From 02e7e3c23b29002267a89ae74e51c2285bb27da1 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 1 Dec 2022 12:21:04 +0100
Subject: Add a new fuzzer for QUIC (#1800)

QUIC packets are encrypted/obfuscated; that means that we need to
decrypt them before parsing the real (TLS) message.
Fuzzing is not effective here, since a random buffer is hardly a valid
encrypted QUIC packet.

Add a new fuzzer, testing *decrypted* QUIC packets.

Add a basic corpus.

Fix a few bugs already found by this fuzzer.
---
 fuzz/corpus/fuzz_quic_get_crypto_data/q046.bin           | Bin 0 -> 1324 bytes
 fuzz/corpus/fuzz_quic_get_crypto_data/q050.bin           | Bin 0 -> 1319 bytes
 .../fuzz_quic_get_crypto_data/v1_chaos_protection.bin    | Bin 0 -> 1219 bytes
 .../fuzz_quic_get_crypto_data/v1_chaos_protection_b.bin  | Bin 0 -> 1219 bytes
 fuzz/corpus/fuzz_quic_get_crypto_data/v1_doq.bin         | Bin 0 -> 1210 bytes
 .../fuzz_quic_get_crypto_data/v1_only_first_fragment.bin | Bin 0 -> 1190 bytes
 .../v1_only_second_fragment.bin                          | Bin 0 -> 1190 bytes
 fuzz/corpus/fuzz_quic_get_crypto_data/v2.bin             | Bin 0 -> 1210 bytes
 8 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/q046.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/q050.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection_b.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/v1_doq.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_first_fragment.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_second_fragment.bin
 create mode 100644 fuzz/corpus/fuzz_quic_get_crypto_data/v2.bin

(limited to 'fuzz/corpus/fuzz_quic_get_crypto_data')

diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/q046.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/q046.bin
new file mode 100644
index 000000000..679ef8245
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/q046.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/q050.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/q050.bin
new file mode 100644
index 000000000..e91a15d41
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/q050.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection.bin
new file mode 100644
index 000000000..6f7e2253e
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection_b.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection_b.bin
new file mode 100644
index 000000000..258979432
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_chaos_protection_b.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/v1_doq.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_doq.bin
new file mode 100644
index 000000000..e1c7d9cbb
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_doq.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_first_fragment.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_first_fragment.bin
new file mode 100644
index 000000000..d865a5578
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_first_fragment.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_second_fragment.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_second_fragment.bin
new file mode 100644
index 000000000..59aa1fd6e
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/v1_only_second_fragment.bin differ
diff --git a/fuzz/corpus/fuzz_quic_get_crypto_data/v2.bin b/fuzz/corpus/fuzz_quic_get_crypto_data/v2.bin
new file mode 100644
index 000000000..86e5d2bc4
Binary files /dev/null and b/fuzz/corpus/fuzz_quic_get_crypto_data/v2.bin differ
-- 
cgit v1.2.3