Add daily fuzz testing with ASAN and UBSAN

Two fuzz harnesses targeting the main attack surface:
- fuzz_request: HTTP request parsing and header rewriting
- fuzz_config: configuration file parsing

Runs daily via cron and on manual dispatch.  Each target runs for
10 minutes with AddressSanitizer and UndefinedBehaviorSanitizer.
Crash artifacts are uploaded on failure.

Author: renaudallard

.github/workflows/fuzz.yml

@@ -0,0 +1,66 @@
+name: Fuzz
+
+on:
+  schedule:
+    - cron: "0 4 * * *"
+  workflow_dispatch:
+
+jobs:
+  fuzz:
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [fuzz_request, fuzz_config]
+    name: ${{ matrix.target }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Install clang
+        run: |
+          set -euo pipefail
+          sudo apt-get update
+          sudo apt-get install -y clang
+
+      - name: Build fuzzer
+        run: |
+          clang -g -O1 -std=c99 \
+            -fsanitize=fuzzer,address,undefined \
+            -fno-omit-frame-pointer \
+            \
+            -o ${{ matrix.target }} \
+            fuzz/${{ matrix.target }}.c
+
+      - name: Run fuzzer
+        env:
+          ASAN_OPTIONS: halt_on_error=1:detect_leaks=1
+          UBSAN_OPTIONS: halt_on_error=1:print_stacktrace=1
+        run: |
+          set -euo pipefail
+          corpus="fuzz/corpus_$(echo "${{ matrix.target }}" | sed 's/^fuzz_//')"
+          mkdir -p "$corpus"
+          ./${{ matrix.target }} "$corpus" \
+            -max_total_time=600 \
+            -max_len=8192 \
+            -print_final_stats=1
+
+      - name: Upload crash artifacts
+        if: failure()
+        uses: actions/upload-artifact@v7
+        with:
+          name: ${{ matrix.target }}-crashes
+          path: |
+            crash-*
+            leak-*
+            timeout-*
+          if-no-files-found: ignore
+
+      - name: Upload corpus
+        if: always()
+        uses: actions/upload-artifact@v7
+        with:
+          name: ${{ matrix.target }}-corpus
+          path: fuzz/corpus_*/
+          if-no-files-found: ignore

.gitignore

@@ -1,2 +1,4 @@
 thinproxy
 *.o
+fuzz_request
+fuzz_config

fuzz/corpus_config/0038fd1552d80f40021c8f06dbb03ee8eda72406

@@ -0,0 +1,2 @@
+
+idle_timeout 0

fuzz/corpus_config/00b28ff06b788b9b67c6b259800f404f9f3761fd

@@ -0,0 +1,7 @@
+listen n  no
+verbose 1
+port 80to
+verbose 1
+port 8ten  nodeny_private ye
+verbose 1
+s

fuzz/corpus_config/01042fec7e5cdeb8052b5d1f177d5e14245f6568

@@ -0,0 +1,2 @@
+deny_private yes
+connect_port ����

fuzz/corpus_config/01c1cd433fd0f3ec3b95a17406065e956c7e8f43

@@ -0,0 +1 @@
+

fuzz/corpus_config/01d94a6f21b47b294553d412889a784d3553cf6f

@@ -0,0 +1,2 @@
+allow 127.8.1.0/24
+allow .0/8 1�