diff --git a/components/lwip/test_afl_host/Makefile b/components/lwip/test_afl_host/Makefile new file mode 100644 index 0000000000..d20537977d --- /dev/null +++ b/components/lwip/test_afl_host/Makefile @@ -0,0 +1,58 @@ +COMPONENTS_DIR=../.. +CFLAGS=-std=gnu99 -Og -ggdb -ffunction-sections -fdata-sections -nostdlib -Wall -Werror=all -Wno-int-to-pointer-cast -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wextra \ +-Wno-unused-parameter -Wno-sign-compare -Wno-address -Wno-unused-variable -DESP_PLATFORM -D IDF_VER=\"v3.1\" -MMD -MP -DWITH_POSIX +INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/include/lwip/port -I $(COMPONENTS_DIR)/lwip/include/lwip/posix -I $(COMPONENTS_DIR)/lwip/apps/ping -I $(COMPONENTS_DIR)/app_trace/include -I $(COMPONENTS_DIR)/app_update/include -I $(COMPONENTS_DIR)/bootloader_support/include -I $(COMPONENTS_DIR)/bt/include -I $(COMPONENTS_DIR)/coap/port/include -I $(COMPONENTS_DIR)/coap/port/include/coap -I $(COMPONENTS_DIR)/coap/libcoap/include -I \ $(COMPONENTS_DIR)/coap/libcoap/include/coap -I $(COMPONENTS_DIR)/console -I $(COMPONENTS_DIR)/cxx/include -I $(COMPONENTS_DIR)/driver/include -I $(COMPONENTS_DIR)/esp-tls -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/esp_adc_cal/include -I $(COMPONENTS_DIR)/ethernet/include -I $(COMPONENTS_DIR)/expat/port/include -I $(COMPONENTS_DIR)/expat/include/expat -I $(COMPONENTS_DIR)/fatfs/src -I $(COMPONENTS_DIR)/freertos/include -I $(COMPONENTS_DIR)/heap/include -I \ $(COMPONENTS_DIR)/idf_test/include -I $(COMPONENTS_DIR)/jsmn/include -I $(COMPONENTS_DIR)/json/cJSON -I $(COMPONENTS_DIR)/libsodium/libsodium/src/libsodium/include -I $(COMPONENTS_DIR)/libsodium/port_include -I $(COMPONENTS_DIR)/log/include -I /home/david/esp/esp-idf/examples/wifi/simple_wifi/main/include -I $(COMPONENTS_DIR)/mbedtls/port/include -I $(COMPONENTS_DIR)/mbedtls/include -I $(COMPONENTS_DIR)/mdns/include -I $(COMPONENTS_DIR)/micro-ecc/micro-ecc -I \ $(COMPONENTS_DIR)/newlib/platform_include -I $(COMPONENTS_DIR)/newlib/include -I $(COMPONENTS_DIR)/nghttp/port/include -I $(COMPONENTS_DIR)/nghttp/nghttp2/lib/includes -I $(COMPONENTS_DIR)/nvs_flash/include -I $(COMPONENTS_DIR)/openssl/include -I $(COMPONENTS_DIR)/pthread/include -I $(COMPONENTS_DIR)/sdmmc/include -I $(COMPONENTS_DIR)/smartconfig/include -I $(COMPONENTS_DIR)/soc/esp32/include -I $(COMPONENTS_DIR)/soc/include -I $(COMPONENTS_DIR)/spi_flash/include -I \ $(COMPONENTS_DIR)/spiffs/include -I $(COMPONENTS_DIR)/tcpip_adapter/include -I $(COMPONENTS_DIR)/ulp/include -I $(COMPONENTS_DIR)/vfs/include -I $(COMPONENTS_DIR)/wear_levelling/include -I $(COMPONENTS_DIR)/wpa_supplicant/include -I $(COMPONENTS_DIR)/wpa_supplicant/port/include -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/xtensa-debug-module/include +TEST_NAME=test +FUZZ=afl-fuzz +LD=$(CC) +ifeq ($(MODE),dhcp_client) + DEPENDENCY_INJECTION=-include dhcp_di.h + OBJECTS=dhcp.o network_mock.o test_dhcp_client.o + SAMPLE_PACKETS=in_dhcp_client +else ifeq ($(MODE),dhcp_server) + DEPENDENCY_INJECTION=-include dhcpserver_di.h + OBJECTS=dhcpserver.o test_dhcp_server.o network_mock.o + SAMPLE_PACKETS=in_dhcp_server +else ifeq ($(MODE),dns) + CFLAGS+=-DNOT_MOCK_DNS + DEPENDENCY_INJECTION=-include dns_di.h + OBJECTS=dns.o test_dns.o network_mock.o + SAMPLE_PACKETS=in_dns +else + $(error Please specify MODE: dhcp_server, dhcp_client, dns) +endif + +ifeq ($(INSTR),off) + CC=gcc + CFLAGS+=-DINSTR_IS_OFF + TEST_NAME=test_sim +else + CC=afl-clang-fast +endif + +CFLAGS+=$(INC_DIRS) + +all: $(TEST_NAME) + +dns.o: ../core/dns.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ + +dhcp.o: ../core/ipv4/dhcp.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ + +dhcpserver.o: ../apps/dhcpserver.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ + +%.o: %.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) -c $< -o $@ + +$(TEST_NAME): $(OBJECTS) + @echo "[LD] $@" + @$(LD) $(OBJECTS) -o $@ $(LDLIBS) + +fuzz: $(TEST_NAME) + @$(FUZZ) -t 500 -i "$(SAMPLE_PACKETS)" -o "out" -- ./$(TEST_NAME) diff --git a/components/lwip/test_afl_host/dhcp_di.h b/components/lwip/test_afl_host/dhcp_di.h new file mode 100644 index 0000000000..5e7d9606f6 --- /dev/null +++ b/components/lwip/test_afl_host/dhcp_di.h @@ -0,0 +1,32 @@ +#include "no_warn_host.h" +#include "lwip/opt.h" +#include "lwip/stats.h" +#include "lwip/mem.h" +#include "lwip/udp.h" +#include "lwip/ip_addr.h" +#include "lwip/netif.h" +#include "lwip/def.h" +#include "lwip/dhcp.h" +#include "lwip/autoip.h" +#include "lwip/dns.h" +#include "netif/etharp.h" + +void __assert_func(const char *file, int line, const char *func, const char *expr) +{ + printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr); + abort(); +} + +static void dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); + +void (*dhcp_test_static_dhcp_recv)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL; + +void dhcp_test_init_di() +{ + dhcp_test_static_dhcp_recv = dhcp_recv; +} + +void dhcp_test_dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) +{ + dhcp_test_static_dhcp_recv(arg, pcb, p, addr, port); +} diff --git a/components/lwip/test_afl_host/dhcpserver_di.h b/components/lwip/test_afl_host/dhcpserver_di.h new file mode 100644 index 0000000000..4b38aa5a48 --- /dev/null +++ b/components/lwip/test_afl_host/dhcpserver_di.h @@ -0,0 +1,22 @@ +/* + * dhcpserver dependecy injection -- preincluded to inject interface test functions into static variables + * + */ +#include "no_warn_host.h" +#include "lwip/pbuf.h" +#include "lwip/udp.h" +#include "tcpip_adapter.h" + +static void handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); + +void (*dhcp_test_static_handle_hdcp)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL; + +void dhcp_test_init_di() +{ + dhcp_test_static_handle_hdcp = handle_dhcp; +} + +void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) +{ + dhcp_test_static_handle_hdcp(arg, pcb, p, addr, port); +} diff --git a/components/lwip/test_afl_host/dns_di.h b/components/lwip/test_afl_host/dns_di.h new file mode 100644 index 0000000000..4cb0b715cf --- /dev/null +++ b/components/lwip/test_afl_host/dns_di.h @@ -0,0 +1,59 @@ +/* + * dns.c dependecy injection -- preincluded to inject interface test functions into static variables + * + */ +#include "no_warn_host.h" + +#include "lwip/opt.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/memp.h" +#include "lwip/dns.h" +#include "lwip/ip_addr.h" + +#define ipaddr_aton(cp, addr) ip4addr_aton(cp, addr) + +extern uint32_t g_random_numbers[8]; +extern uint32_t g_random_numbers_cnt; + +void __assert_func(const char *file, int line, const char *func, const char *expr) +{ + printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr); + abort(); +} + +int ip4addr_aton(const char *cp, ip4_addr_t *addr) +{ + return 0; +} + +static err_t dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype); +static void dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); + +void (*dns_test_static_dns_recv)(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL; +err_t (*dns_test_static_dns_enqueue)(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) = NULL; + + +void dns_test_init_di() +{ + dns_test_static_dns_recv = dns_recv; + dns_test_static_dns_enqueue = dns_enqueue; +} + +err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) +{ + return dns_test_static_dns_enqueue(name, hostnamelen, found, callback_arg, dns_addrtype); +} + +void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) +{ + dns_test_static_dns_recv(s, pcb, p, addr, port); +} + +void dns_test_inject_port_and_txid(int port, int txid) +{ + // inject random numbers + g_random_numbers[0] = port; //for port + g_random_numbers[1] = txid; //for txid + g_random_numbers_cnt = 0; // let's start with the port +} \ No newline at end of file diff --git a/components/lwip/test_afl_host/in_dhcp_client/data0.bin b/components/lwip/test_afl_host/in_dhcp_client/data0.bin new file mode 100644 index 0000000000..afd14b5305 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data0.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data1.bin b/components/lwip/test_afl_host/in_dhcp_client/data1.bin new file mode 100644 index 0000000000..4f92add08e Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data1.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data2.bin b/components/lwip/test_afl_host/in_dhcp_client/data2.bin new file mode 100644 index 0000000000..f8891fb784 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data2.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data3.bin b/components/lwip/test_afl_host/in_dhcp_client/data3.bin new file mode 100644 index 0000000000..d97ab4eda8 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data3.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data4.bin b/components/lwip/test_afl_host/in_dhcp_client/data4.bin new file mode 100644 index 0000000000..e56a6833d2 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data4.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data5.bin b/components/lwip/test_afl_host/in_dhcp_client/data5.bin new file mode 100644 index 0000000000..a007ed8395 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data5.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data6.bin b/components/lwip/test_afl_host/in_dhcp_client/data6.bin new file mode 100644 index 0000000000..65695216c9 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data6.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data7.bin b/components/lwip/test_afl_host/in_dhcp_client/data7.bin new file mode 100644 index 0000000000..6e26d917cc Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data7.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_client/data8.bin b/components/lwip/test_afl_host/in_dhcp_client/data8.bin new file mode 100644 index 0000000000..7f52ba28e2 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_client/data8.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data0.bin b/components/lwip/test_afl_host/in_dhcp_server/data0.bin new file mode 100644 index 0000000000..2875ab855f Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data0.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data1.bin b/components/lwip/test_afl_host/in_dhcp_server/data1.bin new file mode 100644 index 0000000000..17c8877f8f Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data1.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data2.bin b/components/lwip/test_afl_host/in_dhcp_server/data2.bin new file mode 100644 index 0000000000..b1c32b9bde Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data2.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data3.bin b/components/lwip/test_afl_host/in_dhcp_server/data3.bin new file mode 100644 index 0000000000..6c6a7ae2d9 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data3.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data4.bin b/components/lwip/test_afl_host/in_dhcp_server/data4.bin new file mode 100644 index 0000000000..6d10ed9bd7 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data4.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data5.bin b/components/lwip/test_afl_host/in_dhcp_server/data5.bin new file mode 100644 index 0000000000..51f77595fb Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data5.bin differ diff --git a/components/lwip/test_afl_host/in_dhcp_server/data6.bin b/components/lwip/test_afl_host/in_dhcp_server/data6.bin new file mode 100644 index 0000000000..636fb41014 Binary files /dev/null and b/components/lwip/test_afl_host/in_dhcp_server/data6.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out0.bin b/components/lwip/test_afl_host/in_dns/out0.bin new file mode 100644 index 0000000000..8a68ce6635 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out0.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out10.bin b/components/lwip/test_afl_host/in_dns/out10.bin new file mode 100644 index 0000000000..e9f8c73fcb Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out10.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out28.bin b/components/lwip/test_afl_host/in_dns/out28.bin new file mode 100644 index 0000000000..92ed4c510b Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out28.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out29.bin b/components/lwip/test_afl_host/in_dns/out29.bin new file mode 100644 index 0000000000..40dc982a03 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out29.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out30.bin b/components/lwip/test_afl_host/in_dns/out30.bin new file mode 100644 index 0000000000..d7eff8b989 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out30.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out31.bin b/components/lwip/test_afl_host/in_dns/out31.bin new file mode 100644 index 0000000000..4ed67b7360 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out31.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out32.bin b/components/lwip/test_afl_host/in_dns/out32.bin new file mode 100644 index 0000000000..84afda7a6c Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out32.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out33.bin b/components/lwip/test_afl_host/in_dns/out33.bin new file mode 100644 index 0000000000..dc5b666c7d Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out33.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out34.bin b/components/lwip/test_afl_host/in_dns/out34.bin new file mode 100644 index 0000000000..55e9f0c3d8 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out34.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out35.bin b/components/lwip/test_afl_host/in_dns/out35.bin new file mode 100644 index 0000000000..8d7c652e0a Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out35.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out36.bin b/components/lwip/test_afl_host/in_dns/out36.bin new file mode 100644 index 0000000000..0b6580fb58 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out36.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out37.bin b/components/lwip/test_afl_host/in_dns/out37.bin new file mode 100644 index 0000000000..9c06a7b292 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out37.bin differ diff --git a/components/lwip/test_afl_host/in_dns/out38.bin b/components/lwip/test_afl_host/in_dns/out38.bin new file mode 100644 index 0000000000..31bf8c2da5 Binary files /dev/null and b/components/lwip/test_afl_host/in_dns/out38.bin differ diff --git a/components/lwip/test_afl_host/network_mock.c b/components/lwip/test_afl_host/network_mock.c new file mode 100644 index 0000000000..cf35fdb63d --- /dev/null +++ b/components/lwip/test_afl_host/network_mock.c @@ -0,0 +1,237 @@ +#include "no_warn_host.h" +#include "lwip/opt.h" +#include "lwip/def.h" +#include "lwip/pbuf.h" +#include "lwip/udp.h" +#include "tcpip_adapter.h" +#include +#include + +const ip_addr_t ip_addr_any; +const ip_addr_t ip_addr_broadcast; +const ip_addr_t ip_addr_any_type; +struct ip_globals ip_data; +struct netif *netif_list; +struct udp_pcb mock_pcb; +uint32_t g_random_numbers[8] = {0}; +uint32_t g_random_numbers_cnt = 0; + + +struct pbuf* pbuf_skip(struct pbuf* in, u16_t in_offset, u16_t* out_offset) +{ + u16_t offset_left = in_offset; + struct pbuf* q = in; + + /* get the correct pbuf */ + while ((q != NULL) && (q->len <= offset_left)) { + offset_left -= q->len; + q = q->next; + } + if (out_offset != NULL) { + *out_offset = offset_left; + } + return q; +} + +void pbuf_put_at(struct pbuf* p, u16_t offset, u8_t data) +{ + u16_t q_idx; + struct pbuf* q = pbuf_skip(p, offset, &q_idx); + + /* write requested data if pbuf is OK */ + if ((q != NULL) && (q->len > q_idx)) { + ((u8_t*)q->payload)[q_idx] = data; + } +} + +u8_t pbuf_get_at(struct pbuf* p, u16_t offset) +{ + u16_t q_idx; + struct pbuf* q = pbuf_skip(p, offset, &q_idx); + + /* return requested data if pbuf is OK */ + if ((q != NULL) && (q->len > q_idx)) { + return ((u8_t*)q->payload)[q_idx]; + } + return 0; +} + +err_t pbuf_take(struct pbuf *buf, const void *dataptr, u16_t len) +{ + return ERR_OK; +} + +err_t pbuf_take_at(struct pbuf *buf, const void *dataptr, u16_t len, u16_t offset) +{ + return ERR_OK; +} + +struct udp_pcb * udp_new_ip_type(u8_t type) +{ + return &mock_pcb; +} + +u16_t lwip_htons(u16_t n) +{ + return ((n & 0xff) << 8) | ((n & 0xff00) >> 8); +} + +u32_t lwip_htonl(u32_t n) +{ +return ((n & 0xff) << 24) | + ((n & 0xff00) << 8) | + ((n & 0xff0000UL) >> 8) | + ((n & 0xff000000UL) >> 24); +} + +esp_err_t tcpip_adapter_get_ip_info(tcpip_adapter_if_t tcpip_if, tcpip_adapter_ip_info_t *ip_info) +{ + return ESP_OK; +} + +struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type) +{ + struct pbuf * p; + p = (struct pbuf *)malloc(MEMP_PBUF_POOL); + p->tot_len = length; + p->next = NULL; + p->type = PBUF_POOL; + p->len = length; + p->payload = malloc(length); + return p; +} + +u8_t pbuf_free(struct pbuf *p) +{ + if (p) { + if (p->payload) { + free(p->payload); + p->payload = NULL; + } + free (p); + p = NULL; + } + return 1; +} + +err_t udp_sendto(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port) +{ + return ESP_OK; +} + +void udp_remove(struct udp_pcb *pcb) +{ + if (pcb == NULL) + { + free(pcb); + } +} + +struct udp_pcb *udp_new(void) +{ + return malloc(sizeof(struct udp_pcb)); +} + +err_t udp_bind(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port) +{ + return ESP_OK; +} + +void udp_recv(struct udp_pcb *pcb, udp_recv_fn recv, void *recv_arg) +{ +} + +void udp_disconnect(struct udp_pcb *pcb) +{ +} + +#ifndef NOT_MOCK_DNS +void dns_setserver(u8_t numdns, const ip_addr_t *dnsserver) +{ +} +#endif + +uint32_t esp_random(void) +{ + // Preparation for injecting favorable random numbers + return g_random_numbers[g_random_numbers_cnt++ % 8]; +} + +err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q) +{ + return ESP_OK; +} + +u32_t lwip_ntohl(u32_t x) +{ + return lwip_htonl(x); +} + +void netif_set_addr(struct netif *netif, const ip4_addr_t *ipaddr, const ip4_addr_t *netmask, + const ip4_addr_t *gw) +{ +} + +void pbuf_realloc(struct pbuf *p, u16_t size) +{ + if (p != NULL) + { + uint8_t *buf = malloc(size); + free(p->payload); + p->payload = buf; + p->len = size; + p->tot_len = size; + } +} + +u16_t pbuf_copy_partial(struct pbuf *buf, void *dataptr, u16_t len, u16_t offset) +{ + struct pbuf *p; + u16_t left; + u16_t buf_copy_len; + u16_t copied_total = 0; + + LWIP_ERROR("pbuf_copy_partial: invalid buf", (buf != NULL), return 0;); + LWIP_ERROR("pbuf_copy_partial: invalid dataptr", (dataptr != NULL), return 0;); + + left = 0; + + if ((buf == NULL) || (dataptr == NULL)) { + return 0; + } + + /* Note some systems use byte copy if dataptr or one of the pbuf payload pointers are unaligned. */ + for (p = buf; len != 0 && p != NULL; p = p->next) { + if ((offset != 0) && (offset >= p->len)) { + /* don't copy from this buffer -> on to the next */ + offset -= p->len; + } else { + /* copy from this buffer. maybe only partially. */ + buf_copy_len = p->len - offset; + if (buf_copy_len > len) + buf_copy_len = len; + /* copy the necessary parts of the buffer */ + MEMCPY(&((char*)dataptr)[left], &((char*)p->payload)[offset], buf_copy_len); + copied_total += buf_copy_len; + left += buf_copy_len; + len -= buf_copy_len; + offset = 0; + } + } + return copied_total; +} + +err_t udp_connect(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port) +{ + return ESP_OK; +} + +err_t udp_sendto_if(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif) +{ + return ESP_OK; +} + +err_t udp_sendto_if_src(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif, const ip_addr_t *src_ip) +{ + return ESP_OK; +} \ No newline at end of file diff --git a/components/lwip/test_afl_host/no_warn_host.h b/components/lwip/test_afl_host/no_warn_host.h new file mode 100644 index 0000000000..37ab01ebec --- /dev/null +++ b/components/lwip/test_afl_host/no_warn_host.h @@ -0,0 +1,5 @@ +// Note: these undefs and defines are used to suppress warnings and errors when compiling esp32 idf on host gcc/clang +#undef __nonnull +#define __warning__ deprecated +#define IRAM_ATTR +#define __ESP_ATTR_H__ diff --git a/components/lwip/test_afl_host/sdkconfig.h b/components/lwip/test_afl_host/sdkconfig.h new file mode 100644 index 0000000000..6f14a269a1 --- /dev/null +++ b/components/lwip/test_afl_host/sdkconfig.h @@ -0,0 +1,220 @@ +/* + * + * Automatically generated file; DO NOT EDIT. + * Espressif IoT Development Framework Configuration + * + */ +#define CONFIG_ESP32_PHY_MAX_TX_POWER 20 +#define CONFIG_TRACEMEM_RESERVE_DRAM 0x0 +#define CONFIG_FREERTOS_MAX_TASK_NAME_LEN 16 +#define CONFIG_FATFS_LFN_NONE 1 +#define CONFIG_TCP_RECVMBOX_SIZE 6 +#define CONFIG_FATFS_CODEPAGE_437 1 +#define CONFIG_LWIP_ETHARP_TRUST_IP_MAC 1 +#define CONFIG_TCP_WND_DEFAULT 5744 +#define CONFIG_SPIFFS_USE_MAGIC_LENGTH 1 +#define CONFIG_IPC_TASK_STACK_SIZE 1024 +#define CONFIG_FATFS_PER_FILE_CACHE 1 +#define CONFIG_ESPTOOLPY_FLASHFREQ "40m" +#define CONFIG_MBEDTLS_KEY_EXCHANGE_RSA 1 +#define CONFIG_UDP_RECVMBOX_SIZE 6 +#define CONFIG_FREERTOS_QUEUE_REGISTRY_SIZE 0 +#define CONFIG_MBEDTLS_AES_C 1 +#define CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED 1 +#define CONFIG_MBEDTLS_GCM_C 1 +#define CONFIG_ESPTOOLPY_FLASHSIZE "2MB" +#define CONFIG_HEAP_POISONING_DISABLED 1 +#define CONFIG_SPIFFS_CACHE_WR 1 +#define CONFIG_BROWNOUT_DET_LVL_SEL_0 1 +#define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER 1 +#define CONFIG_SPIFFS_CACHE 1 +#define CONFIG_INT_WDT 1 +#define CONFIG_MBEDTLS_SSL_PROTO_TLS1 1 +#define CONFIG_MBEDTLS_ECDSA_C 1 +#define CONFIG_ESPTOOLPY_FLASHFREQ_40M 1 +#define CONFIG_LOG_BOOTLOADER_LEVEL_INFO 1 +#define CONFIG_ESPTOOLPY_FLASHSIZE_2MB 1 +#define CONFIG_BTDM_CONTROLLER_PINNED_TO_CORE 0 +#define CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS 1 +#define CONFIG_MBEDTLS_ECDH_C 1 +#define CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE 1 +#define CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM 10 +#define CONFIG_MBEDTLS_SSL_ALPN 1 +#define CONFIG_MBEDTLS_PEM_WRITE_C 1 +#define CONFIG_LOG_DEFAULT_LEVEL_INFO 1 +#define CONFIG_BT_RESERVE_DRAM 0x0 +#define CONFIG_FATFS_FS_LOCK 0 +#define CONFIG_IP_LOST_TIMER_INTERVAL 120 +#define CONFIG_SPIFFS_META_LENGTH 4 +#define CONFIG_ESP32_PANIC_PRINT_REBOOT 1 +#define CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED 1 +#define CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED 1 +#define CONFIG_CONSOLE_UART_BAUDRATE 115200 +#define CONFIG_LWIP_MAX_SOCKETS 10 +#define CONFIG_LWIP_NETIF_LOOPBACK 1 +#define CONFIG_ESP_WIFI_MODE_AP 1 +#define CONFIG_EMAC_TASK_PRIORITY 20 +#define CONFIG_TIMER_TASK_STACK_DEPTH 2048 +#define CONFIG_TCP_MSS 1436 +#define CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED 1 +#define CONFIG_FATFS_CODEPAGE 437 +#define CONFIG_ESP32_DEFAULT_CPU_FREQ_160 1 +#define CONFIG_ULP_COPROC_RESERVE_MEM 0 +#define CONFIG_LWIP_MAX_UDP_PCBS 16 +#define CONFIG_ESPTOOLPY_BAUD 115200 +#define CONFIG_INT_WDT_CHECK_CPU1 1 +#define CONFIG_ADC_CAL_LUT_ENABLE 1 +#define CONFIG_FLASHMODE_DIO 1 +#define CONFIG_ESPTOOLPY_AFTER_RESET 1 +#define CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED 1 +#define CONFIG_LWIP_DHCPS_MAX_STATION_NUM 8 +#define CONFIG_TOOLPREFIX "xtensa-esp32-elf-" +#define CONFIG_MBEDTLS_ECP_C 1 +#define CONFIG_FREERTOS_IDLE_TASK_STACKSIZE 1024 +#define CONFIG_MBEDTLS_RC4_DISABLED 1 +#define CONFIG_CONSOLE_UART_NUM 0 +#define CONFIG_ESP32_APPTRACE_LOCK_ENABLE 1 +#define CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_RC 1 +#define CONFIG_ESPTOOLPY_BAUD_115200B 1 +#define CONFIG_TCP_OVERSIZE_MSS 1 +#define CONFIG_FOUR_UNIVERSAL_MAC_ADDRESS 1 +#define CONFIG_CONSOLE_UART_DEFAULT 1 +#define CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 16384 +#define CONFIG_NUMBER_OF_UNIVERSAL_MAC_ADDRESS 4 +#define CONFIG_ESPTOOLPY_FLASHSIZE_DETECT 1 +#define CONFIG_TIMER_TASK_STACK_SIZE 3584 +#define CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE 1 +#define CONFIG_MBEDTLS_X509_CRL_PARSE_C 1 +#define CONFIG_LWIP_DHCPS_LEASE_UNIT 60 +#define CONFIG_SPIFFS_USE_MAGIC 1 +#define CONFIG_TCPIP_TASK_STACK_SIZE 2048 +#define CONFIG_TASK_WDT 1 +#define CONFIG_MAIN_TASK_STACK_SIZE 3584 +#define CONFIG_SPIFFS_PAGE_CHECK 1 +#define CONFIG_LWIP_MAX_ACTIVE_TCP 16 +#define CONFIG_TASK_WDT_TIMEOUT_S 5 +#define CONFIG_INT_WDT_TIMEOUT_MS 300 +#define CONFIG_ESP32_RTC_XTAL_BOOTSTRAP_CYCLES 100 +#define CONFIG_ESPTOOLPY_FLASHMODE "dio" +#define CONFIG_NEWLIB_STDIN_LINE_ENDING_CR 1 +#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA 1 +#define CONFIG_ESPTOOLPY_BEFORE "default_reset" +#define CONFIG_ADC2_DISABLE_DAC 1 +#define CONFIG_LOG_DEFAULT_LEVEL 3 +#define CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION 1 +#define CONFIG_TIMER_QUEUE_LENGTH 10 +#define CONFIG_MAKE_WARN_UNDEFINED_VARIABLES 1 +#define CONFIG_FATFS_TIMEOUT_MS 10000 +#define CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM 32 +#define CONFIG_MAX_STA_CONN 4 +#define CONFIG_MBEDTLS_CCM_C 1 +#define CONFIG_ESP32_PHY_MAX_WIFI_TX_POWER 20 +#define CONFIG_ESP32_RTC_CLK_CAL_CYCLES 1024 +#define CONFIG_ESP32_WIFI_TX_BA_WIN 6 +#define CONFIG_ESP32_WIFI_NVS_ENABLED 1 +#define CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED 1 +#define CONFIG_LIBSODIUM_USE_MBEDTLS_SHA 1 +#define CONFIG_DMA_RX_BUF_NUM 10 +#define CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED 1 +#define CONFIG_TCP_SYNMAXRTX 6 +#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 1 +#define CONFIG_ESP_WIFI_SSID "myssid" +#define CONFIG_PYTHON "python" +#define CONFIG_MBEDTLS_ECP_NIST_OPTIM 1 +#define CONFIG_ESP32_TIME_SYSCALL_USE_RTC_FRC1 1 +#define CONFIG_ESPTOOLPY_COMPRESSED 1 +#define CONFIG_PARTITION_TABLE_FILENAME "partitions_singleapp.csv" +#define CONFIG_TCP_SND_BUF_DEFAULT 5744 +#define CONFIG_LWIP_DHCP_MAX_NTP_SERVERS 1 +#define CONFIG_TCP_MSL 60000 +#define CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 1 +#define CONFIG_LWIP_SO_REUSE_RXTOALL 1 +#define CONFIG_PARTITION_TABLE_SINGLE_APP 1 +#define CONFIG_ESP32_WIFI_RX_BA_WIN 6 +#define CONFIG_MBEDTLS_X509_CSR_PARSE_C 1 +#define CONFIG_SPIFFS_USE_MTIME 1 +#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA 1 +#define CONFIG_LWIP_DHCP_DOES_ARP_CHECK 1 +#define CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE 2304 +#define CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V 1 +#define CONFIG_ESP32_DEEP_SLEEP_WAKEUP_DELAY 2000 +#define CONFIG_BROWNOUT_DET_LVL 0 +#define CONFIG_MBEDTLS_PEM_PARSE_C 1 +#define CONFIG_SPIFFS_GC_MAX_RUNS 10 +#define CONFIG_ESP_WIFI_PASSWORD "mypassword" +#define CONFIG_ESP32_APPTRACE_DEST_NONE 1 +#define CONFIG_PARTITION_TABLE_CUSTOM_APP_BIN_OFFSET 0x10000 +#define CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 1 +#define CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA 1 +#define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM 32 +#define CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED 1 +#define CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED 1 +#define CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1 1 +#define CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ 160 +#define CONFIG_MBEDTLS_HARDWARE_AES 1 +#define CONFIG_FREERTOS_HZ 100 +#define CONFIG_LOG_COLORS 1 +#define CONFIG_ESP32_PHY_CALIBRATION_AND_DATA_STORAGE 1 +#define CONFIG_STACK_CHECK_NONE 1 +#define CONFIG_ADC_CAL_EFUSE_TP_ENABLE 1 +#define CONFIG_FREERTOS_ASSERT_FAIL_ABORT 1 +#define CONFIG_BROWNOUT_DET 1 +#define CONFIG_ESP32_XTAL_FREQ 40 +#define CONFIG_MONITOR_BAUD_115200B 1 +#define CONFIG_LOG_BOOTLOADER_LEVEL 3 +#define CONFIG_MBEDTLS_TLS_ENABLED 1 +#define CONFIG_LWIP_MAX_RAW_PCBS 16 +#define CONFIG_MBEDTLS_SSL_SESSION_TICKETS 1 +#define CONFIG_SPIFFS_MAX_PARTITIONS 3 +#define CONFIG_ESP_ERR_TO_NAME_LOOKUP 1 +#define CONFIG_MBEDTLS_SSL_RENEGOTIATION 1 +#define CONFIG_ESPTOOLPY_BEFORE_RESET 1 +#define CONFIG_ESPTOOLPY_BAUD_OTHER_VAL 115200 +#define CONFIG_SPIFFS_OBJ_NAME_LEN 32 +#define CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT 5 +#define CONFIG_PARTITION_TABLE_MD5 1 +#define CONFIG_TCPIP_RECVMBOX_SIZE 32 +#define CONFIG_TCP_MAXRTX 12 +#define CONFIG_ESPTOOLPY_AFTER "hard_reset" +#define CONFIG_LWIP_SO_REUSE 1 +#define CONFIG_ESP32_XTAL_FREQ_40 1 +#define CONFIG_DMA_TX_BUF_NUM 10 +#define CONFIG_LWIP_MAX_LISTENING_TCP 16 +#define CONFIG_FREERTOS_INTERRUPT_BACKTRACE 1 +#define CONFIG_WL_SECTOR_SIZE 4096 +#define CONFIG_ESP32_DEBUG_OCDAWARE 1 +#define CONFIG_TIMER_TASK_PRIORITY 1 +#define CONFIG_MBEDTLS_TLS_CLIENT 1 +#define CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED 1 +#define CONFIG_MONITOR_BAUD 115200 +#define CONFIG_FREERTOS_CORETIMER_0 1 +#define CONFIG_PARTITION_TABLE_CUSTOM_FILENAME "partitions.csv" +#define CONFIG_MBEDTLS_HAVE_TIME 1 +#define CONFIG_FREERTOS_CHECK_STACKOVERFLOW_CANARY 1 +#define CONFIG_TCP_QUEUE_OOSEQ 1 +#define CONFIG_ADC_CAL_EFUSE_VREF_ENABLE 1 +#define CONFIG_MBEDTLS_TLS_SERVER 1 +#define CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT 1 +#define CONFIG_FREERTOS_ISR_STACKSIZE 1536 +#define CONFIG_OPENSSL_ASSERT_DO_NOTHING 1 +#define CONFIG_WL_SECTOR_SIZE_4096 1 +#define CONFIG_OPTIMIZATION_LEVEL_DEBUG 1 +#define CONFIG_ESP32_WIFI_AMPDU_TX_ENABLED 1 +#define CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED 1 +#define CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED 1 +#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA 1 +#define CONFIG_SYSTEM_EVENT_QUEUE_SIZE 32 +#define CONFIG_ESP32_WIFI_TX_BUFFER_TYPE 1 +#define CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED 1 +#define CONFIG_LWIP_LOOPBACK_MAX_PBUFS 8 +#define CONFIG_APP_OFFSET 0x10000 +#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 +#define CONFIG_SPIFFS_PAGE_SIZE 256 +#define CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED 1 +#define CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0 1 +#define CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT 3072 +#define CONFIG_MONITOR_BAUD_OTHER_VAL 115200 +#define CONFIG_NEWLIB_STDOUT_LINE_ENDING_CRLF 1 +#define CONFIG_ESPTOOLPY_PORT "/dev/ttyUSB0" +#define CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS 1 +#define CONFIG_ESP_WIFI_IS_SOFTAP 1 diff --git a/components/lwip/test_afl_host/test_dhcp_client.c b/components/lwip/test_afl_host/test_dhcp_client.c new file mode 100644 index 0000000000..fee5d01b19 --- /dev/null +++ b/components/lwip/test_afl_host/test_dhcp_client.c @@ -0,0 +1,84 @@ +#include "no_warn_host.h" +#include "lwip/opt.h" +#include "lwip/stats.h" +#include "lwip/mem.h" +#include "lwip/udp.h" +#include "lwip/ip_addr.h" +#include "lwip/netif.h" +#include "lwip/def.h" +#include "lwip/dhcp.h" +#include "lwip/autoip.h" +#include "lwip/dns.h" +#include "netif/etharp.h" +#include + +const ip_addr_t ip_addr_any; +const ip_addr_t ip_addr_broadcast; +struct ip_globals ip_data; +struct netif *netif_list; +struct netif mynetif; +ip4_addr_t server_ip; + +// +// Dependency injected test functions +void dhcp_test_dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); +void dhcp_test_init_di(); + +// +// Test starts here +// +int main(int argc, char** argv) +{ + uint8_t *buf; + struct pbuf *p; + FILE *file; + size_t len = 1460; + + dhcp_test_init_di(); + + mynetif.flags = NETIF_FLAG_UP | NETIF_FLAG_ETHARP; + mynetif.mtu = 576; + + + IP4_ADDR(&server_ip, 192,168,4,1); + dhcp_start(&mynetif); + + ip_data.current_input_netif = &mynetif; + ip_data.current_netif = &mynetif; + +#ifdef INSTR_IS_OFF + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + if (argc != 2) + { + printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n"); + return 1; + } + // + // Note: parameter1 is a file (mangled packet) which caused the crash + file = fopen(argv[1], "r"); + if (file) { + len = fread(buf, 1, 1460, file); + } + fclose(file); + int i; + for (i=0; i<1; i++) { +#else + while (__AFL_LOOP(1000)) { + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + size_t len = read(0, buf, 1460); +#endif + p->len = len; + p->tot_len = len; + p->next = NULL; + + dhcp_test_dhcp_recv(NULL, NULL, p, &ip_addr_any, 0); + } + + + + return 0; +} diff --git a/components/lwip/test_afl_host/test_dhcp_server.c b/components/lwip/test_afl_host/test_dhcp_server.c new file mode 100644 index 0000000000..4ed3792bf1 --- /dev/null +++ b/components/lwip/test_afl_host/test_dhcp_server.c @@ -0,0 +1,64 @@ +#include "no_warn_host.h" +#include "lwip/pbuf.h" +#include "lwip/udp.h" +#include "tcpip_adapter.h" +#include +#include + +const ip_addr_t ip_addr_any; +ip4_addr_t server_ip; +struct netif mynetif; + +// Dependency injected static function to pass the packet into parser +void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); +void dhcp_test_init_di(); + +// +// Test starts here +// +int main(int argc, char** argv) +{ + uint8_t *buf; + struct pbuf *p; + FILE *file; + size_t len = 1460; + + dhcp_test_init_di(); + + IP4_ADDR(&server_ip, 192,168,4,1); + dhcps_start(&mynetif, server_ip); + +#ifdef INSTR_IS_OFF + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + if (argc != 2) + { + printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n"); + return 1; + } + // + // Note: parameter1 is a file (mangled packet) which caused the crash + file = fopen(argv[1], "r"); + if (file) { + len = fread(buf, 1, 1460, file); + } + fclose(file); + + int i; + for (i=0; i<1; i++) { +#else + while (__AFL_LOOP(1000)) { + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + size_t len = read(0, buf, 1460); +#endif + p->len = len; + p->tot_len = len; + p->next = NULL; + + dhcp_test_handle_dhcp(NULL, NULL, p, &ip_addr_any, 0); + } + return 0; +} diff --git a/components/lwip/test_afl_host/test_dns.c b/components/lwip/test_afl_host/test_dns.c new file mode 100644 index 0000000000..131a8b3ed7 --- /dev/null +++ b/components/lwip/test_afl_host/test_dns.c @@ -0,0 +1,79 @@ +#include "no_warn_host.h" + +#include "lwip/opt.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/memp.h" +#include "lwip/dns.h" +#include "lwip/ip_addr.h" + +#include + +const ip_addr_t ip_addr_any; +const ip_addr_t ip_addr_broadcast; +struct ip_globals ip_data; +struct netif *netif_list; +struct netif mynetif; +ip4_addr_t server_ip; + +// +// Dependency injected test functions +void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); +void dns_test_inject_port_and_txid(int port, int txid); + +void dns_test_init_di(); +err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype); + +// +// Test starts here +// +int main(int argc, char** argv) +{ + uint8_t *buf; + struct pbuf *p; + FILE *file; + size_t len = 1460; + + dns_test_init_di(); + +#ifdef INSTR_IS_OFF + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + if (argc != 2) + { + printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n"); + return 1; + } + // + // Note: parameter1 is a file (mangled packet) which caused the crash + file = fopen(argv[1], "r"); + if (file) { + len = fread(buf, 1, 1460, file); + } + fclose(file); + int i; + for (i=0; i<1; i++) { +#else + while (__AFL_LOOP(1000)) { + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + size_t len = read(0, buf, 1460); +#endif + p->len = len; + p->tot_len = len; + p->next = NULL; + + // Pretend that the response is from our pending querries + dns_test_inject_port_and_txid(1024, (buf[0]<<8) + buf[1]); + dns_test_dns_enqueue("test", 4, NULL, NULL, 0); + + // Process the packet + dns_test_dns_recv(NULL, NULL, p, &ip_addr_any, 0); + } + + + + return 0; +}