From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 20 Mar 2020 15:00:21 +0000 (+0100)
Subject: lib-smtp: Add fuzz target for smtp server
X-Git-Tag: 2.3.14.rc1~179
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9622c5646a9335a3813a6b45d0dd4fe2fff45aa0;p=thirdparty%2Fdovecot%2Fcore.git

lib-smtp: Add fuzz target for smtp server
---

diff --git a/src/lib-smtp/Makefile.am b/src/lib-smtp/Makefile.am
index cccdbfc330..a16dc68672 100644
--- a/src/lib-smtp/Makefile.am
+++ b/src/lib-smtp/Makefile.am
@@ -84,7 +84,14 @@ test_programs = \
 
 test_nocheck_programs =
 
-noinst_PROGRAMS = $(test_programs) $(test_nocheck_programs)
+fuzz_programs =
+
+if USE_FUZZER
+fuzz_programs += \
+	fuzz-smtp-server
+endif
+
+noinst_PROGRAMS = $(fuzz_programs) $(test_programs) $(test_nocheck_programs)
 
 EXTRA_DIST = \
 	test-bin/sendmail-exit-1.sh \
@@ -168,6 +175,13 @@ test_smtp_server_errors_LDFLAGS = -export-dynamic
 test_smtp_server_errors_LDADD = $(test_libs)
 test_smtp_server_errors_DEPENDENCIES = $(test_deps)
 
+nodist_EXTRA_fuzz_smtp_server_SOURCES = force-cxx-linking.cxx
+fuzz_smtp_server_CPPFLAGS = $(FUZZER_CPPFLAGS)
+fuzz_smtp_server_LDFLAGS = $(FUZZER_LDFLAGS)
+fuzz_smtp_server_SOURCES = fuzz-smtp-server.c
+fuzz_smtp_server_LDADD = $(test_libs)
+fuzz_smtp_server_DEPENDENCIES = $(test_deps)
+
 check-local:
 	for bin in $(test_programs); do \
 	  if test "$$bin" = "test-smtp-submit"; then \
diff --git a/src/lib-smtp/fuzz-smtp-server.c b/src/lib-smtp/fuzz-smtp-server.c
new file mode 100644
index 0000000000..ed33818b3c
--- /dev/null
+++ b/src/lib-smtp/fuzz-smtp-server.c
@@ -0,0 +1,46 @@
+/* Copyright (c) 2020 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "fuzzer.h"
+#include "ioloop.h"
+#include "smtp-server.h"
+
+static void server_connection_destroy(void *context)
+{
+	struct fuzzer_context *ctx = context;
+	io_loop_stop(ctx->ioloop);
+}
+
+static void test_server_continue(struct fuzzer_context *ctx)
+{
+	//instead of simple io_loop_stop so as to free input io
+	io_loop_stop_delayed(ctx->ioloop);
+}
+
+FUZZ_BEGIN_FD
+{
+	struct smtp_server_connection *conn;
+	struct smtp_server_settings smtp_server_set = {
+		.max_client_idle_time_msecs = 500,
+		.max_pipelined_commands = 16,
+		.auth_optional = TRUE,
+	};
+	struct smtp_server_callbacks server_callbacks = {
+		.conn_destroy = server_connection_destroy,
+	};
+	struct smtp_server *smtp_server = NULL;
+	struct timeout *to;
+
+	to = timeout_add_short(0, test_server_continue, &fuzz_ctx);
+	smtp_server = smtp_server_init(&smtp_server_set);
+
+	conn = smtp_server_connection_create(smtp_server, fuzz_ctx.fd, fuzz_ctx.fd, NULL, 0,
+					     FALSE, NULL, &server_callbacks, &fuzz_ctx);
+	smtp_server_connection_start(conn);
+
+	io_loop_run(fuzz_ctx.ioloop);
+
+	smtp_server_deinit(&smtp_server);
+	timeout_remove(&to);
+}
+FUZZ_END