diff options
-rw-r--r-- | Android.bp | 48 | ||||
-rw-r--r-- | fuzzer/fuzzer_connect.c | 11 | ||||
-rw-r--r-- | fuzzer/fuzzer_listen.c | 10 |
3 files changed, 62 insertions, 7 deletions
@@ -1,7 +1,5 @@ -cc_library_static { - name: "usrsctplib", - // vendor needed for libpreprocessing effects. - vendor: true, +cc_defaults { + name: "usrsctplib_defaults", srcs: [ "usrsctplib/netinet/sctp_asconf.c", "usrsctplib/netinet/sctp_auth.c", @@ -56,5 +54,47 @@ cc_library_static { "libcrypto", ], host_supported: true, +} + +cc_library_static { + name: "usrsctplib", + // vendor needed for libpreprocessing effects. + vendor: true, + defaults: ["usrsctplib_defaults"], visibility: ["//external/webrtc:__subpackages__"], } + +cc_library_static { + name: "usrsctp_fuzz_lib", + defaults: ["usrsctplib_defaults"], +} + +cc_fuzz { + name: "fuzzer_connect", + srcs: [ + "fuzzer/fuzzer_connect.c", + ], + static_libs: [ + "usrsctp_fuzz_lib", + ], + shared_libs: [ + "libcrypto", + ], + host_supported: true, + corpus: ["CORPUS_CONNECT/*"], +} + +cc_fuzz { + name: "fuzzer_listen", + srcs: [ + "fuzzer/fuzzer_listen.c", + ], + static_libs: [ + "usrsctp_fuzz_lib", + ], + shared_libs: [ + "libcrypto", + ], + host_supported: true, + corpus: ["CORPUS_LISTEN/*"], +} diff --git a/fuzzer/fuzzer_connect.c b/fuzzer/fuzzer_connect.c index 61d4ec3c..c7f3d993 100644 --- a/fuzzer/fuzzer_connect.c +++ b/fuzzer/fuzzer_connect.c @@ -34,6 +34,7 @@ #include <stdarg.h> #include <assert.h> #include <usrsctp.h> +#include <openssl/sha.h> #include "../programs/programs_helper.h" //#define FUZZ_VERBOSE @@ -67,6 +68,9 @@ static uint32_t assoc_vtag = 0; static void dump_packet(const void *buffer, size_t bufferlen, int inout) { +(void) buffer; +(void) bufferlen; +(void) inout; #ifdef FUZZ_VERBOSE static char *dump_buf; if ((dump_buf = usrsctp_dumppacket(buffer, bufferlen, inout)) != NULL) { @@ -80,6 +84,9 @@ dump_packet(const void *buffer, size_t bufferlen, int inout) { static int conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) { + (void) addr; + (void) tos; + (void) set_df; struct sctp_init_chunk *init_chunk; const char *init_chunk_first_bytes = "\x13\x88\x13\x89\x00\x00\x00\x00\x00\x00\x00\x00\x01"; // Looking for the outgoing VTAG. @@ -99,6 +106,8 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) static void handle_upcall(struct socket *sock, void *arg, int flgs) { + (void) arg; + (void) flgs; fuzzer_printf("handle_upcall()\n"); int events = usrsctp_get_events(sock); @@ -443,5 +452,3 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) return (0); } - - diff --git a/fuzzer/fuzzer_listen.c b/fuzzer/fuzzer_listen.c index e6e873c0..7d0e58ea 100644 --- a/fuzzer/fuzzer_listen.c +++ b/fuzzer/fuzzer_listen.c @@ -32,6 +32,7 @@ #include <stdlib.h> #include <string.h> #include <usrsctp.h> +#include <openssl/sha.h> #include "../programs/programs_helper.h" #define FUZZ_FAST 1 @@ -53,6 +54,11 @@ struct socket *s_l; static int conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) { + (void) addr; + (void) buf; + (void) length; + (void) tos; + (void) set_df; #if 0 char *dump_buf; if ((dump_buf = usrsctp_dumppacket(buf, length, SCTP_DUMP_OUTBOUND)) != NULL) { @@ -66,6 +72,9 @@ conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) static void handle_upcall(struct socket *sock, void *arg, int flgs) { + (void) sock; + (void) arg; + (void) flgs; fuzzer_printf("Listening socket established, implement logic!\n"); exit(EXIT_FAILURE); } @@ -167,4 +176,3 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) return (0); } - |