Update libraries and make it build on windows.

Still gets some warnings because compilers have changed. But should work.
2026-05-01 00:07:19 +02:00 · 2025-06-25 22:34:23 +03:00
parent 520a5eacc5
commit f2b7499f85
3038 changed files with 251668 additions and 273857 deletions
@@ -0,0 +1,8 @@
+add_executable(Net-mail-parser-fuzzer MailParse.cpp)
+target_link_libraries(Net-mail-parser-fuzzer PUBLIC Poco::Net)
+set_target_properties(Net-mail-parser-fuzzer PROPERTIES LINK_FLAGS $ENV{LIB_FUZZING_ENGINE})
+
+add_executable(Net-http-parser-fuzzer HTTPParse.cpp)
+target_link_libraries(Net-http-parser-fuzzer PUBLIC Poco::Net)
+set_target_properties(Net-http-parser-fuzzer PROPERTIES LINK_FLAGS $ENV{LIB_FUZZING_ENGINE})
+
@@ -0,0 +1,96 @@
+#include "Poco/MemoryStream.h"
+#include "Poco/Net/EscapeHTMLStream.h"
+#include "Poco/Net/HTMLForm.h"
+#include "Poco/Net/HTTPCredentials.h"
+#include "Poco/Net/HTTPRequest.h"
+#include "Poco/Net/HTTPResponse.h"
+#include "Poco/Net/OAuth10Credentials.h"
+#include "Poco/Net/OAuth20Credentials.h"
+#include "Poco/Net/DNS.h"
+#include "Poco/NullStream.h"
+
+using namespace Poco;
+using namespace Poco::Net;
+
+template <class F>
+void catchExceptions(const F& func)
+{
+	try
+	{
+		func();
+	}
+	catch (const std::exception&)
+	{
+	}
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	NullOutputStream null;
+
+	// HTTPRequest parsing
+	catchExceptions(
+		[&]
+		{
+			MemoryInputStream stream(reinterpret_cast<const char*>(data), size);
+			HTTPRequest request;
+			request.read(stream);
+			request.write(null);
+
+			HTTPCredentials creds;
+			creds.fromURI(URI(request.getURI()));
+			creds.updateAuthInfo(request);
+			creds.updateProxyAuthInfo(request);
+		});
+
+	// HTTPResponse parsing
+	catchExceptions(
+		[&]
+		{
+			MemoryInputStream stream(reinterpret_cast<const char*>(data), size);
+			HTTPResponse response;
+			response.read(stream);
+			response.write(null);
+
+			HTTPRequest request(HTTPRequest::HTTP_GET, "/");
+			request.setHost(DNS::encodeIDN(DNS::decodeIDN(response.get(HTTPRequest::HOST))));
+
+			HTTPCredentials creds;
+			creds.authenticate(request, response);
+			creds.proxyAuthenticate(request, response);
+		});
+
+	// OAuth10Credentials
+	catchExceptions(
+		[&]
+		{
+			MemoryInputStream stream(reinterpret_cast<const char*>(data), size);
+			HTTPRequest request;
+			request.read(stream);
+
+			EscapeHTMLOutputStream htmlStream(null);
+			HTMLForm form(request, stream);
+			form.prepareSubmit(request);
+			form.write(htmlStream);
+
+			OAuth10Credentials oauth10(request);
+			oauth10.verify(request, URI(request.getURI()), form);
+			oauth10.authenticate(request, URI(request.getURI()), form,
+								 request.hasToken("X-Method", "Plain") ? OAuth10Credentials::SIGN_PLAINTEXT
+																	   : OAuth10Credentials::SIGN_HMAC_SHA1);
+		});
+
+	// OAuth20Credentials
+	catchExceptions(
+		[&]
+		{
+			MemoryInputStream stream(reinterpret_cast<const char*>(data), size);
+			HTTPRequest request;
+			request.read(stream);
+
+			OAuth20Credentials oauth20(request);
+			oauth20.authenticate(request);
+		});
+
+	return 0;
+}
@@ -0,0 +1,30 @@
+#include "Poco/MemoryStream.h"
+#include "Poco/Net/MailMessage.h"
+#include "Poco/Net/MailStream.h"
+#include "Poco/NullStream.h"
+
+using namespace Poco;
+using namespace Poco::Net;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	try
+	{
+		MemoryInputStream stream(reinterpret_cast<const char*>(data), size);
+		MailInputStream mis(stream);
+		MailMessage mail;
+		mail.read(mis);
+
+		MailRecipient recipient(MailRecipient::CC_RECIPIENT, MailMessage::encodeWord(mail.getSender()));
+		mail.addRecipient(recipient);
+
+		NullOutputStream null;
+		MailOutputStream mos(null);
+		mail.write(mos);
+	}
+	catch (const std::exception&)
+	{
+	}
+
+	return 0;
+}
@@ -0,0 +1,8 @@
+HTTP/1.0 401 Unauthorized
+Server: HTTPd/0.9
+Host: localhost
+Date: Sun, 10 Apr 2014 20:26:47 GMT
+WWW-Authenticate: Basic realm=<realm>, charset="UTF-8"
+Proxy-Authenticate: Basic realm=<realm>, charset="UTF-8"
+
+
@@ -0,0 +1,11 @@
+HTTP/1.1 401 Unauthorized
+Content-Length: 0
+Server: Microsoft-HTTPAPI/2.0
+WWW-Authenticate: Negotiate
+WWW-Authenticate: NTLM
+Proxy-Authenticate: Negotiate
+Proxy-Authenticate: NTLM
+Date: Tue, 10 Aug 2021 07:38:46 GMT
+Proxy-Support: Session-Based-Authentication
+
+
@@ -0,0 +1,27 @@
+HTTP/1.0 401 Unauthorized
+Server: HTTPd/0.9
+Host: google
+Date: Sun, 10 Apr 2014 20:26:47 GMT
+WWW-Authenticate: Digest realm="testrealm@host.com",
+                        qop="auth,auth-int",
+                        nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+                        opaque="5ccc069c403ebaf9f0171e9517f40e41"
+Proxy-Authenticate: Digest realm="testrealm@host.com",
+                        qop="auth,auth-int",
+                        nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+                        opaque="5ccc069c403ebaf9f0171e9517f40e41"
+Content-Type: text/html
+Content-Length: 153
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8" />
+    <title>Error</title>
+  </head>
+  <body>
+    <h1>401 Unauthorized.</h1>
+  </body>
+</html>
+
+
@@ -0,0 +1,3 @@
+HTTP/1.1 401 Unauthorized
+WWW-Authenticate: NTLM
+
@@ -0,0 +1,4 @@
+HTTP/1.1 401 Unauthorized
+Host: localhost
+WWW-Authenticate: NTLM TlRMTVNTUAACAAAAEAAQADgAAAAFgooCTBz0AAAAAAAAAAAAAAAAAAAAAAKAAAABYAoAAQAAAASERUVUQQ==
+
@@ -0,0 +1,4 @@
+GET /protected-resource HTTP/1.1
+Host: example.com
+Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
+
@@ -0,0 +1,4 @@
+GET /protected-resource HTTP/1.1
+Host: example.com
+Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAABMAUwB0AAAABQAFACoAAAAMAAwAVAAQAAAAGAAYAGQAAABAAEABMAAAAIgAiAHAAAAAAAAAAAAAAAwAAAAAYAIgBnlgMiYmCdgYmJnPwAAAAAAAAAAAAAAAAAAAAADAB8AVAByAGkAZQBkAEUAAADAAAAA
+
@@ -0,0 +1,7 @@
+HTTP/2.0 200 OK
+Content-Type: text/html
+Set-Cookie: yummy_cookie=choco
+Set-Cookie: tasty_cookie=strawberry
+
+[page content]
+
@@ -0,0 +1,12 @@
+POST /oauth1/access HTTP/1.1
+Host: server.example.com
+Authorization: OAuth realm="Example",
+               oauth_consumer_key="jd83jd92dhsh93js",
+               oauth_token="hdk48Djdsa",
+               oauth_signature_method="HMAC-SHA1",
+               oauth_timestamp="123456789",
+               oauth_nonce="7d8f3e4a",
+               oauth_verifier="473f82d3",
+               oauth_signature="..."
+
+
@@ -0,0 +1,5 @@
+POST /resource/1/update HTTP/1.1
+Authorization: Bearer RsT5OjbzRn430zqMLgV3Ia"
+Host: api.authorization-server.com
+ 
+description=Hello+World
@@ -0,0 +1,6 @@
+GET / HTTP/1.1
+Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
+Host: QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+
+
@@ -0,0 +1,29 @@
+POST /cgi-bin/qtest HTTP/1.1
+Host: aram
+User-Agent: Mozilla/5.0 Gecko/2009042316 Firefox/3.0.10
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.5
+Accept-Encoding: gzip,deflate
+Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+Keep-Alive: 300
+Connection: keep-alive
+Referer: http://aram/~martind/banner.htm
+Content-Type: multipart/form-data; boundary=2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f
+Content-Length: 514
+
+--2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f
+Content-Disposition: form-data; name="datafile1"; filename="r.gif"
+Content-Type: image/gif
+
+GIF87a.............,...........D..;
+--2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f
+Content-Disposition: form-data; name="datafile2"; filename="g.gif"
+Content-Type: image/gif
+
+GIF87a.............,...........D..;
+--2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f
+Content-Disposition: form-data; name="datafile3"; filename="b.gif"
+Content-Type: image/gif
+
+GIF87a.............,...........D..;
+--2a8ae6ad-f4ad-4d9a-a92c-6d217011fe0f--
@@ -0,0 +1,22 @@
+GET /dir/index.html HTTP/1.0
+Host: localhost
+Authorization: Digest username="Mufasa",
+                     realm="testrealm@host.com",
+                     nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+                     uri="/dir/index.html",
+                     qop=auth,
+                     nc=00000001,
+                     cnonce="0a4f113b",
+                     response="6629fae49393a05397450978507c4ef1",
+                     opaque="5ccc069c403ebaf9f0171e9517f40e41"
+
+Proxy-Authorization: Digest username="Mufasa",
+                     realm="testrealm@host.com",
+                     nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
+                     uri="/dir/index.html",
+                     qop=auth,
+                     nc=00000001,
+                     cnonce="0a4f113b",
+                     response="6629fae49393a05397450978507c4ef1",
+                     opaque="5ccc069c403ebaf9f0171e9517f40e41"
+
@@ -0,0 +1,2 @@
+GET / HTTP/1.1
+Header: =?UTF32?B?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe///////////xxxxxxxxxxx?=
@@ -0,0 +1,4 @@
+GET http://example.com/ HTTP/1.1
+Host: example.com
+Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
+
@@ -0,0 +1,22 @@
+From: sender@example.com
+To: recipient@example.com
+Subject: =?CP1251?B?T2zpcg==?=
+Content-Type: multipart/alternative; boundary="boundary-string"
+
+--your-boundary
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: quoted-printable
+Content-Disposition: inline
+
+Plain text email goes here!
+This is the fallback if email client does not support HTML
+
+--boundary-string
+Content-Type: text/html; charset="utf-8"
+Content-Transfer-Encoding: quoted-printable
+Content-Disposition: inline
+
+<h1>This is the HTML Section!</h1>
+<p>This is what displays in most modern email clients</p>
+
+--boundary-string--
@@ -0,0 +1,30 @@
+From: Some One <some.one@example.org>
+To: Someone Else <someone.else@example.org>
+Subject: =?MacChineseTrad?B?T2zpcg==?=
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary=zxnrbl
+
+This is the preamble.
+--zxnrbl
+Content-Type: multipart/alternative; boundary=xyzzy
+
+This is the nested preamble.
+--xyzzy
+Content-Type: text/plain
+
+Hello!
+--xyzzy
+Content-Type: text/html
+
+<p>Hello!</p>
+--xyzzy--
+This is the nested epilogue.
+--zxnrbl
+Content-Type: text/plain
+Content-Disposition: attachment; filename="attachment.txt"
+
+This is the attachment.
+--zxnrbl--
+This is the epilogue.
+
+
@@ -0,0 +1,9 @@
+From: sender@example.com
+To: recipient@example.com
+Subject: =?ISO-8859-1?B?T2zpcg==?=
+Date: Tue, 1 Oct 2024 10:00:00 +0000
+MIME-Version: 1.0
+Content-Type: text/plain; charset="ISO-8859-1"
+Content-Transfer-Encoding: 7bit
+
+Hello
@@ -0,0 +1,13 @@
+From: sender@example.com
+To: recipient@example.com
+Content-Type: multipart/mixed; boundary="boundary"
+
+--boundary
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: base64
+
+SGVsbG8gdGhlcmUsCgpUaGlzIGlzIGEgc2FtcGxlIGVtYWlsIHdpdGggYmFzZTY0IGVuY29kaW5n
+IGFuZCBhbiBhdHRhY2htZW50LgoKLS0gU2VuZGVy
+
+--boundary--
+
@@ -0,0 +1,9 @@
+From: sender@example.com
+To: recipient@example.com
+Subject: =?UTF-8?B?44GT44KT44Gr44Gh44Gv?=
+Date: Tue, 1 Oct 2024 10:00:00 +0000
+MIME-Version: 1.0
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 7bit
+
+Hello