From ec03fec3d3c33ec07d6dbffe7b4b7d823ed7dba3 Mon Sep 17 00:00:00 2001 From: David Cermak Date: Tue, 1 Feb 2022 09:56:32 +0100 Subject: [PATCH] mdns: Update fuzzer test (add delegation, check memory) * Add new config with no services * Add new test packets and more queries * Allocate packet to check for mem issues * Original commit: espressif/esp-idf@2c1007156e01b4707b5c89d73cad05c0eef0264f --- components/mdns/test_afl_fuzz_host/Makefile | 4 + .../mdns/test_afl_fuzz_host/in/file2.bin | Bin 0 -> 33 bytes .../test_afl_fuzz_host/in/minif_4a_txt.bin | Bin 0 -> 39 bytes .../mdns/test_afl_fuzz_host/in/minif_aaaa.bin | Bin 0 -> 33 bytes .../mdns/test_afl_fuzz_host/in/minif_any.bin | Bin 0 -> 109 bytes .../mdns/test_afl_fuzz_host/in/minif_disc.bin | Bin 0 -> 65 bytes .../mdns/test_afl_fuzz_host/in/minif_ptr.bin | Bin 0 -> 36 bytes .../test_afl_fuzz_host/in/minif_query.bin | Bin 0 -> 77 bytes .../test_afl_fuzz_host/in/minif_query2.bin | Bin 0 -> 64 bytes .../test_afl_fuzz_host/in/sub_fritz_m.bin | Bin 0 -> 72 bytes .../mdns/test_afl_fuzz_host/in/telnet_ptr.bin | Bin 0 -> 72 bytes components/mdns/test_afl_fuzz_host/test.c | 86 ++++++++++++++---- 12 files changed, 72 insertions(+), 18 deletions(-) create mode 100644 components/mdns/test_afl_fuzz_host/in/file2.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_4a_txt.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_aaaa.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_any.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_disc.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_ptr.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_query.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/minif_query2.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/sub_fritz_m.bin create mode 100644 components/mdns/test_afl_fuzz_host/in/telnet_ptr.bin diff --git a/components/mdns/test_afl_fuzz_host/Makefile b/components/mdns/test_afl_fuzz_host/Makefile index 096e122e6..b700bf4f5 100644 --- a/components/mdns/test_afl_fuzz_host/Makefile +++ b/components/mdns/test_afl_fuzz_host/Makefile @@ -40,6 +40,10 @@ CFLAGS=-g -Wno-unused-value -Wno-missing-declarations -Wno-pointer-bool-conversi MDNS_C_DEPENDENCY_INJECTION=-include mdns_di.h +ifeq ($(MDNS_NO_SERVICES),on) + CFLAGS+=-DMDNS_NO_SERVICES +endif + ifeq ($(INSTR),off) CC=gcc CFLAGS+=-DINSTR_IS_OFF diff --git a/components/mdns/test_afl_fuzz_host/in/file2.bin b/components/mdns/test_afl_fuzz_host/in/file2.bin new file mode 100644 index 0000000000000000000000000000000000000000..a7ce859cc0fdf7cef7985d51d480e03cef0bde7e GIT binary patch literal 33 jcmZPo0Y(tPz`&WCnU|SXlvz^6nvx`oc!d(90rE}4U7mCNP-9S kKvD;I7!(;885kHU7&t&?GB6&{JD|tF2o+;Fu!1WK02L@3p8x;= literal 0 HcmV?d00001 diff --git a/components/mdns/test_afl_fuzz_host/in/minif_disc.bin b/components/mdns/test_afl_fuzz_host/in/minif_disc.bin new file mode 100644 index 0000000000000000000000000000000000000000..5f3ba62e20a974fdc95cd51411cc49361e1550b0 GIT binary patch literal 65 zcmZPo0VWW^z`z+_oLW?tnVee89-op|tXrJI5?`89z?zevoS4JFz{9}E9$%80lb2e; N5?_*Ba6lO(1OU#z57Phu literal 0 HcmV?d00001 diff --git a/components/mdns/test_afl_fuzz_host/in/minif_ptr.bin b/components/mdns/test_afl_fuzz_host/in/minif_ptr.bin new file mode 100644 index 0000000000000000000000000000000000000000..67da5edb0797228e7302300904cc6dadbbcaecbc GIT binary patch literal 36 mcmZPo0Y(tPz`!0~lA4p3TEY@vl3c)=lb@WJ!@$79zz6_hPX@aH literal 0 HcmV?d00001 diff --git a/components/mdns/test_afl_fuzz_host/in/minif_query.bin b/components/mdns/test_afl_fuzz_host/in/minif_query.bin new file mode 100644 index 0000000000000000000000000000000000000000..d21c0d29e1ad0557810e6de355c3a5827bdf3f26 GIT binary patch literal 77 zcmZPo0Y(tPz{nn7oLW?tTEr4xT$;odpH`GvQpFNql3c)=lb@WJ!@$79z{tR$$-01n cL2wF#5CaPXAA{AJdmapeN_SSW%>3L00B#ZzbpQYW literal 0 HcmV?d00001 diff --git a/components/mdns/test_afl_fuzz_host/in/minif_query2.bin b/components/mdns/test_afl_fuzz_host/in/minif_query2.bin new file mode 100644 index 0000000000000000000000000000000000000000..986118d3c549d01a85a461eca8d73c834f174868 GIT binary patch literal 64 zcmZPo0Y(tPz{nP#R+L#%#S&kVT)>)>pPZP(z`)bM$iSe>Vi5l#RA literal 0 HcmV?d00001 diff --git a/components/mdns/test_afl_fuzz_host/in/telnet_ptr.bin b/components/mdns/test_afl_fuzz_host/in/telnet_ptr.bin new file mode 100644 index 0000000000000000000000000000000000000000..1cd8e85d8021f55039566cdd619235aeb952ffa6 GIT binary patch literal 72 zcmZQzXklPrU|<9hobkn}MP-@Esm1K^DS5@Z#VIWDr6~ohIr+(nISdRuAXS1>7)03P QOHy<4QcGCkOOj!-08+maF8}}l literal 0 HcmV?d00001 diff --git a/components/mdns/test_afl_fuzz_host/test.c b/components/mdns/test_afl_fuzz_host/test.c index e7fe0b20e..b48d904e3 100644 --- a/components/mdns/test_afl_fuzz_host/test.c +++ b/components/mdns/test_afl_fuzz_host/test.c @@ -1,16 +1,8 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include @@ -36,11 +28,14 @@ mdns_search_once_t * mdns_test_search_init(const char * name, const char * servi esp_err_t mdns_test_send_search_action(mdns_action_type_t type, mdns_search_once_t * search); void mdns_test_search_free(mdns_search_once_t * search); void mdns_test_init_di(void); +extern mdns_server_t * _mdns_server; // // mdns function wrappers for mdns setup in test mode static int mdns_test_hostname_set(const char * mdns_hostname) { + _mdns_server->interfaces[MDNS_IF_STA].pcbs[MDNS_IP_PROTOCOL_V4].state = PCB_RUNNING; // mark the PCB running to exercise mdns in fully operational mode + _mdns_server->interfaces[MDNS_IF_STA].pcbs[MDNS_IP_PROTOCOL_V6].state = PCB_RUNNING; int ret = mdns_hostname_set(mdns_hostname); mdns_action_t * a = NULL; GetLastItem(&a); @@ -48,6 +43,18 @@ static int mdns_test_hostname_set(const char * mdns_hostname) return ret; } +static int mdns_test_add_delegated_host(const char * mdns_hostname) +{ + mdns_ip_addr_t addr = { .addr = { .u_addr = ESP_IPADDR_TYPE_V4 } }; + addr.addr.u_addr.ip4.addr = 0x11111111; + int ret = mdns_delegate_hostname_add(mdns_hostname, &addr); + mdns_action_t * a = NULL; + GetLastItem(&a); + mdns_test_execute_action(a); + return ret; +} + + static int mdns_test_service_instance_name_set(const char * service, const char * proto, const char * instance) { int ret = mdns_service_instance_name_set(service, proto, instance); @@ -66,6 +73,25 @@ static int mdns_test_service_txt_set(const char * service, const char * proto, return ret; } +static int mdns_test_sub_service_add(const char * sub_name, const char * service_name, const char * proto, uint32_t port) +{ + if (mdns_service_add(NULL, service_name, proto, port, NULL, 0)) { + // This is expected failure as the service thread is not running + } + mdns_action_t * a = NULL; + GetLastItem(&a); + mdns_test_execute_action(a); + + if (mdns_test_mdns_get_service_item(service_name, proto)==NULL) { + return ESP_FAIL; + } + int ret = mdns_service_subtype_add_for_host(NULL, service_name, proto, NULL, sub_name); + a = NULL; + GetLastItem(&a); + mdns_test_execute_action(a); + return ret; +} + static int mdns_test_service_add(const char * service_name, const char * proto, uint32_t port) { if (mdns_service_add(NULL, service_name, proto, port, NULL, 0)) { @@ -81,9 +107,9 @@ static int mdns_test_service_add(const char * service_name, const char * proto, return ESP_OK; } -static mdns_result_t* mdns_test_query(const char * service_name, const char * proto) +static mdns_result_t* mdns_test_query(const char * name, const char * service, const char * proto, uint16_t type) { - search = mdns_test_search_init(NULL, service_name, proto, MDNS_TYPE_PTR, 3000, 20); + search = mdns_test_search_init(name, service, proto, type, 3000, 20); if (!search) { abort(); } @@ -142,6 +168,20 @@ int main(int argc, char** argv) abort(); } + if (mdns_test_add_delegated_host(mdns_hostname) || mdns_test_add_delegated_host("megafritz")) { + abort(); + } + +#ifndef MDNS_NO_SERVICES + + if (mdns_test_sub_service_add("_server", "_fritz", "_tcp", 22)) { + abort(); + } + + if (mdns_test_service_add("_telnet", "_tcp", 22)) { + abort(); + } + if (mdns_test_service_add("_workstation", "_tcp", 9)) { abort(); } @@ -186,7 +226,7 @@ int main(int argc, char** argv) { abort(); } - +#endif mdns_result_t * results = NULL; FILE *file; size_t nread; @@ -216,12 +256,22 @@ int main(int argc, char** argv) memset(buf, 0, 1460); size_t len = read(0, buf, 1460); #endif - mypbuf.payload = buf; + mypbuf.payload = malloc(len); + memcpy(mypbuf.payload, buf, len); mypbuf.len = len; g_packet.pb = &mypbuf; - mdns_test_query("_afpovertcp", "_tcp"); + mdns_test_query("minifritz", "_fritz", "_tcp", MDNS_TYPE_ANY); + mdns_test_query(NULL, "_fritz", "_tcp", MDNS_TYPE_PTR); + mdns_test_query(NULL, "_afpovertcp", "_tcp", MDNS_TYPE_PTR); mdns_parse_packet(&g_packet); + free(mypbuf.payload); } +#ifndef MDNS_NO_SERVICES + mdns_service_remove_all(); + mdns_action_t *a = NULL; + GetLastItem(&a); + mdns_test_execute_action(a); +#endif ForceTaskDelete(); mdns_free(); return 0;