1package imapserver

2

3import (

4 "encoding/base64"

5 "errors"

6 "fmt"

7 "io"

8 "net"

9 "os"

10 "path/filepath"

11 "testing"

12 "time"

13

14 "github.com/mjl-/mox/imapclient"

15 "github.com/mjl-/mox/mlog"

16 "github.com/mjl-/mox/mox-"

17 "github.com/mjl-/mox/store"

18)

19

20// Fuzz the server. For each fuzz string, we set up servers in various connection states, and write the string as command.

21func FuzzServer(f *testing.F) {

22 seed := []string{

23 fmt.Sprintf("authenticate plain %s", base64.StdEncoding.EncodeToString([]byte("\u0000mjl@mox.example\u0000testtest"))),

24 "*",

25 "capability",

26 "noop",

27 "logout",

28 "select inbox",

29 "examine inbox",

30 "unselect",

31 "close",

32 "expunge",

33 "subscribe inbox",

34 "unsubscribe inbox",

35 `lsub "" "*"`,

36 `list "" ""`,

37 `namespace`,

38 "enable utf8=accept",

39 "create inbox",

40 "create tmpbox",

41 "rename tmpbox ntmpbox",

42 "delete ntmpbox",

43 "status inbox (uidnext messages uidvalidity deleted size unseen recent)",

44 "append inbox (\\seen) {2+}\r\nhi",

45 "fetch 1 all",

46 "fetch 1 body",

47 "fetch 1 (bodystructure)",

48 `store 1 flags (\seen \answered)`,

49 `store 1 +flags ($junk)`,

50 `store 1 -flags ($junk)`,

51 "noop",

52 "copy 1Trash",

53 "copy 1 Trash",

54 "move 1 Trash",

55 "search 1 all",

56 }

57 for _, cmd := range seed {

58 const tag = "x "

59 f.Add(tag + cmd)

60 }

61

62 log := mlog.New("imapserver", nil)

63 mox.Context = ctxbg

64 mox.ConfigStaticPath = filepath.FromSlash("../testdata/imapserverfuzz/mox.conf")

65 mox.MustLoadConfig(true, false)

66 dataDir := mox.ConfigDirPath(mox.Conf.Static.DataDir)

67 os.RemoveAll(dataDir)

68 acc, err := store.OpenAccount(log, "mjl")

69 if err != nil {

70 f.Fatalf("open account: %v", err)

71 }

72 defer func() {

73 acc.Close()

74 acc.CheckClosed()

75 }()

76 err = acc.SetPassword(log, password0)

77 if err != nil {

78 f.Fatalf("set password: %v", err)

79 }

80 defer store.Switchboard()()

81

82 comm := store.RegisterComm(acc)

83 defer comm.Unregister()

84

85 var cid int64 = 1

86

87 var fl *os.File

88 if false {

89 fl, err = os.OpenFile("fuzz.log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)

90 if err != nil {

91 f.Fatalf("fuzz log")

92 }

93 defer fl.Close()

94 }

95 flog := func(err error, msg string) {

96 if fl != nil && err != nil {

97 fmt.Fprintf(fl, "%s: %v\n", msg, err)

98 }

99 }

100

101 f.Fuzz(func(t *testing.T, s string) {

102 run := func(cmds []string) {

103 limitersInit() // Reset rate limiters.

104 serverConn, clientConn := net.Pipe()

105 defer serverConn.Close()

106

107 go func() {

108 defer func() {

109 x := recover()

110 // Protocol can become botched, when fuzzer sends literals.

111 if x == nil {

112 return

113 }

114 err, ok := x.(error)

115 if !ok || (!errors.Is(err, os.ErrDeadlineExceeded) && !errors.Is(err, io.EOF)) {

116 panic(x)

117 }

118 }()

119

120 defer clientConn.Close()

121

122 err := clientConn.SetDeadline(time.Now().Add(time.Second))

123 flog(err, "set client deadline")

124 client, _ := imapclient.New(clientConn, true)

125

126 for _, cmd := range cmds {

127 client.Commandf("", "%s", cmd)

128 client.Response()

129 }

130 client.Commandf("", "%s", s)

131 client.Response()

132 }()

133

134 err = serverConn.SetDeadline(time.Now().Add(time.Second))

135 flog(err, "set server deadline")

136 serve("test", cid, nil, serverConn, false, true)

137 cid++

138 }

139

140 // Each command brings the connection state one step further. We try the fuzzing

141 // input for each state.

142 run([]string{})

143 run([]string{`login mjl@mox.example "` + password0 + `"`})

144 run([]string{`login mjl@mox.example "` + password0 + `"`, "select inbox"})

145 xappend := fmt.Sprintf("append inbox () {%d+}\r\n%s", len(exampleMsg), exampleMsg)

146 run([]string{`login mjl@mox.example "` + password0 + `"`, "select inbox", xappend})

147 })

148}

149