Add fuzzer for HttpStreamParser |
|||
Issue descriptionThis class reads HTTP responses from untrusted sources, which makes it a prime attack target.
,
Mar 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/44e8e9c8b39cd6fb611da0f905846652b0752511 commit 44e8e9c8b39cd6fb611da0f905846652b0752511 Author: mmenke <mmenke@chromium.org> Date: Tue Mar 29 18:38:57 2016 Add an HttpStreamParser fuzzer. BUG= 598037 Review URL: https://codereview.chromium.org/1836573002 Cr-Commit-Position: refs/heads/master@{#383777} [modify] https://crrev.com/44e8e9c8b39cd6fb611da0f905846652b0752511/net/BUILD.gn [add] https://crrev.com/44e8e9c8b39cd6fb611da0f905846652b0752511/net/http/http_stream_parser_fuzzer.cc
,
Mar 31 2016
,
Apr 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f344e9f0258f8d9f79b97f8ff445bb0d6fed1789 commit f344e9f0258f8d9f79b97f8ff445bb0d6fed1789 Author: mmenke <mmenke@chromium.org> Date: Fri Apr 08 21:05:57 2016 Fix HttpStreamParser fuzzer. Reading HTTP headers returns net::OK on some success paths, and bytes read on others. The test didn't account for this. This CL fixes the fuzzer to account for that. The weird HttpStreamParser behavior should also be fixed. BUG= 598037 Review URL: https://codereview.chromium.org/1868003004 Cr-Commit-Position: refs/heads/master@{#386197} [modify] https://crrev.com/f344e9f0258f8d9f79b97f8ff445bb0d6fed1789/net/http/http_stream_parser_fuzzer.cc
,
Apr 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/99e0416c6ee1037102c37f8cb0a286ce41405413 commit 99e0416c6ee1037102c37f8cb0a286ce41405413 Author: mmenke <mmenke@chromium.org> Date: Fri Apr 15 22:33:59 2016 Switch HttpStreamParser fuzzer over to using FuzzedSocket. This makes it a lot simpler, since it was basically duplicating FuzzedSocket's logic. BUG= 598037 Review URL: https://codereview.chromium.org/1892193002 Cr-Commit-Position: refs/heads/master@{#387730} [modify] https://crrev.com/99e0416c6ee1037102c37f8cb0a286ce41405413/net/http/http_stream_parser_fuzzer.cc
,
Apr 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e15732fd7e646ad24924e8506adf388206caf3a5 commit e15732fd7e646ad24924e8506adf388206caf3a5 Author: mmenke <mmenke@chromium.org> Date: Mon Apr 18 18:47:49 2016 Add dictionary for HTTP fuzzers. Currently used for HttpStreamParser and HttpProxyClientSocket fuzzers, so mostly includes strings those two fuzzers are interested in. BUG= 598037 , 599582 Review URL: https://codereview.chromium.org/1897863002 Cr-Commit-Position: refs/heads/master@{#387969} [modify] https://crrev.com/e15732fd7e646ad24924e8506adf388206caf3a5/net/BUILD.gn [add] https://crrev.com/e15732fd7e646ad24924e8506adf388206caf3a5/net/data/http/http.dict
,
Apr 23 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d284559ad772c498d5dae1a88d11a041f2941ffe commit d284559ad772c498d5dae1a88d11a041f2941ffe Author: mmenke <mmenke@chromium.org> Date: Sat Apr 23 00:00:51 2016 Fix HttpStreamParser fuzzer. It was failing to read the body. 0 while reading the headers means OK, while 0 while reading the body means the connection was closed. I fixed this issue two weeks ago, but then re-introduced it in a refactor. I think that shows how weird and confusing network stack result handling is. :( BUG= 598037 Review URL: https://codereview.chromium.org/1920463003 Cr-Commit-Position: refs/heads/master@{#389314} [modify] https://crrev.com/d284559ad772c498d5dae1a88d11a041f2941ffe/net/http/http_stream_parser_fuzzer.cc
,
Apr 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d284559ad772c498d5dae1a88d11a041f2941ffe commit d284559ad772c498d5dae1a88d11a041f2941ffe Author: mmenke <mmenke@chromium.org> Date: Sat Apr 23 00:00:51 2016 Fix HttpStreamParser fuzzer. It was failing to read the body. 0 while reading the headers means OK, while 0 while reading the body means the connection was closed. I fixed this issue two weeks ago, but then re-introduced it in a refactor. I think that shows how weird and confusing network stack result handling is. :( BUG= 598037 Review URL: https://codereview.chromium.org/1920463003 Cr-Commit-Position: refs/heads/master@{#389314} [modify] https://crrev.com/d284559ad772c498d5dae1a88d11a041f2941ffe/net/http/http_stream_parser_fuzzer.cc |
|||
►
Sign in to add a comment |
|||
Comment 1 by mmenke@chromium.org
, Mar 25 2016