_pdu(rdp, s); + rdp_recv_font_map_pdu(rdp, s); + } +fail: + freerdp_peer_context_free(client); + free(client); + return 0; +}