Fix fuzzing output and an incorrect array size lookup (#385)

4 files changed, 57 insertions, 17 deletions

diff --git a/fuzzer/chain.sh b/fuzzer/chain.sh
deleted file mode 100755
index bdaf4975..00000000
--- a/fuzzer/chain.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-#set -e
-
-make
-echo "Beginning..."
-#./fuzzer_connected CORPUS_CONNECTED/tsctp-000005 2>fuzzer.log
-#./fuzzer_connect_data_sent CORPUS_CONNECT/data-1.bin 2>fuzzer.log
-#./fuzzer_connect_data_received CORPUS_CONNECT/data-1.bin 2>fuzzer.log
-#./fuzzer_connect_multi -timeout=6 timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5 2>fuzzer.log
-./fuzzer_connect_multi_verbose -timeout=6 leak-00bd871f5ce0596083fe8642c803c97f424b0c70 2>fuzzer.log
-echo "Fuzzing finished"
-grep "# SCTP_PACKET" fuzzer.log > text2pcap.log
-text2pcap -n -l 248 -D -t "%H:%M:%S." text2pcap.log fuzzer.pcapng
-wireshark fuzzer.pcapng
diff --git a/fuzzer/check-input.sh b/fuzzer/check-input.sh
new file mode 100755
index 00000000..51ea7031
--- /dev/null
+++ b/fuzzer/check-input.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+#
+# usage: check-input.sh input_data
+#
+
+set -e
+set -u
+
+#make
+
+echo "Fuzzer Input: $1"
+echo "########## Beginning Fuzzer Chain"
+echo ""
+
+set +e
+./fuzzer_connect_multi_verbose -timeout=30 $1 2>$1.log
+FUZZER_RETVAL=$?
+set -e
+
+if [ "$FUZZER_RETVAL" -eq "0" ]; then
+        echo "Execution successful - fuzzer terminated without an issue"
+elif [ "$FUZZER_RETVAL" -eq "77" ]; then
+        echo "Exceution successful - found an issue!"
+else
+        echo "Internal error, exiting!"
+        exit
+fi
+
+grep "# SCTP_PACKET" $1.log > $1.pcap-log
+text2pcap -n -l 248 -D -t "%H:%M:%S." $1.pcap-log $1.pcapng
+rm $1.pcap-log
+
+echo ""
+echo "LOG:   $1.log"
+echo "PCAP:  $1.pcapng"
+echo ""
+
+# Open Wireshark if we have an X session
+if [ -z ${DISPLAY+x} ]; then
+    echo "\$DISPLAY unset, skipping wireshark"
+else
+    wireshark $1.pcapng
+fi
diff --git a/fuzzer/crashtest.py b/fuzzer/crashtest.py
index 865cd11e..4246e430 100755
--- a/fuzzer/crashtest.py
+++ b/fuzzer/crashtest.py
@@ -4,7 +4,7 @@ import subprocess
 import os
 
 reportdir = "reports/"
-fuzzer = "./fuzzer_connect_multi"
+fuzzer = "./fuzzer_connect_multi_verbose"
 
 class bcolors:
 	HEADER = '\033[95m'
diff --git a/fuzzer/fuzzer_listen.c b/fuzzer/fuzzer_listen.c
index 5ada7e58..e6e873c0 100644
--- a/fuzzer/fuzzer_listen.c
+++ b/fuzzer/fuzzer_listen.c
@@ -36,6 +36,17 @@
 
 #define FUZZ_FAST 1
 
+#ifdef FUZZ_VERBOSE
+#define fuzzer_printf(...)                       \
+	do {                                        \
+		fprintf(stderr, "[P]");                 \
+		debug_printf_runtime();                 \
+		fprintf(stderr, __VA_ARGS__);           \
+	} while (0)
+#else
+#define fuzzer_printf(...)
+#endif
+
 struct sockaddr_conn sconn;
 struct socket *s_l;
 
@@ -55,7 +66,7 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df)
 static void
 handle_upcall(struct socket *sock, void *arg, int flgs)
 {
-	debug_printf("Listening socket established, implement logic!\n");
+	fuzzer_printf("Listening socket established, implement logic!\n");
 	exit(EXIT_FAILURE);
 }