From 67c94b14dde88028529a5968b7de653f8f85488a Mon Sep 17 00:00:00 2001
From: HD Moore <x@hdm.io>
Date: Sat, 21 Nov 2020 23:04:20 -0600
Subject: [PATCH] add gofuzz coverage, fix bugs

---
 go.mod                                |  8 +++++-
 go.sum                                | 36 +++++++++++++++++++++++++++
 jarm.go                               |  3 +++
 tests/fuzz/.gitignore                 |  4 +++
 tests/fuzz/build_probes/fuzz.go       | 12 +++++++++
 tests/fuzz/build_probes/fuzz.sh       |  4 +++
 tests/fuzz/fuzzy_hash/fuzz.go         |  9 +++++++
 tests/fuzz/fuzzy_hash/fuzz.sh         |  4 +++
 tests/fuzz/parse_server_hello/fuzz.go | 13 ++++++++++
 tests/fuzz/parse_server_hello/fuzz.sh |  4 +++
 10 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 tests/fuzz/.gitignore
 create mode 100644 tests/fuzz/build_probes/fuzz.go
 create mode 100644 tests/fuzz/build_probes/fuzz.sh
 create mode 100644 tests/fuzz/fuzzy_hash/fuzz.go
 create mode 100644 tests/fuzz/fuzzy_hash/fuzz.sh
 create mode 100644 tests/fuzz/parse_server_hello/fuzz.go
 create mode 100644 tests/fuzz/parse_server_hello/fuzz.sh

diff --git a/go.mod b/go.mod
index 77302e5..26874da 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,10 @@ module github.com/RumbleDiscovery/jarm-go
 
 go 1.15
 
-require github.com/tdewolff/parse/v2 v2.5.5
+require (
+	github.com/dvyukov/go-fuzz v0.0.0-20201121124849-5c0f24adba31 // indirect
+	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
+	github.com/stephens2424/writerset v1.0.2 // indirect
+	github.com/tdewolff/parse/v2 v2.5.5
+	golang.org/x/tools v0.0.0-20201121010211-780cb80bd7fb // indirect
+)
diff --git a/go.sum b/go.sum
index e37d0aa..bf7ebca 100644
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,40 @@
+github.com/Julusian/godocdown v0.0.0-20170816220326-6d19f8ff2df8/go.mod h1:INZr5t32rG59/5xeltqoCJoNY7e5x/3xoY9WSWVWg74=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dvyukov/go-fuzz v0.0.0-20201121124849-5c0f24adba31 h1:ky2CVWlJ69WnehtJV4KuEuQatXgTFCRpktAqoPEgu6E=
+github.com/dvyukov/go-fuzz v0.0.0-20201121124849-5c0f24adba31/go.mod h1:11Gm+ccJnvAhCNLlf5+cS9KjtbaD5I5zaZpFMsTHWTw=
+github.com/elazarl/go-bindata-assetfs v1.0.1 h1:m0kkaHRKEu7tUIUFVwhGGGYClXvyl4RE03qmvRTNfbw=
+github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/robertkrimen/godocdown v0.0.0-20130622164427-0bfa04905481/go.mod h1:C9WhFzY47SzYBIvzFqSvHIR6ROgDo4TtdTuRaOMjF/s=
+github.com/stephens2424/writerset v1.0.2 h1:znRLgU6g8RS5euYRcy004XeE4W+Tu44kALzy7ghPif8=
+github.com/stephens2424/writerset v1.0.2/go.mod h1:aS2JhsMn6eA7e82oNmW4rfsgAOp9COBTTl8mzkwADnc=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/tdewolff/parse v1.1.0 h1:tMjj9GCK8zzwjWyxdZ4pabzdWO1VG+G3bvCnG6aUIyQ=
 github.com/tdewolff/parse/v2 v2.5.5 h1:b7ICJa4I/54JQGEGgTte8DiyJPKcC5g8V773QMzkeUM=
 github.com/tdewolff/parse/v2 v2.5.5/go.mod h1:WzaJpRSbwq++EIQHYIRTpbYKNA3gn9it1Ik++q4zyho=
 github.com/tdewolff/test v1.0.6/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20201121010211-780cb80bd7fb h1:z5+u0pkAUPUWd3taoTialQ2JAMo4Wo1Z3L25U4ZV9r0=
+golang.org/x/tools v0.0.0-20201121010211-780cb80bd7fb/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/jarm.go b/jarm.go
index c67ef84..16aa0f8 100644
--- a/jarm.go
+++ b/jarm.go
@@ -477,6 +477,9 @@ func RawHashToFuzzyHash(raw string) string {
 	alpex := ""
 	for _, handshake := range strings.Split(raw, ",") {
 		comp := strings.Split(handshake, "|")
+		if len(comp) != 4 {
+			return ZeroHash
+		}
 		fhash = fhash + ExtractCipherBytes(comp[0])
 		fhash = fhash + ExtractVersionByte(comp[1])
 		alpex = alpex + comp[2]
diff --git a/tests/fuzz/.gitignore b/tests/fuzz/.gitignore
new file mode 100644
index 0000000..1422cdc
--- /dev/null
+++ b/tests/fuzz/.gitignore
@@ -0,0 +1,4 @@
+corpus
+suppressions
+crashers
+*.zip
diff --git a/tests/fuzz/build_probes/fuzz.go b/tests/fuzz/build_probes/fuzz.go
new file mode 100644
index 0000000..e483baf
--- /dev/null
+++ b/tests/fuzz/build_probes/fuzz.go
@@ -0,0 +1,12 @@
+package fuzz
+
+import "github.com/RumbleDiscovery/jarm-go"
+
+// Fuzz uses go-fuzz to test BuildProbe()
+func Fuzz(data []byte) int {
+	fuzzProbes := jarm.GetProbes(string(data), 443)
+	for _, probe := range fuzzProbes {
+		jarm.BuildProbe(probe)
+	}
+	return 1
+}
diff --git a/tests/fuzz/build_probes/fuzz.sh b/tests/fuzz/build_probes/fuzz.sh
new file mode 100644
index 0000000..bee5973
--- /dev/null
+++ b/tests/fuzz/build_probes/fuzz.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build && \
+go-fuzz-build && \
+go-fuzz
diff --git a/tests/fuzz/fuzzy_hash/fuzz.go b/tests/fuzz/fuzzy_hash/fuzz.go
new file mode 100644
index 0000000..99434b5
--- /dev/null
+++ b/tests/fuzz/fuzzy_hash/fuzz.go
@@ -0,0 +1,9 @@
+package fuzz
+
+import "github.com/RumbleDiscovery/jarm-go"
+
+// Fuzz uses go-fuzz to test RawHashToFuzzyHash()
+func Fuzz(data []byte) int {
+	jarm.RawHashToFuzzyHash(string(data))
+	return 1
+}
diff --git a/tests/fuzz/fuzzy_hash/fuzz.sh b/tests/fuzz/fuzzy_hash/fuzz.sh
new file mode 100644
index 0000000..bee5973
--- /dev/null
+++ b/tests/fuzz/fuzzy_hash/fuzz.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build && \
+go-fuzz-build && \
+go-fuzz
diff --git a/tests/fuzz/parse_server_hello/fuzz.go b/tests/fuzz/parse_server_hello/fuzz.go
new file mode 100644
index 0000000..33629c5
--- /dev/null
+++ b/tests/fuzz/parse_server_hello/fuzz.go
@@ -0,0 +1,13 @@
+package fuzz
+
+import "github.com/RumbleDiscovery/jarm-go"
+
+var fuzzProbes = jarm.GetProbes("placeholder", 443)
+
+// Fuzz uses go-fuzz to test ParseServerHello()
+func Fuzz(data []byte) int {
+	for _, probe := range fuzzProbes {
+		jarm.ParseServerHello(data, probe)
+	}
+	return 1
+}
diff --git a/tests/fuzz/parse_server_hello/fuzz.sh b/tests/fuzz/parse_server_hello/fuzz.sh
new file mode 100644
index 0000000..bee5973
--- /dev/null
+++ b/tests/fuzz/parse_server_hello/fuzz.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build && \
+go-fuzz-build && \
+go-fuzz