[net/auth] Add a fuzzer for HttpAuthHandlerDigest.

This authentication handler has some custom logic for parsing Digest
authentication challenges. We should have some fuzz coverage for it.

Bug: None
Change-Id: I53ebe3496daf763a2bfb83bfb5f5e90cbe2b02b9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1907157
Commit-Queue: Asanka Herath <asanka@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#715424}

net/BUILD.gn

@@ -6684,6 +6684,18 @@ fuzzer_test("net_http_auth_handler_basic_fuzzer") {
   ]
 }
 
+fuzzer_test("net_http_auth_handler_digest_fuzzer") {
+  sources = [
+    "http/http_auth_handler_digest_fuzzer.cc",
+  ]
+  dict = "data/fuzzer_dictionaries/net_http_auth_handler_digest_fuzzer.dict"
+  deps = [
+    ":net_fuzzer_test_support",
+    "//net",
+    "//net/dns:test_support",
+  ]
+}
+
 fuzzer_test("net_http_content_disposition_fuzzer") {
   sources = [
     "http/http_content_disposition_fuzzer.cc",

net/data/fuzzer_dictionaries/net_http_auth_handler_digest_fuzzer.dict

+# Copyright 2019 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"realm"
+"="
+"\""
+","
+" "
+"nonce"
+"domain"
+"opaque"
+"stale"
+"true"
+"false"
+"algorithm"
+"md5"
+"md5-sess"
+"qop"
+"auth"
+

net/http/http_auth_handler_digest_fuzzer.cc

+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <memory>
+#include <string>
+
+#include "net/dns/mock_host_resolver.h"
+#include "net/http/http_auth_challenge_tokenizer.h"
+#include "net/http/http_auth_handler.h"
+#include "net/http/http_auth_handler_digest.h"
+#include "net/log/net_log_with_source.h"
+#include "net/ssl/ssl_info.h"
+#include "url/gurl.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  FuzzedDataProvider data_provider{data, size};
+
+  std::string challenge =
+      "Digest " + data_provider.ConsumeRandomLengthString(500);
+
+  // Dummies
+  net::SSLInfo null_ssl_info;
+  GURL origin("https://foo.test/");
+  auto host_resolver = std::make_unique<net::MockHostResolver>();
+  std::unique_ptr<net::HttpAuthHandler> handler;
+
+  net::HttpAuthHandlerDigest::Factory factory;
+  factory.CreateAuthHandlerFromString(
+      challenge, net::HttpAuth::AUTH_SERVER, null_ssl_info, origin,
+      net::NetLogWithSource(), host_resolver.get(), &handler);
+
+  if (handler) {
+    auto followup = "Digest " + data_provider.ConsumeRemainingBytesAsString();
+    net::HttpAuthChallengeTokenizer tokenizer{followup.begin(), followup.end()};
+    handler->HandleAnotherChallenge(&tokenizer);
+  }
+  return 0;
+}