diff options
author | Felix Weinrank <weinrank@fh-muenster.de> | 2019-09-29 22:19:35 +0200 |
---|---|---|
committer | Michael Tüxen <tuexen@fh-muenster.de> | 2019-09-29 22:19:35 +0200 |
commit | a572e1eaf5f7a6df08bcfb90529a8f6c20c7113d (patch) | |
tree | 44e8640594004457c60b5a848ed1e3f6cc99a990 /fuzzer | |
parent | 248221fb77a67e00d2775fcd026e7ea2a7a8b818 (diff) | |
download | usrsctp-a572e1eaf5f7a6df08bcfb90529a8f6c20c7113d.tar.gz |
Fix fuzzing output and an incorrect array size lookup (#385)
Diffstat (limited to 'fuzzer')
-rwxr-xr-x | fuzzer/chain.sh | 15 | ||||
-rwxr-xr-x | fuzzer/check-input.sh | 44 | ||||
-rwxr-xr-x | fuzzer/crashtest.py | 2 | ||||
-rw-r--r-- | fuzzer/fuzzer_listen.c | 13 |
4 files changed, 57 insertions, 17 deletions
diff --git a/fuzzer/chain.sh b/fuzzer/chain.sh deleted file mode 100755 index bdaf4975..00000000 --- a/fuzzer/chain.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -#set -e - -make -echo "Beginning..." -#./fuzzer_connected CORPUS_CONNECTED/tsctp-000005 2>fuzzer.log -#./fuzzer_connect_data_sent CORPUS_CONNECT/data-1.bin 2>fuzzer.log -#./fuzzer_connect_data_received CORPUS_CONNECT/data-1.bin 2>fuzzer.log -#./fuzzer_connect_multi -timeout=6 timeout-00b96dd43f1251438bb44daa0a5a24ae4df5bce5 2>fuzzer.log -./fuzzer_connect_multi_verbose -timeout=6 leak-00bd871f5ce0596083fe8642c803c97f424b0c70 2>fuzzer.log -echo "Fuzzing finished" -grep "# SCTP_PACKET" fuzzer.log > text2pcap.log -text2pcap -n -l 248 -D -t "%H:%M:%S." text2pcap.log fuzzer.pcapng -wireshark fuzzer.pcapng diff --git a/fuzzer/check-input.sh b/fuzzer/check-input.sh new file mode 100755 index 00000000..51ea7031 --- /dev/null +++ b/fuzzer/check-input.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +# +# usage: check-input.sh input_data +# + +set -e +set -u + +#make + +echo "Fuzzer Input: $1" +echo "########## Beginning Fuzzer Chain" +echo "" + +set +e +./fuzzer_connect_multi_verbose -timeout=30 $1 2>$1.log +FUZZER_RETVAL=$? +set -e + +if [ "$FUZZER_RETVAL" -eq "0" ]; then + echo "Execution successful - fuzzer terminated without an issue" +elif [ "$FUZZER_RETVAL" -eq "77" ]; then + echo "Exceution successful - found an issue!" +else + echo "Internal error, exiting!" + exit +fi + +grep "# SCTP_PACKET" $1.log > $1.pcap-log +text2pcap -n -l 248 -D -t "%H:%M:%S." $1.pcap-log $1.pcapng +rm $1.pcap-log + +echo "" +echo "LOG: $1.log" +echo "PCAP: $1.pcapng" +echo "" + +# Open Wireshark if we have an X session +if [ -z ${DISPLAY+x} ]; then + echo "\$DISPLAY unset, skipping wireshark" +else + wireshark $1.pcapng +fi diff --git a/fuzzer/crashtest.py b/fuzzer/crashtest.py index 865cd11e..4246e430 100755 --- a/fuzzer/crashtest.py +++ b/fuzzer/crashtest.py @@ -4,7 +4,7 @@ import subprocess import os reportdir = "reports/" -fuzzer = "./fuzzer_connect_multi" +fuzzer = "./fuzzer_connect_multi_verbose" class bcolors: HEADER = '\033[95m' diff --git a/fuzzer/fuzzer_listen.c b/fuzzer/fuzzer_listen.c index 5ada7e58..e6e873c0 100644 --- a/fuzzer/fuzzer_listen.c +++ b/fuzzer/fuzzer_listen.c @@ -36,6 +36,17 @@ #define FUZZ_FAST 1 +#ifdef FUZZ_VERBOSE +#define fuzzer_printf(...) \ + do { \ + fprintf(stderr, "[P]"); \ + debug_printf_runtime(); \ + fprintf(stderr, __VA_ARGS__); \ + } while (0) +#else +#define fuzzer_printf(...) +#endif + struct sockaddr_conn sconn; struct socket *s_l; @@ -55,7 +66,7 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) static void handle_upcall(struct socket *sock, void *arg, int flgs) { - debug_printf("Listening socket established, implement logic!\n"); + fuzzer_printf("Listening socket established, implement logic!\n"); exit(EXIT_FAILURE); } |