From bb25d0a348c6bc5431f7c5af1c36b4cb24ced819 Mon Sep 17 00:00:00 2001 From: David Cermak Date: Fri, 18 May 2018 15:54:08 +0200 Subject: [PATCH] DnsFuzzer: Added fuzzer test for exercising lwip/dns receiving DNS responses --- components/lwip/test_afl_host/Makefile | 31 +++-- components/lwip/test_afl_host/dns_di.h | 59 ++++++++++ .../{in_client => in_dhcp_client}/data0.bin | Bin .../{in_client => in_dhcp_client}/data1.bin | Bin .../{in_client => in_dhcp_client}/data2.bin | Bin .../{in_client => in_dhcp_client}/data3.bin | Bin .../{in_client => in_dhcp_client}/data4.bin | Bin .../{in_client => in_dhcp_client}/data5.bin | Bin .../{in_client => in_dhcp_client}/data6.bin | Bin .../{in_client => in_dhcp_client}/data7.bin | Bin .../{in_client => in_dhcp_client}/data8.bin | Bin .../{in_server => in_dhcp_server}/data0.bin | Bin .../{in_server => in_dhcp_server}/data1.bin | Bin .../{in_server => in_dhcp_server}/data2.bin | Bin .../{in_server => in_dhcp_server}/data3.bin | Bin .../{in_server => in_dhcp_server}/data4.bin | Bin .../{in_server => in_dhcp_server}/data5.bin | Bin .../{in_server => in_dhcp_server}/data6.bin | Bin components/lwip/test_afl_host/in_dns/out0.bin | Bin 0 -> 77 bytes .../lwip/test_afl_host/in_dns/out10.bin | Bin 0 -> 53 bytes .../lwip/test_afl_host/in_dns/out28.bin | Bin 0 -> 53 bytes .../lwip/test_afl_host/in_dns/out29.bin | Bin 0 -> 135 bytes .../lwip/test_afl_host/in_dns/out30.bin | Bin 0 -> 301 bytes .../lwip/test_afl_host/in_dns/out31.bin | Bin 0 -> 113 bytes .../lwip/test_afl_host/in_dns/out32.bin | Bin 0 -> 117 bytes .../lwip/test_afl_host/in_dns/out33.bin | Bin 0 -> 360 bytes .../lwip/test_afl_host/in_dns/out34.bin | Bin 0 -> 57 bytes .../lwip/test_afl_host/in_dns/out35.bin | Bin 0 -> 85 bytes .../lwip/test_afl_host/in_dns/out36.bin | Bin 0 -> 300 bytes .../lwip/test_afl_host/in_dns/out37.bin | Bin 0 -> 312 bytes .../lwip/test_afl_host/in_dns/out38.bin | Bin 0 -> 164 bytes components/lwip/test_afl_host/network_mock.c | 109 +++++++++++++++++- .../{test_client.c => test_dhcp_client.c} | 0 .../{test_server.c => test_dhcp_server.c} | 0 components/lwip/test_afl_host/test_dns.c | 79 +++++++++++++ 35 files changed, 262 insertions(+), 16 deletions(-) create mode 100644 components/lwip/test_afl_host/dns_di.h rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data0.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data1.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data2.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data3.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data4.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data5.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data6.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data7.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data8.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data0.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data1.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data2.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data3.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data4.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data5.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data6.bin (100%) create mode 100644 components/lwip/test_afl_host/in_dns/out0.bin create mode 100644 components/lwip/test_afl_host/in_dns/out10.bin create mode 100644 components/lwip/test_afl_host/in_dns/out28.bin create mode 100644 components/lwip/test_afl_host/in_dns/out29.bin create mode 100644 components/lwip/test_afl_host/in_dns/out30.bin create mode 100644 components/lwip/test_afl_host/in_dns/out31.bin create mode 100644 components/lwip/test_afl_host/in_dns/out32.bin create mode 100644 components/lwip/test_afl_host/in_dns/out33.bin create mode 100644 components/lwip/test_afl_host/in_dns/out34.bin create mode 100644 components/lwip/test_afl_host/in_dns/out35.bin create mode 100644 components/lwip/test_afl_host/in_dns/out36.bin create mode 100644 components/lwip/test_afl_host/in_dns/out37.bin create mode 100644 components/lwip/test_afl_host/in_dns/out38.bin rename components/lwip/test_afl_host/{test_client.c => test_dhcp_client.c} (100%) rename components/lwip/test_afl_host/{test_server.c => test_dhcp_server.c} (100%) create mode 100644 components/lwip/test_afl_host/test_dns.c diff --git a/components/lwip/test_afl_host/Makefile b/components/lwip/test_afl_host/Makefile index a3da02e11e..d20537977d 100644 --- a/components/lwip/test_afl_host/Makefile +++ b/components/lwip/test_afl_host/Makefile @@ -5,14 +5,21 @@ INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/i TEST_NAME=test FUZZ=afl-fuzz LD=$(CC) -ifeq ($(MODE),client) - DHCP_C_DEPENDENCY_INJECTION=-include dhcp_di.h - OBJECTS=dhcp.o network_mock.o test_client.o - SAMPLE_PACKETS=in_client -else - DHCP_C_DEPENDENCY_INJECTION=-include dhcpserver_di.h - OBJECTS=dhcpserver.o test_server.o network_mock.o - SAMPLE_PACKETS=in_server +ifeq ($(MODE),dhcp_client) + DEPENDENCY_INJECTION=-include dhcp_di.h + OBJECTS=dhcp.o network_mock.o test_dhcp_client.o + SAMPLE_PACKETS=in_dhcp_client +else ifeq ($(MODE),dhcp_server) + DEPENDENCY_INJECTION=-include dhcpserver_di.h + OBJECTS=dhcpserver.o test_dhcp_server.o network_mock.o + SAMPLE_PACKETS=in_dhcp_server +else ifeq ($(MODE),dns) + CFLAGS+=-DNOT_MOCK_DNS + DEPENDENCY_INJECTION=-include dns_di.h + OBJECTS=dns.o test_dns.o network_mock.o + SAMPLE_PACKETS=in_dns +else + $(error Please specify MODE: dhcp_server, dhcp_client, dns) endif ifeq ($(INSTR),off) @@ -27,13 +34,17 @@ CFLAGS+=$(INC_DIRS) all: $(TEST_NAME) +dns.o: ../core/dns.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ + dhcp.o: ../core/ipv4/dhcp.c @echo "[CC] $<" - @$(CC) $(CFLAGS) $(DHCP_C_DEPENDENCY_INJECTION) -c $< -o $@ + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ dhcpserver.o: ../apps/dhcpserver.c @echo "[CC] $<" - @$(CC) $(CFLAGS) $(DHCP_C_DEPENDENCY_INJECTION) -c $< -o $@ + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ %.o: %.c @echo "[CC] $<" diff --git a/components/lwip/test_afl_host/dns_di.h b/components/lwip/test_afl_host/dns_di.h new file mode 100644 index 0000000000..4cb0b715cf --- /dev/null +++ b/components/lwip/test_afl_host/dns_di.h @@ -0,0 +1,59 @@ +/* + * dns.c dependecy injection -- preincluded to inject interface test functions into static variables + * + */ +#include "no_warn_host.h" + +#include "lwip/opt.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/memp.h" +#include "lwip/dns.h" +#include "lwip/ip_addr.h" + +#define ipaddr_aton(cp, addr) ip4addr_aton(cp, addr) + +extern uint32_t g_random_numbers[8]; +extern uint32_t g_random_numbers_cnt; + +void __assert_func(const char *file, int line, const char *func, const char *expr) +{ + printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr); + abort(); +} + +int ip4addr_aton(const char *cp, ip4_addr_t *addr) +{ + return 0; +} + +static err_t dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype); +static void dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); + +void (*dns_test_static_dns_recv)(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL; +err_t (*dns_test_static_dns_enqueue)(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) = NULL; + + +void dns_test_init_di() +{ + dns_test_static_dns_recv = dns_recv; + dns_test_static_dns_enqueue = dns_enqueue; +} + +err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) +{ + return dns_test_static_dns_enqueue(name, hostnamelen, found, callback_arg, dns_addrtype); +} + +void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) +{ + dns_test_static_dns_recv(s, pcb, p, addr, port); +} + +void dns_test_inject_port_and_txid(int port, int txid) +{ + // inject random numbers + g_random_numbers[0] = port; //for port + g_random_numbers[1] = txid; //for txid + g_random_numbers_cnt = 0; // let's start with the port +} \ No newline at end of file diff --git a/components/lwip/test_afl_host/in_client/data0.bin b/components/lwip/test_afl_host/in_dhcp_client/data0.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data0.bin rename to components/lwip/test_afl_host/in_dhcp_client/data0.bin diff --git a/components/lwip/test_afl_host/in_client/data1.bin b/components/lwip/test_afl_host/in_dhcp_client/data1.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data1.bin rename to components/lwip/test_afl_host/in_dhcp_client/data1.bin diff --git a/components/lwip/test_afl_host/in_client/data2.bin b/components/lwip/test_afl_host/in_dhcp_client/data2.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data2.bin rename to components/lwip/test_afl_host/in_dhcp_client/data2.bin diff --git a/components/lwip/test_afl_host/in_client/data3.bin b/components/lwip/test_afl_host/in_dhcp_client/data3.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data3.bin rename to components/lwip/test_afl_host/in_dhcp_client/data3.bin diff --git a/components/lwip/test_afl_host/in_client/data4.bin b/components/lwip/test_afl_host/in_dhcp_client/data4.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data4.bin rename to components/lwip/test_afl_host/in_dhcp_client/data4.bin diff --git a/components/lwip/test_afl_host/in_client/data5.bin b/components/lwip/test_afl_host/in_dhcp_client/data5.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data5.bin rename to components/lwip/test_afl_host/in_dhcp_client/data5.bin diff --git a/components/lwip/test_afl_host/in_client/data6.bin b/components/lwip/test_afl_host/in_dhcp_client/data6.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data6.bin rename to components/lwip/test_afl_host/in_dhcp_client/data6.bin diff --git a/components/lwip/test_afl_host/in_client/data7.bin b/components/lwip/test_afl_host/in_dhcp_client/data7.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data7.bin rename to components/lwip/test_afl_host/in_dhcp_client/data7.bin diff --git a/components/lwip/test_afl_host/in_client/data8.bin b/components/lwip/test_afl_host/in_dhcp_client/data8.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data8.bin rename to components/lwip/test_afl_host/in_dhcp_client/data8.bin diff --git a/components/lwip/test_afl_host/in_server/data0.bin b/components/lwip/test_afl_host/in_dhcp_server/data0.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data0.bin rename to components/lwip/test_afl_host/in_dhcp_server/data0.bin diff --git a/components/lwip/test_afl_host/in_server/data1.bin b/components/lwip/test_afl_host/in_dhcp_server/data1.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data1.bin rename to components/lwip/test_afl_host/in_dhcp_server/data1.bin diff --git a/components/lwip/test_afl_host/in_server/data2.bin b/components/lwip/test_afl_host/in_dhcp_server/data2.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data2.bin rename to components/lwip/test_afl_host/in_dhcp_server/data2.bin diff --git a/components/lwip/test_afl_host/in_server/data3.bin b/components/lwip/test_afl_host/in_dhcp_server/data3.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data3.bin rename to components/lwip/test_afl_host/in_dhcp_server/data3.bin diff --git a/components/lwip/test_afl_host/in_server/data4.bin b/components/lwip/test_afl_host/in_dhcp_server/data4.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data4.bin rename to components/lwip/test_afl_host/in_dhcp_server/data4.bin diff --git a/components/lwip/test_afl_host/in_server/data5.bin b/components/lwip/test_afl_host/in_dhcp_server/data5.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data5.bin rename to components/lwip/test_afl_host/in_dhcp_server/data5.bin diff --git a/components/lwip/test_afl_host/in_server/data6.bin b/components/lwip/test_afl_host/in_dhcp_server/data6.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data6.bin rename to components/lwip/test_afl_host/in_dhcp_server/data6.bin diff --git a/components/lwip/test_afl_host/in_dns/out0.bin b/components/lwip/test_afl_host/in_dns/out0.bin new file mode 100644 index 0000000000000000000000000000000000000000..8a68ce66350feb3cb04cd9edc6602d281d7bf717 GIT binary patch literal 77 zcmezNsR!JtvhpIX{ acBmr8oCBf<3_-FC3`{}{ENgCxp9264x)VnL literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out10.bin b/components/lwip/test_afl_host/in_dns/out10.bin new file mode 100644 index 0000000000000000000000000000000000000000..e9f8c73fcbd2a911a8677624f6ba4303c5db1cdf GIT binary patch literal 53 zcmYf9Xl!6$WME`qU|?WN&n(GFOyW!}E+|SZF3wD2O3q^dNgm(`KUn8cY{Tu_u+T%4K4l$^%^l03izA{iK%A{baM$Lmf4 E09D}(D*ylh literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out29.bin b/components/lwip/test_afl_host/in_dns/out29.bin new file mode 100644 index 0000000000000000000000000000000000000000..40dc982a03372303489b1d769cfc07bd671e0233 GIT binary patch literal 135 zcmccA)7Zek$iT|Lz`(#&l9`*To12)NU(A|VP>_?#oSdJ_z`)4Bcz}n2m4T6gfm@P6 ulmo0Pzqo=iojozJASW|7{ebKNBaku%28L@4EP{Vc{-W_~QTb-*{J#L!)*)g5 literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out30.bin b/components/lwip/test_afl_host/in_dns/out30.bin new file mode 100644 index 0000000000000000000000000000000000000000..d7eff8b989a174190e8ad9bd6c238f3e2e844c5e GIT binary patch literal 301 zcmY$dYHVO&WZ+<6VPIe>$jnRUOwLFwDoILBEMd+|En#3_WMDkN10oq1822!+7ztce zN8t+|zl+NMv>$~pe1`#*AFP7P4=F?83q0D0%oi6=b~_-*zyxxE=R*cb_Pk-e>K+=XraA`wR=H&cbWCO&( Swip{(!b~u>V9qZ}X8-_Nia_H4 literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out31.bin b/components/lwip/test_afl_host/in_dns/out31.bin new file mode 100644 index 0000000000000000000000000000000000000000..4ed67b73603ed7761c5e91b2769d420eed8b39f5 GIT binary patch literal 113 zcmb1)Y;0g)WMF1sU|?WNEY8f$FJmjqFDgl`U`a_VN#xAUOfJeV&QB|0PR`F|OUzD8 z$tz~gOD$nwU}RuCz{9}Gz{tSBxR!y9IXyN1fbaoNs7M_H8*@sM=>g#b(IAx!42*RQ KEE>L#egOcADI6;R literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out32.bin b/components/lwip/test_afl_host/in_dns/out32.bin new file mode 100644 index 0000000000000000000000000000000000000000..84afda7a6cf7365e0f473ec885a33e0e0a8baf18 GIT binary patch literal 117 zcmWghX>Dd;WMBYcrko`9_>{b2-QpCM_|lXDMgv9zWS_TaIoH_Z)i8&eh#U%`EdHG5CDV6M*d1Z+?nJEkqqxl3F7+5wi Ma9TAmFlZS70P9g1M*si- literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out33.bin b/components/lwip/test_afl_host/in_dns/out33.bin new file mode 100644 index 0000000000000000000000000000000000000000..dc5b666c7d4bec296dfd366ba6dd4d15e38337d2 GIT binary patch literal 360 zcmYe_(AdDh$iT_K!oa{%l$n>!nUSBIom!b#P{5p*TEf7<$iR4jhk=!Wk%58bD1(tm zaYzz!vO=3 z84L`J9Skf=CsdXo^G(jkZ$aiO9cuf7%+D6@|BcL7dN3;o7h+4G8Z4Gj$~ITOo^Q^0KI{GxOQBqfqyCFYjKFeS!DOv(97rP;`e ggxT_nb&ZToVQP#l55yvw0hYEjHi1c-8Xb@Z06P9tdH?_b literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out34.bin b/components/lwip/test_afl_host/in_dns/out34.bin new file mode 100644 index 0000000000000000000000000000000000000000..55e9f0c3d8c0753d43c8e0a81f9acebb9afd5eea GIT binary patch literal 57 zcmeYiXl!6$WME`qU|`_NO)M!%Ey~R=F5yfqE+|SZF3wD2O3q^dDLB9bA{iK%A{baM I$Lmf40FIRnh5!Hn literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out35.bin b/components/lwip/test_afl_host/in_dns/out35.bin new file mode 100644 index 0000000000000000000000000000000000000000..8d7c652e0abbea48110c41e3d9cb43c432191e02 GIT binary patch literal 85 zcmcbs+t|Rs$iT$Fz`($fSY>WzVq|H`RF=<{Tb!Dlm%^NvTEf7<$iR4jhk=!Wk%56B nmqCyvx!A~vxx65mwag$nCGUXz0TYlC1_pK)29_Deg%4F%WZ+<6VPIfREXZUpPEF5E%`0Kb%x7R=WMDkN10oq17;G6>%%*PgM&X~} zszTvUS#E*CpL(_xg}-aCs!S;)@=N0Q38X6mOCYBec zfY`>&`9zWvtz|@!;Fem5dVyG}Pg_~k% K!JL;`!Tcm|RlKl$OewSWu9Ys+*Em%$%26!oa}Dz<7WM zL^3ci^f9mq{+P^%#$SQPH$vl^q49;$_@-$54m7^d0Z9fX21W*^qZb(@+4G8Z4Nc9B zI1|f@Q}T*+4NRDl^O;Js8ITl-vE>!(8d;db)EJvGC+FuPs}KgMFgLM)sW7rUpoV0C TIM^0LBNLdsp%HU_Q91(va3@J? literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out38.bin b/components/lwip/test_afl_host/in_dns/out38.bin new file mode 100644 index 0000000000000000000000000000000000000000..31bf8c2da53e77c3412444de1050f4ee22c1e5bb GIT binary patch literal 164 zcmZQ-YHVO&WMF1sU|`@aD^AW&N!2YaNJ%V7VS%9jMy*x87CBMA*fW`q^h)yO8 i23bs<9LYKPr74L81qU<^l!Gi{U|_OfV9^NPb`Aiw3oeWR literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/network_mock.c b/components/lwip/test_afl_host/network_mock.c index 9e9ae48299..cf35fdb63d 100644 --- a/components/lwip/test_afl_host/network_mock.c +++ b/components/lwip/test_afl_host/network_mock.c @@ -9,23 +9,84 @@ const ip_addr_t ip_addr_any; const ip_addr_t ip_addr_broadcast; +const ip_addr_t ip_addr_any_type; struct ip_globals ip_data; struct netif *netif_list; +struct udp_pcb mock_pcb; +uint32_t g_random_numbers[8] = {0}; +uint32_t g_random_numbers_cnt = 0; +struct pbuf* pbuf_skip(struct pbuf* in, u16_t in_offset, u16_t* out_offset) +{ + u16_t offset_left = in_offset; + struct pbuf* q = in; + + /* get the correct pbuf */ + while ((q != NULL) && (q->len <= offset_left)) { + offset_left -= q->len; + q = q->next; + } + if (out_offset != NULL) { + *out_offset = offset_left; + } + return q; +} + +void pbuf_put_at(struct pbuf* p, u16_t offset, u8_t data) +{ + u16_t q_idx; + struct pbuf* q = pbuf_skip(p, offset, &q_idx); + + /* write requested data if pbuf is OK */ + if ((q != NULL) && (q->len > q_idx)) { + ((u8_t*)q->payload)[q_idx] = data; + } +} + +u8_t pbuf_get_at(struct pbuf* p, u16_t offset) +{ + u16_t q_idx; + struct pbuf* q = pbuf_skip(p, offset, &q_idx); + + /* return requested data if pbuf is OK */ + if ((q != NULL) && (q->len > q_idx)) { + return ((u8_t*)q->payload)[q_idx]; + } + return 0; +} + +err_t pbuf_take(struct pbuf *buf, const void *dataptr, u16_t len) +{ + return ERR_OK; +} + +err_t pbuf_take_at(struct pbuf *buf, const void *dataptr, u16_t len, u16_t offset) +{ + return ERR_OK; +} + +struct udp_pcb * udp_new_ip_type(u8_t type) +{ + return &mock_pcb; +} + u16_t lwip_htons(u16_t n) { - return 0; + return ((n & 0xff) << 8) | ((n & 0xff00) >> 8); } u32_t lwip_htonl(u32_t n) { - return 0; +return ((n & 0xff) << 24) | + ((n & 0xff00) << 8) | + ((n & 0xff0000UL) >> 8) | + ((n & 0xff000000UL) >> 24); } esp_err_t tcpip_adapter_get_ip_info(tcpip_adapter_if_t tcpip_if, tcpip_adapter_ip_info_t *ip_info) { - return ESP_OK; + return ESP_OK; } struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type) @@ -84,13 +145,16 @@ void udp_disconnect(struct udp_pcb *pcb) { } +#ifndef NOT_MOCK_DNS void dns_setserver(u8_t numdns, const ip_addr_t *dnsserver) { } +#endif uint32_t esp_random(void) { - return 0; + // Preparation for injecting favorable random numbers + return g_random_numbers[g_random_numbers_cnt++ % 8]; } err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q) @@ -100,7 +164,7 @@ err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q u32_t lwip_ntohl(u32_t x) { - return 0; + return lwip_htonl(x); } void netif_set_addr(struct netif *netif, const ip4_addr_t *ipaddr, const ip4_addr_t *netmask, @@ -120,10 +184,43 @@ void pbuf_realloc(struct pbuf *p, u16_t size) } } -u16_t pbuf_copy_partial(struct pbuf *p, void *dataptr, u16_t len, u16_t offset) +u16_t pbuf_copy_partial(struct pbuf *buf, void *dataptr, u16_t len, u16_t offset) { + struct pbuf *p; + u16_t left; + u16_t buf_copy_len; + u16_t copied_total = 0; + + LWIP_ERROR("pbuf_copy_partial: invalid buf", (buf != NULL), return 0;); + LWIP_ERROR("pbuf_copy_partial: invalid dataptr", (dataptr != NULL), return 0;); + + left = 0; + + if ((buf == NULL) || (dataptr == NULL)) { return 0; + } + + /* Note some systems use byte copy if dataptr or one of the pbuf payload pointers are unaligned. */ + for (p = buf; len != 0 && p != NULL; p = p->next) { + if ((offset != 0) && (offset >= p->len)) { + /* don't copy from this buffer -> on to the next */ + offset -= p->len; + } else { + /* copy from this buffer. maybe only partially. */ + buf_copy_len = p->len - offset; + if (buf_copy_len > len) + buf_copy_len = len; + /* copy the necessary parts of the buffer */ + MEMCPY(&((char*)dataptr)[left], &((char*)p->payload)[offset], buf_copy_len); + copied_total += buf_copy_len; + left += buf_copy_len; + len -= buf_copy_len; + offset = 0; + } + } + return copied_total; } + err_t udp_connect(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port) { return ESP_OK; diff --git a/components/lwip/test_afl_host/test_client.c b/components/lwip/test_afl_host/test_dhcp_client.c similarity index 100% rename from components/lwip/test_afl_host/test_client.c rename to components/lwip/test_afl_host/test_dhcp_client.c diff --git a/components/lwip/test_afl_host/test_server.c b/components/lwip/test_afl_host/test_dhcp_server.c similarity index 100% rename from components/lwip/test_afl_host/test_server.c rename to components/lwip/test_afl_host/test_dhcp_server.c diff --git a/components/lwip/test_afl_host/test_dns.c b/components/lwip/test_afl_host/test_dns.c new file mode 100644 index 0000000000..131a8b3ed7 --- /dev/null +++ b/components/lwip/test_afl_host/test_dns.c @@ -0,0 +1,79 @@ +#include "no_warn_host.h" + +#include "lwip/opt.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/memp.h" +#include "lwip/dns.h" +#include "lwip/ip_addr.h" + +#include + +const ip_addr_t ip_addr_any; +const ip_addr_t ip_addr_broadcast; +struct ip_globals ip_data; +struct netif *netif_list; +struct netif mynetif; +ip4_addr_t server_ip; + +// +// Dependency injected test functions +void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); +void dns_test_inject_port_and_txid(int port, int txid); + +void dns_test_init_di(); +err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype); + +// +// Test starts here +// +int main(int argc, char** argv) +{ + uint8_t *buf; + struct pbuf *p; + FILE *file; + size_t len = 1460; + + dns_test_init_di(); + +#ifdef INSTR_IS_OFF + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + if (argc != 2) + { + printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n"); + return 1; + } + // + // Note: parameter1 is a file (mangled packet) which caused the crash + file = fopen(argv[1], "r"); + if (file) { + len = fread(buf, 1, 1460, file); + } + fclose(file); + int i; + for (i=0; i<1; i++) { +#else + while (__AFL_LOOP(1000)) { + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + size_t len = read(0, buf, 1460); +#endif + p->len = len; + p->tot_len = len; + p->next = NULL; + + // Pretend that the response is from our pending querries + dns_test_inject_port_and_txid(1024, (buf[0]<<8) + buf[1]); + dns_test_dns_enqueue("test", 4, NULL, NULL, 0); + + // Process the packet + dns_test_dns_recv(NULL, NULL, p, &ip_addr_any, 0); + } + + + + return 0; +}