test: Update fuzz tests to use the built-in infrastructure

Go 1.18 supports fuzzing natively, so this patch migrates our fuzzing
tests to make use of it.

.gitignore

@@ -34,13 +34,3 @@ chasquid.test
 # Exclude any .pem files, to prevent accidentally including test keys and
 # certificates.
 *.pem
-
-# Ignore the generated corpus: we don't want to commit it to the repository by
-# default, to avoid size blowup.  Manually added corpus will begin with "t-",
-# and thus not ignored.
-# Leave crashers not ignored, to make them easier to spot (and they should be
-# moved to manually-added corpus once detected).
-**/testdata/fuzz/corpus/[0-9a-f]*
-
-# go-fuzz build artifacts.
-*-fuzz.zip

internal/aliases/aliases_test.go

@@ -1,6 +1,7 @@
 package aliases
 
 import (
+	"bytes"
 	"errors"
 	"os"
 	"os/exec"
@@ -482,3 +483,10 @@ func TestHookError(t *testing.T) {
 		t.Errorf("expected *exec.ExitError, got %T - %v", err, err)
 	}
 }
+
+// Fuzz testing for the parser.
+func FuzzReader(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		parseReader("domain", bytes.NewReader(data))
+	})
+}

internal/aliases/fuzz.go

@@ -1,23 +0,0 @@
-// Fuzz testing for package aliases.
-
-//go:build gofuzz
-// +build gofuzz
-
-package aliases
-
-import "bytes"
-
-func Fuzz(data []byte) int {
-	interesting := 0
-	aliases, _ := parseReader("domain", bytes.NewReader(data))
-
-	// Mark cases with actual aliases as more interesting.
-	for _, rcpts := range aliases {
-		if len(rcpts) > 0 {
-			interesting = 1
-			break
-		}
-	}
-
-	return interesting
-}

internal/aliases/testdata/fuzz/FuzzReader/1c24d2215db69748c6fd16797673ad11ebc7e6167fe1bc1f54c6959ec10407b6

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("# First some valid cases.\na: b\nc: d@e, f,\nx: | command\n\n# The following is invalid, should be ignored.\na@dom: x@dom\n\n# Overrides.\no1: a\no1: b\n\n# Finally one to make the file NOT end in \\n:\ny: z\n")

internal/aliases/testdata/fuzz/FuzzReader/4adaceaa32e2b32c00322948769d62c2dd42e1d9f4950d3c5b411c710e6d4a86

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\nfail: | false\n\n")

internal/aliases/testdata/fuzz/FuzzReader/8234d8c5719f30e50525290db70743bf97d940e60591cf4a638c72158d35504a

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\naliasA: aliasB@srv-B\n")

internal/aliases/testdata/fuzz/FuzzReader/c9c80ba9f513841cb081fe9bb7439d36f9f7a06bb999d4c39441991ccc878a9e

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("\n# Easy aliases.\npepe: jose\njoan: juan\n\n# UTF-8 aliases.\npitanga: ñangapirí\nañil: azul, índigo\n\n# Pipe aliases.\ntubo: | writemailto ../.data/pipe_alias_worked\n\n")

internal/aliases/testdata/fuzz/FuzzReader/d40a98862ed393eb712e47a91bcef18e6f24cf368bb4bd248c7a7101ef8e178d

@@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("")

internal/aliases/testdata/fuzz/corpus/t-002

@@ -1,14 +0,0 @@
-# First some valid cases.
-a: b
-c: d@e, f,
-x: | command
-
-# The following is invalid, should be ignored.
-a@dom: x@dom
-
-# Overrides.
-o1: a
-o1: b
-
-# Finally one to make the file NOT end in \n:
-y: z

internal/aliases/testdata/fuzz/corpus/t-003

@@ -1,12 +0,0 @@
-
-# Easy aliases.
-pepe: jose
-joan: juan
-
-# UTF-8 aliases.
-pitanga: ñangapirí
-añil: azul, índigo
-
-# Pipe aliases.
-tubo: | writemailto ../.data/pipe_alias_worked
-

internal/aliases/testdata/fuzz/corpus/t-004

@@ -1,3 +0,0 @@
-
-fail: | false
-

internal/aliases/testdata/fuzz/corpus/t-005

@@ -1,2 +0,0 @@
-
-aliasA: aliasB@srv-B

internal/auth/auth_test.go

@@ -285,3 +285,10 @@ func TestReload(t *testing.T) {
 		t.Errorf("unexpected error reloading wrapped backend: %v", err)
 	}
 }
+
+// Fuzz testing for the response decoder, which handles user-provided data.
+func FuzzDecodeResponse(f *testing.F) {
+	f.Fuzz(func(t *testing.T, response string) {
+		DecodeResponse(response)
+	})
+}

internal/auth/fuzz.go

@@ -1,17 +0,0 @@
-// Fuzz testing for package aliases.
-
-//go:build gofuzz
-// +build gofuzz
-
-package auth
-
-func Fuzz(data []byte) int {
-	//	user, domain, passwd, err := DecodeResponse(string(data))
-	interesting := 0
-	_, _, _, err := DecodeResponse(string(data))
-	if err == nil {
-		interesting = 1
-	}
-
-	return interesting
-}

internal/auth/testdata/fuzz/FuzzDecodeResponse/0274b170c6fe2654ca5418a914b804e9c7cc5d8e5c2a7c5fcf5c29540ec5ae52

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("@\xed\x88̥̥̥̥̥̥̄̈́̈́̈́̈́̈́̈́̈́̈́ͥ̈́̈́ͥ̓\x00\x00")

internal/auth/testdata/fuzz/FuzzDecodeResponse/24d35771ef1fe0645d90b061e13a777faea328736483ec2833b63950d26b5399

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("AHVAZABwYXNz")

internal/auth/testdata/fuzz/FuzzDecodeResponse/2e5d0b26626f2d2dd6fb423e1e1cc432277ae9877c622fe6ca067e247bc11c9d

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("dUBkAHVAZABwYXNz")

internal/auth/testdata/fuzz/FuzzDecodeResponse/2ef1aee5347414c139270ebb6ea63d2223a8c0c7c8ec30a2ca7152f4c18f1c74

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("\xeb̥̥̥̥̥̥̥̈́ͥ̈́̈́̈́̈́̈́̈́̈́̈́̈́ͥ̓@\x00\x00")

internal/auth/testdata/fuzz/FuzzDecodeResponse/4b9259040da90f06aa2b593ee20fdffefeda813c59430050f15965bd9471235e

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("this is not base64 encoded")

internal/auth/testdata/fuzz/FuzzDecodeResponse/6c2c0b4f81a675d91d1291bfdcddb7c9d43cf6264dd7763cfed31a3946854e27

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("\xeb̥̥̥̥̥̥ͯ̈́̈́̈́̈́̈́ͯ̈́̈́̈́̈́̈́̈́@\x00\x00")

internal/auth/testdata/fuzz/FuzzDecodeResponse/6e05782952b68c7ccd94160ad6ea45e7f766397850b08e78f89407a94350825c

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("\xeb̥̥̥̥̥̥̈́̈́̈́̈́̈́ͯ̈́̈́̈́̈́̈́̈́̈́@\x00\x00")

internal/auth/testdata/fuzz/FuzzDecodeResponse/c2ae184876dd0fe9acfc8a5e2f2174a968b889b01e0f5c9a61fa27d7361f0091

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("dUBkAABwYXNz")

internal/auth/testdata/fuzz/FuzzDecodeResponse/d9aa9c617d1f5b3021aca758b9d896d136e3b16ed53233d02abffd02aa73ffa4

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("w7FhY2FAw7FlcXVlAABjbGF2YXLDqQ==")

internal/auth/testdata/fuzz/FuzzDecodeResponse/de05c7993312bab83e8114e9d9ced331c49822dc55c1a353f1cc9718a28226e7

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("dUBkAABwYXNz/w==")

internal/auth/testdata/fuzz/corpus/t-001

@@ -1 +0,0 @@
-dUBkAHVAZABwYXNz

internal/auth/testdata/fuzz/corpus/t-002

@@ -1 +0,0 @@
-dUBkAABwYXNz

internal/auth/testdata/fuzz/corpus/t-003

@@ -1 +0,0 @@
-AHVAZABwYXNz

internal/auth/testdata/fuzz/corpus/t-004

@@ -1 +0,0 @@
-dUBkAABwYXNz/w==

internal/auth/testdata/fuzz/corpus/t-005

@@ -1 +0,0 @@
-w7FhY2FAw7FlcXVlAABjbGF2YXLDqQ==

internal/auth/testdata/fuzz/corpus/t-006

@@ -1 +0,0 @@
-this is not base64 encoded

internal/normalize/fuzz.go

@@ -1,16 +0,0 @@
-// Fuzz testing for package normalize.
-
-//go:build gofuzz
-// +build gofuzz
-
-package normalize
-
-func Fuzz(data []byte) int {
-	s := string(data)
-	User(s)
-	Domain(s)
-	Addr(s)
-	DomainToUnicode(s)
-
-	return 0
-}

internal/normalize/normalize_test.go

@@ -128,3 +128,27 @@ func TestDomainToUnicode(t *testing.T) {
 		}
 	}
 }
+
+func FuzzUser(f *testing.F) {
+	f.Fuzz(func(t *testing.T, user string) {
+		User(user)
+	})
+}
+
+func FuzzDomain(f *testing.F) {
+	f.Fuzz(func(t *testing.T, domain string) {
+		Domain(domain)
+	})
+}
+
+func FuzzAddr(f *testing.F) {
+	f.Fuzz(func(t *testing.T, addr string) {
+		Addr(addr)
+	})
+}
+
+func FuzzDomainToUnicode(f *testing.F) {
+	f.Fuzz(func(t *testing.T, addr string) {
+		DomainToUnicode(addr)
+	})
+}

internal/normalize/testdata/fuzz/FuzzAddr/31400a53be6363c91bf6585789663189fa30b16181c1d18f19708acccc85f4a1

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ÑAndÚ")

internal/normalize/testdata/fuzz/FuzzAddr/7aba1e0ef80990ccac3731800dbb0267c4c8b7156d4da3b8a5f1b57a570adfb8

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("henryⅣ@throne")

internal/normalize/testdata/fuzz/FuzzAddr/ccde73fe7b7352806a87cece8eb81867bdeb177019b69a4bb3c7bb5a277b9c32

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ñandú")

internal/normalize/testdata/fuzz/FuzzAddr/d8637022b61fb5c4df4e153063564accd6331debaafdd594405c320a5e9f2e70

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("pé@léa")

internal/normalize/testdata/fuzz/FuzzAddr/dc0204d8e2ab058a763873d2a5fede806e95235771ecdd96b56c906886822c19

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("Pingüino")

internal/normalize/testdata/fuzz/FuzzDomain/263da65bb5a59369f294d26a64a36a989a9a36ed5c60950b123e395bedbe881c

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("henryⅣthrone")

internal/normalize/testdata/fuzz/FuzzDomain/31400a53be6363c91bf6585789663189fa30b16181c1d18f19708acccc85f4a1

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ÑAndÚ")

internal/normalize/testdata/fuzz/FuzzDomain/6d603c8b9fbe8b9aa021dbde499ec1b3a00922b9338c68b2984cd314c3d5e633

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("péléa")

internal/normalize/testdata/fuzz/FuzzDomain/ccde73fe7b7352806a87cece8eb81867bdeb177019b69a4bb3c7bb5a277b9c32

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ñandú")

internal/normalize/testdata/fuzz/FuzzDomain/dc0204d8e2ab058a763873d2a5fede806e95235771ecdd96b56c906886822c19

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("Pingüino")

internal/normalize/testdata/fuzz/FuzzDomainToUnicode/31400a53be6363c91bf6585789663189fa30b16181c1d18f19708acccc85f4a1

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ÑAndÚ")

internal/normalize/testdata/fuzz/FuzzDomainToUnicode/7aba1e0ef80990ccac3731800dbb0267c4c8b7156d4da3b8a5f1b57a570adfb8

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("henryⅣ@throne")

internal/normalize/testdata/fuzz/FuzzDomainToUnicode/ccde73fe7b7352806a87cece8eb81867bdeb177019b69a4bb3c7bb5a277b9c32

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ñandú")

internal/normalize/testdata/fuzz/FuzzDomainToUnicode/d8637022b61fb5c4df4e153063564accd6331debaafdd594405c320a5e9f2e70

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("pé@léa")

internal/normalize/testdata/fuzz/FuzzDomainToUnicode/dc0204d8e2ab058a763873d2a5fede806e95235771ecdd96b56c906886822c19

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("Pingüino")

internal/normalize/testdata/fuzz/FuzzUser/263da65bb5a59369f294d26a64a36a989a9a36ed5c60950b123e395bedbe881c

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("henryⅣthrone")

internal/normalize/testdata/fuzz/FuzzUser/31400a53be6363c91bf6585789663189fa30b16181c1d18f19708acccc85f4a1

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ÑAndÚ")

internal/normalize/testdata/fuzz/FuzzUser/6d603c8b9fbe8b9aa021dbde499ec1b3a00922b9338c68b2984cd314c3d5e633

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("péléa")

internal/normalize/testdata/fuzz/FuzzUser/ccde73fe7b7352806a87cece8eb81867bdeb177019b69a4bb3c7bb5a277b9c32

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("ñandú")

internal/normalize/testdata/fuzz/FuzzUser/dc0204d8e2ab058a763873d2a5fede806e95235771ecdd96b56c906886822c19

@@ -0,0 +1,2 @@
+go test fuzz v1
+string("Pingüino")

internal/normalize/testdata/fuzz/corpus/t-001

@@ -1 +0,0 @@
-ñandú

internal/normalize/testdata/fuzz/corpus/t-002

@@ -1 +0,0 @@
-ÑAndÚ

internal/normalize/testdata/fuzz/corpus/t-003

@@ -1 +0,0 @@
-Pingüino

internal/normalize/testdata/fuzz/corpus/t-004

@@ -1 +0,0 @@
-pé@léa

internal/normalize/testdata/fuzz/corpus/t-005

@@ -1 +0,0 @@
-henryⅣ@throne

internal/smtpsrv/conn_test.go

@@ -3,6 +3,7 @@ package smtpsrv
 import (
 	"bufio"
 	"net"
+	"os"
 	"strings"
 	"testing"
 
@@ -15,7 +16,12 @@ import (
 func TestSecLevel(t *testing.T) {
 	// We can't simulate this externally because of the SPF record
 	// requirement, so do a narrow test on Conn.secLevelCheck.
-	dir := testlib.MustTempDir(t)
+	// Create the directory by hand because we don't want to automatically
+	// chdir into it (it affects the fuzzing infrastructure).
+	dir, err := os.MkdirTemp("", "testlib_")
+	if err != nil {
+		t.Fatalf("Failed to create temp dir: %v\n", dir)
+	}
 	defer testlib.RemoveIfOk(t, dir)
 
 	dinfo, err := domaininfo.New(dir)

internal/smtpsrv/fuzz.go

@@ -1,280 +0,0 @@
-// Fuzz testing for package smtpsrv.  Based on server_test.
-
-//go:build gofuzz
-// +build gofuzz
-
-package smtpsrv
-
-import (
-	"bufio"
-	"bytes"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/tls"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
-	"flag"
-	"fmt"
-	"io"
-	"math/big"
-	"net"
-	"net/textproto"
-	"os"
-	"strings"
-	"time"
-
-	"blitiri.com.ar/go/chasquid/internal/aliases"
-	"blitiri.com.ar/go/chasquid/internal/courier"
-	"blitiri.com.ar/go/chasquid/internal/testlib"
-	"blitiri.com.ar/go/chasquid/internal/userdb"
-	"blitiri.com.ar/go/log"
-)
-
-var (
-	// Server addresses. Will be filled in at init time.
-	smtpAddr          = ""
-	submissionAddr    = ""
-	submissionTLSAddr = ""
-
-	// TLS configuration to use in the clients.
-	// Will contain the generated server certificate as root CA.
-	tlsConfig *tls.Config
-)
-
-//
-// === Fuzz test ===
-//
-
-func Fuzz(data []byte) int {
-	// Byte 0: mode
-	// The rest is what we will send the server, one line per command.
-	if len(data) < 1 {
-		return 0
-	}
-
-	var mode SocketMode
-	addr := ""
-	switch data[0] {
-	case '0':
-		mode = ModeSMTP
-		addr = smtpAddr
-	case '1':
-		mode = ModeSubmission
-		addr = submissionAddr
-	case '2':
-		mode = ModeSubmissionTLS
-		addr = submissionTLSAddr
-	default:
-		return 0
-	}
-	data = data[1:]
-
-	var err error
-	var conn net.Conn
-	if mode.TLS {
-		conn, err = tls.Dial("tcp", addr, tlsConfig)
-	} else {
-		conn, err = net.Dial("tcp", addr)
-	}
-	if err != nil {
-		panic(fmt.Errorf("failed to dial: %v", err))
-	}
-	defer conn.Close()
-
-	tconn := textproto.NewConn(conn)
-	defer tconn.Close()
-
-	scanner := bufio.NewScanner(bytes.NewBuffer(data))
-	for scanner.Scan() {
-		line := scanner.Text()
-		cmd := strings.TrimSpace(strings.ToUpper(line))
-
-		// Skip STARTTLS if it happens on a non-TLS connection - the jump is
-		// not going to happen via fuzzer, it will just cause a timeout (which
-		// is considered a crash).
-		if cmd == "STARTTLS" && !mode.TLS {
-			continue
-		}
-
-		if err = tconn.PrintfLine(line); err != nil {
-			break
-		}
-
-		if _, _, err = tconn.ReadResponse(-1); err != nil {
-			break
-		}
-
-		if cmd == "DATA" {
-			// We just sent DATA and got a response; send the contents.
-			err = exchangeData(scanner, tconn)
-			if err != nil {
-				break
-			}
-		}
-	}
-	if (err != nil && err != io.EOF) || scanner.Err() != nil {
-		return 1
-	}
-
-	return 0
-}
-
-func exchangeData(scanner *bufio.Scanner, tconn *textproto.Conn) error {
-	for scanner.Scan() {
-		line := scanner.Text()
-		if err := tconn.PrintfLine(line); err != nil {
-			return err
-		}
-		if line == "." {
-			break
-		}
-	}
-
-	// Read the "." response.
-	_, _, err := tconn.ReadResponse(-1)
-	return err
-}
-
-//
-// === Test environment ===
-//
-
-// generateCert generates a new, INSECURE self-signed certificate and writes
-// it to a pair of (cert.pem, key.pem) files to the given path.
-// Note the certificate is only useful for testing purposes.
-func generateCert(path string) error {
-	tmpl := x509.Certificate{
-		SerialNumber: big.NewInt(1234),
-		Subject: pkix.Name{
-			Organization: []string{"chasquid_test.go"},
-		},
-
-		DNSNames:    []string{"localhost"},
-		IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
-
-		NotBefore: time.Now(),
-		NotAfter:  time.Now().Add(24 * time.Hour),
-
-		KeyUsage: x509.KeyUsageKeyEncipherment |
-			x509.KeyUsageDigitalSignature |
-			x509.KeyUsageCertSign,
-
-		BasicConstraintsValid: true,
-		IsCA:                  true,
-	}
-
-	priv, err := rsa.GenerateKey(rand.Reader, 1024)
-	if err != nil {
-		return err
-	}
-
-	derBytes, err := x509.CreateCertificate(
-		rand.Reader, &tmpl, &tmpl, &priv.PublicKey, priv)
-	if err != nil {
-		return err
-	}
-
-	// Create a global config for convenience.
-	srvCert, err := x509.ParseCertificate(derBytes)
-	if err != nil {
-		return err
-	}
-	rootCAs := x509.NewCertPool()
-	rootCAs.AddCert(srvCert)
-	tlsConfig = &tls.Config{
-		ServerName: "localhost",
-		RootCAs:    rootCAs,
-	}
-
-	certOut, err := os.Create(path + "/cert.pem")
-	if err != nil {
-		return err
-	}
-	defer certOut.Close()
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-
-	keyOut, err := os.OpenFile(
-		path+"/key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-	if err != nil {
-		return err
-	}
-	defer keyOut.Close()
-
-	block := &pem.Block{
-		Type:  "RSA PRIVATE KEY",
-		Bytes: x509.MarshalPKCS1PrivateKey(priv),
-	}
-	pem.Encode(keyOut, block)
-	return nil
-}
-
-// waitForServer waits 10 seconds for the server to start, and returns an error
-// if it fails to do so.
-// It does this by repeatedly connecting to the address until it either
-// replies or times out. Note we do not do any validation of the reply.
-func waitForServer(addr string) {
-	start := time.Now()
-	for time.Since(start) < 10*time.Second {
-		conn, err := net.Dial("tcp", addr)
-		if err == nil {
-			conn.Close()
-			return
-		}
-
-		time.Sleep(100 * time.Millisecond)
-	}
-
-	panic(fmt.Errorf("%v not reachable", addr))
-}
-
-func init() {
-	flag.Parse()
-
-	log.Default.Level = log.Error
-
-	// Generate certificates in a temporary directory.
-	tmpDir, err := os.MkdirTemp("", "chasquid_smtpsrv_fuzz:")
-	if err != nil {
-		panic(fmt.Errorf("Failed to create temp dir: %v\n", tmpDir))
-	}
-	defer os.RemoveAll(tmpDir)
-
-	err = generateCert(tmpDir)
-	if err != nil {
-		panic(fmt.Errorf("Failed to generate cert for testing: %v\n", err))
-	}
-
-	smtpAddr = testlib.GetFreePort()
-	submissionAddr = testlib.GetFreePort()
-	submissionTLSAddr = testlib.GetFreePort()
-
-	s := NewServer()
-	s.Hostname = "localhost"
-	s.MaxDataSize = 50 * 1024 * 1025
-	s.AddCerts(tmpDir+"/cert.pem", tmpDir+"/key.pem")
-	s.AddAddr(smtpAddr, ModeSMTP)
-	s.AddAddr(submissionAddr, ModeSubmission)
-	s.AddAddr(submissionTLSAddr, ModeSubmissionTLS)
-
-	localC := &courier.MDA{}
-	remoteC := &courier.SMTP{}
-	s.InitQueue(tmpDir+"/queue", localC, remoteC)
-	s.InitDomainInfo(tmpDir + "/domaininfo")
-
-	udb := userdb.New("/dev/null")
-	udb.AddUser("testuser", "testpasswd")
-	s.aliasesR.AddAliasForTesting(
-		"to@localhost", "testuser@localhost", aliases.EMAIL)
-	s.AddDomain("localhost")
-	s.AddUserDB("localhost", udb)
-
-	// Disable SPF lookups, to avoid leaking DNS queries.
-	disableSPFForTesting = true
-
-	go s.ListenAndServe()
-
-	waitForServer(smtpAddr)
-	waitForServer(submissionAddr)
-	waitForServer(submissionTLSAddr)
-}

internal/smtpsrv/fuzz_test.go

@@ -0,0 +1,96 @@
+// Fuzz testing for package smtpsrv.  Based on server_test.
+package smtpsrv
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/textproto"
+	"strings"
+	"testing"
+)
+
+func fuzzConnection(t *testing.T, modeI int, data []byte) {
+	var mode SocketMode
+	addr := ""
+	switch modeI {
+	case 0:
+		mode = ModeSMTP
+		addr = smtpAddr
+	case 1:
+		mode = ModeSubmission
+		addr = submissionAddr
+	case 2:
+		mode = ModeSubmissionTLS
+		addr = submissionTLSAddr
+	default:
+		mode = ModeSMTP
+		addr = smtpAddr
+	}
+
+	var err error
+	var conn net.Conn
+	if mode.TLS {
+		conn, err = tls.Dial("tcp", addr, tlsConfig)
+	} else {
+		conn, err = net.Dial("tcp", addr)
+	}
+	if err != nil {
+		panic(fmt.Errorf("failed to dial: %v", err))
+	}
+	defer conn.Close()
+
+	tconn := textproto.NewConn(conn)
+	defer tconn.Close()
+
+	scanner := bufio.NewScanner(bytes.NewBuffer(data))
+	for scanner.Scan() {
+		line := scanner.Text()
+		cmd := strings.TrimSpace(strings.ToUpper(line))
+
+		// Skip STARTTLS if it happens on a non-TLS connection - the jump is
+		// not going to happen via fuzzer, it will just cause a timeout (which
+		// is considered a crash).
+		if cmd == "STARTTLS" && !mode.TLS {
+			continue
+		}
+
+		if err = tconn.PrintfLine(line); err != nil {
+			break
+		}
+
+		if _, _, err = tconn.ReadResponse(-1); err != nil {
+			break
+		}
+
+		if cmd == "DATA" {
+			// We just sent DATA and got a response; send the contents.
+			err = exchangeData(scanner, tconn)
+			if err != nil {
+				break
+			}
+		}
+	}
+}
+
+func FuzzConnection(f *testing.F) {
+	f.Fuzz(fuzzConnection)
+}
+
+func exchangeData(scanner *bufio.Scanner, tconn *textproto.Conn) error {
+	for scanner.Scan() {
+		line := scanner.Text()
+		if err := tconn.PrintfLine(line); err != nil {
+			return err
+		}
+		if line == "." {
+			break
+		}
+	}
+
+	// Read the "." response.
+	_, _, err := tconn.ReadResponse(-1)
+	return err
+}

internal/smtpsrv/testdata/fuzz/FuzzConnection/3d7e992212e817da7afdb7a4e769ceec1d4047a2e630bec4b35ecd4d55560424

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("HELO localhost\nMAIL FROM:<test@testy.com>\nRCPT LALA: <>\nRCPT TO:\nRCPT TO:<pepe>\nRCPT TO:<a@xn--->\nRCPT TO:<henryⅣ@testserver>\nRCPT TO:<aaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaX@bbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbX>\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/68d8c7b5f149996ffd46ad9a15852165d8c1cbd6c03cceb9382e5add16415c94

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("DATA\nHELO localhost\nDATA\nMAIL FROM:<a@b>\nRCPT TO: user@testserver\nDATA\nFrom: Mailer daemon <somewhere@horns.com>\nSubject: I've come to haunt you\nBad header\n\nMuahahahaha\n\n\n.\nQUIT\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/79e51b30c215fb19a29855deebf2ed8299b35ca6f14db9681ee504e216c44a7f

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("EHLO localhost\nMAIL FROM: <>\nRCPT TO: user@testserver\nDATA\nFrom: Mailer daemon <somewhere@báratro>\nSubject: I've come to haunt you\nMessage-ID: <booooo>\n\nÑañañañaña!\n\n\n.\nQUIT\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/83ab02fccf91c1b9c0c972de745dc2a45d23dc3236f9027e605c3e017d8898fe

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("HELO localhost\nMAIL LALA: <>\nMAIL FROM:\nMAIL FROM:<pepe>\nMAIL FROM:<a@xn--->\nMAIL FROM:<aaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaX@bbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbX>\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/a24124ade554d7a25de538f2cbbced6245ba60e90d221e51590456e222c80359

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("HELO\nEHLO\nHELO localhost\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/b896b41db27f6e36e4e727ac4f7b3d02fad34d217855c0d433ea3a325951b3bf

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("HELO localhost\nQUIT\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/bf15e6fb937795251090940ac60a37705b36a13e71a9557e7aaf0618ea2cf661

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("EHLO localhost\nMAIL FROM: <>\nRCPT TO: user@testserver\nDATA\nFrom: Mailer daemon <somewhere@horns.com>\nSubject: I've come to haunt you\n\nMuahahahaha\n\n\n.\nQUIT\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/d1b1ccbbb380c53282cc2689c4bd9ff0d03a03698e9be55371739ef95d7dd671

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("EHLO localhost\nAUTH PLAIN something\nAUTH PLAIN something\nAUTH PLAIN something\nAUTH PLAIN something\nAUTH PLAIN something\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/dc70e53325976a3a1067feb0b0c956c5a9abec1c867f8198808ccff83f594ded

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("EHLO localhost\nWHATISTHIS\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/e7682fde78ce0d78ddc7a818f151b6f04466a2c122197a2e4e8048d194ed72c2

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(0)
+[]byte("EHLO localhost\nAUTH PLAIN\n")

internal/smtpsrv/testdata/fuzz/FuzzConnection/fd41d0c11b1bb7f89825934b2ec51db1df166e34b4610e8089549eedf2e3635c

@@ -0,0 +1,3 @@
+go test fuzz v1
+int(2)
+[]byte("EHLO localhost\nAUTH SOMETHINGELSE\nAUTH PLAIN\ndXNlckB0ZXN0c2VydmVyAHlalala==\nAUTH PLAIN\ndXNlckB0ZXN0c2VydmVyAHVzZXJAdGVzdHNlcnZlcgB3cm9uZ3Bhc3N3b3Jk\nAUTH PLAIN\ndXNlckB0ZXN0c2VydmVyAHVzZXJAdGVzdHNlcnZlcgBzZWNyZXRwYXNzd29yZA==\nAUTH PLAIN\n")

internal/smtpsrv/testdata/fuzz/corpus/t-auth_multi_dialog

@@ -1,9 +0,0 @@
-2EHLO localhost
-AUTH SOMETHINGELSE
-AUTH PLAIN
-dXNlckB0ZXN0c2VydmVyAHlalala==
-AUTH PLAIN
-dXNlckB0ZXN0c2VydmVyAHVzZXJAdGVzdHNlcnZlcgB3cm9uZ3Bhc3N3b3Jk
-AUTH PLAIN
-dXNlckB0ZXN0c2VydmVyAHVzZXJAdGVzdHNlcnZlcgBzZWNyZXRwYXNzd29yZA==
-AUTH PLAIN

internal/smtpsrv/testdata/fuzz/corpus/t-auth_not_tls

@@ -1,2 +0,0 @@
-0EHLO localhost
-AUTH PLAIN

internal/smtpsrv/testdata/fuzz/corpus/t-auth_too_many_failures

@@ -1,6 +0,0 @@
-0EHLO localhost
-AUTH PLAIN something
-AUTH PLAIN something
-AUTH PLAIN something
-AUTH PLAIN something
-AUTH PLAIN something

internal/smtpsrv/testdata/fuzz/corpus/t-bad_data

@@ -1,15 +0,0 @@
-0DATA
-HELO localhost
-DATA
-MAIL FROM:<a@b>
-RCPT TO: user@testserver
-DATA
-From: Mailer daemon <somewhere@horns.com>
-Subject: I've come to haunt you
-Bad header
-
-Muahahahaha
-
-
-.
-QUIT

internal/smtpsrv/testdata/fuzz/corpus/t-bad_mail_from

@@ -1,6 +0,0 @@
-0HELO localhost
-MAIL LALA: <>
-MAIL FROM:
-MAIL FROM:<pepe>
-MAIL FROM:<a@xn--->
-MAIL FROM:<aaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaX@bbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbX>

internal/smtpsrv/testdata/fuzz/corpus/t-bad_rcpt_to

@@ -1,8 +0,0 @@
-0HELO localhost
-MAIL FROM:<test@testy.com>
-RCPT LALA: <>
-RCPT TO:
-RCPT TO:<pepe>
-RCPT TO:<a@xn--->
-RCPT TO:<henryⅣ@testserver>
-RCPT TO:<aaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaXaaaa5aaaaX@bbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbXbbbb5bbbbX>

internal/smtpsrv/testdata/fuzz/corpus/t-empty_helo

@@ -1,3 +0,0 @@
-0HELO
-EHLO
-HELO localhost

internal/smtpsrv/testdata/fuzz/corpus/t-helo

@@ -1,2 +0,0 @@
-0HELO localhost
-QUIT

internal/smtpsrv/testdata/fuzz/corpus/t-null_address

@@ -1,13 +0,0 @@
-0EHLO localhost
-MAIL FROM: <>
-RCPT TO: user@testserver
-DATA
-From: Mailer daemon <somewhere@báratro>
-Subject: I've come to haunt you
-Message-ID: <booooo>
-
-Ñañañañaña!
-
-
-.
-QUIT

internal/smtpsrv/testdata/fuzz/corpus/t-sendmail

@@ -1,12 +0,0 @@
-0EHLO localhost
-MAIL FROM: <>
-RCPT TO: user@testserver
-DATA
-From: Mailer daemon <somewhere@horns.com>
-Subject: I've come to haunt you
-
-Muahahahaha
-
-
-.
-QUIT

internal/smtpsrv/testdata/fuzz/corpus/t-unknown_command

@@ -1,2 +0,0 @@
-0EHLO localhost
-WHATISTHIS

test/README.md

@@ -65,13 +65,11 @@ improvements on the main code paths.
 ## Fuzz tests
 
 Some Go packages also have instrumentation to run fuzz testing against them,
-with the [go-fuzz](https://github.com/dvyukov/go-fuzz) tool.
+using the [Go native fuzzing support](https://go.dev/security/fuzz/).
 
 This is critical for packages that handle sensitive user input, such as
 authentication encoding, aliases files, or username normalization.
 
-They are implemented by a `fuzz.go` file within their respective Go packages.
-
 
 ## Command-line tool tests