Fuzzing: Add an initial fuzzing tool, for descriptors.

This will need some refactoring and mocking.

Makefile.am

@@ -9,6 +9,7 @@ noinst_LIBRARIES=
 EXTRA_DIST=
 noinst_HEADERS=
 bin_PROGRAMS=
+EXTRA_PROGRAMS=
 CLEANFILES=
 TESTS=
 noinst_PROGRAMS=

src/include.am

@@ -6,4 +6,4 @@ include src/test/include.am
 include src/tools/include.am
 include src/win32/include.am
 include src/config/include.am
-
+include src/test/fuzz/include.am

src/test/fuzz/fuzz_descriptor.c

@@ -0,0 +1,26 @@
+
+#include "or.h"
+#include "routerparse.h"
+#include "routerlist.h"
+#include "fuzzing.h"
+
+int
+fuzz_init(void)
+{
+  ed25519_init();
+  return 0;
+}
+
+int
+fuzz_main(const uint8_t *data, size_t sz)
+{
+  routerinfo_t *ri;
+  const char *str = (const char*) data;
+  ri = router_parse_entry_from_string((const char *)str,
+                                      str+sz,
+                                      0, 0, 0, NULL);
+  if (ri)
+    routerinfo_free(ri);
+  return 0;
+}
+

src/test/fuzz/fuzzing.h

@@ -0,0 +1,7 @@
+#ifndef FUZZING_H
+#define FUZZING_H
+
+int fuzz_init(void);
+int fuzz_main(const uint8_t *data, size_t sz);
+
+#endif /* FUZZING_H */

src/test/fuzz/fuzzing_common.c

@@ -0,0 +1,52 @@
+#include "orconfig.h"
+#include "torint.h"
+#include "util.h"
+#include "torlog.h"
+#include "backtrace.h"
+#include "fuzzing.h"
+
+extern const char tor_git_revision[];
+const char tor_git_revision[] = "";
+
+#define MAX_FUZZ_SIZE (128*1024)
+
+#ifdef LLVM_FUZZ
+int
+LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  static int initialized = 0;
+  if (!initialized) {
+    if (fuzz_init() < 0)
+      abort();
+  }
+
+  return fuzz_main(Data, Size);
+}
+
+#else /* Not LLVM_FUZZ, so AFL. */
+
+int
+main(int argc, char **argv)
+{
+  size_t size;
+  char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
+
+  tor_threads_init();
+  init_logging(1);
+
+  if (argc > 1 && !strcmp(argv[1], "--info")) {
+    log_severity_list_t sev;
+    set_log_severity_config(LOG_INFO, LOG_ERR, &sev);
+    add_stream_log(&sev, "stdout", 1);
+    configure_backtrace_handler(NULL);
+  }
+
+  tor_assert(input);
+  if (fuzz_init() < 0)
+    abort();
+  fuzz_main((const uint8_t*)input, size);
+  tor_free(input);
+  return 0;
+}
+
+#endif
+

src/test/fuzz/include.am

@@ -0,0 +1,48 @@
+
+FUZZING_CPPFLAGS = \
+	$(src_test_AM_CPPFLAGS) $(TEST_CPPFLAGS)
+FUZZING_CFLAGS = \
+	$(AM_CFLAGS) $(TEST_CFLAGS)
+FUZZING_LDFLAG = \
+	@TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@ @TOR_LDFLAGS_libevent@
+FUZZING_LIBS = \
+	src/or/libtor-testing.a \
+	src/common/libor-crypto-testing.a \
+	$(LIBKECCAK_TINY) \
+	$(LIBDONNA) \
+	src/common/libor-testing.a \
+	src/common/libor-ctime-testing.a \
+	src/common/libor-event-testing.a \
+	src/trunnel/libor-trunnel-testing.a \
+	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \
+	@TOR_LIBEVENT_LIBS@ \
+	@TOR_OPENSSL_LIBS@ @TOR_LIB_WS32@ @TOR_LIB_GDI@ @CURVE25519_LIBS@ \
+	@TOR_SYSTEMD_LIBS@
+
+
+noinst_HEADERS += \
+	src/test/fuzz/fuzzing_boilerplate.h
+
+src_test_fuzz_fuzz_descriptor_SOURCES = \
+	src/test/fuzz/fuzzing_common.c \
+	src/test/fuzz/fuzz_descriptor.c
+src_test_fuzz_fuzz_descriptor_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_descriptor_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_descriptor_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_descriptor_LDADD = $(FUZZING_LIBS)
+
+src_test_fuzz_fuzz_http_SOURCES = \
+	src/test/fuzz/fuzzing_common.c \
+	src/test/fuzz/fuzz_http.c
+src_test_fuzz_fuzz_http_CPPFLAGS = $(FUZZING_CPPFLAGS)
+src_test_fuzz_fuzz_http_CFLAGS = $(FUZZING_CFLAGS)
+src_test_fuzz_fuzz_http_LDFLAGS = $(FUZZING_LDFLAG)
+src_test_fuzz_fuzz_http_LDADD = $(FUZZING_LIBS)
+
+FUZZERS = \
+	src/test/fuzz/fuzz-descriptor \
+	src/test/fuzz/fuzz-http
+
+# The fuzzers aren't built by default right now. That should change.
+EXTRA_PROGRAMS += $(FUZZERS)
+fuzzers: $(FUZZERS)