goroutine 1 [running]:
github.com/emersion/go-smtp.(*Conn).handleAuth(0xc000366070, 0xc00036f8ed, 0x1)
/home/user/Documents/xxxx/src/github.com/emersion/go-smtp/conn.go:339 +0x97a
github.com/emersion/go-smtp.(*Conn).handle(0xc000366070, 0xc00036f8e8, 0x4, 0xc00036f8ed, 0x1)
/home/user/Documents/xxxx/src/github.com/emersion/go-smtp/conn.go:115 +0x180
github.com/emersion/go-smtp.(*Server).handleConn(0xc0000c38c0, 0xc000366070, 0x0, 0x0)
/home/user/Documents/xxxx/src/github.com/emersion/go-smtp/server.go:122 +0x287
github.com/emersion/go-smtp.(*Server).Serve(0xc0000c38c0, 0x649ac0, 0xc0000acc40, 0x0, 0x0)
/home/user/Documents/xxxx/src/github.com/emersion/go-smtp/server.go:93 +0xf2
fuzz/fuzzsmtpserver.Fuzz(0x7408aa0f7000, 0xd, 0x200000, 0x3)
/home/user/Documents/xxxx/src/fuzz/fuzzsmtpserver/fuzz.go:63 +0x262
go-fuzz-dep.Main(0xc000046f80, 0x1, 0x1)
/tmp/go-fuzz-build433312042/goroot/src/go-fuzz-dep/main.go:36 +0x1b6
main.main()
/tmp/go-fuzz-build433312042/gopath/src/fuzz/fuzzsmtpserver/go.fuzz.main/main.go:15 +0x52
exit status 2
[user@work crashers]$ cat 82fbe7cec7da6c1559d3780b7c0122064c01f1f1 | hexdump
0000000 4845 4f4c 3020 410a 5455 2048 000b
000000d
[user@work crashers]$ cat 82fbe7cec7da6c1559d3780b7c0122064c01f1f1 | hexdump -c
0000000 E H L O 0 \n A U T H \v
000000d
[user@work crashers]$ cat 82fbe7cec7da6c1559d3780b7c0122064c01f1f1.quoted
"EHLO 0\nAUTH \v"
To perform fuzzing I've modified Serve function in Server, it looks like that now:
// Serve accepts incoming connections on the Listener l.
func (s *Server) Serve(l net.Listener) error {
s.listener = l
defer s.Close()
for {
c, err := l.Accept()
if err != nil {
return err
}
// Modified for fuzzing - removed go so its synchronous now
/* go */ s.handleConn(newConn(c, s))
}
}
I didn't test this on base(with go s.handleConn) version nevertheless it seems like it should work on original as well.
I guess I've run go get -u
before running it, someone might test that as well though.