JFreegman/level_1_fuzz.c

## level_1_fuzz.c
/* Max size of a packet payload */
#define FUZZ_PACKET_LEN_RANGE 512

/* Sends packet of size length to peernumber for every relevant group message type */
static void fuzz_send_group_packet(GC_Chat *chat, uint32_t peernumber, const uint8_t *packet, size_t length)
{
    size_t i;

    /* All lossy packet types */
    for (i = GP_PING; i <= GP_TCP_RELAYS; ++i)
        send_lossy_group_packet(chat, peernumber, packet, length, i);

    /* All lossless packet types except GP_BROADCAST */
    for (i = GP_PEER_INFO_REQUEST; i <= GP_HS_RESPONSE_ACK; ++i)
        send_lossless_group_packet(chat, peernumber, packet, length, i);

    /* Broadcast types whose protocol has only a single data field (ones we don't need to smart_fuzz) */
    for (i = GM_STATUS; i <= GM_PRVT_MESSAGE; ++i) {
        uint8_t bc_packet[length + GC_BROADCAST_ENC_HEADER_SIZE];
        uint32_t bc_packet_len = make_gc_broadcast_header(chat, packet, length, bc_packet, i);
        send_lossless_group_packet(chat, peernumber, bc_packet, bc_packet_len, GP_BROADCAST);
    }
}

/* Creates a randomized packet and sends it to every peer for (almost) every group message type */
static void fuzz_level_1(GC_Chat *chat)
{
    uint8_t packet[MAX_GC_PACKET_SIZE];
    U32_to_bytes(packet, chat->self_public_key_hash);

    uint32_t i, j;

    for (i = 1; i < chat->numpeers; ++i) {
        uint32_t length = HASH_ID_BYTES + random_int_range(FUZZ_PACKET_LEN_RANGE);

        if (length > sizeof(packet))
            continue;

        /* dumb-fuzz the app data section of the packet, starting after the sender pub-key hash */
        for (j = HASH_ID_BYTES; j < length - HASH_ID_BYTES; ++j)
            packet[j] = rand();

        fuzz_send_group_packet(chat, i, packet, length);
    }
}
	/* Max size of a packet payload */
	#define FUZZ_PACKET_LEN_RANGE 512

	/* Sends packet of size length to peernumber for every relevant group message type */
	static void fuzz_send_group_packet(GC_Chat chat, uint32_t peernumber, const uint8_t packet, size_t length)
	{
	size_t i;

	/* All lossy packet types */
	for (i = GP_PING; i <= GP_TCP_RELAYS; ++i)
	send_lossy_group_packet(chat, peernumber, packet, length, i);

	/* All lossless packet types except GP_BROADCAST */
	for (i = GP_PEER_INFO_REQUEST; i <= GP_HS_RESPONSE_ACK; ++i)
	send_lossless_group_packet(chat, peernumber, packet, length, i);

	/* Broadcast types whose protocol has only a single data field (ones we don't need to smart_fuzz) */
	for (i = GM_STATUS; i <= GM_PRVT_MESSAGE; ++i) {
	uint8_t bc_packet[length + GC_BROADCAST_ENC_HEADER_SIZE];
	uint32_t bc_packet_len = make_gc_broadcast_header(chat, packet, length, bc_packet, i);
	send_lossless_group_packet(chat, peernumber, bc_packet, bc_packet_len, GP_BROADCAST);
	}
	}

	/* Creates a randomized packet and sends it to every peer for (almost) every group message type */
	static void fuzz_level_1(GC_Chat *chat)
	{
	uint8_t packet[MAX_GC_PACKET_SIZE];
	U32_to_bytes(packet, chat->self_public_key_hash);

	uint32_t i, j;

	for (i = 1; i < chat->numpeers; ++i) {
	uint32_t length = HASH_ID_BYTES + random_int_range(FUZZ_PACKET_LEN_RANGE);

	if (length > sizeof(packet))
	continue;

	/* dumb-fuzz the app data section of the packet, starting after the sender pub-key hash */
	for (j = HASH_ID_BYTES; j < length - HASH_ID_BYTES; ++j)
	packet[j] = rand();

	fuzz_send_group_packet(chat, i, packet, length);
	}
	}