mirror of
https://github.com/coturn/coturn.git
synced 2026-05-12 09:40:35 +00:00
Pavel Punsky
301415d848
OSS-Fuzz introspector flags three blockers the fuzzer cannot reach on its own: 1. findstr() in src/client/ns_turn_msg.c is gated by is_http(), which requires GET/POST/PUT/DELETE prefix + " HTTP/" + "\r\n\r\n". The fuzzer's binary STUN seeds never synthesize a valid HTTP frame. 2. stun_attr_get_reservation_token_value() and stun_attr_get_response_port_str() are called from harness_attr_iter only when the input contains the matching attribute type. Neither appears in the existing seed corpus. Add HTTP framing keywords to fuzzing/stun.dict and four new seed files covering both gaps: - seed_http_get.raw: minimal "GET / HTTP/1.1\r\nHost: x\r\n\r\n" - seed_http_post_clen.raw: POST with Content-Length to drive the strtoul branch in is_http - seed_reservation_token.raw: STUN allocate response with an 8-byte RESERVATION-TOKEN attribute - seed_response_port.raw: STUN binding request with a 4-byte RESPONSE-PORT attribute Each new STUN seed validated against the real parsers (stun_get_message_len_str, stun_attr_get_first_by_type_str, is_http) to confirm it reaches the targeted branch. The corpus zips also drop pre-existing __MACOSX/ and .DS_Store entries that had snuck in during a prior macOS zip step; net file count rises (24 -> 28 in FuzzStun, 4 -> 8 in FuzzStunClient) while archive size shrinks because of the junk removal.