lib-smtp: Add fuzz target for smtp server

diff --git a/src/lib-smtp/Makefile.am b/src/lib-smtp/Makefile.am
index cccdbfc33079d63f01ac0b78a04ee5c20de30ac5..a16dc68672fc02ae412b13ef75733c4f89011869 100644 (file)
--- a/src/lib-smtp/Makefile.am
+++ b/src/lib-smtp/Makefile.am
@@ -84,7 +84,14 @@ test_programs = \
 
 test_nocheck_programs =
 
-noinst_PROGRAMS = $(test_programs) $(test_nocheck_programs)
+fuzz_programs =
+
+if USE_FUZZER
+fuzz_programs += \
+       fuzz-smtp-server
+endif
+
+noinst_PROGRAMS = $(fuzz_programs) $(test_programs) $(test_nocheck_programs)
 
 EXTRA_DIST = \
        test-bin/sendmail-exit-1.sh \
@@ -168,6 +175,13 @@ test_smtp_server_errors_LDFLAGS = -export-dynamic
 test_smtp_server_errors_LDADD = $(test_libs)
 test_smtp_server_errors_DEPENDENCIES = $(test_deps)
 
+nodist_EXTRA_fuzz_smtp_server_SOURCES = force-cxx-linking.cxx
+fuzz_smtp_server_CPPFLAGS = $(FUZZER_CPPFLAGS)
+fuzz_smtp_server_LDFLAGS = $(FUZZER_LDFLAGS)
+fuzz_smtp_server_SOURCES = fuzz-smtp-server.c
+fuzz_smtp_server_LDADD = $(test_libs)
+fuzz_smtp_server_DEPENDENCIES = $(test_deps)
+
 check-local:
        for bin in $(test_programs); do \
          if test "$$bin" = "test-smtp-submit"; then \

diff --git a/src/lib-smtp/fuzz-smtp-server.c b/src/lib-smtp/fuzz-smtp-server.c
new file mode 100644 (file)
index 0000000..ed33818
--- /dev/null
+++ b/src/lib-smtp/fuzz-smtp-server.c
@@ -0,0 +1,46 @@
+/* Copyright (c) 2020 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "fuzzer.h"
+#include "ioloop.h"
+#include "smtp-server.h"
+
+static void server_connection_destroy(void *context)
+{
+       struct fuzzer_context *ctx = context;
+       io_loop_stop(ctx->ioloop);
+}
+
+static void test_server_continue(struct fuzzer_context *ctx)
+{
+       //instead of simple io_loop_stop so as to free input io
+       io_loop_stop_delayed(ctx->ioloop);
+}
+
+FUZZ_BEGIN_FD
+{
+       struct smtp_server_connection *conn;
+       struct smtp_server_settings smtp_server_set = {
+               .max_client_idle_time_msecs = 500,
+               .max_pipelined_commands = 16,
+               .auth_optional = TRUE,
+       };
+       struct smtp_server_callbacks server_callbacks = {
+               .conn_destroy = server_connection_destroy,
+       };
+       struct smtp_server *smtp_server = NULL;
+       struct timeout *to;
+
+       to = timeout_add_short(0, test_server_continue, &fuzz_ctx);
+       smtp_server = smtp_server_init(&smtp_server_set);
+
+       conn = smtp_server_connection_create(smtp_server, fuzz_ctx.fd, fuzz_ctx.fd, NULL, 0,
+                                            FALSE, NULL, &server_callbacks, &fuzz_ctx);
+       smtp_server_connection_start(conn);
+
+       io_loop_run(fuzz_ctx.ioloop);
+
+       smtp_server_deinit(&smtp_server);
+       timeout_remove(&to);
+}
+FUZZ_END