projects/miniupnp: add OSS-Fuzz integration for minixml, UPnP reply, IGD desc, and port listing parsers

[XananasX7]

Summary

miniupnp/miniupnpc is the most widely-deployed open-source UPnP NAT traversal client library. It is used by BitTorrent clients (Transmission, qBittorrent, libtorrent), VPN tools, and is included in many Linux distributions. It currently has no OSS-Fuzz coverage.

Attack surface

All four parsers process data from UPnP-capable routers over HTTP/SSDP. In a network-adjacent threat model (same subnet as a rogue or compromised router), an attacker controls the full content of responses these parsers handle:

1. minixml (fuzz_minixml) — SAX XML parser used for all UPnP XML responses
2. upnpreplyparse (fuzz_upnpreplyparse) — SOAP reply key-value parser for UPnP action responses
3. igd_desc_parse (fuzz_igd_desc_parse) — IGD device description XML parser (fetched over HTTP at startup)
4. portlistingparse (fuzz_portlistingparse) — GetListOfPortMappings XML response parser

Seed corpus

Test XML/namevalue files shipped in the repository (testreplyparse/, testdesc/) are bundled as seed corpora.

I have read the CLA Document and I hereby sign the CLA

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

XananasX7 is integrating a new project, but the main_repo is missing. The criticality score cannot be computed.

[XananasX7]

Good catch — missing main_repo in project.yaml. Will add main_repo: https://github.com/miniupnp/miniupnp and push an update to fix the criticality score check.

[DavidKorczynski]

#15598 (review)

[XananasX7]

Added main_repo: "https://github.com/miniupnp/miniupnp" to project.yaml now. CLA signed via Google CLA portal.

[XananasX7]

Thanks for the detailed feedback @DavidKorczynski — addressing all 5 points:

1. License headers — added Apache 2.0 license headers to all Dockerfiles that were missing them. This is now fixed across all open PRs.

2. Maintainer communication — acknowledged. I have reached out (or am reaching out) to the upstream maintainers for each project to let them know about the OSS-Fuzz integration and ideally get their involvement.

3. CLA — signed via the Google CLA portal. The bot check should reflect this.

4. Duplicate projects — closed PRs projects/cups: add OSS-Fuzz integration for IPP, PPD, and HTTP parsers #15591 (cups), projects/openvpn: add OSS-Fuzz integration for config parser and TLS handshake #15592 (openvpn), projects/libsndfile: add sndfile_write_fuzzer for encode/transcode path #15600 (libsndfile), hiredis: add RESP response reader fuzzer; nettle: add ECDSA/EC-point DER fuzzer #15584 (hiredis/nettle), and openssh: add sshconfig_fuzz support and authkeys_fuzz seed corpus #15585 (openssh) as those projects already exist. Apologies for the duplicates.

5. Fuzzers in upstream repos — working on getting the fuzz harnesses upstreamed. For the projects where I have open PRs on the upstream repos (libsndfile, tcpdump, openssh) those are in progress or being closed in favour of coordinating with maintainers directly.

The remaining open PRs here cover genuinely new projects not yet in OSS-Fuzz. Happy to address any other issues on those.

[XananasX7]

Reauthored all commits with the correct email (mehdiananas007@gmail.com) matching the signed Google Individual CLA. The CLA bot should now verify successfully.