From 665353dcb4a9d018f124127151b320632c177f26 Mon Sep 17 00:00:00 2001 From: Arjun Date: Wed, 12 Jun 2024 10:36:39 +0530 Subject: fuzzing: add a fuzzing seed corpus and dictionary Signed-off-by: Arjun Reviewed-by: Andrew Clayton Signed-off-by: Andrew Clayton --- fuzzing/fuzz_basic_seed_corpus/base64_0.bin | Bin 0 -> 12 bytes fuzzing/fuzz_basic_seed_corpus/term_0.bin | Bin 0 -> 26 bytes fuzzing/fuzz_basic_seed_corpus/term_1.bin | Bin 0 -> 26 bytes fuzzing/fuzz_basic_seed_corpus/utf8_0.bin | Bin 0 -> 26 bytes fuzzing/fuzz_http.dict | 38 +++++++++++++++++++++ .../fuzz_http_seed_corpus/nxt_http_test_bench.bin | 16 +++++++++ .../fuzz_http_seed_corpus/nxt_http_test_run_0.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_1.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_10.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_11.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_12.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_13.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_14.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_15.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_16.bin | 4 +++ .../fuzz_http_seed_corpus/nxt_http_test_run_17.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_18.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_19.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_2.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_20.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_21.bin | 4 +++ .../fuzz_http_seed_corpus/nxt_http_test_run_22.bin | 3 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_23.bin | 5 +++ .../fuzz_http_seed_corpus/nxt_http_test_run_24.bin | 5 +++ .../fuzz_http_seed_corpus/nxt_http_test_run_3.bin | 1 + .../fuzz_http_seed_corpus/nxt_http_test_run_4.bin | 1 + .../fuzz_http_seed_corpus/nxt_http_test_run_5.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_6.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_7.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_8.bin | 2 ++ .../fuzz_http_seed_corpus/nxt_http_test_run_9.bin | 2 ++ fuzzing/fuzz_json_seed_corpus/json_0.bin | 1 + fuzzing/fuzz_json_seed_corpus/json_1.bin | 1 + fuzzing/fuzz_json_seed_corpus/json_2.bin | 1 + fuzzing/fuzz_json_seed_corpus/json_3.bin | 1 + fuzzing/fuzz_json_seed_corpus/json_4.bin | 1 + 36 files changed, 127 insertions(+) create mode 100644 fuzzing/fuzz_basic_seed_corpus/base64_0.bin create mode 100644 fuzzing/fuzz_basic_seed_corpus/term_0.bin create mode 100644 fuzzing/fuzz_basic_seed_corpus/term_1.bin create mode 100644 fuzzing/fuzz_basic_seed_corpus/utf8_0.bin create mode 100644 fuzzing/fuzz_http.dict create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_bench.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_0.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_1.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_10.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_11.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_12.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_13.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_14.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_15.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_16.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_17.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_18.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_19.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_2.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_20.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_21.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_22.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_23.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_24.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_3.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_4.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_5.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_6.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_7.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_8.bin create mode 100644 fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_9.bin create mode 100644 fuzzing/fuzz_json_seed_corpus/json_0.bin create mode 100644 fuzzing/fuzz_json_seed_corpus/json_1.bin create mode 100644 fuzzing/fuzz_json_seed_corpus/json_2.bin create mode 100644 fuzzing/fuzz_json_seed_corpus/json_3.bin create mode 100644 fuzzing/fuzz_json_seed_corpus/json_4.bin diff --git a/fuzzing/fuzz_basic_seed_corpus/base64_0.bin b/fuzzing/fuzz_basic_seed_corpus/base64_0.bin new file mode 100644 index 00000000..71501405 Binary files /dev/null and b/fuzzing/fuzz_basic_seed_corpus/base64_0.bin differ diff --git a/fuzzing/fuzz_basic_seed_corpus/term_0.bin b/fuzzing/fuzz_basic_seed_corpus/term_0.bin new file mode 100644 index 00000000..c7fff416 Binary files /dev/null and b/fuzzing/fuzz_basic_seed_corpus/term_0.bin differ diff --git a/fuzzing/fuzz_basic_seed_corpus/term_1.bin b/fuzzing/fuzz_basic_seed_corpus/term_1.bin new file mode 100644 index 00000000..bd03def0 Binary files /dev/null and b/fuzzing/fuzz_basic_seed_corpus/term_1.bin differ diff --git a/fuzzing/fuzz_basic_seed_corpus/utf8_0.bin b/fuzzing/fuzz_basic_seed_corpus/utf8_0.bin new file mode 100644 index 00000000..d395758e Binary files /dev/null and b/fuzzing/fuzz_basic_seed_corpus/utf8_0.bin differ diff --git a/fuzzing/fuzz_http.dict b/fuzzing/fuzz_http.dict new file mode 100644 index 00000000..0a198414 --- /dev/null +++ b/fuzzing/fuzz_http.dict @@ -0,0 +1,38 @@ +"Accept-Encoding" +"Accept-Language" +"Accept" +"Authorization" +"Cache-Control" +"Connection" +"Content-Length" +"Content-Range" +"Content-Type" +"Cookie" +"Date" +"Expect" +"Host" +"If-Match" +"If-Modified-Since" +"If-None-Match" +"If-Range" +"If-Unmodified-Since" +"Keep-Alive" +"Origin" +"Pragma" +"Range" +"Referer" +"Sec-WebSocket-Key" +"Sec-WebSocket-Version" +"Server" +"TE" +"Transfer-Encoding" +"Upgrade-Insecure-Requests" +"Upgrade" +"User-Agent" +"Via" +"X-Forwarded-For" +"X-Forwarded-Host" +"X-Forwarded-Proto" +"X-Http-Method-Override" +"X-Real-IP" +"X-Request-ID" diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_bench.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_bench.bin new file mode 100644 index 00000000..64e2f7e8 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_bench.bin @@ -0,0 +1,16 @@ +POST /path/to/very/interesting/article/on.this.site?arg1=value&arg2=value2&very_big_arg=even_bigger_value HTTP/1.1 +Host: www.example.com +User-Agent: Mozilla/5.0 (X11; Gentoo Linux x86_64; rv:42.0) Firefox/42.0 +Accept: text/html,application/json,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4 +Accept-Encoding: gzip, deflate, br +If-Modified-Since: Wed, 31 Dec 1986 16:00:00 GMT +Referer: https://example.org/path/to/not-interesting/article.html +Cookie: name=value; name2=value2; some_big_cookie=Olr+/9hoA0og/dAcHH1p8sEFAHAAAAAElFTkSuQmCC +Connection: keep-alive +Content-Length: 0 +Upgrade-Insecure-Requests: 1 +Pragma: no-cache +Cache-Control: no-cache +X-Forwarded-For: 192.0.2.0, 198.51.100.0, 203.0.113.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_0.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_0.bin new file mode 100644 index 00000000..00ff084d --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_0.bin @@ -0,0 +1,2 @@ +XXX-METHOD /d.ir/fi+le.ext?key=val HTTP/1.2 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_1.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_1.bin new file mode 100644 index 00000000..2f6c6149 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_1.bin @@ -0,0 +1,2 @@ +GEt / HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_10.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_10.bin new file mode 100644 index 00000000..03337016 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_10.bin @@ -0,0 +1,2 @@ +GET /na %20me.ext?args HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_11.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_11.bin new file mode 100644 index 00000000..bac5bc27 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_11.bin @@ -0,0 +1,2 @@ +GET / HTTP/1.0 HTTP/1.1 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_12.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_12.bin new file mode 100644 index 00000000..75bd72e2 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_12.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Host:example.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_13.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_13.bin new file mode 100644 index 00000000..2216ec8d --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_13.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Host: + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_14.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_14.bin new file mode 100644 index 00000000..12435096 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_14.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +:Host: example.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_15.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_15.bin new file mode 100644 index 00000000..88bb36f4 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_15.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Ho_st: example.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_16.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_16.bin new file mode 100644 index 00000000..ce7453c2 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_16.bin @@ -0,0 +1,4 @@ +GET / HTTP/1.1 +Ho +st: example.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_17.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_17.bin new file mode 100644 index 00000000..5016e0df --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_17.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Host: exa mple.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_18.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_18.bin new file mode 100644 index 00000000..d2409a88 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_18.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Host: example.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_19.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_19.bin new file mode 100644 index 00000000..40e39921 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_19.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +!#$%&'*+.^_`|~: allowed + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_2.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_2.bin new file mode 100644 index 00000000..cfc0d81a --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_2.bin @@ -0,0 +1,3 @@ +GET / + HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_20.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_20.bin new file mode 100644 index 00000000..b1deb571 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_20.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Host: xn--e1afmkfd.xn--80akhbyknj4f + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_21.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_21.bin new file mode 100644 index 00000000..89565fd8 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_21.bin @@ -0,0 +1,4 @@ +GET / HTTP/1.1 +Host: exa +mple.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_22.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_22.bin new file mode 100644 index 00000000..3e0f8f6a --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_22.bin @@ -0,0 +1,3 @@ +GET / HTTP/1.1 +Host: exa mple.com + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_23.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_23.bin new file mode 100644 index 00000000..da0661e5 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_23.bin @@ -0,0 +1,5 @@ +GET / HTTP/1.1 +X-Unknown-Header: value +X-Good-Header: value +!#$%&'*+.^_`|~: skipped + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_24.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_24.bin new file mode 100644 index 00000000..6b5232e3 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_24.bin @@ -0,0 +1,5 @@ +GET / HTTP/1.1 +X-Good-Header: value +X-Unknown-Header: value +X-Bad-Header: value + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_3.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_3.bin new file mode 100644 index 00000000..20afdfb4 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_3.bin @@ -0,0 +1 @@ +GET / HTTP/1.0 diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_4.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_4.bin new file mode 100644 index 00000000..22b52346 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_4.bin @@ -0,0 +1 @@ +GET / HTTP/2.0 diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_5.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_5.bin new file mode 100644 index 00000000..2da59689 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_5.bin @@ -0,0 +1,2 @@ +GET /. HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_6.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_6.bin new file mode 100644 index 00000000..9cf4c094 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_6.bin @@ -0,0 +1,2 @@ +GET /# HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_7.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_7.bin new file mode 100644 index 00000000..d02576e0 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_7.bin @@ -0,0 +1,2 @@ +GET /?# HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_8.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_8.bin new file mode 100644 index 00000000..fa246dc4 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_8.bin @@ -0,0 +1,2 @@ +GET // HTTP/1.0 + diff --git a/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_9.bin b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_9.bin new file mode 100644 index 00000000..2668f283 --- /dev/null +++ b/fuzzing/fuzz_http_seed_corpus/nxt_http_test_run_9.bin @@ -0,0 +1,2 @@ +GET /%20 HTTP/1.0 + diff --git a/fuzzing/fuzz_json_seed_corpus/json_0.bin b/fuzzing/fuzz_json_seed_corpus/json_0.bin new file mode 100644 index 00000000..450e2283 --- /dev/null +++ b/fuzzing/fuzz_json_seed_corpus/json_0.bin @@ -0,0 +1 @@ +[{"container": 1000, "host": 0, "size": 1},{"container": 10000, "host": 10000, "size": 1}, {"container": 60000, "host": 60000, "size": 1}] \ No newline at end of file diff --git a/fuzzing/fuzz_json_seed_corpus/json_1.bin b/fuzzing/fuzz_json_seed_corpus/json_1.bin new file mode 100644 index 00000000..0637a088 --- /dev/null +++ b/fuzzing/fuzz_json_seed_corpus/json_1.bin @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/fuzzing/fuzz_json_seed_corpus/json_2.bin b/fuzzing/fuzz_json_seed_corpus/json_2.bin new file mode 100644 index 00000000..5c1201b8 --- /dev/null +++ b/fuzzing/fuzz_json_seed_corpus/json_2.bin @@ -0,0 +1 @@ +[{"container": 0, "host": 0, "size": 1}] \ No newline at end of file diff --git a/fuzzing/fuzz_json_seed_corpus/json_3.bin b/fuzzing/fuzz_json_seed_corpus/json_3.bin new file mode 100644 index 00000000..e040c9b7 --- /dev/null +++ b/fuzzing/fuzz_json_seed_corpus/json_3.bin @@ -0,0 +1 @@ +[{"container": 1000, "host": 0, "size": 1}] \ No newline at end of file diff --git a/fuzzing/fuzz_json_seed_corpus/json_4.bin b/fuzzing/fuzz_json_seed_corpus/json_4.bin new file mode 100644 index 00000000..30a2bc50 --- /dev/null +++ b/fuzzing/fuzz_json_seed_corpus/json_4.bin @@ -0,0 +1 @@ +[{"container": 0, "host": 1000, "size": 1}, {"container": 1000, "host": 2000, "size": 1}] \ No newline at end of file -- cgit