kopia lustrzana https://github.com/espressif/esp-idf
DhcpFuzzer: Added AFL test for dhcpserver with sample packets
rodzic
adc3315677
commit
3a6d256d3e
|
@ -0,0 +1,36 @@
|
||||||
|
COMPONENTS_DIR=../..
|
||||||
|
CFLAGS=-std=gnu99 -Og -ggdb -ffunction-sections -fdata-sections -nostdlib -Wall -Werror=all -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-address -Wno-unused-variable -DESP_PLATFORM -D IDF_VER=\"v3.1-dev-961-ga2556229-dirty\" -MMD -MP -DWITH_POSIX \
|
||||||
|
-DIRAM_ATTR='' -D__ESP_ATTR_H__
|
||||||
|
INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/include/lwip/port -I $(COMPONENTS_DIR)/lwip/include/lwip/posix -I $(COMPONENTS_DIR)/lwip/apps/ping -I $(COMPONENTS_DIR)/app_trace/include -I $(COMPONENTS_DIR)/app_update/include -I $(COMPONENTS_DIR)/bootloader_support/include -I $(COMPONENTS_DIR)/bt/include -I $(COMPONENTS_DIR)/coap/port/include -I $(COMPONENTS_DIR)/coap/port/include/coap -I $(COMPONENTS_DIR)/coap/libcoap/include -I \ $(COMPONENTS_DIR)/coap/libcoap/include/coap -I $(COMPONENTS_DIR)/console -I $(COMPONENTS_DIR)/cxx/include -I $(COMPONENTS_DIR)/driver/include -I $(COMPONENTS_DIR)/esp-tls -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/esp_adc_cal/include -I $(COMPONENTS_DIR)/ethernet/include -I $(COMPONENTS_DIR)/expat/port/include -I $(COMPONENTS_DIR)/expat/include/expat -I $(COMPONENTS_DIR)/fatfs/src -I $(COMPONENTS_DIR)/freertos/include -I $(COMPONENTS_DIR)/heap/include -I \ $(COMPONENTS_DIR)/idf_test/include -I $(COMPONENTS_DIR)/jsmn/include -I $(COMPONENTS_DIR)/json/cJSON -I $(COMPONENTS_DIR)/libsodium/libsodium/src/libsodium/include -I $(COMPONENTS_DIR)/libsodium/port_include -I $(COMPONENTS_DIR)/log/include -I /home/david/esp/esp-idf/examples/wifi/simple_wifi/main/include -I $(COMPONENTS_DIR)/mbedtls/port/include -I $(COMPONENTS_DIR)/mbedtls/include -I $(COMPONENTS_DIR)/mdns/include -I $(COMPONENTS_DIR)/micro-ecc/micro-ecc -I \ $(COMPONENTS_DIR)/newlib/platform_include -I $(COMPONENTS_DIR)/newlib/include -I $(COMPONENTS_DIR)/nghttp/port/include -I $(COMPONENTS_DIR)/nghttp/nghttp2/lib/includes -I $(COMPONENTS_DIR)/nvs_flash/include -I $(COMPONENTS_DIR)/openssl/include -I $(COMPONENTS_DIR)/pthread/include -I $(COMPONENTS_DIR)/sdmmc/include -I $(COMPONENTS_DIR)/smartconfig/include -I $(COMPONENTS_DIR)/soc/esp32/include -I $(COMPONENTS_DIR)/soc/include -I $(COMPONENTS_DIR)/spi_flash/include -I \ $(COMPONENTS_DIR)/spiffs/include -I $(COMPONENTS_DIR)/tcpip_adapter/include -I $(COMPONENTS_DIR)/ulp/include -I $(COMPONENTS_DIR)/vfs/include -I $(COMPONENTS_DIR)/wear_levelling/include -I $(COMPONENTS_DIR)/wpa_supplicant/include -I $(COMPONENTS_DIR)/wpa_supplicant/port/include -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/xtensa-debug-module/include
|
||||||
|
TEST_NAME=test
|
||||||
|
FUZZ=afl-fuzz
|
||||||
|
LD=$(CC)
|
||||||
|
DHCPSERVER_C_DEPENDENCY_INJECTION=-include dhcpserver_di.h
|
||||||
|
|
||||||
|
ifeq ($(MODE),sim)
|
||||||
|
CC=gcc
|
||||||
|
CFLAGS+=-DSIM
|
||||||
|
TEST_NAME=test_sim
|
||||||
|
else
|
||||||
|
CC=afl-clang-fast
|
||||||
|
endif
|
||||||
|
|
||||||
|
CFLAGS+=$(INC_DIRS)
|
||||||
|
OBJECTS=dhcpserver.o test.o network_mock.o
|
||||||
|
|
||||||
|
all: $(TEST_NAME)
|
||||||
|
|
||||||
|
dhcpserver.o: ../apps/dhcpserver.c
|
||||||
|
@echo "[CC] $<"
|
||||||
|
$(CC) $(CFLAGS) $(DHCPSERVER_C_DEPENDENCY_INJECTION) -c $< -o $@
|
||||||
|
|
||||||
|
%.o: %.c
|
||||||
|
@echo "[CC] $<"
|
||||||
|
@$(CC) $(CFLAGS) -c $< -o $@
|
||||||
|
|
||||||
|
$(TEST_NAME): $(OBJECTS)
|
||||||
|
@echo "[LD] $@"
|
||||||
|
@$(LD) $(OBJECTS) -o $@ $(LDLIBS)
|
||||||
|
|
||||||
|
fuzz: $(TEST_NAME)
|
||||||
|
@$(FUZZ) -i "in" -o "out" -- ./$(TEST_NAME)
|
|
@ -0,0 +1,21 @@
|
||||||
|
/*
|
||||||
|
* dhcpserver dependecy injection -- preincluded to inject interface test functions into static variables
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#include "lwip/pbuf.h"
|
||||||
|
#include "lwip/udp.h"
|
||||||
|
#include "tcpip_adapter.h"
|
||||||
|
|
||||||
|
static void handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
|
||||||
|
|
||||||
|
void (*dhcp_test_static_handle_hdcp)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL;
|
||||||
|
|
||||||
|
void dhcp_test_init_di()
|
||||||
|
{
|
||||||
|
dhcp_test_static_handle_hdcp = handle_dhcp;
|
||||||
|
}
|
||||||
|
|
||||||
|
void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
|
||||||
|
{
|
||||||
|
dhcp_test_static_handle_hdcp(arg, pcb, p, addr, port);
|
||||||
|
}
|
Plik binarny nie jest wyświetlany.
Plik binarny nie jest wyświetlany.
Plik binarny nie jest wyświetlany.
Plik binarny nie jest wyświetlany.
Plik binarny nie jest wyświetlany.
Plik binarny nie jest wyświetlany.
Plik binarny nie jest wyświetlany.
|
@ -0,0 +1,74 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "lwip/opt.h"
|
||||||
|
#include "lwip/def.h"
|
||||||
|
#include "lwip/pbuf.h"
|
||||||
|
#include "lwip/udp.h"
|
||||||
|
#include "tcpip_adapter.h"
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
u16_t lwip_htons(u16_t n)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
u32_t lwip_htonl(u32_t n)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
esp_err_t tcpip_adapter_get_ip_info(tcpip_adapter_if_t tcpip_if, tcpip_adapter_ip_info_t *ip_info)
|
||||||
|
{
|
||||||
|
return ESP_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type)
|
||||||
|
{
|
||||||
|
struct pbuf * p;
|
||||||
|
p = (struct pbuf *)malloc(MEMP_PBUF_POOL);
|
||||||
|
p->tot_len = length;
|
||||||
|
p->next = NULL;
|
||||||
|
p->type = PBUF_POOL;
|
||||||
|
p->len = length;
|
||||||
|
p->payload = malloc(length);
|
||||||
|
return p;
|
||||||
|
}
|
||||||
|
|
||||||
|
u8_t pbuf_free(struct pbuf *p)
|
||||||
|
{
|
||||||
|
if (p) {
|
||||||
|
if (p->payload) {
|
||||||
|
free(p->payload);
|
||||||
|
p->payload = NULL;
|
||||||
|
}
|
||||||
|
free (p);
|
||||||
|
p = NULL;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
err_t udp_sendto(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port)
|
||||||
|
{
|
||||||
|
return ESP_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
void udp_remove(struct udp_pcb *pcb)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
struct udp_pcb *udp_new(void)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
err_t udp_bind(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port)
|
||||||
|
{
|
||||||
|
return ESP_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
void udp_recv(struct udp_pcb *pcb, udp_recv_fn recv, void *recv_arg)
|
||||||
|
{
|
||||||
|
}
|
||||||
|
|
||||||
|
void udp_disconnect(struct udp_pcb *pcb)
|
||||||
|
{
|
||||||
|
}
|
|
@ -0,0 +1,53 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "lwip/pbuf.h"
|
||||||
|
#include "lwip/udp.h"
|
||||||
|
#include "tcpip_adapter.h"
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
const ip_addr_t ip_addr_any;
|
||||||
|
ip4_addr_t server_ip;
|
||||||
|
struct netif mynetif;
|
||||||
|
|
||||||
|
// Dependency injected static function to pass the packet into parser
|
||||||
|
void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
|
||||||
|
void dhcp_test_init_di();
|
||||||
|
|
||||||
|
// Starting the test
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
uint8_t *buf;
|
||||||
|
struct pbuf *p;
|
||||||
|
FILE *file;
|
||||||
|
size_t len = 1460;
|
||||||
|
|
||||||
|
dhcp_test_init_di();
|
||||||
|
|
||||||
|
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
|
||||||
|
buf = p->payload;
|
||||||
|
|
||||||
|
IP4_ADDR(&server_ip, 192,168,4,1);
|
||||||
|
dhcps_start(&mynetif, server_ip);
|
||||||
|
|
||||||
|
#ifdef SIM
|
||||||
|
memset(buf, 0, 1460);
|
||||||
|
|
||||||
|
file = fopen("in/data1.bin", "r");
|
||||||
|
if (file) {
|
||||||
|
len = fread(buf, 1, 1460, file);
|
||||||
|
}
|
||||||
|
fclose(file);
|
||||||
|
int i;
|
||||||
|
for (i=0; i<1; i++) {
|
||||||
|
#else
|
||||||
|
while (__AFL_LOOP(1000)) {
|
||||||
|
memset(buf, 0, 1460);
|
||||||
|
size_t len = read(0, buf, 1460);
|
||||||
|
#endif
|
||||||
|
p->len = len;
|
||||||
|
p->tot_len = len;
|
||||||
|
p->next = NULL;
|
||||||
|
|
||||||
|
dhcp_test_handle_dhcp(NULL, NULL, p, &ip_addr_any, 0);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
Ładowanie…
Reference in New Issue