1package imapserver

2

3import (

4 "encoding/base64"

5 "errors"

6 "fmt"

7 "io"

8 "net"

9 "os"

10 "path/filepath"

11 "testing"

12 "time"

13

14 "github.com/mjl-/mox/imapclient"

15 "github.com/mjl-/mox/mlog"

16 "github.com/mjl-/mox/mox-"

17 "github.com/mjl-/mox/store"

18)

19

20// Fuzz the server. For each fuzz string, we set up servers in various connection states, and write the string as command.

21func FuzzServer(f *testing.F) {

22 seed := []string{

23 fmt.Sprintf("authenticate plain %s", base64.StdEncoding.EncodeToString([]byte("\u0000mjl@mox.example\u0000testtest"))),

24 "*",

25 "capability",

26 "noop",

27 "logout",

28 "select inbox",

29 "examine inbox",

30 "unselect",

31 "close",

32 "expunge",

33 "subscribe inbox",

34 "unsubscribe inbox",

35 `lsub "" "*"`,

36 `list "" ""`,

37 `namespace`,

38 "enable utf8=accept",

39 "create inbox",

40 "create tmpbox",

41 "rename tmpbox ntmpbox",

42 "delete ntmpbox",

43 "status inbox (uidnext messages uidvalidity deleted size unseen recent)",

44 "append inbox (\\seen) {2+}\r\nhi",

45 "fetch 1 all",

46 "fetch 1 body",

47 "fetch 1 (bodystructure)",

48 `store 1 flags (\seen \answered)`,

49 `store 1 +flags ($junk)`,

50 `store 1 -flags ($junk)`,

51 "noop",

52 "copy 1Trash",

53 "copy 1 Trash",

54 "move 1 Trash",

55 "search 1 all",

56 }

57 for _, cmd := range seed {

58 const tag = "x "

59 f.Add(tag + cmd)

60 }

61

62 log := mlog.New("imapserver", nil)

63 mox.Context = ctxbg

64 mox.ConfigStaticPath = filepath.FromSlash("../testdata/imapserverfuzz/mox.conf")

65 mox.MustLoadConfig(true, false)

66 dataDir := mox.ConfigDirPath(mox.Conf.Static.DataDir)

67 os.RemoveAll(dataDir)

68 acc, err := store.OpenAccount(log, "mjl")

69 if err != nil {

70 f.Fatalf("open account: %v", err)

71 }

72 defer acc.Close()

73 err = acc.SetPassword(log, password0)

74 if err != nil {

75 f.Fatalf("set password: %v", err)

76 }

77 defer store.Switchboard()()

78

79 comm := store.RegisterComm(acc)

80 defer comm.Unregister()

81

82 var cid int64 = 1

83

84 var fl *os.File

85 if false {

86 fl, err = os.OpenFile("fuzz.log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)

87 if err != nil {

88 f.Fatalf("fuzz log")

89 }

90 defer fl.Close()

91 }

92 flog := func(err error, msg string) {

93 if fl != nil && err != nil {

94 fmt.Fprintf(fl, "%s: %v\n", msg, err)

95 }

96 }

97

98 f.Fuzz(func(t *testing.T, s string) {

99 run := func(cmds []string) {

100 limitersInit() // Reset rate limiters.

101 serverConn, clientConn := net.Pipe()

102 defer serverConn.Close()

103

104 go func() {

105 defer func() {

106 x := recover()

107 // Protocol can become botched, when fuzzer sends literals.

108 if x == nil {

109 return

110 }

111 err, ok := x.(error)

112 if !ok || (!errors.Is(err, os.ErrDeadlineExceeded) && !errors.Is(err, io.EOF)) {

113 panic(x)

114 }

115 }()

116

117 defer clientConn.Close()

118

119 err := clientConn.SetDeadline(time.Now().Add(time.Second))

120 flog(err, "set client deadline")

121 client, _ := imapclient.New(clientConn, true)

122

123 for _, cmd := range cmds {

124 client.Commandf("", "%s", cmd)

125 client.Response()

126 }

127 client.Commandf("", "%s", s)

128 client.Response()

129 }()

130

131 err = serverConn.SetDeadline(time.Now().Add(time.Second))

132 flog(err, "set server deadline")

133 serve("test", cid, nil, serverConn, false, true)

134 cid++

135 }

136

137 // Each command brings the connection state one step further. We try the fuzzing

138 // input for each state.

139 run([]string{})

140 run([]string{"login mjl@mox.example testtest"})

141 run([]string{"login mjl@mox.example testtest", "select inbox"})

142 xappend := fmt.Sprintf("append inbox () {%d+}\r\n%s", len(exampleMsg), exampleMsg)

143 run([]string{"login mjl@mox.example testtest", "select inbox", xappend})

144 })

145}

146