void parse_message(const request_header *h, const uint8_t *data) {
uint8_t msg[64];
// On release this is no-op
// Critical section
// Remove conditional for unchecked bounds on memcpy
// Discoverable via fuzzing
// if (h->length < 64) {
std::memcpy(msg, data, h->length);
// }
}
To test a payload use
cat <payload> | nc localhost 9000
# or
echo <payload> -ne | nc localhost 9000
Use xxd
for getting encode/decode the payload
Set ENABLE_FUZZING=libFuzzer
CMake variable or use x64-linux-libFuzzer
preset.
Set ENABLE_FUZZING=[fuzztest|fuzztest-unit]
CMake variable or use x64-linux-fuzztest[-unit]
preset.