Fuzzing: Broker config file testing.

.gitignore

@@ -48,7 +48,11 @@ examples/publish/basic-websockets-1
 fuzzing/broker/broker_fuzz_initial_packet
 fuzzing/broker/broker_fuzz_second_packet
 fuzzing/corpora/broker/*
+fuzzing/corpora/broker_packet_seed_corpus.zip
 fuzzing/corpora/client/*
+fuzzing/corpora/client_packet_seed_corpus.zip
+fuzzing/corpora/db_dump_seed_corpus.zip
+
 
 lib/cpp/libmosquittopp.so*
 lib/cpp/libmosquittopp.a

fuzzing/broker/Makefile

@@ -3,7 +3,8 @@ R=../..
 
 FUZZERS:= \
 	broker_fuzz_initial_packet \
-	broker_fuzz_second_packet
+	broker_fuzz_second_packet \
+	broker_fuzz_test_config
 
 LOCAL_CPPFLAGS:=$(CPPFLAGS) -I${R}/include/
 LOCAL_CXXFLAGS:=$(CXXFLAGS) -g -Wall -Werror -pthread
@@ -22,5 +23,11 @@ broker_fuzz_second_packet : broker_fuzz_second_packet.cpp broker_fuzz.cpp
 	install $@ ${OUT}/$@
 	cp ${R}/fuzzing/corpora/broker_packet_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
 
+broker_fuzz_test_config : broker_fuzz_test_config.cpp
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
+	install $@ ${OUT}/$@
+	cp ${R}/fuzzing/corpora/broker_fuzz_test_config_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
+	cp ${R}/fuzzing/corpora/broker_conf.dict ${OUT}/$@.dict
+
 clean:
 	rm -f *.o $(FUZZERS)

fuzzing/broker/broker_fuzz_test_config.cpp

@@ -0,0 +1,67 @@
+/*
+Copyright (c) 2023 Cedalo GmbH
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+   https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+  http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+
+Contributors:
+   Roger Light - initial implementation and documentation.
+*/
+
+#include <cstdio>
+#include <cstdint>
+#include <cstdlib>
+#include <cstring>
+#include <unistd.h>
+
+/*
+ * Broker check of config only, the config isn't used
+ */
+
+/* The broker fuzz-only main function. */
+extern "C" int mosquitto_fuzz_main(int argc, char *argv[]);
+
+void run_broker(char *filename)
+{
+	char *argv[4];
+	int argc = 4;
+
+	argv[0] = strdup("mosquitto");
+	argv[1] = strdup("--test-config");
+	argv[2] = strdup("-c");
+	argv[3] = strdup(filename);
+
+	mosquitto_fuzz_main(argc, argv);
+
+	for(int i=0; i<argc; i++){
+		free(argv[i]);
+	}
+}
+
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char filename[100];
+	FILE *fptr;
+
+	snprintf(filename, sizeof(filename), "/tmp/mosquitto_%d.conf", getpid());
+	fptr = fopen(filename, "wb");
+	if(!fptr) return 1;
+	fwrite(data, 1, size, fptr);
+	fclose(fptr);
+
+	run_broker(filename);
+
+	unlink(filename);
+
+	return 0;
+}

fuzzing/corpora/broker_conf.dict

@@ -0,0 +1,165 @@
+"accept_protocol_versions"
+"acl_file"
+"address"
+"addresses"
+"all"
+"allow_anonymous"
+"allow_duplicate_messages"
+"allow_zero_length_clientid"
+"android"
+"auth_plugin"
+"auth_plugin_deny_special_chars"
+"auto_id_prefix"
+"automatic"
+"autosave_interval"
+"autosave_on_changes"
+"bind_address"
+"bind_interface"
+"bridge_alpn"
+"bridge_attempt_unsubscribe"
+"bridge_bind_address"
+"bridge_cafile"
+"bridge_capath"
+"bridge_certfile"
+"bridge_ciphers"
+"bridge_ciphers_tls1.3"
+"bridge_identity"
+"bridge_insecure"
+"bridge_keyfile"
+"bridge_max_packet_size"
+"bridge_max_topic_alias"
+"bridge_outgoing_retain"
+"bridge_protocol_version"
+"bridge_psk"
+"bridge_receive_maximum"
+"bridge_reload_type"
+"bridge_require_ocsp"
+"bridge_session_expiry_interval"
+"bridge_tcp_keepalive"
+"bridge_tcp_user_timeout"
+"bridge_tls_use_os_certs"
+"bridge_tls_version"
+"cafile"
+"capath"
+"certfile"
+"check_retain_source"
+"ciphers"
+"ciphers_tls1.3"
+"cleansession"
+"clientid"
+"clientid_prefixes"
+"connection"
+"connection_messages"
+"crlfile"
+"debug"
+"dhparamfile"
+"disable_client_cert_date_checks"
+"dlt"
+"enable_control_api"
+"engine"
+"error"
+"false"
+"file"
+"global_max_clients"
+"global_max_connections"
+"global_plugin"
+"http_dir"
+"idle_timeout"
+"immediate"
+"include_dir"
+"information"
+"internal"
+"ipv4"
+"ipv6"
+"keepalive_interval"
+"keyfile"
+"lazy"
+"listener"
+"local_cleansession"
+"local_clientid"
+"local_password"
+"local_username"
+"log_dest"
+"log_facility"
+"log_timestamp"
+"log_timestamp_format"
+"log_type"
+"manual"
+"max_connections"
+"max_inflight_bytes"
+"max_inflight_messages"
+"max_keepalive"
+"max_packet_size"
+"max_qos"
+"max_queued_bytes"
+"max_queued_messages"
+"max_topic_alias"
+"max_topic_alias_broker"
+"maximum_qos"
+"memory_limit"
+"message_size_limit"
+"mount_point"
+"mqtt"
+"mqttsn"
+"mqttv31"
+"mqttv311"
+"mqttv50"
+"none"
+"notice"
+"notification_topic"
+"notifications"
+"notifications_local_only"
+"once"
+"password"
+"password_file"
+"per_listener_settings"
+"persistence"
+"persistence_file"
+"persistence_location"
+"persistent_client_expiration"
+"pid_file"
+"plugin"
+"plugin_load"
+"plugin_use"
+"port"
+"protocol"
+"psk_file"
+"psk_hint"
+"queue_qos0_messages"
+"remote_clientid"
+"remote_password"
+"remote_username"
+"require_certificate"
+"restart_timeout"
+"retain_available"
+"retained_persistence"
+"retry_interval"
+"round_robin"
+"set_tcp_nodelay"
+"socket_domain"
+"start_type"
+"stderr"
+"stdout"
+"subscribe"
+"sys_interval"
+"syslog"
+"threshold"
+"tls_engine"
+"tls_engine_kpass_sha1"
+"tls_keyform"
+"tls_version"
+"topic"
+"true"
+"try_private"
+"unsubscribe"
+"upgrade_outgoing_qos"
+"use_identity_as_username"
+"use_subject_as_username"
+"use_username_as_clientid"
+"user"
+"username"
+"warning"
+"websockets"
+"websockets_headers_size"
+"websockets_log_level"
+"websockets_origin"