aboutsummaryrefslogtreecommitdiff
path: root/fuzzer
diff options
context:
space:
mode:
authorFelix Weinrank <weinrank@fh-muenster.de>2019-09-26 16:53:56 +0200
committerMichael Tüxen <tuexen@fh-muenster.de>2019-09-26 16:53:56 +0200
commit248221fb77a67e00d2775fcd026e7ea2a7a8b818 (patch)
tree14f767b92cee1fb426001c84df5aaa37e219f136 /fuzzer
parentb07df88c8993722bf4197900bda4646c12ab2f99 (diff)
downloadusrsctp-248221fb77a67e00d2775fcd026e7ea2a7a8b818.tar.gz
Improve fuzzing utilities (#384)
Diffstat (limited to 'fuzzer')
-rw-r--r--fuzzer/CMakeLists.txt61
-rw-r--r--fuzzer/CORPUS_CONNECT/crash-0a63175dc6b51474dc08197431ec36d11db5e77bbin0 -> 291 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/crash-27ffd53d682a7908bf7569e32d904f049066b5d6bin0 -> 444 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/data-1.binbin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/init-ack-1.binbin0 -> 444 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/leak-00bd871f5ce0596083fe8642c803c97f424b0c70bin0 -> 1068 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/shutdown-1.binbin0 -> 8 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/shutdown-ack-1.binbin0 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/shutdown-complete-1.bin (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000028)bin4 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5bin0 -> 995 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000000bin0 -> 128 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000001bin0 -> 504 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000002bin0 -> 384 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000003bin0 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000004bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000005bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000006bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000007bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000008bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000009bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000010bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000011bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000012bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000013bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000014bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000015bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000016bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000017bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000018bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000019bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000020bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000021bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000022bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000023bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000024bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000025bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000026bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000027bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000028bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000029bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000030bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000031bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000032bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000033bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000034bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000035bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000036bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000037bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000038bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000039bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000040bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000041bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000042bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000043bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000044bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000045bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000046bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000047bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000048bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000049bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000050bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000051bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000052bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000053bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000054bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000055bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000056bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000057bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000058bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000059bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000060bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000061bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000062bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000063bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000064bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000065bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000066bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000067bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000068bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000069bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000070bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000071bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000072bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000073bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000074bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000075bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000076bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000077bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000078bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000079bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000080bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000081bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000082bin0 -> 1448 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000083bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000084bin0 -> 880 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000085bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000086bin0 -> 14 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000087bin0 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000088bin0 -> 14 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000089bin0 -> 128 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000090bin0 -> 504 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000091bin0 -> 384 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000092bin0 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000093bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000094bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000095bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000096bin0 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000097bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000098bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000099bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000100bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000101bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000102bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000103bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000104bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000105bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000106bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000107bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000108bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000109bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000110bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000111bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000112bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000113bin0 -> 1044 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000114bin0 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000115bin0 -> 14 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000116bin0 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-0-000117bin0 -> 14 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000000 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000000)bin128 -> 128 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000001 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000001)bin504 -> 504 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000002 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000002)bin384 -> 384 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000003 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000003)bin14 -> 14 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000004 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000004)bin44 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000005 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000005)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000006 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000006)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000007 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000007)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000008 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000008)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000009 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000009)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000010 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000010)bin44 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000011 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000011)bin44 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000012 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000012)bin44 -> 44 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000013 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000013)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000014 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000014)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000015 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000015)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000016 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000016)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000017 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000017)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000018 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000018)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000019 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000019)bin1040 -> 1040 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000020 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000020)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000021 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000021)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000022 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000022)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000023 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000023)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000024 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000024)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000025 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000025)bin16 -> 16 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000026 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000026)bin8 -> 8 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000027 (renamed from fuzzer/CORPUS_CONNECTED/tsctp-000027)bin14 -> 14 bytes
-rw-r--r--fuzzer/CORPUS_CONNECT/tsctp-000028bin0 -> 4 bytes
-rw-r--r--fuzzer/CORPUS_LISTEN/init-1.binbin0 -> 108 bytes
-rwxr-xr-xfuzzer/build-fuzzer.sh30
-rwxr-xr-xfuzzer/chain.sh15
-rwxr-xr-xfuzzer/crashtest.py3
-rw-r--r--fuzzer/fuzzer_connect.c476
-rwxr-xr-xfuzzer/fuzzer_connect_multi.sh22
-rw-r--r--fuzzer/fuzzer_connected.c236
-rw-r--r--fuzzer/fuzzer_listen.c (renamed from fuzzer/fuzzer_unconnected.c)15
-rwxr-xr-xfuzzer/fuzzer_listen.sh (renamed from fuzzer/fuzzer_connected.sh)6
-rwxr-xr-xfuzzer/fuzzer_unconnected.sh5
167 files changed, 599 insertions, 270 deletions
diff --git a/fuzzer/CMakeLists.txt b/fuzzer/CMakeLists.txt
index c2b34273..d60eb5dc 100644
--- a/fuzzer/CMakeLists.txt
+++ b/fuzzer/CMakeLists.txt
@@ -60,7 +60,7 @@ endif ()
# COMPILER FLAGS
#################################################
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-gnu-zero-variadic-macro-arguments")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-gnu-zero-variadic-macro-arguments -Wno-unused-variable")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer")
@@ -68,26 +68,41 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer")
# PROGRAMS
#################################################
-# if in fuzzing mode, only build the fuzzer
-configure_file(crashtest.py crashtest.py COPYONLY)
-configure_file(fuzzer_unconnected.sh fuzzer_unconnected.sh COPYONLY)
-configure_file(fuzzer_connected.sh fuzzer_connected.sh COPYONLY)
-
-list(APPEND check_programs
- fuzzer_unconnected.c
- fuzzer_connected.c
-)
-
-foreach (source_file ${check_programs})
- get_filename_component(source_file_we ${source_file} NAME_WE)
- add_executable(
- ${source_file_we}
- ${source_file}
- )
-
- target_link_libraries(
- ${source_file_we}
- usrsctp-static
- )
-endforeach ()
+# FUZZING_STAGE LEVELS
+# 0 - MULTI - based on input
+# 1 - COOKIE_WAIT
+# 2 - COOKIE_ECHO
+# 3 - ESTABLISHED
+# 4 - DATA SENT
+# 5 - DATA RECEIVED
+add_executable(fuzzer_listen fuzzer_listen.c ../programs/programs_helper.c)
+target_link_libraries(fuzzer_listen usrsctp-static)
+
+add_executable(fuzzer_connect_multi fuzzer_connect.c ../programs/programs_helper.c)
+target_compile_definitions(fuzzer_connect_multi PRIVATE FUZZING_STAGE=0)
+target_link_libraries(fuzzer_connect_multi usrsctp-static)
+
+add_executable(fuzzer_connect_multi_verbose fuzzer_connect.c ../programs/programs_helper.c)
+target_compile_definitions(fuzzer_connect_multi_verbose PRIVATE FUZZING_STAGE=0 FUZZ_VERBOSE)
+target_link_libraries(fuzzer_connect_multi_verbose usrsctp-static)
+
+# add_executable(fuzzer_connect_cookie_wait fuzzer_connect.c)
+# target_compile_definitions(fuzzer_connect_cookie_wait PRIVATE FUZZING_STAGE=1)
+# target_link_libraries(fuzzer_connect_cookie_wait usrsctp-static)
+
+# add_executable(fuzzer_connect_cookie_echoed fuzzer_connect.c)
+# target_compile_definitions(fuzzer_connect_cookie_echoed PRIVATE FUZZING_STAGE=2)
+# target_link_libraries(fuzzer_connect_cookie_echoed usrsctp-static)
+
+# add_executable(fuzzer_connect_established fuzzer_connect.c)
+# target_compile_definitions(fuzzer_connect_established PRIVATE FUZZING_STAGE=3)
+# target_link_libraries(fuzzer_connect_established usrsctp-static)
+
+# add_executable(fuzzer_connect_data_sent fuzzer_connect.c)
+# target_compile_definitions(fuzzer_connect_data_sent PRIVATE FUZZING_STAGE=4)
+# target_link_libraries(fuzzer_connect_data_sent usrsctp-static)
+
+# add_executable(fuzzer_connect_data_received fuzzer_connect.c)
+# target_compile_definitions(fuzzer_connect_data_received PRIVATE FUZZING_STAGE=5)
+# target_link_libraries(fuzzer_connect_data_received usrsctp-static)
diff --git a/fuzzer/CORPUS_CONNECT/crash-0a63175dc6b51474dc08197431ec36d11db5e77b b/fuzzer/CORPUS_CONNECT/crash-0a63175dc6b51474dc08197431ec36d11db5e77b
new file mode 100644
index 00000000..d90d892a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/crash-0a63175dc6b51474dc08197431ec36d11db5e77b
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/crash-27ffd53d682a7908bf7569e32d904f049066b5d6 b/fuzzer/CORPUS_CONNECT/crash-27ffd53d682a7908bf7569e32d904f049066b5d6
new file mode 100644
index 00000000..640bdb9f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/crash-27ffd53d682a7908bf7569e32d904f049066b5d6
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/data-1.bin b/fuzzer/CORPUS_CONNECT/data-1.bin
new file mode 100644
index 00000000..eea64c93
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/data-1.bin
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/init-ack-1.bin b/fuzzer/CORPUS_CONNECT/init-ack-1.bin
new file mode 100644
index 00000000..89abce3e
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/init-ack-1.bin
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/leak-00bd871f5ce0596083fe8642c803c97f424b0c70 b/fuzzer/CORPUS_CONNECT/leak-00bd871f5ce0596083fe8642c803c97f424b0c70
new file mode 100644
index 00000000..0ed6e7b5
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/leak-00bd871f5ce0596083fe8642c803c97f424b0c70
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/shutdown-1.bin b/fuzzer/CORPUS_CONNECT/shutdown-1.bin
new file mode 100644
index 00000000..27a757fb
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/shutdown-1.bin
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/shutdown-ack-1.bin b/fuzzer/CORPUS_CONNECT/shutdown-ack-1.bin
new file mode 100644
index 00000000..307a4f9d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/shutdown-ack-1.bin
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000028 b/fuzzer/CORPUS_CONNECT/shutdown-complete-1.bin
index d1e11efc..d1e11efc 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000028
+++ b/fuzzer/CORPUS_CONNECT/shutdown-complete-1.bin
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5 b/fuzzer/CORPUS_CONNECT/timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5
new file mode 100644
index 00000000..0a8a2710
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000000 b/fuzzer/CORPUS_CONNECT/tsctp-0-000000
new file mode 100644
index 00000000..f79236f5
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000000
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000001 b/fuzzer/CORPUS_CONNECT/tsctp-0-000001
new file mode 100644
index 00000000..f4296e29
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000001
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000002 b/fuzzer/CORPUS_CONNECT/tsctp-0-000002
new file mode 100644
index 00000000..f0838094
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000002
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000003 b/fuzzer/CORPUS_CONNECT/tsctp-0-000003
new file mode 100644
index 00000000..d2792141
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000003
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000004 b/fuzzer/CORPUS_CONNECT/tsctp-0-000004
new file mode 100644
index 00000000..40823409
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000004
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000005 b/fuzzer/CORPUS_CONNECT/tsctp-0-000005
new file mode 100644
index 00000000..a4c1a101
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000005
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000006 b/fuzzer/CORPUS_CONNECT/tsctp-0-000006
new file mode 100644
index 00000000..ec6e84e6
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000006
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000007 b/fuzzer/CORPUS_CONNECT/tsctp-0-000007
new file mode 100644
index 00000000..4ef78de1
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000007
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000008 b/fuzzer/CORPUS_CONNECT/tsctp-0-000008
new file mode 100644
index 00000000..106f6803
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000008
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000009 b/fuzzer/CORPUS_CONNECT/tsctp-0-000009
new file mode 100644
index 00000000..ec39c435
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000009
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000010 b/fuzzer/CORPUS_CONNECT/tsctp-0-000010
new file mode 100644
index 00000000..56baf88b
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000010
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000011 b/fuzzer/CORPUS_CONNECT/tsctp-0-000011
new file mode 100644
index 00000000..80278711
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000011
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000012 b/fuzzer/CORPUS_CONNECT/tsctp-0-000012
new file mode 100644
index 00000000..3b2d5fc0
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000012
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000013 b/fuzzer/CORPUS_CONNECT/tsctp-0-000013
new file mode 100644
index 00000000..13937138
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000013
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000014 b/fuzzer/CORPUS_CONNECT/tsctp-0-000014
new file mode 100644
index 00000000..f5b5739f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000014
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000015 b/fuzzer/CORPUS_CONNECT/tsctp-0-000015
new file mode 100644
index 00000000..77c29e8f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000015
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000016 b/fuzzer/CORPUS_CONNECT/tsctp-0-000016
new file mode 100644
index 00000000..877542c7
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000016
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000017 b/fuzzer/CORPUS_CONNECT/tsctp-0-000017
new file mode 100644
index 00000000..d9dd08dc
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000017
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000018 b/fuzzer/CORPUS_CONNECT/tsctp-0-000018
new file mode 100644
index 00000000..9521d020
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000018
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000019 b/fuzzer/CORPUS_CONNECT/tsctp-0-000019
new file mode 100644
index 00000000..7eb61c5a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000019
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000020 b/fuzzer/CORPUS_CONNECT/tsctp-0-000020
new file mode 100644
index 00000000..f8a97e73
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000020
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000021 b/fuzzer/CORPUS_CONNECT/tsctp-0-000021
new file mode 100644
index 00000000..a32de60a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000021
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000022 b/fuzzer/CORPUS_CONNECT/tsctp-0-000022
new file mode 100644
index 00000000..7a294e8b
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000022
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000023 b/fuzzer/CORPUS_CONNECT/tsctp-0-000023
new file mode 100644
index 00000000..d11a4d83
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000023
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000024 b/fuzzer/CORPUS_CONNECT/tsctp-0-000024
new file mode 100644
index 00000000..7fd3d3ef
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000024
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000025 b/fuzzer/CORPUS_CONNECT/tsctp-0-000025
new file mode 100644
index 00000000..8f97c90c
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000025
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000026 b/fuzzer/CORPUS_CONNECT/tsctp-0-000026
new file mode 100644
index 00000000..c30ac348
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000026
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000027 b/fuzzer/CORPUS_CONNECT/tsctp-0-000027
new file mode 100644
index 00000000..0cbcaece
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000027
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000028 b/fuzzer/CORPUS_CONNECT/tsctp-0-000028
new file mode 100644
index 00000000..8aaa2262
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000028
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000029 b/fuzzer/CORPUS_CONNECT/tsctp-0-000029
new file mode 100644
index 00000000..3a8661be
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000029
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000030 b/fuzzer/CORPUS_CONNECT/tsctp-0-000030
new file mode 100644
index 00000000..731d3a6d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000030
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000031 b/fuzzer/CORPUS_CONNECT/tsctp-0-000031
new file mode 100644
index 00000000..5cc00a94
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000031
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000032 b/fuzzer/CORPUS_CONNECT/tsctp-0-000032
new file mode 100644
index 00000000..5d9df119
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000032
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000033 b/fuzzer/CORPUS_CONNECT/tsctp-0-000033
new file mode 100644
index 00000000..ae63b69d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000033
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000034 b/fuzzer/CORPUS_CONNECT/tsctp-0-000034
new file mode 100644
index 00000000..9c03a104
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000034
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000035 b/fuzzer/CORPUS_CONNECT/tsctp-0-000035
new file mode 100644
index 00000000..07a557b3
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000035
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000036 b/fuzzer/CORPUS_CONNECT/tsctp-0-000036
new file mode 100644
index 00000000..1a1a097e
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000036
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000037 b/fuzzer/CORPUS_CONNECT/tsctp-0-000037
new file mode 100644
index 00000000..965b943e
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000037
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000038 b/fuzzer/CORPUS_CONNECT/tsctp-0-000038
new file mode 100644
index 00000000..ddcf498a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000038
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000039 b/fuzzer/CORPUS_CONNECT/tsctp-0-000039
new file mode 100644
index 00000000..ac7aa387
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000039
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000040 b/fuzzer/CORPUS_CONNECT/tsctp-0-000040
new file mode 100644
index 00000000..6f71eda5
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000040
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000041 b/fuzzer/CORPUS_CONNECT/tsctp-0-000041
new file mode 100644
index 00000000..dfb81caa
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000041
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000042 b/fuzzer/CORPUS_CONNECT/tsctp-0-000042
new file mode 100644
index 00000000..84cf653f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000042
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000043 b/fuzzer/CORPUS_CONNECT/tsctp-0-000043
new file mode 100644
index 00000000..a240ae50
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000043
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000044 b/fuzzer/CORPUS_CONNECT/tsctp-0-000044
new file mode 100644
index 00000000..b2af6ac1
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000044
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000045 b/fuzzer/CORPUS_CONNECT/tsctp-0-000045
new file mode 100644
index 00000000..91433cee
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000045
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000046 b/fuzzer/CORPUS_CONNECT/tsctp-0-000046
new file mode 100644
index 00000000..1b7bc640
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000046
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000047 b/fuzzer/CORPUS_CONNECT/tsctp-0-000047
new file mode 100644
index 00000000..7ba7e4ed
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000047
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000048 b/fuzzer/CORPUS_CONNECT/tsctp-0-000048
new file mode 100644
index 00000000..41b04f84
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000048
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000049 b/fuzzer/CORPUS_CONNECT/tsctp-0-000049
new file mode 100644
index 00000000..58749f03
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000049
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000050 b/fuzzer/CORPUS_CONNECT/tsctp-0-000050
new file mode 100644
index 00000000..fb3e0970
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000050
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000051 b/fuzzer/CORPUS_CONNECT/tsctp-0-000051
new file mode 100644
index 00000000..2eda2407
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000051
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000052 b/fuzzer/CORPUS_CONNECT/tsctp-0-000052
new file mode 100644
index 00000000..e51adc4d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000052
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000053 b/fuzzer/CORPUS_CONNECT/tsctp-0-000053
new file mode 100644
index 00000000..5acacab5
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000053
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000054 b/fuzzer/CORPUS_CONNECT/tsctp-0-000054
new file mode 100644
index 00000000..aeff74fe
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000054
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000055 b/fuzzer/CORPUS_CONNECT/tsctp-0-000055
new file mode 100644
index 00000000..3772545b
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000055
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000056 b/fuzzer/CORPUS_CONNECT/tsctp-0-000056
new file mode 100644
index 00000000..3987dd6e
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000056
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000057 b/fuzzer/CORPUS_CONNECT/tsctp-0-000057
new file mode 100644
index 00000000..19da6c14
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000057
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000058 b/fuzzer/CORPUS_CONNECT/tsctp-0-000058
new file mode 100644
index 00000000..9245cfb0
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000058
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000059 b/fuzzer/CORPUS_CONNECT/tsctp-0-000059
new file mode 100644
index 00000000..918afac2
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000059
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000060 b/fuzzer/CORPUS_CONNECT/tsctp-0-000060
new file mode 100644
index 00000000..bb8f9fc5
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000060
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000061 b/fuzzer/CORPUS_CONNECT/tsctp-0-000061
new file mode 100644
index 00000000..9a83cec9
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000061
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000062 b/fuzzer/CORPUS_CONNECT/tsctp-0-000062
new file mode 100644
index 00000000..ecd55071
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000062
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000063 b/fuzzer/CORPUS_CONNECT/tsctp-0-000063
new file mode 100644
index 00000000..cfd79433
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000063
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000064 b/fuzzer/CORPUS_CONNECT/tsctp-0-000064
new file mode 100644
index 00000000..aa5c2a96
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000064
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000065 b/fuzzer/CORPUS_CONNECT/tsctp-0-000065
new file mode 100644
index 00000000..9e03febe
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000065
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000066 b/fuzzer/CORPUS_CONNECT/tsctp-0-000066
new file mode 100644
index 00000000..ecfee6f7
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000066
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000067 b/fuzzer/CORPUS_CONNECT/tsctp-0-000067
new file mode 100644
index 00000000..f2d0fd7f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000067
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000068 b/fuzzer/CORPUS_CONNECT/tsctp-0-000068
new file mode 100644
index 00000000..2f80c385
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000068
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000069 b/fuzzer/CORPUS_CONNECT/tsctp-0-000069
new file mode 100644
index 00000000..b6385085
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000069
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000070 b/fuzzer/CORPUS_CONNECT/tsctp-0-000070
new file mode 100644
index 00000000..84cbe7e4
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000070
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000071 b/fuzzer/CORPUS_CONNECT/tsctp-0-000071
new file mode 100644
index 00000000..8b31e589
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000071
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000072 b/fuzzer/CORPUS_CONNECT/tsctp-0-000072
new file mode 100644
index 00000000..4e33bd40
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000072
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000073 b/fuzzer/CORPUS_CONNECT/tsctp-0-000073
new file mode 100644
index 00000000..61894e9d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000073
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000074 b/fuzzer/CORPUS_CONNECT/tsctp-0-000074
new file mode 100644
index 00000000..3d979601
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000074
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000075 b/fuzzer/CORPUS_CONNECT/tsctp-0-000075
new file mode 100644
index 00000000..4e2955aa
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000075
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000076 b/fuzzer/CORPUS_CONNECT/tsctp-0-000076
new file mode 100644
index 00000000..6b7b1aae
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000076
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000077 b/fuzzer/CORPUS_CONNECT/tsctp-0-000077
new file mode 100644
index 00000000..1f9e4181
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000077
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000078 b/fuzzer/CORPUS_CONNECT/tsctp-0-000078
new file mode 100644
index 00000000..9a6a022d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000078
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000079 b/fuzzer/CORPUS_CONNECT/tsctp-0-000079
new file mode 100644
index 00000000..4474d30d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000079
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000080 b/fuzzer/CORPUS_CONNECT/tsctp-0-000080
new file mode 100644
index 00000000..97023f25
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000080
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000081 b/fuzzer/CORPUS_CONNECT/tsctp-0-000081
new file mode 100644
index 00000000..9241f2a7
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000081
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000082 b/fuzzer/CORPUS_CONNECT/tsctp-0-000082
new file mode 100644
index 00000000..bb7bbf18
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000082
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000083 b/fuzzer/CORPUS_CONNECT/tsctp-0-000083
new file mode 100644
index 00000000..5ed12e97
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000083
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000084 b/fuzzer/CORPUS_CONNECT/tsctp-0-000084
new file mode 100644
index 00000000..6c312bc7
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000084
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000085 b/fuzzer/CORPUS_CONNECT/tsctp-0-000085
new file mode 100644
index 00000000..e36a1926
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000085
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000086 b/fuzzer/CORPUS_CONNECT/tsctp-0-000086
new file mode 100644
index 00000000..65efd28f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000086
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000087 b/fuzzer/CORPUS_CONNECT/tsctp-0-000087
new file mode 100644
index 00000000..307a4f9d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000087
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000088 b/fuzzer/CORPUS_CONNECT/tsctp-0-000088
new file mode 100644
index 00000000..2ba7040d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000088
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000089 b/fuzzer/CORPUS_CONNECT/tsctp-0-000089
new file mode 100644
index 00000000..2cc53e6c
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000089
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000090 b/fuzzer/CORPUS_CONNECT/tsctp-0-000090
new file mode 100644
index 00000000..ab7701b3
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000090
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000091 b/fuzzer/CORPUS_CONNECT/tsctp-0-000091
new file mode 100644
index 00000000..e883f014
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000091
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000092 b/fuzzer/CORPUS_CONNECT/tsctp-0-000092
new file mode 100644
index 00000000..d2792141
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000092
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000093 b/fuzzer/CORPUS_CONNECT/tsctp-0-000093
new file mode 100644
index 00000000..51c2e97d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000093
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000094 b/fuzzer/CORPUS_CONNECT/tsctp-0-000094
new file mode 100644
index 00000000..bfd3d005
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000094
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000095 b/fuzzer/CORPUS_CONNECT/tsctp-0-000095
new file mode 100644
index 00000000..f7a1cc41
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000095
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000096 b/fuzzer/CORPUS_CONNECT/tsctp-0-000096
new file mode 100644
index 00000000..3ea5c3d8
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000096
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000097 b/fuzzer/CORPUS_CONNECT/tsctp-0-000097
new file mode 100644
index 00000000..67de3edc
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000097
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000098 b/fuzzer/CORPUS_CONNECT/tsctp-0-000098
new file mode 100644
index 00000000..81969189
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000098
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000099 b/fuzzer/CORPUS_CONNECT/tsctp-0-000099
new file mode 100644
index 00000000..663df651
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000099
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000100 b/fuzzer/CORPUS_CONNECT/tsctp-0-000100
new file mode 100644
index 00000000..e44d1a87
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000100
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000101 b/fuzzer/CORPUS_CONNECT/tsctp-0-000101
new file mode 100644
index 00000000..c7231171
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000101
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000102 b/fuzzer/CORPUS_CONNECT/tsctp-0-000102
new file mode 100644
index 00000000..e0b6be30
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000102
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000103 b/fuzzer/CORPUS_CONNECT/tsctp-0-000103
new file mode 100644
index 00000000..7ca45f4c
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000103
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000104 b/fuzzer/CORPUS_CONNECT/tsctp-0-000104
new file mode 100644
index 00000000..c6c321ea
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000104
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000105 b/fuzzer/CORPUS_CONNECT/tsctp-0-000105
new file mode 100644
index 00000000..cbcfd14b
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000105
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000106 b/fuzzer/CORPUS_CONNECT/tsctp-0-000106
new file mode 100644
index 00000000..664a6f8a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000106
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000107 b/fuzzer/CORPUS_CONNECT/tsctp-0-000107
new file mode 100644
index 00000000..3b2fb4ec
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000107
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000108 b/fuzzer/CORPUS_CONNECT/tsctp-0-000108
new file mode 100644
index 00000000..dc235620
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000108
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000109 b/fuzzer/CORPUS_CONNECT/tsctp-0-000109
new file mode 100644
index 00000000..6a622b7a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000109
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000110 b/fuzzer/CORPUS_CONNECT/tsctp-0-000110
new file mode 100644
index 00000000..f0972354
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000110
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000111 b/fuzzer/CORPUS_CONNECT/tsctp-0-000111
new file mode 100644
index 00000000..a8df479f
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000111
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000112 b/fuzzer/CORPUS_CONNECT/tsctp-0-000112
new file mode 100644
index 00000000..1fa63ed6
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000112
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000113 b/fuzzer/CORPUS_CONNECT/tsctp-0-000113
new file mode 100644
index 00000000..3806111a
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000113
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000114 b/fuzzer/CORPUS_CONNECT/tsctp-0-000114
new file mode 100644
index 00000000..e790c907
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000114
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000115 b/fuzzer/CORPUS_CONNECT/tsctp-0-000115
new file mode 100644
index 00000000..be2b06af
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000115
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000116 b/fuzzer/CORPUS_CONNECT/tsctp-0-000116
new file mode 100644
index 00000000..307a4f9d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000116
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-0-000117 b/fuzzer/CORPUS_CONNECT/tsctp-0-000117
new file mode 100644
index 00000000..2ba7040d
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-0-000117
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000000 b/fuzzer/CORPUS_CONNECT/tsctp-000000
index 5f4b76f2..5f4b76f2 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000000
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000000
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000001 b/fuzzer/CORPUS_CONNECT/tsctp-000001
index f3f91d47..f3f91d47 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000001
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000001
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000002 b/fuzzer/CORPUS_CONNECT/tsctp-000002
index 869584a9..869584a9 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000002
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000002
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000003 b/fuzzer/CORPUS_CONNECT/tsctp-000003
index d1dcf30c..d1dcf30c 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000003
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000003
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000004 b/fuzzer/CORPUS_CONNECT/tsctp-000004
index cf48b7cf..cf48b7cf 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000004
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000004
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000005 b/fuzzer/CORPUS_CONNECT/tsctp-000005
index 7663ed14..7663ed14 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000005
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000005
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000006 b/fuzzer/CORPUS_CONNECT/tsctp-000006
index 68612f50..68612f50 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000006
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000006
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000007 b/fuzzer/CORPUS_CONNECT/tsctp-000007
index a2575142..a2575142 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000007
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000007
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000008 b/fuzzer/CORPUS_CONNECT/tsctp-000008
index 9bab1d94..9bab1d94 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000008
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000008
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000009 b/fuzzer/CORPUS_CONNECT/tsctp-000009
index 5c66cd4b..5c66cd4b 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000009
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000009
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000010 b/fuzzer/CORPUS_CONNECT/tsctp-000010
index f1a5f414..f1a5f414 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000010
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000010
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000011 b/fuzzer/CORPUS_CONNECT/tsctp-000011
index d7354b53..d7354b53 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000011
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000011
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000012 b/fuzzer/CORPUS_CONNECT/tsctp-000012
index e17aa3da..e17aa3da 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000012
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000012
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000013 b/fuzzer/CORPUS_CONNECT/tsctp-000013
index 4f80bf75..4f80bf75 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000013
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000013
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000014 b/fuzzer/CORPUS_CONNECT/tsctp-000014
index 0eef0b9a..0eef0b9a 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000014
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000014
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000015 b/fuzzer/CORPUS_CONNECT/tsctp-000015
index b6c31ae8..b6c31ae8 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000015
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000015
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000016 b/fuzzer/CORPUS_CONNECT/tsctp-000016
index 509437a1..509437a1 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000016
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000016
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000017 b/fuzzer/CORPUS_CONNECT/tsctp-000017
index c7674e22..c7674e22 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000017
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000017
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000018 b/fuzzer/CORPUS_CONNECT/tsctp-000018
index 482769e5..482769e5 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000018
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000018
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000019 b/fuzzer/CORPUS_CONNECT/tsctp-000019
index 622af61b..622af61b 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000019
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000019
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000020 b/fuzzer/CORPUS_CONNECT/tsctp-000020
index 7074c9f3..7074c9f3 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000020
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000020
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000021 b/fuzzer/CORPUS_CONNECT/tsctp-000021
index 1b2990f5..1b2990f5 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000021
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000021
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000022 b/fuzzer/CORPUS_CONNECT/tsctp-000022
index 2ccb150a..2ccb150a 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000022
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000022
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000023 b/fuzzer/CORPUS_CONNECT/tsctp-000023
index dd56535f..dd56535f 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000023
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000023
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000024 b/fuzzer/CORPUS_CONNECT/tsctp-000024
index 9108b6c9..9108b6c9 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000024
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000024
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000025 b/fuzzer/CORPUS_CONNECT/tsctp-000025
index 6ee1c5b4..6ee1c5b4 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000025
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000025
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000026 b/fuzzer/CORPUS_CONNECT/tsctp-000026
index 503dd8e5..503dd8e5 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000026
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000026
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECTED/tsctp-000027 b/fuzzer/CORPUS_CONNECT/tsctp-000027
index bd689bc9..bd689bc9 100644
--- a/fuzzer/CORPUS_CONNECTED/tsctp-000027
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000027
Binary files differ
diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000028 b/fuzzer/CORPUS_CONNECT/tsctp-000028
new file mode 100644
index 00000000..d1e11efc
--- /dev/null
+++ b/fuzzer/CORPUS_CONNECT/tsctp-000028
Binary files differ
diff --git a/fuzzer/CORPUS_LISTEN/init-1.bin b/fuzzer/CORPUS_LISTEN/init-1.bin
new file mode 100644
index 00000000..1bda440e
--- /dev/null
+++ b/fuzzer/CORPUS_LISTEN/init-1.bin
Binary files differ
diff --git a/fuzzer/build-fuzzer.sh b/fuzzer/build-fuzzer.sh
new file mode 100755
index 00000000..f1880313
--- /dev/null
+++ b/fuzzer/build-fuzzer.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+
+NPROC=1
+
+if [ "$(uname)" = "Linux" ]; then
+ NPROC=$(nproc)
+ CC=clang-9
+elif [ "$(uname)" = "Darwin" ]; then
+ NPROC=$(sysctl -n hw.ncpu)
+ CC=/usr/local/opt/llvm/bin/clang
+elif [ "$(uname)" = "FreeBSD" ]; then
+ NPROC=$(sysctl -n hw.ncpu)
+ CC=clang90
+else
+ echo "Error: $(uname) not supported, sorry!"
+ exit 1
+fi
+
+if ! [ -x "$(command -v $CC)" ]; then
+ echo "Error: $CC is not installed!" >&2
+ exit 1
+fi
+
+echo "OS :" $(uname)
+echo "CC :" $CC
+echo "NP :" $NPROC
+
+cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_address=1 -DCMAKE_C_COMPILER="$CC" -DCMAKE_BUILD_TYPE=RelWithDebInfo .
+make -j"$NPROC"
diff --git a/fuzzer/chain.sh b/fuzzer/chain.sh
new file mode 100755
index 00000000..bdaf4975
--- /dev/null
+++ b/fuzzer/chain.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+#set -e
+
+make
+echo "Beginning..."
+#./fuzzer_connected CORPUS_CONNECTED/tsctp-000005 2>fuzzer.log
+#./fuzzer_connect_data_sent CORPUS_CONNECT/data-1.bin 2>fuzzer.log
+#./fuzzer_connect_data_received CORPUS_CONNECT/data-1.bin 2>fuzzer.log
+#./fuzzer_connect_multi -timeout=6 timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5 2>fuzzer.log
+./fuzzer_connect_multi_verbose -timeout=6 leak-00bd871f5ce0596083fe8642c803c97f424b0c70 2>fuzzer.log
+echo "Fuzzing finished"
+grep "# SCTP_PACKET" fuzzer.log > text2pcap.log
+text2pcap -n -l 248 -D -t "%H:%M:%S." text2pcap.log fuzzer.pcapng
+wireshark fuzzer.pcapng
diff --git a/fuzzer/crashtest.py b/fuzzer/crashtest.py
index d9c3fe65..865cd11e 100755
--- a/fuzzer/crashtest.py
+++ b/fuzzer/crashtest.py
@@ -4,7 +4,7 @@ import subprocess
import os
reportdir = "reports/"
-fuzzer = "./fuzzer_connected"
+fuzzer = "./fuzzer_connect_multi"
class bcolors:
HEADER = '\033[95m'
@@ -23,6 +23,7 @@ FNULL = open(os.devnull, "w")
crashfiles = []
crashfiles.extend(glob.glob("crash-*"))
crashfiles.extend(glob.glob("timeout-*"))
+crashfiles.extend(glob.glob("leak-*"))
if not os.path.exists(reportdir):
os.makedirs(reportdir)
diff --git a/fuzzer/fuzzer_connect.c b/fuzzer/fuzzer_connect.c
new file mode 100644
index 00000000..859c5bd2
--- /dev/null
+++ b/fuzzer/fuzzer_connect.c
@@ -0,0 +1,476 @@
+/*
+ * Copyright (C) 2017-2019 Felix Weinrank
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <sys/time.h>
+#include <usrsctp.h>
+#include "../programs/programs_helper.h"
+
+//#define FUZZ_VERBOSE
+#define FUZZ_INTERLEAVING
+#define FUZZ_EXPLICIT_EOR
+#define FUZZ_STREAM_RESET
+#define FUZZ_DISABLE_LINGER
+
+#define BUFFERSIZE 4096
+
+static uint32_t assoc_vtag = 0;
+
+#ifdef FUZZ_VERBOSE
+#define fuzzer_printf(...) \
+ do { \
+ fprintf(stderr, "[P]"); \
+ debug_printf_runtime(); \
+ fprintf(stderr, __VA_ARGS__); \
+ } while (0)
+#else
+#define fuzzer_printf(...)
+#endif
+
+static void
+dump_packet(const void *buffer, size_t bufferlen, int inout) {
+#ifdef FUZZ_VERBOSE
+ static char *dump_buf;
+ if ((dump_buf = usrsctp_dumppacket(buffer, bufferlen, inout)) != NULL) {
+ fprintf(stderr, "%s", dump_buf);
+ usrsctp_freedumpbuffer(dump_buf);
+ }
+#endif
+}
+
+static int
+conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df)
+{
+ struct sctp_init_chunk *init_chunk;
+ const char *init_chunk_first_bytes = "\x13\x88\x13\x89\x00\x00\x00\x00\x00\x00\x00\x00\x01";
+ // length >= (12 Common + 16 min INIT)
+ if ((length >= 28) && (memcmp(buf, init_chunk_first_bytes, 12) == 0)) {
+ //fuzzer_printf("length %d / sizeof %lu\n", length, sizeof(struct sctp_common_header));
+ init_chunk = (struct sctp_init_chunk*) ((char *)buf + sizeof(struct sctp_common_header));
+ fuzzer_printf("Found outgoing INIT, extracting VTAG : %u\n", init_chunk->initiate_tag);
+ assoc_vtag = init_chunk->initiate_tag;
+ }
+
+ dump_packet(buf, length, SCTP_DUMP_OUTBOUND);
+ return (0);
+}
+
+
+static void
+handle_upcall(struct socket *sock, void *arg, int flgs)
+{
+ fuzzer_printf("handle_upcall()\n");
+ int events = usrsctp_get_events(sock);
+
+ while (events & SCTP_EVENT_READ) {
+ struct sctp_recvv_rn rn;
+ ssize_t n;
+ struct sockaddr_in addr;
+ char *buf = calloc(1, BUFFERSIZE);
+ int flags = 0;
+ socklen_t len = (socklen_t)sizeof(struct sockaddr_in);
+ unsigned int infotype = 0;
+ socklen_t infolen = sizeof(struct sctp_recvv_rn);
+ memset(&rn, 0, sizeof(struct sctp_recvv_rn));
+ n = usrsctp_recvv(sock, buf, BUFFERSIZE, (struct sockaddr *) &addr, &len, (void *)&rn, &infolen, &infotype, &flags);
+ fuzzer_printf("usrsctp_recvv() - returned %zd\n", n);
+
+ if (flags & MSG_NOTIFICATION) {
+ fuzzer_printf("NOTIFICATION received\n");
+#ifdef FUZZ_VERBOSE
+ handle_notification((union sctp_notification *)buf, n);
+#endif
+ } else {
+ fuzzer_printf("DATA received\n");
+ }
+
+ free(buf);
+
+ if (n <= 0) {
+ break;
+ }
+
+ events = usrsctp_get_events(sock);
+ }
+}
+
+
+int
+initialize_fuzzer(void) {
+#ifdef FUZZ_VERBOSE
+ usrsctp_init(0, conn_output, debug_printf_stack);
+#else
+ usrsctp_init(0, conn_output, NULL);
+#endif
+
+ usrsctp_enable_crc32c_offload();
+ /* set up a connected UDP socket */
+#ifdef SCTP_DEBUG
+ usrsctp_sysctl_set_sctp_debug_on(SCTP_DEBUG_ALL);
+#endif
+ usrsctp_register_address((void *)1);
+
+ fuzzer_printf("usrsctp initialized\n");
+ return (1);
+}
+
+
+int
+LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size)
+{
+ static int initialized;
+ char *fuzzed_packet_buffer;
+ struct sockaddr_in bind4;
+ struct sockaddr_conn sconn;
+ struct socket *socket_client;
+ struct linger so_linger;
+ struct sctp_event event;
+ unsigned long i;
+ struct sctp_common_header* common_header;
+ uint16_t event_types[] = {
+ SCTP_ASSOC_CHANGE,
+ SCTP_PEER_ADDR_CHANGE,
+ SCTP_SEND_FAILED_EVENT,
+ SCTP_REMOTE_ERROR,
+ SCTP_SHUTDOWN_EVENT,
+ SCTP_ADAPTATION_INDICATION,
+ SCTP_PARTIAL_DELIVERY_EVENT
+ };
+ uint8_t fuzzing_stage = FUZZING_STAGE;
+ int fuzzed_packet_size;
+ int enable;
+#if defined(FUZZ_STREAM_RESET) || defined(FUZZ_INTERLEAVING)
+ struct sctp_assoc_value assoc_val;
+#endif
+
+ // WITH COMMON HEADER!
+ char fuzz_init_ack[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00\x02\x00\x01\xf8" \
+ "\xc7\xa1\xb0\x4d\x00\x1c\x71\xc7\x00\x0a\xff\xff\x03\x91\x94\x1b" \
+ "\x80\x00\x00\x04\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80" \
+ "\x82\x00\x00\x00\x80\x02\x00\x24\x61\x6c\x7e\x52\x2a\xdb\xe0\xa2" \
+ "\xaa\x78\x25\x1e\x12\xc5\x01\x9e\x4c\x60\x16\xdf\x01\x6d\xa1\xd5" \
+ "\xcd\xbe\xa7\x5d\xa2\x73\xf4\x1b\x80\x04\x00\x08\x00\x03\x00\x01" \
+ "\x80\x03\x00\x07\x00\x80\xc1\x00\x00\x06\x00\x14\x2a\x02\xc6\xa0" \
+ "\x40\x15\x00\x11\x00\x00\x00\x00\x00\x00\x00\x83\x00\x05\x00\x08" \
+ "\xd4\xc9\x79\x53\x00\x07\x01\x80\x4b\x41\x4d\x45\x2d\x42\x53\x44" \
+ "\x20\x31\x2e\x31\x00\x00\x00\x00\x64\x11\x49\x00\x00\x00\x00\x00" \
+ "\xac\xde\x0c\x00\x00\x00\x00\x00\x60\xea\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\xb2\xd4\x38\x45\xc7\xa1\xb0\x4d\xd4\xc9\x79\x52" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00" \
+ "\xd4\xc9\x79\x53\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x05\x00\x00\x00\x00\x00\x00\x00\xd9\x05\x13\x89\x01\x01\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x80\x45\x38\xd4\xb2" \
+ "\x00\x1c\x71\xc7\x00\x01\xff\xff\xac\x40\x9b\x94\x80\x00\x00\x04" \
+ "\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80\x82\x00\x00\x00" \
+ "\x80\x02\x00\x24\xc8\x24\x46\x8c\x7e\x88\x2e\xb7\x88\x8b\xdd\xa1" \
+ "\x55\x8b\xb4\xc0\x26\xe3\x21\xbb\xb0\x66\xfd\xb2\xd4\xde\xf9\x77" \
+ "\x4f\xe4\x7c\xbf\x80\x04\x00\x08\x00\x03\x00\x01\x80\x03\x00\x07" \
+ "\x00\x80\xc1\x00\x00\x0c\x00\x08\x00\x05\x00\x06\x00\x06\x00\x14" \
+ "\x2a\x02\xc6\xa0\x40\x15\x00\x11\x00\x00\x00\x00\x00\x00\x00\x82" \
+ "\x00\x05\x00\x08\xd4\xc9\x79\x52\x02\x00\x01\xf8\xc7\xa1\xb0\x4d" \
+ "\x00\x1c\x71\xc7\x00\x01\xff\xff\x03\x91\x94\x1b\x80\x00\x00\x04" \
+ "\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80\x82\x00\x00\x00" \
+ "\x80\x02\x00\x24\x61\x6c\x7e\x52\x2a\xdb\xe0\xa2\xaa\x78\x25\x1e" \
+ "\x12\xc5\x01\x9e\x4c\x60\x16\xdf\x01\x6d\xa1\xd5\xcd\xbe\xa7\x5d" \
+ "\xa2\x73\xf4\x1b\x80\x04\x00\x08\x00\x03\x00\x01\x80\x03\x00\x07" \
+ "\x00\x80\xc1\x00\x00\x06\x00\x14\x2a\x02\xc6\xa0\x40\x15\x00\x11" \
+ "\x00\x00\x00\x00\x00\x00\x00\x83\x00\x05\x00\x08\xd4\xc9\x79\x53" \
+ "\x64\x30\x8a\xb9\x7c\xe5\x93\x69\x52\xa9\xc8\xd5\xa1\x1b\x7d\xef" \
+ "\xea\xfa\x23\x32";
+
+ // WITH COMMON HEADER!
+ char fuzz_cookie_ack[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00\x0b\x00\x00\x04";
+
+ // WITH COMMON HEADER!
+ char fuzz_abort[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00\x06\x00\x00\x08\x00\x0c\x00\x04";
+
+ // WITH COMMON HEADER!
+ char fuzz_i_data[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00" \
+ "\x00\x1b\x04\x42\xa3\x58\x90\xe2\xba\x9e\x8c\xfc\x08\x00\x45\x02" \
+ "\x04\x34\x00\x00\x40\x00\x40\x84\x9a\x0b\xd4\xc9\x79\x52\xd4\xc9" \
+ "\x79\x53\x65\x75\x13\x89\x11\x97\x93\x37\x26\x6c\xb7\x65\x40\x02" \
+ "\x04\x14\x96\xff\xad\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x27\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \
+ "\x41\x41";
+
+ char fuzz_common_header[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00";
+
+ if (!fuzzing_stage) {
+ fuzzing_stage = (data[0] % 5) + 1;
+ }
+
+ fuzzer_printf("LLVMFuzzerTestOneInput() - Stage %d\n", fuzzing_stage);
+
+ if (!initialized) {
+ initialized = initialize_fuzzer();
+ }
+
+ if (data_size < 8 || data_size > 65535) {
+ // Skip too small and too large packets
+ fuzzer_printf("data_size %zu makes no sense, skipping\n", data_size);
+ return (0);
+ }
+
+ if ((socket_client = usrsctp_socket(AF_CONN, SOCK_STREAM, IPPROTO_SCTP, NULL, NULL, 0, 0)) == NULL) {
+ perror("usrsctp_socket");
+ exit(EXIT_FAILURE);
+ }
+
+ usrsctp_set_non_blocking(socket_client, 1);
+
+ so_linger.l_onoff = 1;
+ so_linger.l_linger = 0;
+ if (usrsctp_setsockopt(socket_client, SOL_SOCKET, SO_LINGER, &so_linger, sizeof(struct linger)) < 0) {
+ perror("usrsctp_setsockopt 1");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(&event, 0, sizeof(event));
+ event.se_assoc_id = SCTP_FUTURE_ASSOC;
+ event.se_on = 1;
+ for (i = 0; i < (sizeof(event_types) / sizeof(uint16_t)); i++) {
+ event.se_type = event_types[i];
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(event)) < 0) {
+ perror("setsockopt SCTP_EVENT socket_client");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ enable = 1;
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_RECVRCVINFO, &enable, sizeof(enable)) < 0) {
+ perror("setsockopt SCTP_RECVRCVINFO socket_client");
+ exit(EXIT_FAILURE);
+ }
+
+ enable = 1;
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_RECVNXTINFO, &enable, sizeof(enable)) < 0) {
+ perror("setsockopt SCTP_RECVNXTINFO socket_client");
+ exit(EXIT_FAILURE);
+ }
+
+#if defined(FUZZ_EXPLICIT_EOR)
+ enable = 1;
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_EXPLICIT_EOR, &enable, sizeof(enable)) < 0) {
+ perror("setsockopt SCTP_EXPLICIT_EOR socket_client");
+ exit(EXIT_FAILURE);
+ }
+#endif // defined(FUZZ_EXPLICIT_EOR)
+
+#if defined(FUZZ_STREAM_RESET)
+ assoc_val.assoc_id = SCTP_ALL_ASSOC;
+ assoc_val.assoc_value = SCTP_ENABLE_RESET_STREAM_REQ | SCTP_ENABLE_CHANGE_ASSOC_REQ;
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_ENABLE_STREAM_RESET, &assoc_val, sizeof(struct sctp_assoc_value)) < 0) {
+ perror("setsockopt SCTP_ENABLE_STREAM_RESET socket_client");
+ exit(EXIT_FAILURE);
+ }
+#endif //defined(FUZZ_STREAM_RESET)
+
+#if defined(FUZZ_INTERLEAVING)
+#if !defined(SCTP_INTERLEAVING_SUPPORTED)
+#define SCTP_INTERLEAVING_SUPPORTED 0x00001206
+#endif // !defined(SCTP_INTERLEAVING_SUPPORTED)
+ enable = 2;
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_FRAGMENT_INTERLEAVE, &enable, sizeof(enable)) < 0) {
+ perror("usrsctp_setsockopt SCTP_FRAGMENT_INTERLEAVE socket_client");
+ exit(EXIT_FAILURE);
+ }
+
+ memset(&assoc_val, 0, sizeof(assoc_val));
+ assoc_val.assoc_value = 1;
+ if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_INTERLEAVING_SUPPORTED, &assoc_val, sizeof(assoc_val)) < 0) {
+ perror("usrsctp_setsockopt SCTP_INTERLEAVING_SUPPORTED socket_client");
+ exit(EXIT_FAILURE);
+ }
+#endif // defined(FUZZ_INTERLEAVING)
+
+ memset((void *)&bind4, 0, sizeof(struct sockaddr_in));
+#ifdef HAVE_SIN_LEN
+ bind4.sin_len = sizeof(struct sockaddr_in6);
+#endif
+ bind4.sin_family = AF_INET;
+ bind4.sin_port = htons(5000);
+ bind4.sin_addr.s_addr = htonl(INADDR_ANY);
+
+ if (usrsctp_bind(socket_client, (struct sockaddr *)&bind4, sizeof(bind4)) < 0) {
+ perror("bind");
+ usrsctp_close(socket_client);
+ exit(EXIT_FAILURE);
+ }
+
+ usrsctp_set_upcall(socket_client, handle_upcall, NULL);
+
+ memset(&sconn, 0, sizeof(struct sockaddr_conn));
+ sconn.sconn_family = AF_CONN;
+#ifdef HAVE_SCONN_LEN
+ sconn.sconn_len = sizeof(struct sockaddr_conn);
+#endif
+ sconn.sconn_port = htons(5001);
+ sconn.sconn_addr = (void *)1;
+
+ fuzzer_printf("Calling usrsctp_connect()\n");
+ if (usrsctp_connect(socket_client, (struct sockaddr *)&sconn, sizeof(struct sockaddr_conn)) < 0) {
+ if (errno != EINPROGRESS) {
+ perror("usrsctp_connect");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ if (fuzzing_stage > 0) {
+ fuzzer_printf("Injecting INIT_ACK\n");
+
+ common_header = (struct sctp_common_header*) fuzz_init_ack;
+ common_header->verification_tag = assoc_vtag;
+
+ dump_packet(fuzz_init_ack, 516, SCTP_DUMP_INBOUND);
+ usrsctp_conninput((void *)1, fuzz_init_ack, 516, 0);
+ }
+
+ if (fuzzing_stage > 1) {
+ fuzzer_printf("Injecting COOKIE_ACK\n");
+
+ common_header = (struct sctp_common_header*) fuzz_cookie_ack;
+ common_header->verification_tag = assoc_vtag;
+
+ dump_packet(fuzz_cookie_ack, 16, SCTP_DUMP_INBOUND);
+ usrsctp_conninput((void *)1, fuzz_cookie_ack, 16, 0);
+ }
+
+ if (fuzzing_stage == 4) {
+ const char *sendbuffer = "Geologie ist keine richtige Wissenschaft!";
+ fuzzer_printf("Calling usrsctp_sendv()\n");
+ usrsctp_sendv(socket_client, sendbuffer, strlen(sendbuffer), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0);
+ }
+
+ if (fuzzing_stage == 5) {
+ fuzzer_printf("Injecting I_DATA\n");
+
+ common_header = (struct sctp_common_header*) fuzz_i_data;
+ common_header->verification_tag = assoc_vtag;
+
+ dump_packet(fuzz_i_data, 1102, SCTP_DUMP_INBOUND);
+ usrsctp_conninput((void *)1, fuzz_i_data, 1102, 0);
+ }
+
+ // Inject fuzzed packet - we skip the first byte cause we are using it for stage decision
+ fuzzed_packet_size = data_size + 12 - 1;
+ fuzzed_packet_buffer = malloc(fuzzed_packet_size);
+ memcpy(fuzzed_packet_buffer, fuzz_common_header, 12); // common header
+ memcpy(fuzzed_packet_buffer + 12, data + 1, data_size - 1);
+
+ common_header = (struct sctp_common_header*) fuzzed_packet_buffer;
+ common_header->verification_tag = assoc_vtag;
+
+ fuzzer_printf("Injecting FUZZER-Packet\n");
+ dump_packet(fuzzed_packet_buffer, fuzzed_packet_size, SCTP_DUMP_INBOUND);
+ usrsctp_conninput((void *)1, fuzzed_packet_buffer, fuzzed_packet_size, 0);
+
+ fuzzer_printf("Calling usrsctp_close()\n");
+ usrsctp_close(socket_client);
+
+ free(fuzzed_packet_buffer);
+
+#if 0
+ fuzzer_printf("Calling usrsctp_finish()\n");
+ while (usrsctp_finish() != 0) {
+ }
+ fuzzer_printf("Done!\n");
+#endif
+
+ return (0);
+}
+
+
+
diff --git a/fuzzer/fuzzer_connect_multi.sh b/fuzzer/fuzzer_connect_multi.sh
new file mode 100755
index 00000000..665cfd6c
--- /dev/null
+++ b/fuzzer/fuzzer_connect_multi.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0
+ulimit -c unlimited
+mkdir -p CORPUS_CONNECT
+
+NPROC=1
+
+if [[ "$OSTYPE" == "linux-gnu" ]]; then
+ NPROC=$(nproc)
+elif [[ "$OSTYPE" == "darwin"* ]]; then
+ NPROC=$(sysctl -n hw.ncpu)
+elif [[ "$OSTYPE" == "freebsd"* ]]; then
+ NPROC=$(sysctl -n hw.ncpu)
+else
+ exit 1
+fi
+
+echo "$NPROC"
+
+
+./fuzzer_connect_multi -jobs=64 -timeout=10 -max_len=4086 CORPUS_CONNECT
diff --git a/fuzzer/fuzzer_connected.c b/fuzzer/fuzzer_connected.c
deleted file mode 100644
index ab049835..00000000
--- a/fuzzer/fuzzer_connected.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (C) 2017-2019 Felix Weinrank
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <sys/time.h>
-#include <usrsctp.h>
-
-//#define FUZZ_VERBOSE
-
-static const char *init_ack = "\x13\x89\xe7\xd0\xef\x38\x12\x25\x00\x00\x00\x00\x02\x00\x01\x4c" \
-"\x20\x0f\x67\x0d\x00\x02\x00\x00\x00\x04\x00\x04\xbd\xf0\x8d\x18" \
-"\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80\x82\x00\x00\x00" \
-"\x80\x02\x00\x24\xfd\x30\xc7\x17\x34\x27\x17\x1c\xa2\xc6\x78\x20" \
-"\x62\xc3\xa1\x3f\xb6\x86\x92\x42\xc5\x0b\xb6\x36\xd7\xf6\xf4\x19" \
-"\xee\xd3\xc9\x1e\x80\x04\x00\x06\x00\x01\x00\x00\x80\x03\x00\x06" \
-"\x80\xc1\x00\x00\x00\x07\x00\xf4\x4b\x41\x4d\x45\x2d\x42\x53\x44" \
-"\x20\x31\x2e\x31\x00\x00\x00\x00\x25\xfa\x5e\x5d\x00\x00\x00\x00" \
-"\xe6\xc3\x0a\x00\x00\x00\x00\x00\x60\xea\x00\x00\x54\x6f\x2d\xff" \
-"\xd1\x7f\x68\x2a\x00\x00\x00\x01\x20\x0f\x67\x0d\x80\x3b\x00\x00" \
-"\xc0\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00" \
-"\x80\x3b\x00\x00\xc0\x60\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \
-"\x04\x00\x00\x00\x00\x00\x00\x00\x13\x88\x13\x88\x00\x00\x01\x00" \
-"\x01\x01\x01\x00\x00\x00\x00\x00\x01\x00\x00\x14\x01\x00\x00\x00" \
-"\x00\x00\x20\x00\x00\x08\x00\x08\x00\x00\x00\x01\x02\x00\x01\x4c" \
-"\x20\x0f\x67\x0d\x00\x02\x00\x00\x00\x04\x00\x04\xbd\xf0\x8d\x18" \
-"\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80\x82\x00\x00\x00" \
-"\x80\x02\x00\x24\xfd\x30\xc7\x17\x34\x27\x17\x1c\xa2\xc6\x78\x20" \
-"\x62\xc3\xa1\x3f\xb6\x86\x92\x42\xc5\x0b\xb6\x36\xd7\xf6\xf4\x19" \
-"\xee\xd3\xc9\x1e\x80\x04\x00\x06\x00\x01\x00\x00\x80\x03\x00\x06" \
-"\x80\xc1\x00\x00\x41\xc3\xed\x62\x2c\x1c\x3c\x03\x41\x6d\x17\xc8" \
-"\xd8\x64\xff\xe2\x25\xd6\x81\x9e";
-
-static const char *cookie_ack = "\x13\x89\xe7\xd0\xef\x38\x12\x25\x00\x00\x00\x00\x0b\x00\x00\x04";
-static const char *common_header = "\x13\x89\xe7\xd0\xef\x38\x12\x25\x00\x00\x00\x00";
-
-#ifdef FUZZ_VERBOSE
-static char *dump_buf;
-void
-debug_printf(const char *format, ...)
-{
- static struct timeval time_main;
-
- va_list ap;
- struct timeval time_now;
- struct timeval time_delta;
-
- if (time_main.tv_sec == 0 && time_main.tv_usec == 0) {
- gettimeofday(&time_main, NULL);
- }
-
- gettimeofday(&time_now, NULL);
- timersub(&time_now, &time_main, &time_delta);
-
- fprintf(stderr, "[%u.%03u] ", (unsigned int) time_delta.tv_sec, (unsigned int) time_delta.tv_usec / 1000);
-
- va_start(ap, format);
- vprintf(format, ap);
- va_end(ap);
-}
-#else
-void
-debug_printf(const char *format, ...)
-{
-}
-#endif
-
-
-static int
-conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df)
-{
-#ifdef FUZZ_VERBOSE
- if ((dump_buf = usrsctp_dumppacket(buf, length, SCTP_DUMP_OUTBOUND)) != NULL) {
- fprintf(stderr, "%s", dump_buf);
- usrsctp_freedumpbuffer(dump_buf);
- }
-#endif
- return (0);
-}
-
-
-static void
-handle_upcall(struct socket *sock, void *arg, int flgs)
-{
- debug_printf("handle_upcall() called - implement logic!\n");
-}
-
-
-int
-initialize_fuzzer(void) {
-#ifdef FUZZ_VERBOSE
- usrsctp_init(0, conn_output, debug_printf);
-#else
- usrsctp_init(0, conn_output, NULL);
-#endif
- usrsctp_enable_crc32c_offload();
- /* set up a connected UDP socket */
-#ifdef SCTP_DEBUG
- usrsctp_sysctl_set_sctp_debug_on(SCTP_DEBUG_ALL);
-#endif
- usrsctp_register_address((void *)1);
- debug_printf("usrsctp initialized\n");
- return 1;
-}
-
-
-int
-LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size)
-{
- static int initialized;
- char *pktbuf;
- struct sockaddr_conn sconn;
- struct socket *socket_client;
- struct linger so_linger;
- struct sctp_event event;
- unsigned long i;
- uint16_t event_types[] = {
- SCTP_ASSOC_CHANGE,
- SCTP_PEER_ADDR_CHANGE,
- SCTP_SEND_FAILED_EVENT,
- SCTP_REMOTE_ERROR,
- SCTP_SHUTDOWN_EVENT,
- SCTP_ADAPTATION_INDICATION,
- SCTP_PARTIAL_DELIVERY_EVENT
- };
-
- if (!initialized) {
- initialized = initialize_fuzzer();
- }
-
- if ((socket_client = usrsctp_socket(AF_CONN, SOCK_STREAM, IPPROTO_SCTP, NULL, NULL, 0, 0)) == NULL) {
- perror("usrsctp_socket");
- exit(EXIT_FAILURE);
- }
-
- usrsctp_set_non_blocking(socket_client, 1);
-
- so_linger.l_onoff = 1;
- so_linger.l_linger = 0;
- if (usrsctp_setsockopt(socket_client, SOL_SOCKET, SO_LINGER, &so_linger, sizeof(struct linger)) < 0) {
- perror("usrsctp_setsockopt 1");
- exit(EXIT_FAILURE);
- }
-
- memset(&event, 0, sizeof(event));
- event.se_assoc_id = SCTP_FUTURE_ASSOC;
- event.se_on = 1;
- for (i = 0; i < sizeof(event_types)/sizeof(uint16_t); i++) {
- event.se_type = event_types[i];
- if (usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(event)) < 0) {
- perror("setsockopt SCTP_EVENT socket_client");
- exit(EXIT_FAILURE);
- }
- }
-
- usrsctp_set_upcall(socket_client, handle_upcall, NULL);
-
- memset(&sconn, 0, sizeof(struct sockaddr_conn));
- sconn.sconn_family = AF_CONN;
-#ifdef HAVE_SCONN_LEN
- sconn.sconn_len = sizeof(struct sockaddr_conn);
-#endif
- sconn.sconn_port = htons(5001);
- sconn.sconn_addr = (void *)1;
- if (usrsctp_connect(socket_client, (struct sockaddr *)&sconn, sizeof(struct sockaddr_conn)) < 0) {
- if (errno != EINPROGRESS) {
- perror("usrsctp_connect");
- exit(EXIT_FAILURE);
- }
- }
-
-#ifdef FUZZ_VERBOSE
- if ((dump_buf = usrsctp_dumppacket(init_ack, 344, SCTP_DUMP_INBOUND)) != NULL) {
- fprintf(stderr, "%s", dump_buf);
- usrsctp_freedumpbuffer(dump_buf);
- }
-#endif
- usrsctp_conninput((void *)1, init_ack, 344, 0);
-
-#ifdef FUZZ_VERBOSE
- if ((dump_buf = usrsctp_dumppacket(cookie_ack, 16, SCTP_DUMP_INBOUND)) != NULL) {
- fprintf(stderr, "%s", dump_buf);
- usrsctp_freedumpbuffer(dump_buf);
- }
-#endif
- usrsctp_conninput((void *)1, cookie_ack, 16, 0);
-
- // concat common header and fuzzer input
- pktbuf = malloc(data_size + 12);
- memcpy(pktbuf, common_header, 12);
- memcpy(pktbuf + 12, data, data_size);
-
-#ifdef FUZZ_VERBOSE
- debug_printf(">>>> INJECTING\n");
- if ((dump_buf = usrsctp_dumppacket(pktbuf, data_size + 12, SCTP_DUMP_INBOUND)) != NULL) {
- fprintf(stderr, "%s", dump_buf);
- usrsctp_freedumpbuffer(dump_buf);
- }
-#endif
- usrsctp_conninput((void *)1, pktbuf, data_size + 12, 0);
-
- usrsctp_close(socket_client);
- free(pktbuf);
- return (0);
-}
-
-
diff --git a/fuzzer/fuzzer_unconnected.c b/fuzzer/fuzzer_listen.c
index 2cc353f1..5ada7e58 100644
--- a/fuzzer/fuzzer_unconnected.c
+++ b/fuzzer/fuzzer_listen.c
@@ -32,6 +32,7 @@
#include <stdlib.h>
#include <string.h>
#include <usrsctp.h>
+#include "../programs/programs_helper.h"
#define FUZZ_FAST 1
@@ -54,7 +55,7 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df)
static void
handle_upcall(struct socket *sock, void *arg, int flgs)
{
- fprintf(stderr, "Listening socket established, implement logic!\n");
+ debug_printf("Listening socket established, implement logic!\n");
exit(EXIT_FAILURE);
}
@@ -78,9 +79,14 @@ init_fuzzer(void) {
}
#endif
+#ifdef FUZZ_VERBOSE
+ usrsctp_init(0, conn_output, debug_printf_stack);
+#else
usrsctp_init(0, conn_output, NULL);
+#endif
+
usrsctp_enable_crc32c_offload();
- /* set up a connected UDP socket */
+
#ifdef SCTP_DEBUG
usrsctp_sysctl_set_sctp_debug_on(SCTP_DEBUG_ALL);
#endif
@@ -133,6 +139,11 @@ int
LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size)
{
init_fuzzer();
+
+ if (data_size < 8 || data_size > 65535) {
+ // Skip too small and too large packets
+ return (0);
+ }
usrsctp_conninput((void *)1, data, data_size, 0);
#if !defined(FUZZ_FAST)
diff --git a/fuzzer/fuzzer_connected.sh b/fuzzer/fuzzer_listen.sh
index b591bb97..4a70dec2 100755
--- a/fuzzer/fuzzer_connected.sh
+++ b/fuzzer/fuzzer_listen.sh
@@ -1,5 +1,5 @@
-#!/bin/bash
+#!/usr/bin/env bash
export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0
ulimit -c unlimited
-mkdir -p CORPUS_CONNECTED
-./fuzzer_connected -jobs=32 -timeout=10 -max_len=4086 CORPUS_CONNECTED
+mkdir -p CORPUS_LISTEN
+./fuzzer_listen -jobs=32 -timeout=10 -max_len=4086 CORPUS_LISTEN
diff --git a/fuzzer/fuzzer_unconnected.sh b/fuzzer/fuzzer_unconnected.sh
deleted file mode 100755
index d9efd525..00000000
--- a/fuzzer/fuzzer_unconnected.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0
-ulimit -c unlimited
-mkdir -p CORPUS_UNCONNECTED
-./fuzzer_unconnected -jobs=32 -timeout=10 -max_len=4086 CORPUS_UNCONNECTED
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 07:30:20 +0000