bluenviron · aler9 · May 17, 2024 · May 17, 2024
diff --git a/pkg/auth/sender_test.go b/pkg/auth/sender_test.go
@@ -7,80 +7,82 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestSender(t *testing.T) {
-	for _, ca := range []struct {
-		name            string
-		wwwAuthenticate base.HeaderValue
-		authorization   base.HeaderValue
-	}{
-		{
-			"basic",
-			base.HeaderValue{
-				"Basic realm=testrealm",
-			},
-			base.HeaderValue{
-				"Basic bXl1c2VyOm15cGFzcw==",
-			},
+var casesSender = []struct {
+	name            string
+	wwwAuthenticate base.HeaderValue
+	authorization   base.HeaderValue
+}{
+	{
+		"basic",
+		base.HeaderValue{
+			"Basic realm=testrealm",
+		},
+		base.HeaderValue{
+			"Basic bXl1c2VyOm15cGFzcw==",
+		},
+	},
+	{
+		"digest md5 implicit",
+		base.HeaderValue{
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
+		},
+	},
+	{
+		"digest md5 explicit",
+		base.HeaderValue{
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
+		},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
+				"algorithm=\"MD5\"",
 		},
-		{
-			"digest md5 implicit",
-			base.HeaderValue{
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
-			},
+	},
+	{
+		"digest sha256",
+		base.HeaderValue{
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
 		},
-		{
-			"digest md5 explicit",
-			base.HeaderValue{
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
-					"algorithm=\"MD5\"",
-			},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+				"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+				"algorithm=\"SHA-256\"",
 		},
-		{
-			"digest sha256",
-			base.HeaderValue{
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
-					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
-					"algorithm=\"SHA-256\"",
-			},
+	},
+	{
+		"multiple 1",
+		base.HeaderValue{
+			"Basic realm=testrealm",
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
 		},
-		{
-			"multiple 1",
-			base.HeaderValue{
-				"Basic realm=testrealm",
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
-			},
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
 		},
-		{
-			"multiple 2",
-			base.HeaderValue{
-				"Basic realm=testrealm",
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
-				`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
-			},
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
-					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
-					"algorithm=\"SHA-256\"",
-			},
+	},
+	{
+		"multiple 2",
+		base.HeaderValue{
+			"Basic realm=testrealm",
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="MD5"`,
+			`Digest realm="myrealm", nonce="f49ac6dd0ba708d4becddc9692d1f2ce", algorithm="SHA-256"`,
 		},
-	} {
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+				"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+				"algorithm=\"SHA-256\"",
+		},
+	},
+}
+
+func TestSender(t *testing.T) {
+	for _, ca := range casesSender {
 		t.Run(ca.name, func(t *testing.T) {
 			se, err := NewSender(ca.wwwAuthenticate, "myuser", "mypass")
 			require.NoError(t, err)
@@ -97,12 +99,9 @@ func TestSender(t *testing.T) {
 }
 
 func FuzzSender(f *testing.F) {
-	f.Add(`Invalid`)
-	f.Add(`Digest`)
-	f.Add(`Digest nonce=123`)
-	f.Add(`Digest realm=123`)
-	f.Add(`Basic`)
-	f.Add(`Basic nonce=123`)
+	for _, ca := range casesSender {
+		f.Add(ca.authorization[0])
+	}
 
 	f.Fuzz(func(_ *testing.T, a string) {
 		NewSender(base.HeaderValue{a}, "myuser", "mypass") //nolint:errcheck

diff --git a/pkg/auth/testdata/fuzz/FuzzValidate/771e938e4458e983 b/pkg/auth/testdata/fuzz/FuzzValidate/771e938e4458e983
@@ -0,0 +1,2 @@
+go test fuzz v1
+string("0")
diff --git a/pkg/auth/validate_test.go b/pkg/auth/validate_test.go
@@ -1,56 +1,57 @@
 package auth
 
 import (
-	"fmt"
 	"testing"
 
 	"github.com/bluenviron/gortsplib/v4/pkg/base"
 	"github.com/stretchr/testify/require"
 )
 
-func TestValidate(t *testing.T) {
-	for _, ca := range []struct {
-		name          string
-		authorization base.HeaderValue
-	}{
-		{
-			"basic",
-			base.HeaderValue{
-				"Basic bXl1c2VyOm15cGFzcw==",
-			},
+var casesValidate = []struct {
+	name          string
+	authorization base.HeaderValue
+}{
+	{
+		"basic",
+		base.HeaderValue{
+			"Basic bXl1c2VyOm15cGFzcw==",
 		},
-		{
-			"digest md5 implicit",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
-			},
+	},
+	{
+		"digest md5 implicit",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\"",
 		},
-		{
-			"digest md5 explicit",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
-					"algorithm=\"MD5\"",
-			},
+	},
+	{
+		"digest md5 explicit",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", response=\"ba6e9cccbfeb38db775378a0a9067ba5\", " +
+				"algorithm=\"MD5\"",
 		},
-		{
-			"digest sha256",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
-					"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
-					"algorithm=\"SHA-256\"",
-			},
+	},
+	{
+		"digest sha256",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/trackID=3\", " +
+				"response=\"e298296ce35c9ab79699c8f3f9508944c1be9395e892f8205b6d66f1b8e663ee\", " +
+				"algorithm=\"SHA-256\"",
 		},
-		{
-			"digest vlc",
-			base.HeaderValue{
-				"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
-					"uri=\"rtsp://myhost/mypath?key=val/\", response=\"5ca5ceeca20a05e9a3f49ecde4b42655\"",
-			},
+	},
+	{
+		"digest vlc",
+		base.HeaderValue{
+			"Digest username=\"myuser\", realm=\"myrealm\", nonce=\"f49ac6dd0ba708d4becddc9692d1f2ce\", " +
+				"uri=\"rtsp://myhost/mypath?key=val/\", response=\"5ca5ceeca20a05e9a3f49ecde4b42655\"",
 		},
-	} {
+	},
+}
+
+func TestValidate(t *testing.T) {
+	for _, ca := range casesValidate {
 		t.Run(ca.name, func(t *testing.T) {
 			se, err := NewSender(
 				GenerateWWWAuthenticate([]ValidateMethod{ValidateMethodDigestMD5}, "myrealm", "f49ac6dd0ba708d4becddc9692d1f2ce"),
@@ -62,7 +63,6 @@ func TestValidate(t *testing.T) {
 				URL:    mustParseURL("rtsp://myhost/mypath?key=val/"),
 			}
 			se.AddAuthorization(req1)
-			fmt.Println(req1.Header)
 
 			req := &base.Request{
 				Method: base.Setup,
@@ -84,14 +84,9 @@ func TestValidate(t *testing.T) {
 }
 
 func FuzzValidate(f *testing.F) {
-	f.Add(`Invalid`)
-	f.Add(`Digest `)
-	f.Add(`Digest realm=123`)
-	f.Add(`Digest realm=123,nonce=123`)
-	f.Add(`Digest realm=123,nonce=123,username=123`)
-	f.Add(`Digest realm=123,nonce=123,username=123,uri=123`)
-	f.Add(`Digest realm=123,nonce=123,username=123,uri=123,response=123`)
-	f.Add(`Digest realm=123,nonce=abcde,username=123,uri=123,response=123`)
+	for _, ca := range casesValidate {
+		f.Add(ca.authorization[0])
+	}
 
 	f.Fuzz(func(_ *testing.T, a string) {
 		Validate( //nolint:errcheck
@@ -106,7 +101,7 @@ func FuzzValidate(f *testing.F) {
 			"mypass",
 			nil,
 			"IPCAM",
-			"abcde",
+			"f49ac6dd0ba708d4becddc9692d1f2ce",
 		)
 	})
 }
diff --git a/pkg/base/body_test.go b/pkg/base/body_test.go
@@ -43,6 +43,10 @@ func TestBodyMarshal(t *testing.T) {
 }
 
 func FuzzBodyUnmarshal(f *testing.F) {
+	for _, ca := range casesBody {
+		f.Add(ca.h["Content-Length"][0], ca.byts)
+	}
+
 	f.Fuzz(func(_ *testing.T, a string, b []byte) {
 		var p body
 		p.unmarshal( //nolint:errcheck

diff --git a/pkg/base/header_test.go b/pkg/base/header_test.go
@@ -126,6 +126,10 @@ func TestHeaderWrite(t *testing.T) {
 }
 
 func FuzzHeaderUnmarshal(f *testing.F) {
+	for _, ca := range cases {
+		f.Add(ca.enc)
+	}
+
 	str := ""
 	for i := 0; i < 300; i++ {
 		str += "Key: val\r\n"

diff --git a/pkg/base/interleaved_frame_test.go b/pkg/base/interleaved_frame_test.go
@@ -55,6 +55,9 @@ func TestInterleavedFrameMarshal(t *testing.T) {
 }
 
 func FuzzInterleavedFrameUnmarshal(f *testing.F) {
+	for _, ca := range casesInterleavedFrame {
+		f.Add(ca.enc)
+	}
 	f.Fuzz(func(_ *testing.T, b []byte) {
 		var f InterleavedFrame
 		f.Unmarshal(bufio.NewReader(bytes.NewBuffer(b))) //nolint:errcheck

diff --git a/pkg/base/request_test.go b/pkg/base/request_test.go
@@ -182,12 +182,9 @@ func TestRequestString(t *testing.T) {
 }
 
 func FuzzRequestUnmarshal(f *testing.F) {
-	f.Add([]byte("GET rtsp://testing123/test"))
-	f.Add([]byte("GET rtsp://testing123/test RTSP/1.0\r\n"))
-	f.Add([]byte("OPTIONS rtsp://example.com/media.mp4 RTSP/1.0\r\n" +
-		"Content-Length: 100\r\n" +
-		"\r\n" +
-		"testing"))
+	for _, ca := range casesRequest {
+		f.Add(ca.byts)
+	}
 
 	f.Fuzz(func(_ *testing.T, b []byte) {
 		var req Request

diff --git a/pkg/base/response_test.go b/pkg/base/response_test.go
@@ -156,12 +156,9 @@ func TestResponseString(t *testing.T) {
 }
 
 func FuzzResponseUnmarshal(f *testing.F) {
-	f.Add([]byte("RTSP/1.0 "))
-
-	f.Add([]byte("RTSP/1.0 200 OK\r\n" +
-		"Content-Length: 100\r\n" +
-		"\r\n" +
-		"testing"))
+	for _, ca := range casesResponse {
+		f.Add(ca.byts)
+	}
 
 	f.Fuzz(func(_ *testing.T, b []byte) {
 		var res Response

diff --git a/pkg/base/testdata/fuzz/FuzzBodyUnmarshal/69554b8ca79d163c b/pkg/base/testdata/fuzz/FuzzBodyUnmarshal/69554b8ca79d163c
@@ -0,0 +1,3 @@
+go test fuzz v1
+string("10")
+[]byte("0")
diff --git a/pkg/base/testdata/fuzz/FuzzRequestUnmarshal/38c1b73d1ff26776 b/pkg/base/testdata/fuzz/FuzzRequestUnmarshal/38c1b73d1ff26776
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("0 rtsp:# RTSP/1.0\r\n")
diff --git a/pkg/base/testdata/fuzz/FuzzRequestUnmarshal/98de059499eed0ee b/pkg/base/testdata/fuzz/FuzzRequestUnmarshal/98de059499eed0ee
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("0 rtsp:# RTSP/1.0\r\nContent-Length:\r\n\r\n")
diff --git a/pkg/base/testdata/fuzz/FuzzResponseUnmarshal/8e3729a4cd943093 b/pkg/base/testdata/fuzz/FuzzResponseUnmarshal/8e3729a4cd943093
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("RTSP/1.0 0 0\r\nContent-Length:\r\n\r\n")
diff --git a/pkg/base/testdata/fuzz/FuzzResponseUnmarshal/f3ad967c0f4402c4 b/pkg/base/testdata/fuzz/FuzzResponseUnmarshal/f3ad967c0f4402c4
@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("RTSP/1.0 ")
diff --git a/pkg/description/session_test.go b/pkg/description/session_test.go
@@ -836,6 +836,10 @@ func TestSessionFindFormat(t *testing.T) {
 }
 
 func FuzzSessionUnmarshalErrors(f *testing.F) {
+	for _, ca := range casesSession {
+		f.Add(ca.in)
+	}
+
 	f.Add("v=0\r\n" +
 		"o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5\r\n" +
 		"s=SDP Seminar\r\n" +

diff --git a/pkg/format/testdata/fuzz/FuzzUnmarshalH265/99286b4f78fef603 b/pkg/format/testdata/fuzz/FuzzUnmarshalH265/99286b4f78fef603
@@ -0,0 +1,5 @@
+go test fuzz v1
+string("0")
+string("A")
+string("\xb3\xbd\xcf\xf4\x10\xa6")
+string("")