Bug 1731721 - Preliminary HTTP/3 fuzzing target r=dragana,decoder,necko-reviewers

 "nserror",

 "nsstring",

 "qlog",

 "static_prefs",

 "thin-vec",

 "winapi",

 "xpcom",

    type: RelaxedAtomicBool

    value: false

    mirror: always

-   name: fuzzing.necko.http3

    type: RelaxedAtomicBool

    value: false

    mirror: always

    rust: true

#endif

#---------------------------------------------------------------------------

  size_t size;

  bool allowRead;

  bool allowUnused;

  PRNetAddr* addr;

} NetworkFuzzingBuffer;

// This holds all connections we have currently open.

  buf->size = size;

  buf->allowRead = readFirst;

  buf->allowUnused = useIsOptional;

  buf->addr = nullptr;

  gNetworkFuzzingBuffers.Push(buf);

  return PR_SUCCESS;

}

static PRInt32 FuzzySendTo(PRFileDesc* fd, const void* buf, PRInt32 amount,

                           PRIntn flags, const PRNetAddr* addr,

                           PRIntervalTime timeout) {

  MOZ_RELEASE_ASSERT(fd->identity == sFuzzyLayerIdentity);

  MOZ_ASSERT(OnSocketThread(), "not on socket thread");

  MutexAutoLock lock(gConnRecvMutex);

  NetworkFuzzingBuffer* fuzzBuf = gConnectedNetworkFuzzingBuffers.Get(fd);

  if (!fuzzBuf) {

    NetworkFuzzingBuffer* buf = gNetworkFuzzingBuffers.PopFront();

    if (!buf) {

      FUZZING_LOG(("[FuzzySentTo] Denying additional connection."));

      return 0;

    }

    gConnectedNetworkFuzzingBuffers.InsertOrUpdate(fd, buf);

    // Store connection address

    buf->addr = new PRNetAddr;

    memcpy(buf->addr, addr, sizeof(PRNetAddr));

    fuzzingNoWaitRequired = false;

    FUZZING_LOG(("[FuzzySendTo] Successfully opened connection: %p", fd));

    gFuzzingConnClosed = false;

  }

  // Allow reading once the implementation has written at least some data

  if (fuzzBuf && !fuzzBuf->allowRead) {

    FUZZING_LOG(("[FuzzySendTo] Write received, allowing further reads."));

    fuzzBuf->allowRead = true;

  }

  FUZZING_LOG(("[FuzzySendTo] Sent %" PRIx32 " bytes of data.", amount));

  return amount;

}

static PRInt32 FuzzySend(PRFileDesc* fd, const void* buf, PRInt32 amount,

                         PRIntn flags, PRIntervalTime timeout) {

  MOZ_RELEASE_ASSERT(fd->identity == sFuzzyLayerIdentity);

  return amount;

}

static PRInt32 FuzzyRecvFrom(PRFileDesc* fd, void* buf, PRInt32 amount,

                             PRIntn flags, PRNetAddr* addr,

                             PRIntervalTime timeout) {

  // Return the same address used for initial SendTo on this fd

  if (addr) {

    NetworkFuzzingBuffer* fuzzBuf = gConnectedNetworkFuzzingBuffers.Get(fd);

    if (!fuzzBuf) {

      FUZZING_LOG(("[FuzzyRecvFrom] Denying read, connection is closed."));

      return 0;

    }

    if (fuzzBuf->addr) {

      memcpy(addr, fuzzBuf->addr, sizeof(PRNetAddr));

    } else {

      FUZZING_LOG(("[FuzzyRecvFrom] No address found for connection"));

    }

  }

  return FuzzyRecv(fd, buf, amount, flags, timeout);

}

static PRInt32 FuzzyRead(PRFileDesc* fd, void* buf, PRInt32 amount) {

  return FuzzyRecv(fd, buf, amount, 0, PR_INTERVAL_NO_WAIT);

}

  NetworkFuzzingBuffer* fuzzBuf = nullptr;

  if (gConnectedNetworkFuzzingBuffers.Remove(fd, &fuzzBuf)) {

    FUZZING_LOG(("[FuzzyClose] Received close on socket %p", fd));

    if (fuzzBuf->addr) {

      delete fuzzBuf->addr;

    }

    delete fuzzBuf;

  } else {

    /* Happens when close is called on a non-connected socket */

    sFuzzyLayerMethods = *PR_GetDefaultIOMethods();

    sFuzzyLayerMethods.connect = FuzzyConnect;

    sFuzzyLayerMethods.send = FuzzySend;

    sFuzzyLayerMethods.sendto = FuzzySendTo;

    sFuzzyLayerMethods.write = FuzzyWrite;

    sFuzzyLayerMethods.recv = FuzzyRecv;

    sFuzzyLayerMethods.recvfrom = FuzzyRecvFrom;

    sFuzzyLayerMethods.read = FuzzyRead;

    sFuzzyLayerMethods.close = FuzzyClose;

    sFuzzyLayerMethods.poll = FuzzyPoll;

#include "HttpConnectionUDP.h"

#include "mozilla/StaticPrefs_network.h"

#if defined(FUZZING)

#  include "FuzzyLayer.h"

#  include "mozilla/StaticPrefs_fuzzing.h"

#endif

namespace mozilla {

namespace net {

    return NS_ERROR_FAILURE;

  }

#ifdef FUZZING

  if (StaticPrefs::fuzzing_necko_enabled()) {

    rv = AttachFuzzyIOLayer(mFD);

    if (NS_FAILED(rv)) {

      UDPSOCKET_LOG(("Failed to attach fuzzing IOLayer [rv=%" PRIx32 "].\n",

                     static_cast<uint32_t>(rv)));

      return rv;

    }

    UDPSOCKET_LOG(("Successfully attached fuzzing IOLayer.\n"));

  }

#endif

  uint16_t port;

  if (NS_FAILED(aAddr->GetPort(&port))) {

    NS_WARNING("invalid bind address");

  gHttpHandler->MaybeAddAltSvcForTesting(mURI, mUsername, mPrivateBrowsing,

                                         mCallbacks, originAttributes);

  RefPtr<nsHttpConnectionInfo> connInfo = new nsHttpConnectionInfo(

      host, port, ""_ns, mUsername, proxyInfo, originAttributes, isHttps);

  RefPtr<nsHttpConnectionInfo> connInfo;

#ifdef FUZZING

  if (StaticPrefs::fuzzing_necko_http3()) {

    connInfo =

        new nsHttpConnectionInfo(host, port, "h3"_ns, mUsername, proxyInfo,

                                 originAttributes, host, port, true);

  } else {

#endif

    connInfo = new nsHttpConnectionInfo(host, port, ""_ns, mUsername, proxyInfo,

                                        originAttributes, isHttps);

#ifdef FUZZING

  }

#endif

  bool http2Allowed = !gHttpHandler->IsHttp2Excluded(connInfo);

  bool http3Allowed = Http3Allowed();