1package imapserver
2
3import (
4 "encoding/base64"
5 "errors"
6 "fmt"
7 "io"
8 "net"
9 "os"
10 "path/filepath"
11 "testing"
12 "time"
13
14 "github.com/mjl-/mox/imapclient"
15 "github.com/mjl-/mox/mlog"
16 "github.com/mjl-/mox/mox-"
17 "github.com/mjl-/mox/store"
18)
19
20// Fuzz the server. For each fuzz string, we set up servers in various connection states, and write the string as command.
21func FuzzServer(f *testing.F) {
22 seed := []string{
23 fmt.Sprintf("authenticate plain %s", base64.StdEncoding.EncodeToString([]byte("\u0000mjl@mox.example\u0000testtest"))),
24 "*",
25 "capability",
26 "noop",
27 "logout",
28 "select inbox",
29 "examine inbox",
30 "unselect",
31 "close",
32 "expunge",
33 "subscribe inbox",
34 "unsubscribe inbox",
35 `lsub "" "*"`,
36 `list "" ""`,
37 `namespace`,
38 "enable utf8=accept",
39 "create inbox",
40 "create tmpbox",
41 "rename tmpbox ntmpbox",
42 "delete ntmpbox",
43 "status inbox (uidnext messages uidvalidity deleted size unseen recent)",
44 "append inbox (\\seen) {2+}\r\nhi",
45 "fetch 1 all",
46 "fetch 1 body",
47 "fetch 1 (bodystructure)",
48 `store 1 flags (\seen \answered)`,
49 `store 1 +flags ($junk)`,
50 `store 1 -flags ($junk)`,
51 "noop",
52 "copy 1Trash",
53 "copy 1 Trash",
54 "move 1 Trash",
55 "search 1 all",
56 }
57 for _, cmd := range seed {
58 const tag = "x "
59 f.Add(tag + cmd)
60 }
61
62 log := mlog.New("imapserver", nil)
63 mox.ConfigStaticPath = filepath.FromSlash("../testdata/imapserverfuzz/mox.conf")
64 mox.MustLoadConfig(true, false)
65 store.Close() // May not be open, we ignore error.
66 dataDir := mox.ConfigDirPath(mox.Conf.Static.DataDir)
67 os.RemoveAll(dataDir)
68 err := store.Init(ctxbg)
69 if err != nil {
70 f.Fatalf("store init: %v", err)
71 }
72 defer store.Switchboard()()
73
74 acc, err := store.OpenAccount(log, "mjl", false)
75 if err != nil {
76 f.Fatalf("open account: %v", err)
77 }
78 defer func() {
79 acc.Close()
80 acc.WaitClosed()
81 }()
82 err = acc.SetPassword(log, password0)
83 if err != nil {
84 f.Fatalf("set password: %v", err)
85 }
86
87 comm := store.RegisterComm(acc)
88 defer comm.Unregister()
89
90 var cid int64 = 1
91
92 var fl *os.File
93 if false {
94 fl, err = os.OpenFile("fuzz.log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
95 if err != nil {
96 f.Fatalf("fuzz log")
97 }
98 defer fl.Close()
99 }
100 flog := func(err error, msg string) {
101 if fl != nil && err != nil {
102 fmt.Fprintf(fl, "%s: %v\n", msg, err)
103 }
104 }
105
106 f.Fuzz(func(t *testing.T, s string) {
107 run := func(cmds []string) {
108 limitersInit() // Reset rate limiters.
109 serverConn, clientConn := net.Pipe()
110 defer serverConn.Close()
111
112 go func() {
113 defer func() {
114 x := recover()
115 // Protocol can become botched, when fuzzer sends literals.
116 if x == nil {
117 return
118 }
119 err, ok := x.(error)
120 if !ok || (!errors.Is(err, os.ErrDeadlineExceeded) && !errors.Is(err, io.EOF)) {
121 panic(x)
122 }
123 }()
124
125 defer clientConn.Close()
126
127 err := clientConn.SetDeadline(time.Now().Add(time.Second))
128 flog(err, "set client deadline")
129 client, _ := imapclient.New(mox.Cid(), clientConn, true)
130
131 for _, cmd := range cmds {
132 client.Commandf("", "%s", cmd)
133 client.Response()
134 }
135 client.Commandf("", "%s", s)
136 client.Response()
137 }()
138
139 err = serverConn.SetDeadline(time.Now().Add(time.Second))
140 flog(err, "set server deadline")
141 serve("test", cid, nil, serverConn, false, true, false, "")
142 cid++
143 }
144
145 // Each command brings the connection state one step further. We try the fuzzing
146 // input for each state.
147 run([]string{})
148 run([]string{`login mjl@mox.example "` + password0 + `"`})
149 run([]string{`login mjl@mox.example "` + password0 + `"`, "select inbox"})
150 xappend := fmt.Sprintf("append inbox () {%d+}\r\n%s", len(exampleMsg), exampleMsg)
151 run([]string{`login mjl@mox.example "` + password0 + `"`, "select inbox", xappend})
152 })
153}
154