fuzz: enable for setters and fix found crashers

Makefile

@@ -15,10 +15,14 @@ fuzz-prepare-msg:
 	go-fuzz-build -func FuzzMessage -o stun-msg-fuzz.zip github.com/ernado/stun
 fuzz-prepare-typ:
 	go-fuzz-build -func FuzzType -o stun-typ-fuzz.zip github.com/ernado/stun
+fuzz-prepare-setters:
+	go-fuzz-build -func FuzzSetters -o stun-setters-fuzz.zip github.com/ernado/stun
 fuzz-msg:
 	go-fuzz -bin=./stun-msg-fuzz.zip -workdir=examples/stun-msg
 fuzz-typ:
 	go-fuzz -bin=./stun-typ-fuzz.zip -workdir=examples/stun-typ
+fuzz-setters:
+	go-fuzz -bin=./stun-setters-fuzz.zip -workdir=examples/stun-setters
 fuzz-test:
 	go test -tags gofuzz -run TestFuzz -v .
 lint:

addr.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net"
 	"strconv"
+	"io"
 )
 
 // MappedAddress represents MAPPED-ADDRESS attribute.
@@ -46,6 +47,9 @@ func (a *MappedAddress) getAs(m *Message, t AttrType) error {
 	if err != nil {
 		return err
 	}
+	if len(v) <= 4 {
+		return io.ErrUnexpectedEOF
+	}
 	family := bin.Uint16(v[0:2])
 	if family != familyIPv6 && family != familyIPv4 {
 		return newDecodeErr("xor-mapped address", "family",

errorcode.go

@@ -3,6 +3,7 @@ package stun
 import (
 	"errors"
 	"fmt"
+	"io"
 )
 
 // ErrorCodeAttribute represents ERROR-CODE attribute.
@@ -51,6 +52,9 @@ func (c *ErrorCodeAttribute) GetFrom(m *Message) error {
 	if err != nil {
 		return err
 	}
+	if len(v) < errorCodeReasonStart {
+		return io.ErrUnexpectedEOF
+	}
 	var (
 		class  = uint16(v[errorCodeClassByte])
 		number = uint16(v[errorCodeNumberByte])

examples/stun-setters/corpus/5c2dd944dde9e08881bef0894fe7b22a5c9c4b06-2

@@ -0,0 +1 @@
+j

examples/stun-setters/corpus/6b0d31c0d563223024da45691584643ac78c96e8-1

@@ -0,0 +1 @@
+m

examples/stun-setters/corpus/ac9231da4082430afe8f4d40127814c613648d8e-1

@@ -0,0 +1 @@
+	

examples/stun-setters/corpus/c3156e00d3c2588c639e0d3cf6821258b05761c7-4

@@ -0,0 +1 @@
+Q

examples/stun-setters/corpus/c9ee5681d3c59f7541c27a38b67edf46259e187b-3

@@ -0,0 +1 @@
+V

examples/stun-setters/corpus/d1854cae891ec7b29161ccaf79a24b00c274bdaa

@@ -0,0 +1 @@
+n

examples/stun-setters/crashers/43eb31a6590debc599d5839bb8a55afa80e49201.output

@@ -0,0 +1,18 @@
+panic: runtime error: slice bounds out of range
+
+goroutine 1 [running]:
+github.com/ernado/stun.(*XORMappedAddress).GetFromAs(0xc42000c900, 0xc420018320, 0x20, 0xc42001a3d8, 0xc420018338)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/xoraddr.go:111 +0x2ae
+github.com/ernado/stun.(*XORMappedAddress).GetFrom(0xc42000c900, 0xc420018320, 0x7f73bf9e2001, 0x2)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/xoraddr.go:137 +0x3c
+github.com/ernado/stun.FuzzSetters(0x7f73bf9e2000, 0x3, 0x200000, 0x3)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/fuzz.go:97 +0x33c
+go-fuzz-dep.Main(0x517548)
+	/tmp/go-fuzz-build843731397/goroot/src/go-fuzz-dep/main.go:49 +0xde
+main.main()
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/go.fuzz.main/main.go:10 +0x2d
+
+goroutine 17 [syscall, locked to thread]:
+runtime.goexit()
+	/tmp/go-fuzz-build843731397/goroot/src/runtime/asm_amd64.s:2197 +0x1
+exit status 2

examples/stun-setters/crashers/43eb31a6590debc599d5839bb8a55afa80e49201.quoted

@@ -0,0 +1 @@
+	"\xef\x00\x01"

examples/stun-setters/crashers/4dd09422696288b4f97acd0b7f51ffb3f07dec28.output

@@ -0,0 +1,22 @@
+panic: runtime error: index out of range
+
+goroutine 1 [running]:
+github.com/ernado/stun.fastXORBytes(0xc420010188, 0x4, 0x8, 0xc42001a21c, 0x5, 0x24, 0xc420053c98, 0x10, 0x10, 0xc420053c01)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/xor.go:38 +0xf5
+github.com/ernado/stun.xorBytes(0xc420010188, 0x4, 0x8, 0xc42001a21c, 0x5, 0x24, 0xc420053c98, 0x10, 0x10, 0x40)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/xor.go:59 +0x9d
+github.com/ernado/stun.(*XORMappedAddress).GetFromAs(0xc42000c600, 0xc4200181e0, 0x20, 0xc42001a218, 0xc4200181f8)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/xoraddr.go:111 +0x281
+github.com/ernado/stun.(*XORMappedAddress).GetFrom(0xc42000c600, 0xc4200181e0, 0x7f58dc286001, 0x9)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/xoraddr.go:137 +0x3c
+github.com/ernado/stun.FuzzSetters(0x7f58dc286000, 0xa, 0x200000, 0xc420092140)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/fuzz.go:97 +0x33c
+go-fuzz-dep.Main(0x517548)
+	/tmp/go-fuzz-build843731397/goroot/src/go-fuzz-dep/main.go:49 +0xde
+main.main()
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/go.fuzz.main/main.go:10 +0x2d
+
+goroutine 17 [syscall, locked to thread]:
+runtime.goexit()
+	/tmp/go-fuzz-build843731397/goroot/src/runtime/asm_amd64.s:2197 +0x1
+exit status 2

examples/stun-setters/crashers/4dd09422696288b4f97acd0b7f51ffb3f07dec28.quoted

@@ -0,0 +1 @@
+	"\xef\x00\x010000000"

examples/stun-setters/crashers/6934105ad50010b814c933314b1da6841431bc8b

@@ -0,0 +1 @@
+00000

examples/stun-setters/crashers/6934105ad50010b814c933314b1da6841431bc8b.output

@@ -0,0 +1,15 @@
+not equal
+panic: not equal
+
+goroutine 1 [running]:
+github.com/ernado/stun.FuzzSetters(0x7f8dd6ff0000, 0x5, 0x200000, 0xc42000c720)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/fuzz.go:114 +0x4ff
+go-fuzz-dep.Main(0x517548)
+	/tmp/go-fuzz-build843731397/goroot/src/go-fuzz-dep/main.go:49 +0xde
+main.main()
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/go.fuzz.main/main.go:10 +0x2d
+
+goroutine 17 [syscall, locked to thread]:
+runtime.goexit()
+	/tmp/go-fuzz-build843731397/goroot/src/runtime/asm_amd64.s:2197 +0x1
+exit status 2

examples/stun-setters/crashers/6934105ad50010b814c933314b1da6841431bc8b.quoted

@@ -0,0 +1 @@
+	"00000"

examples/stun-setters/crashers/8dc00598417d4eb788a77ac6ccef3cb484905d8b

@@ -0,0 +1 @@
+

examples/stun-setters/crashers/8dc00598417d4eb788a77ac6ccef3cb484905d8b.output

@@ -0,0 +1,16 @@
+panic: runtime error: index out of range
+
+goroutine 1 [running]:
+github.com/ernado/stun.(*ErrorCodeAttribute).GetFrom(0xc42000cfa0, 0xc420018550, 0x7f6a6451c000, 0x1)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/errorcode.go:55 +0xed
+github.com/ernado/stun.FuzzSetters(0x7f6a6451c000, 0x1, 0x200000, 0x3)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/fuzz.go:97 +0x33c
+go-fuzz-dep.Main(0x517548)
+	/tmp/go-fuzz-build843731397/goroot/src/go-fuzz-dep/main.go:49 +0xde
+main.main()
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/go.fuzz.main/main.go:10 +0x2d
+
+goroutine 17 [syscall, locked to thread]:
+runtime.goexit()
+	/tmp/go-fuzz-build843731397/goroot/src/runtime/asm_amd64.s:2197 +0x1
+exit status 2

examples/stun-setters/crashers/8dc00598417d4eb788a77ac6ccef3cb484905d8b.quoted

@@ -0,0 +1 @@
+	"\x05"

examples/stun-setters/crashers/a6de690b04292410e3c88d2e3cd967e6cb0e51ec.output

@@ -0,0 +1,18 @@
+panic: runtime error: slice bounds out of range
+
+goroutine 1 [running]:
+github.com/ernado/stun.(*MappedAddress).getAs(0xc42000c960, 0xc420018320, 0x8023, 0xc42001a3d8, 0xc420018338)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/addr.go:71 +0x1e8
+github.com/ernado/stun.(*AlternateServer).GetFrom(0xc42000c960, 0xc420018320, 0x7f47a877a001, 0x2)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/addr.go:37 +0x3c
+github.com/ernado/stun.FuzzSetters(0x7f47a877a000, 0x3, 0x200000, 0x3)
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/fuzz.go:97 +0x33c
+go-fuzz-dep.Main(0x517548)
+	/tmp/go-fuzz-build843731397/goroot/src/go-fuzz-dep/main.go:49 +0xde
+main.main()
+	/tmp/go-fuzz-build843731397/gopath/src/github.com/ernado/stun/go.fuzz.main/main.go:10 +0x2d
+
+goroutine 17 [syscall, locked to thread]:
+runtime.goexit()
+	/tmp/go-fuzz-build843731397/goroot/src/runtime/asm_amd64.s:2197 +0x1
+exit status 2

examples/stun-setters/crashers/a6de690b04292410e3c88d2e3cd967e6cb0e51ec.quoted

@@ -0,0 +1 @@
+	"m\x00\x01"

examples/stun-setters/suppressions/141f41aee117afb4798f3cba5fc9f470beed94a1

@@ -0,0 +1,8 @@
+panic: runtime error: index out of range
+github.com/ernado/stun.fastXORBytes
+github.com/ernado/stun.xorBytes
+github.com/ernado/stun.(*XORMappedAddress).GetFromAs
+github.com/ernado/stun.(*XORMappedAddress).GetFrom
+github.com/ernado/stun.FuzzSetters
+go-fuzz-dep.Main
+main.main

examples/stun-setters/suppressions/76d8cd83b54ce64d6d1b9aaaf16f3f383f28b804

@@ -0,0 +1,4 @@
+panic: not equal
+github.com/ernado/stun.FuzzSetters
+go-fuzz-dep.Main
+main.main

examples/stun-setters/suppressions/b61c92191d726cb462f0fd36cdab989880235bdf

@@ -0,0 +1,6 @@
+panic: runtime error: slice bounds out of range
+github.com/ernado/stun.(*MappedAddress).getAs
+github.com/ernado/stun.(*AlternateServer).GetFrom
+github.com/ernado/stun.FuzzSetters
+go-fuzz-dep.Main
+main.main

examples/stun-setters/suppressions/d8b9c1359784aa7a593c0b8141e4468ad6a50bf8

@@ -0,0 +1,6 @@
+panic: runtime error: slice bounds out of range
+github.com/ernado/stun.(*XORMappedAddress).GetFromAs
+github.com/ernado/stun.(*XORMappedAddress).GetFrom
+github.com/ernado/stun.FuzzSetters
+go-fuzz-dep.Main
+main.main

examples/stun-setters/suppressions/e2f854b5a3caf1482e7314722f9c3b5d2edc3e93

@@ -0,0 +1,5 @@
+panic: runtime error: index out of range
+github.com/ernado/stun.(*ErrorCodeAttribute).GetFrom
+github.com/ernado/stun.FuzzSetters
+go-fuzz-dep.Main
+main.main

fuzz.go

@@ -4,6 +4,7 @@ package stun
 
 import (
 	"encoding/binary"
+	"fmt"
 )
 
 var (
@@ -52,3 +53,81 @@ func FuzzType(data []byte) int {
 	}
 	return 0
 }
+
+type attr interface {
+	Getter
+	Setter
+}
+
+type attrs []struct {
+	g attr
+	t AttrType
+}
+
+func (a attrs) pick(v byte) struct {
+	g attr
+	t AttrType
+} {
+	idx := int(v) % len(a)
+	return a[idx]
+}
+
+func FuzzSetters(data []byte) int {
+	var (
+		m1 = &Message{
+			Raw: make([]byte, 0, 2048),
+		}
+		m2 = &Message{
+			Raw: make([]byte, 0, 2048),
+		}
+		m3 = &Message{
+			Raw: make([]byte, 0, 2048),
+		}
+	)
+	attributes := attrs{
+		{new(Realm), AttrRealm},
+		{new(XORMappedAddress), AttrXORMappedAddress},
+		{new(Nonce), AttrNonce},
+		{new(Software), AttrSoftware},
+		{new(AlternateServer), AttrAlternateServer},
+		{new(ErrorCodeAttribute), AttrErrorCode},
+		{new(UnknownAttributes), AttrUnknownAttributes},
+		{new(Username), AttrUsername},
+	}
+	var firstByte = byte(0)
+	if len(data) > 0 {
+		firstByte = data[0]
+	}
+	a := attributes.pick(firstByte)
+	value := data
+	if len(data) > 1 {
+		value = value[1:]
+	}
+	m1.WriteHeader()
+	m.Add(a.t, value)
+	err := a.g.GetFrom(m)
+	if err == ErrAttributeNotFound {
+		fmt.Println("unexpected 404")
+		panic(err)
+	}
+	if err != nil {
+		return 1
+	}
+	m2.WriteHeader()
+	if err := a.g.AddTo(m2); err != nil {
+		fmt.Println("failed to add atribute to m2")
+		panic(err)
+	}
+	m3.WriteHeader()
+	v, err := m2.Get(a.t)
+	if err != nil {
+		panic(err)
+	}
+	m3.Add(a.t, v)
+
+	if !m2.Equal(m3) {
+		fmt.Println(m2, "not equal", m3)
+		panic("not equal")
+	}
+	return 1
+}

fuzz_test.go

@@ -3,10 +3,10 @@
 package stun
 
 import (
-	"testing"
 	"os"
 	"path/filepath"
 	"strings"
+	"testing"
 )
 
 func TestMessageType_FuzzerCrash1(t *testing.T) {
@@ -71,3 +71,25 @@ func TestFuzzType_Crashers(t *testing.T) {
 	}
 }
 
+func TestAttrPick(t *testing.T) {
+	attributes := attrs{
+		{new(XORMappedAddress), AttrXORMappedAddress},
+	}
+	for i := byte(0); i < 255; i++ {
+		attributes.pick(i)
+	}
+}
+
+func TestFuzzSetters_Crashers(t *testing.T) {
+	for _, buf := range corpus(t, "stun-setters", "crashers") {
+		FuzzSetters(buf)
+	}
+}
+
+func TestFuzzSetters_Coverage(t *testing.T) {
+	for _, buf := range corpus(t, "stun-setters", "corpus") {
+		FuzzSetters(buf)
+	}
+}
+
+