Add HTTP/3 fuzzing harness #97
Conversation
HTTP/3 appears to fail with it set to /dev/null
|
|
||
| # Teach ngtcp2 about sockets | ||
| pushd $1 | ||
| patch -p1 <<'EOF' |
There was a problem hiding this comment.
Inlining the patch here is nasty. I'd rather this were in a patch file.
There was a problem hiding this comment.
Also, doing this via a patch mechanism severely limits updating this dependency in the future. What's the long-term plan here - add support to ngtcp2 upstream?
There was a problem hiding this comment.
Yeah, having the patch here is not a permanent solution. The long-term plan would be to work with ngtcp2 to make it more fuzzing friendly -- e.g. by allowing it to work with AF_UNIX sockets like this patch does.
There was a problem hiding this comment.
@bagder do you have an opinion here? In my experience this kind of mechanism is fairly brittle; I don't know if it's something we want to support moving forwards.
scripts/install_curl.sh
Outdated
| @@ -45,16 +45,39 @@ fi | |||
|
|
|||
| pushd ${SRCDIR} | |||
|
|
|||
| # TODO: Ignore HTTP3 socket connection failures | |||
scripts/install_curl.sh
Outdated
| @@ -45,16 +45,39 @@ fi | |||
|
|
|||
| pushd ${SRCDIR} | |||
|
|
|||
| # TODO: Ignore HTTP3 socket connection failures | |||
There was a problem hiding this comment.
why is this a TODO? Should it be?
scripts/install_curl.sh
Outdated
| rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); | ||
| if(-1 == rc) { | ||
| - return socket_connect_result(data, ctx->r_ip, SOCKERRNO); | ||
| + /* return socket_connect_result(data, ctx->r_ip, SOCKERRNO); */ |
There was a problem hiding this comment.
This feels wrong - why are we disabling this?
There was a problem hiding this comment.
This is quite hacky as you noticed, so I've specially marked it with a TODO. The harness uses AF_UNIX sockets and it makes the connect() call fail, which blocks fuzzing. Ideally we would have something nicer than this patch on cURL itself, to allow for fuzzing to proceed.
mainline.sh
Outdated
|
|
||
| # Install openssl | ||
| ${SCRIPTDIR}/handle_x.sh openssl ${OPENSSLDIR} ${INSTALLDIR} || exit 1 | ||
| # ${SCRIPTDIR}/handle_x.sh openssl ${OPENSSLDIR} ${INSTALLDIR} || exit 1 |
There was a problem hiding this comment.
If this is the solution, commenting this out is wrong. Remove the block altogether.
| "QUICTLS_VERSION=(?<currentValue>.*)\\s" | ||
| ], | ||
| "datasourceTemplate": "github-tags", | ||
| "depNameTemplate": "openssl/openssl", |
There was a problem hiding this comment.
I think this actually wants to be quictls/openssl
There was a problem hiding this comment.
good catch! I'll get that changed
|
|
||
| # Teach ngtcp2 about sockets | ||
| pushd $1 | ||
| patch -p1 <<'EOF' |
There was a problem hiding this comment.
@bagder do you have an opinion here? In my experience this kind of mechanism is fairly brittle; I don't know if it's something we want to support moving forwards.
This PR implements support for building cURL with QuicTLS, ngtcp2 and nghttp3 and adds a new harness,
curl_fuzzer_http3, that fuzzes the HTTP/3 implementation.scripts/download_ngtcp2.shincludes a patch that adds minimal support on ngtcp2 for usingAF_UNIXsockets.scripts/install_curl.shincludes a patch to disable failing when callingconnect()on the QUIC socket (as it will fail if you're using an AF_UNIX socket, like the fuzzer does).