Merge branch 'feature/mdns_afl_fuzz' into 'master'
Feature/mdns afl fuzz Implement AFL Fuzz for testing MDNS parser stability See merge request !632
This commit is contained in:
commit
05e6fba6c3
21 changed files with 562 additions and 32 deletions
|
@ -18,7 +18,11 @@
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
#include <tcpip_adapter.h>
|
#include <tcpip_adapter.h>
|
||||||
|
#else
|
||||||
|
#include "esp32_compat.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
struct mdns_server_s;
|
struct mdns_server_s;
|
||||||
typedef struct mdns_server_s mdns_server_t;
|
typedef struct mdns_server_s mdns_server_t;
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
#include "mdns.h"
|
#include "mdns.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
#include "sdkconfig.h"
|
#include "sdkconfig.h"
|
||||||
#include "freertos/FreeRTOS.h"
|
#include "freertos/FreeRTOS.h"
|
||||||
#include "freertos/queue.h"
|
#include "freertos/queue.h"
|
||||||
|
@ -23,6 +24,7 @@
|
||||||
#include "lwip/igmp.h"
|
#include "lwip/igmp.h"
|
||||||
#include "lwip/udp.h"
|
#include "lwip/udp.h"
|
||||||
#include "esp_wifi.h"
|
#include "esp_wifi.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MDNS_FLAGS_AUTHORITATIVE 0x8400
|
#define MDNS_FLAGS_AUTHORITATIVE 0x8400
|
||||||
|
|
||||||
|
@ -162,6 +164,9 @@ static const char * MDNS_DEFAULT_DOMAIN = "local";
|
||||||
static const char * MDNS_SUB_STR = "_sub";
|
static const char * MDNS_SUB_STR = "_sub";
|
||||||
|
|
||||||
static mdns_server_t * _mdns_servers[TCPIP_ADAPTER_IF_MAX] = {0,0,0};
|
static mdns_server_t * _mdns_servers[TCPIP_ADAPTER_IF_MAX] = {0,0,0};
|
||||||
|
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
|
|
||||||
static TaskHandle_t _mdns_service_task_handle = NULL;
|
static TaskHandle_t _mdns_service_task_handle = NULL;
|
||||||
static QueueSetHandle_t _mdns_queue_set = NULL;
|
static QueueSetHandle_t _mdns_queue_set = NULL;
|
||||||
|
|
||||||
|
@ -257,6 +262,7 @@ esp_err_t _mdns_server_deinit(mdns_server_t * server)
|
||||||
}
|
}
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief send packet over UDP
|
* @brief send packet over UDP
|
||||||
|
@ -269,8 +275,11 @@ esp_err_t _mdns_server_deinit(mdns_server_t * server)
|
||||||
*/
|
*/
|
||||||
static size_t _mdns_server_write(mdns_server_t * server, uint8_t * data, size_t len)
|
static size_t _mdns_server_write(mdns_server_t * server, uint8_t * data, size_t len)
|
||||||
{
|
{
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
struct pbuf* pbt = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
|
struct pbuf* pbt = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
|
||||||
if (pbt != NULL) {
|
if (pbt == NULL) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
uint8_t* dst = (uint8_t *)pbt->payload;
|
uint8_t* dst = (uint8_t *)pbt->payload;
|
||||||
memcpy(dst, data, len);
|
memcpy(dst, data, len);
|
||||||
err_t err = udp_sendto(server->pcb, pbt, &(server->pcb->remote_ip), server->pcb->remote_port);
|
err_t err = udp_sendto(server->pcb, pbt, &(server->pcb->remote_ip), server->pcb->remote_port);
|
||||||
|
@ -278,16 +287,16 @@ static size_t _mdns_server_write(mdns_server_t * server, uint8_t * data, size_t
|
||||||
if (err) {
|
if (err) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
return len;
|
return len;
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* MDNS Servers
|
* MDNS Servers
|
||||||
* */
|
* */
|
||||||
|
|
||||||
static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len);
|
#ifndef MDNS_TEST_MODE
|
||||||
|
void mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief the main MDNS service task. Packets are received and parsed here
|
* @brief the main MDNS service task. Packets are received and parsed here
|
||||||
|
@ -305,7 +314,7 @@ static void _mdns_service_task(void *pvParameters)
|
||||||
mdns_server_t * server = _mdns_servers[i];
|
mdns_server_t * server = _mdns_servers[i];
|
||||||
if (server && server->queue == queue) {
|
if (server && server->queue == queue) {
|
||||||
MDNS_MUTEX_LOCK();
|
MDNS_MUTEX_LOCK();
|
||||||
_mdns_parse_packet(server, (uint8_t*)pb->payload, pb->len);
|
mdns_parse_packet(server, (uint8_t*)pb->payload, pb->len);
|
||||||
MDNS_MUTEX_UNLOCK();
|
MDNS_MUTEX_UNLOCK();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -314,6 +323,7 @@ static void _mdns_service_task(void *pvParameters)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief get the server assigned to particular interface
|
* @brief get the server assigned to particular interface
|
||||||
|
@ -342,6 +352,7 @@ static mdns_server_t * _mdns_server_get(tcpip_adapter_if_t tcpip_if)
|
||||||
*/
|
*/
|
||||||
static esp_err_t _mdns_server_add(mdns_server_t * server)
|
static esp_err_t _mdns_server_add(mdns_server_t * server)
|
||||||
{
|
{
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
if (!_mdns_service_semaphore) {
|
if (!_mdns_service_semaphore) {
|
||||||
_mdns_service_semaphore = xSemaphoreCreateMutex();
|
_mdns_service_semaphore = xSemaphoreCreateMutex();
|
||||||
if (!_mdns_service_semaphore) {
|
if (!_mdns_service_semaphore) {
|
||||||
|
@ -374,7 +385,7 @@ static esp_err_t _mdns_server_add(mdns_server_t * server)
|
||||||
if (err) {
|
if (err) {
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
_mdns_servers[server->tcpip_if] = server;
|
_mdns_servers[server->tcpip_if] = server;
|
||||||
|
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
|
@ -391,11 +402,11 @@ static esp_err_t _mdns_server_add(mdns_server_t * server)
|
||||||
*/
|
*/
|
||||||
static esp_err_t _mdns_server_remove(mdns_server_t * server)
|
static esp_err_t _mdns_server_remove(mdns_server_t * server)
|
||||||
{
|
{
|
||||||
|
_mdns_servers[server->tcpip_if] = NULL;
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
//stop UDP
|
//stop UDP
|
||||||
_mdns_server_deinit(server);
|
_mdns_server_deinit(server);
|
||||||
|
|
||||||
_mdns_servers[server->tcpip_if] = NULL;
|
|
||||||
|
|
||||||
if (xQueueRemoveFromSet(server->queue, _mdns_queue_set) != pdPASS) {
|
if (xQueueRemoveFromSet(server->queue, _mdns_queue_set) != pdPASS) {
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
@ -417,7 +428,7 @@ static esp_err_t _mdns_server_remove(mdns_server_t * server)
|
||||||
}
|
}
|
||||||
MDNS_SERVICE_UNLOCK();
|
MDNS_SERVICE_UNLOCK();
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1294,7 +1305,7 @@ static inline uint16_t _mdns_read_u16(const uint8_t * packet, uint16_t index)
|
||||||
* @param data byte array holding the packet data
|
* @param data byte array holding the packet data
|
||||||
* @param len length of the byte array
|
* @param len length of the byte array
|
||||||
*/
|
*/
|
||||||
static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len)
|
void mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len)
|
||||||
{
|
{
|
||||||
static mdns_name_t n;
|
static mdns_name_t n;
|
||||||
static mdns_result_temp_t a;
|
static mdns_result_temp_t a;
|
||||||
|
@ -1309,11 +1320,13 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
|
|
||||||
if (questions) {
|
if (questions) {
|
||||||
uint8_t qs = questions;
|
uint8_t qs = questions;
|
||||||
mdns_answer_item_t * answers = NULL;
|
mdns_answer_item_t * answer_items = NULL;
|
||||||
|
|
||||||
while(qs--) {
|
while(qs--) {
|
||||||
content = _mdns_parse_fqdn(data, content, name);
|
content = _mdns_parse_fqdn(data, content, name);
|
||||||
if (!content) {
|
if (!content) {
|
||||||
|
answers = 0;
|
||||||
|
additional = 0;
|
||||||
break;//error
|
break;//error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1323,7 +1336,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
if (!name->service[0] || !name->proto[0]) {
|
if (!name->service[0] || !name->proto[0]) {
|
||||||
if (type == MDNS_TYPE_A || type == MDNS_TYPE_AAAA || type == MDNS_TYPE_ANY) {//send A + AAAA
|
if (type == MDNS_TYPE_A || type == MDNS_TYPE_AAAA || type == MDNS_TYPE_ANY) {//send A + AAAA
|
||||||
if (name->host[0] && server->hostname && server->hostname[0] && !strcmp(name->host, server->hostname)) {
|
if (name->host[0] && server->hostname && server->hostname[0] && !strcmp(name->host, server->hostname)) {
|
||||||
answers = _mdns_add_answer(answers, NULL, MDNS_ANSWER_A);
|
answer_items = _mdns_add_answer(answer_items, NULL, MDNS_ANSWER_A);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
|
@ -1336,7 +1349,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
mdns_srv_item_t * s = server->services;
|
mdns_srv_item_t * s = server->services;
|
||||||
while(s) {
|
while(s) {
|
||||||
if (s->service->service && s->service->proto) {
|
if (s->service->service && s->service->proto) {
|
||||||
answers = _mdns_add_answer(answers, s->service, MDNS_ANSWER_SDPTR);
|
answer_items = _mdns_add_answer(answer_items, s->service, MDNS_ANSWER_SDPTR);
|
||||||
}
|
}
|
||||||
s = s->next;
|
s = s->next;
|
||||||
}
|
}
|
||||||
|
@ -1354,7 +1367,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
}
|
}
|
||||||
|
|
||||||
if (type == MDNS_TYPE_PTR) {
|
if (type == MDNS_TYPE_PTR) {
|
||||||
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_ALL);
|
answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_ALL);
|
||||||
} else if (type == MDNS_TYPE_TXT) {
|
} else if (type == MDNS_TYPE_TXT) {
|
||||||
//match instance/host
|
//match instance/host
|
||||||
const char * host = (si->service->instance)?si->service->instance
|
const char * host = (si->service->instance)?si->service->instance
|
||||||
|
@ -1363,7 +1376,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) {
|
if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_TXT);
|
answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_TXT);
|
||||||
} else if (type == MDNS_TYPE_SRV) {
|
} else if (type == MDNS_TYPE_SRV) {
|
||||||
//match instance/host
|
//match instance/host
|
||||||
const char * host = (si->service->instance)?si->service->instance
|
const char * host = (si->service->instance)?si->service->instance
|
||||||
|
@ -1372,16 +1385,16 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) {
|
if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_SRV | MDNS_ANSWER_A);
|
answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_SRV | MDNS_ANSWER_A);
|
||||||
} else if (type == MDNS_TYPE_ANY) {//send all
|
} else if (type == MDNS_TYPE_ANY) {//send all
|
||||||
//match host
|
//match host
|
||||||
if (!name->host[0] || !server->hostname || !server->hostname[0] || strcmp(name->host, server->hostname)) {
|
if (!name->host[0] || !server->hostname || !server->hostname[0] || strcmp(name->host, server->hostname)) {
|
||||||
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_ALL);
|
answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_ALL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (answers) {
|
if (answer_items) {
|
||||||
_mdns_send_answers(server, answers);
|
_mdns_send_answers(server, answer_items);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1392,30 +1405,37 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
while(content < (data + len)) {
|
while(content < (data + len)) {
|
||||||
content = _mdns_parse_fqdn(data, content, name);
|
content = _mdns_parse_fqdn(data, content, name);
|
||||||
if (!content) {
|
if (!content) {
|
||||||
break;//error
|
return;//error
|
||||||
}
|
}
|
||||||
uint16_t type = _mdns_read_u16(content, MDNS_TYPE_OFFSET);
|
uint16_t type = _mdns_read_u16(content, MDNS_TYPE_OFFSET);
|
||||||
uint16_t data_len = _mdns_read_u16(content, MDNS_LEN_OFFSET);
|
uint16_t data_len = _mdns_read_u16(content, MDNS_LEN_OFFSET);
|
||||||
const uint8_t * data_ptr = content + MDNS_DATA_OFFSET;
|
const uint8_t * data_ptr = content + MDNS_DATA_OFFSET;
|
||||||
|
|
||||||
content = data_ptr + data_len;
|
content = data_ptr + data_len;
|
||||||
|
if(content > (data + len)){
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (type == MDNS_TYPE_PTR) {
|
if (type == MDNS_TYPE_PTR) {
|
||||||
if (!_mdns_parse_fqdn(data, data_ptr, name)) {
|
if (!_mdns_parse_fqdn(data, data_ptr, name)) {
|
||||||
continue;//error
|
continue;//error
|
||||||
}
|
}
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
if (server->search.host[0] ||
|
if (server->search.host[0] ||
|
||||||
(strcmp(name->service, server->search.service) != 0) ||
|
(strcmp(name->service, server->search.service) != 0) ||
|
||||||
(strcmp(name->proto, server->search.proto) != 0)) {
|
(strcmp(name->proto, server->search.proto) != 0)) {
|
||||||
continue;//not searching for service or wrong service/proto
|
continue;//not searching for service or wrong service/proto
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
strlcpy(answer->instance, name->host, MDNS_NAME_BUF_LEN);
|
strlcpy(answer->instance, name->host, MDNS_NAME_BUF_LEN);
|
||||||
} else if (type == MDNS_TYPE_SRV) {
|
} else if (type == MDNS_TYPE_SRV) {
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
if (server->search.host[0] ||
|
if (server->search.host[0] ||
|
||||||
(strcmp(name->service, server->search.service) != 0) ||
|
(strcmp(name->service, server->search.service) != 0) ||
|
||||||
(strcmp(name->proto, server->search.proto) != 0)) {
|
(strcmp(name->proto, server->search.proto) != 0)) {
|
||||||
continue;//not searching for service or wrong service/proto
|
continue;//not searching for service or wrong service/proto
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
if (answer->instance[0]) {
|
if (answer->instance[0]) {
|
||||||
if (strcmp(answer->instance, name->host) != 0) {
|
if (strcmp(answer->instance, name->host) != 0) {
|
||||||
continue;//instance name is not the same as the one in the PTR record
|
continue;//instance name is not the same as the one in the PTR record
|
||||||
|
@ -1444,6 +1464,9 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
uint16_t i=0,b=0, y;
|
uint16_t i=0,b=0, y;
|
||||||
while(i < data_len) {
|
while(i < data_len) {
|
||||||
uint8_t partLen = data_ptr[i++];
|
uint8_t partLen = data_ptr[i++];
|
||||||
|
if((i+partLen) > data_len){
|
||||||
|
break;//error
|
||||||
|
}
|
||||||
//check if partLen will fit in the buffer
|
//check if partLen will fit in the buffer
|
||||||
if (partLen > (MDNS_TXT_MAX_LEN - b - 1)) {
|
if (partLen > (MDNS_TXT_MAX_LEN - b - 1)) {
|
||||||
break;
|
break;
|
||||||
|
@ -1459,9 +1482,11 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
answer->txt[b] = 0;
|
answer->txt[b] = 0;
|
||||||
} else if (type == MDNS_TYPE_AAAA) {
|
} else if (type == MDNS_TYPE_AAAA) {
|
||||||
if (server->search.host[0]) {
|
if (server->search.host[0]) {
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
if (strcmp(name->host, server->search.host) != 0) {
|
if (strcmp(name->host, server->search.host) != 0) {
|
||||||
continue;//wrong host
|
continue;//wrong host
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
} else if (!answer->ptr) {
|
} else if (!answer->ptr) {
|
||||||
strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN);
|
strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN);
|
||||||
} else if (strcmp(answer->host, name->host) != 0) {
|
} else if (strcmp(answer->host, name->host) != 0) {
|
||||||
|
@ -1470,9 +1495,11 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
|
||||||
memcpy(answer->addrv6, data_ptr, sizeof(ip6_addr_t));
|
memcpy(answer->addrv6, data_ptr, sizeof(ip6_addr_t));
|
||||||
} else if (type == MDNS_TYPE_A) {
|
} else if (type == MDNS_TYPE_A) {
|
||||||
if (server->search.host[0]) {
|
if (server->search.host[0]) {
|
||||||
|
#ifndef MDNS_TEST_MODE
|
||||||
if (strcmp(name->host, server->search.host) != 0) {
|
if (strcmp(name->host, server->search.host) != 0) {
|
||||||
continue;//wrong host
|
continue;//wrong host
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
} else if (!answer->ptr) {
|
} else if (!answer->ptr) {
|
||||||
strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN);
|
strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN);
|
||||||
} else if (strcmp(answer->host, name->host) != 0) {
|
} else if (strcmp(answer->host, name->host) != 0) {
|
||||||
|
@ -1611,12 +1638,11 @@ esp_err_t mdns_set_hostname(mdns_server_t * server, const char * hostname)
|
||||||
}
|
}
|
||||||
MDNS_MUTEX_LOCK();
|
MDNS_MUTEX_LOCK();
|
||||||
free((char*)server->hostname);
|
free((char*)server->hostname);
|
||||||
server->hostname = (char *)malloc(strlen(hostname)+1);
|
server->hostname = strndup(hostname, MDNS_NAME_BUF_LEN - 1);
|
||||||
if (!server->hostname) {
|
if (!server->hostname) {
|
||||||
MDNS_MUTEX_UNLOCK();
|
MDNS_MUTEX_UNLOCK();
|
||||||
return ESP_ERR_NO_MEM;
|
return ESP_ERR_NO_MEM;
|
||||||
}
|
}
|
||||||
strlcpy((char *)server->hostname, hostname, MDNS_NAME_BUF_LEN);
|
|
||||||
MDNS_MUTEX_UNLOCK();
|
MDNS_MUTEX_UNLOCK();
|
||||||
return ERR_OK;
|
return ERR_OK;
|
||||||
}
|
}
|
||||||
|
@ -1631,12 +1657,11 @@ esp_err_t mdns_set_instance(mdns_server_t * server, const char * instance)
|
||||||
}
|
}
|
||||||
MDNS_MUTEX_LOCK();
|
MDNS_MUTEX_LOCK();
|
||||||
free((char*)server->instance);
|
free((char*)server->instance);
|
||||||
server->instance = (char *)malloc(strlen(instance)+1);
|
server->instance = strndup(instance, MDNS_NAME_BUF_LEN - 1);
|
||||||
if (!server->instance) {
|
if (!server->instance) {
|
||||||
MDNS_MUTEX_UNLOCK();
|
MDNS_MUTEX_UNLOCK();
|
||||||
return ESP_ERR_NO_MEM;
|
return ESP_ERR_NO_MEM;
|
||||||
}
|
}
|
||||||
strlcpy((char *)server->instance, instance, MDNS_NAME_BUF_LEN);
|
|
||||||
MDNS_MUTEX_UNLOCK();
|
MDNS_MUTEX_UNLOCK();
|
||||||
return ERR_OK;
|
return ERR_OK;
|
||||||
}
|
}
|
||||||
|
@ -1812,7 +1837,7 @@ esp_err_t mdns_service_remove_all(mdns_server_t * server)
|
||||||
* MDNS QUERY
|
* MDNS QUERY
|
||||||
* */
|
* */
|
||||||
|
|
||||||
uint32_t mdns_query(mdns_server_t * server, const char * service, const char * proto, uint32_t timeout)
|
size_t mdns_query(mdns_server_t * server, const char * service, const char * proto, uint32_t timeout)
|
||||||
{
|
{
|
||||||
if (!server || !service) {
|
if (!server || !service) {
|
||||||
return 0;
|
return 0;
|
||||||
|
|
35
components/mdns/test_afl_fuzz_host/Makefile
Normal file
35
components/mdns/test_afl_fuzz_host/Makefile
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
TEST_NAME=test
|
||||||
|
FUZZ=afl-fuzz
|
||||||
|
CC=afl-clang-fast
|
||||||
|
CPP=$(CC)
|
||||||
|
LD=$(CC)
|
||||||
|
OBJECTS=mdns.o test.o
|
||||||
|
CFLAGS=-DMDNS_TEST_MODE -I. -I../include
|
||||||
|
|
||||||
|
OS := $(shell uname)
|
||||||
|
ifeq ($(OS),Darwin)
|
||||||
|
LDLIBS=
|
||||||
|
else
|
||||||
|
LDLIBS=-lbsd
|
||||||
|
CFLAGS+=-DUSE_BSD_STRING
|
||||||
|
endif
|
||||||
|
|
||||||
|
all: $(TEST_NAME)
|
||||||
|
|
||||||
|
%.o: %.c
|
||||||
|
@echo "[CC] $<"
|
||||||
|
@$(CC) $(CFLAGS) -c $< -o $@
|
||||||
|
|
||||||
|
mdns.o: ../mdns.c
|
||||||
|
@echo "[CC] $<"
|
||||||
|
@$(CC) $(CFLAGS) -c $< -o $@
|
||||||
|
|
||||||
|
$(TEST_NAME): $(OBJECTS)
|
||||||
|
@echo "[LD] $@"
|
||||||
|
@$(LD) $(LDLIBS) $(OBJECTS) -o $@
|
||||||
|
|
||||||
|
fuzz: $(TEST_NAME)
|
||||||
|
@$(FUZZ) -i "in" -o "out" -- ./$(TEST_NAME)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
@rm -rf *.o *.SYM $(TEST_NAME) out
|
58
components/mdns/test_afl_fuzz_host/README.md
Normal file
58
components/mdns/test_afl_fuzz_host/README.md
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
## Introduction
|
||||||
|
This test uses [american fuzzy lop](http://lcamtuf.coredump.cx/afl/) to mangle real mdns packets and look for exceptions caused by the parser.
|
||||||
|
|
||||||
|
A few actuall packets are collected and exported as bins in the ```in``` folder, which is then passed as input to AFL when testing. The setup procedure for the test includes all possible services and scenarios that could be used with the given input packets. Output of the parser before fuzzing can be found in [input_packets.txt](input_packets.txt)
|
||||||
|
|
||||||
|
## Installing AFL
|
||||||
|
To run the test yourself, you need to dounload the [latest afl archive](http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz) and extract it to a folder on your computer.
|
||||||
|
|
||||||
|
The rest of the document will refer to that folder as ```PATH_TO_AFL```.
|
||||||
|
|
||||||
|
### Preparation
|
||||||
|
- On Mac, you will need to insall the latest Xcode and llvm support from [Homebrew](https://brew.sh)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
|
||||||
|
brew install --with-clang --with-lld --HEAD llvm
|
||||||
|
export PATH="/usr/local/opt/llvm/bin:$PATH"
|
||||||
|
```
|
||||||
|
|
||||||
|
- On Ubuntu you need the following packages:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt-get install make clang llvm libbsd-dev
|
||||||
|
```
|
||||||
|
|
||||||
|
### Compile AFL
|
||||||
|
Compiling AFL is as easy as running make:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd [PATH_TO_AFL]
|
||||||
|
make
|
||||||
|
cd llvm_mode/
|
||||||
|
make
|
||||||
|
```
|
||||||
|
|
||||||
|
After successful compilation, you can export the following variables to your shell (you can also add them to your profile if you want to use afl in other projects)
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export AFL_PATH=[PATH_TO_AFL]
|
||||||
|
export PATH="$AFL_PATH:$PATH"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Running the test
|
||||||
|
Apple has a crash reporting service that could interfere with AFLs normal operation. To turn that off, run the following command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
launchctl unload -w /System/Library/LaunchAgents/com.apple.ReportCrash.plist
|
||||||
|
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist
|
||||||
|
```
|
||||||
|
|
||||||
|
Ubuntu has a similar service. To turn that off, run as root:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo core >/proc/sys/kernel/core_pattern
|
||||||
|
```
|
||||||
|
|
||||||
|
After going through all of the requirements above, you can ```cd``` into this test's folder and simply run ```make fuzz```.
|
||||||
|
|
129
components/mdns/test_afl_fuzz_host/esp32_compat.h
Normal file
129
components/mdns/test_afl_fuzz_host/esp32_compat.h
Normal file
|
@ -0,0 +1,129 @@
|
||||||
|
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#ifndef _ESP32_COMPAT_H_
|
||||||
|
#define _ESP32_COMPAT_H_
|
||||||
|
|
||||||
|
#ifdef MDNS_TEST_MODE
|
||||||
|
|
||||||
|
#ifdef USE_BSD_STRING
|
||||||
|
#include <bsd/string.h>
|
||||||
|
#endif
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <signal.h>
|
||||||
|
#include <sys/time.h>
|
||||||
|
|
||||||
|
#define ERR_OK 0
|
||||||
|
#define ESP_OK 0
|
||||||
|
#define ESP_FAIL -1
|
||||||
|
|
||||||
|
#define ESP_ERR_NO_MEM 0x101
|
||||||
|
#define ESP_ERR_INVALID_ARG 0x102
|
||||||
|
#define ESP_ERR_INVALID_STATE 0x103
|
||||||
|
#define ESP_ERR_INVALID_SIZE 0x104
|
||||||
|
#define ESP_ERR_NOT_FOUND 0x105
|
||||||
|
#define ESP_ERR_NOT_SUPPORTED 0x106
|
||||||
|
#define ESP_ERR_TIMEOUT 0x107
|
||||||
|
#define ESP_ERR_INVALID_RESPONSE 0x108
|
||||||
|
#define ESP_ERR_INVALID_CRC 0x109
|
||||||
|
|
||||||
|
#define pdTRUE true
|
||||||
|
#define pdFALSE false
|
||||||
|
|
||||||
|
#define portMAX_DELAY 0xFFFFFFFF
|
||||||
|
#define portTICK_PERIOD_MS 1
|
||||||
|
|
||||||
|
#define xSemaphoreTake(s,d)
|
||||||
|
#define xSemaphoreGive(s)
|
||||||
|
#define xSemaphoreCreateMutex() malloc(1)
|
||||||
|
#define vSemaphoreDelete(s) free(s)
|
||||||
|
#define xQueueCreate(n,s) malloc((n)*(s))
|
||||||
|
#define vQueueDelete(q) free(q)
|
||||||
|
#define xQueueReceive(q, d, t) (ESP_OK)
|
||||||
|
#define vTaskDelay(m) usleep((m)*1000)
|
||||||
|
#define pbuf_free(p) free(p)
|
||||||
|
|
||||||
|
#define tcpip_adapter_get_ip_info(i,d)
|
||||||
|
#define tcpip_adapter_get_ip6_linklocal(i,d) (ESP_OK)
|
||||||
|
#define tcpip_adapter_get_hostname(i, n) *(n) = "esp32-0123456789AB"
|
||||||
|
|
||||||
|
#define IP4_ADDR(ipaddr, a,b,c,d) \
|
||||||
|
(ipaddr)->addr = ((uint32_t)((d) & 0xff) << 24) | \
|
||||||
|
((uint32_t)((c) & 0xff) << 16) | \
|
||||||
|
((uint32_t)((b) & 0xff) << 8) | \
|
||||||
|
(uint32_t)((a) & 0xff)
|
||||||
|
|
||||||
|
typedef uint32_t esp_err_t;
|
||||||
|
|
||||||
|
typedef void * xSemaphoreHandle;
|
||||||
|
typedef void * xQueueHandle;
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
TCPIP_ADAPTER_IF_STA = 0, /**< ESP32 station interface */
|
||||||
|
TCPIP_ADAPTER_IF_AP, /**< ESP32 soft-AP interface */
|
||||||
|
TCPIP_ADAPTER_IF_ETH, /**< ESP32 ethernet interface */
|
||||||
|
TCPIP_ADAPTER_IF_MAX
|
||||||
|
} tcpip_adapter_if_t;
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
WIFI_MODE_NULL = 0, /**< null mode */
|
||||||
|
WIFI_MODE_STA, /**< WiFi station mode */
|
||||||
|
WIFI_MODE_AP, /**< WiFi soft-AP mode */
|
||||||
|
WIFI_MODE_APSTA, /**< WiFi station + soft-AP mode */
|
||||||
|
WIFI_MODE_MAX
|
||||||
|
} wifi_mode_t;
|
||||||
|
|
||||||
|
struct udp_pcb {
|
||||||
|
uint8_t dummy;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct ip4_addr {
|
||||||
|
uint32_t addr;
|
||||||
|
};
|
||||||
|
typedef struct ip4_addr ip4_addr_t;
|
||||||
|
|
||||||
|
struct ip6_addr {
|
||||||
|
uint32_t addr[4];
|
||||||
|
};
|
||||||
|
typedef struct ip6_addr ip6_addr_t;
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
ip4_addr_t ip;
|
||||||
|
ip4_addr_t netmask;
|
||||||
|
ip4_addr_t gw;
|
||||||
|
} tcpip_adapter_ip_info_t;
|
||||||
|
|
||||||
|
inline esp_err_t esp_wifi_get_mode(wifi_mode_t * mode)
|
||||||
|
{
|
||||||
|
*mode = WIFI_MODE_APSTA;
|
||||||
|
return ESP_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
inline uint32_t xTaskGetTickCount()
|
||||||
|
{
|
||||||
|
struct timeval tv;
|
||||||
|
struct timezone tz;
|
||||||
|
if (gettimeofday(&tv, &tz) == 0) {
|
||||||
|
return (tv.tv_sec * 1000) + (tv.tv_usec / 1000);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif //MDNS_TEST_MODE
|
||||||
|
|
||||||
|
#endif //_ESP32_COMPAT_H_
|
BIN
components/mdns/test_afl_fuzz_host/in/test-14.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-14.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-15.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-15.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-16.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-16.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-28.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-28.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-29.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-29.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-31.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-31.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-53.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-53.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-56.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-56.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-63.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-63.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-83.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-83.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-88.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-88.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-89.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-89.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-95.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-95.bin
Executable file
Binary file not shown.
BIN
components/mdns/test_afl_fuzz_host/in/test-96.bin
Executable file
BIN
components/mdns/test_afl_fuzz_host/in/test-96.bin
Executable file
Binary file not shown.
166
components/mdns/test_afl_fuzz_host/input_packets.txt
Normal file
166
components/mdns/test_afl_fuzz_host/input_packets.txt
Normal file
|
@ -0,0 +1,166 @@
|
||||||
|
Input: in/test-14.bin
|
||||||
|
Packet Length: 568
|
||||||
|
Questions: 18
|
||||||
|
Q: _airport._tcp.local. PTR IN
|
||||||
|
Q: _http._tcp.local. PTR IN
|
||||||
|
Q: _printer._tcp.local. PTR IN
|
||||||
|
Q: _sub._http._tcp.local. PTR IN
|
||||||
|
Q: _airplay._tcp.local. PTR IN
|
||||||
|
Q: _raop._tcp.local. PTR IN
|
||||||
|
Q: _uscan._tcp.local. PTR IN
|
||||||
|
Q: _uscans._tcp.local. PTR IN
|
||||||
|
Q: _ippusb._tcp.local. PTR IN
|
||||||
|
Q: _scanner._tcp.local. PTR IN
|
||||||
|
Q: _ipp._tcp.local. PTR IN
|
||||||
|
Q: _ipps._tcp.local. PTR IN
|
||||||
|
Q: _pdl-datastream._tcp.local. PTR IN
|
||||||
|
Q: _ptp._tcp.local. PTR IN
|
||||||
|
Q: _sleep-proxy._udp.local. PTR IN
|
||||||
|
Q: 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. TXT IN
|
||||||
|
Q: Hristo's AirPort Express._airport._tcp.local. TXT IN
|
||||||
|
Q: Hristo's Time Capsule._airport._tcp.local. TXT IN
|
||||||
|
Answers: 7 + 0
|
||||||
|
A: _airport._tcp.local. PTR IN 2272 [2] Hristo's AirPort Express._airport._tcp.local.
|
||||||
|
A: _airport._tcp.local. PTR IN 2272 [2] Hristo's Time Capsule._airport._tcp.local.
|
||||||
|
A: _http._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._http._tcp.local.
|
||||||
|
A: _printer._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._printer._tcp.local.
|
||||||
|
A: _ipp._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._ipp._tcp.local.
|
||||||
|
A: _pdl-datastream._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._pdl-datastream._tcp.local.
|
||||||
|
A: _sleep-proxy._udp.local. PTR IN 2535 [38] 50-34-10-70.1 Hristo's Time Capsule._sleep-proxy._udp.local.
|
||||||
|
|
||||||
|
Input: in/test-15.bin
|
||||||
|
Packet Length: 524
|
||||||
|
Answers: 3 + 3
|
||||||
|
A: Hristo's AirPort Express._airport._tcp.local. TXT IN FLUSH 4500 [166] waMA=98-01-A7-E5-8F-A1,raMA=98-01-A7-E8-C2-2E,raM2=98-01-A7-E8-C2-2F,raNm=your-ssid,raCh=1,rCh2=52,raSt=0,raNA=1,syFl=0x8A0C,syAP=115,syVs=7.6.8,srcv=76800.1,bjSd=23
|
||||||
|
A: 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. TXT IN FLUSH 4500 [134] txtvers=1; ch=2; cn=0,1; et=0,4; sv=false; da=true; sr=44100; ss=16; pw=false; vn=65537; tp=TCP,UDP; vs=105.1; am=AirPort10,115; fv=76800.1; sf=0x1
|
||||||
|
A: _raop._tcp.local. PTR IN 4500 [2] 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local.
|
||||||
|
A: 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. SRV IN FLUSH 120 [32] 5000 Hristos-AirPort-Express.local.
|
||||||
|
A: Hristo's AirPort Express.local. NSEC IN FLUSH 4500 [9] Hristo's AirPort Express._airport._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
A: 9801A7E58FA1@Hristo's AirPort Express.local. NSEC IN FLUSH 4500 [9] 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
|
||||||
|
Input: in/test-16.bin
|
||||||
|
Packet Length: 254
|
||||||
|
Answers: 1 + 1
|
||||||
|
A: Hristo's Time Capsule._airport._tcp.local. TXT IN FLUSH 4500 [168] waMA=70-73-CB-B4-C9-B3,raMA=70-73-CB-BB-04-E7,raM2=70-73-CB-BB-04-E8,raNm=nbis-test,raCh=11,rCh2=132,raSt=0,raNA=0,syFl=0x820C,syAP=116,syVs=7.6.8,srcv=76800.1,bjSd=30
|
||||||
|
A: Hristo's Time Capsule.local. NSEC IN FLUSH 4500 [9] Hristo's Time Capsule._airport._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
|
||||||
|
Input: in/test-28.bin
|
||||||
|
Packet Length: 62
|
||||||
|
Questions: 1
|
||||||
|
Q: Hristo's Time Capsule._afpovertcp._tcp.local. SRV IN FLUSH
|
||||||
|
|
||||||
|
Input: in/test-29.bin
|
||||||
|
Packet Length: 39
|
||||||
|
Questions: 2
|
||||||
|
Q: minifritz.local. A IN FLUSH
|
||||||
|
Q: minifritz.local. AAAA IN FLUSH
|
||||||
|
|
||||||
|
Input: in/test-31.bin
|
||||||
|
Packet Length: 91
|
||||||
|
Answers: 2 + 1
|
||||||
|
A: minifritz.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:142e:54ff:b8c4:fd09
|
||||||
|
A: minifritz.local. A IN FLUSH 120 [4] 192.168.254.16
|
||||||
|
A: minifritz.local. NSEC IN FLUSH 120 [8] minifritz...local. 00 04 40 00 00 08
|
||||||
|
|
||||||
|
Input: in/test-53.bin
|
||||||
|
Packet Length: 140
|
||||||
|
Questions: 2
|
||||||
|
Q: _smb._tcp.local. PTR IN
|
||||||
|
Q: Sofiya-Ivanovas-MacBook.local. A IN
|
||||||
|
Answers: 2 + 0
|
||||||
|
A: _smb._tcp.local. PTR IN 3061 [29] Sofiya Ivanova’s MacBook._smb._tcp.local.
|
||||||
|
A: _smb._tcp.local. PTR IN 3062 [24] Hristo's Time Capsule._smb._tcp.local.
|
||||||
|
|
||||||
|
Input: in/test-56.bin
|
||||||
|
Packet Length: 262
|
||||||
|
Answers: 2 + 6
|
||||||
|
A: Hristo’s Mac mini._device-info._tcp.local. TXT IN 4500 [28] model=Macmini6,2; osxvers=16
|
||||||
|
A: _smb._tcp.local. PTR IN 4500 [22] Hristo’s Mac mini._smb._tcp.local.
|
||||||
|
A: Hristo’s Mac mini._smb._tcp.local. TXT IN FLUSH 4500 [1]
|
||||||
|
A: Hristo’s Mac mini._smb._tcp.local. SRV IN FLUSH 120 [18] 445 minifritz.local.
|
||||||
|
A: minifritz.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:142e:54ff:b8c4:fd09
|
||||||
|
A: minifritz.local. A IN FLUSH 120 [4] 192.168.254.16
|
||||||
|
A: Hristo’s Mac mini.local. NSEC IN FLUSH 4500 [9] Hristo’s Mac mini._smb._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
A: minifritz.local. NSEC IN FLUSH 120 [8] minifritz...local. 00 04 40 00 00 08
|
||||||
|
|
||||||
|
Input: in/test-63.bin
|
||||||
|
Packet Length: 147
|
||||||
|
Questions: 2
|
||||||
|
Q: _afpovertcp._tcp.local. PTR IN
|
||||||
|
Q: Sofiya-Ivanovas-MacBook.local. A IN
|
||||||
|
Answers: 2 + 0
|
||||||
|
A: _afpovertcp._tcp.local. PTR IN 2881 [29] Sofiya Ivanova’s MacBook._afpovertcp._tcp.local.
|
||||||
|
A: _afpovertcp._tcp.local. PTR IN 2881 [24] Hristo's Time Capsule._afpovertcp._tcp.local.
|
||||||
|
|
||||||
|
Input: in/test-66.bin
|
||||||
|
Packet Length: 269
|
||||||
|
Answers: 2 + 6
|
||||||
|
A: Hristo’s Mac mini._device-info._tcp.local. TXT IN 4500 [28] model=Macmini6,2; osxvers=16
|
||||||
|
A: _afpovertcp._tcp.local. PTR IN 4500 [22] Hristo’s Mac mini._afpovertcp._tcp.local.
|
||||||
|
A: Hristo’s Mac mini._afpovertcp._tcp.local. TXT IN FLUSH 4500 [1]
|
||||||
|
A: Hristo’s Mac mini._afpovertcp._tcp.local. SRV IN FLUSH 120 [18] 548 minifritz.local.
|
||||||
|
A: minifritz.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:142e:54ff:b8c4:fd09
|
||||||
|
A: minifritz.local. A IN FLUSH 120 [4] 192.168.254.16
|
||||||
|
A: Hristo’s Mac mini.local. NSEC IN FLUSH 4500 [9] Hristo’s Mac mini._afpovertcp._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
A: minifritz.local. NSEC IN FLUSH 120 [8] minifritz...local. 00 04 40 00 00 08
|
||||||
|
|
||||||
|
Input: in/test-83.bin
|
||||||
|
Packet Length: 105
|
||||||
|
Answers: 1 + 2
|
||||||
|
A: Sofiya-Ivanovas-MacBook.local. A IN FLUSH 120 [4] 192.168.254.20
|
||||||
|
A: Sofiya-Ivanovas-MacBook.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:021c:b3ff:feb2:72a3
|
||||||
|
A: Sofiya-Ivanovas-MacBook.local. NSEC IN FLUSH 120 [8] Sofiya-Ivanovas-MacBook...local. 00 04 40 00 00 08
|
||||||
|
|
||||||
|
Input: in/test-88.bin
|
||||||
|
Packet Length: 48
|
||||||
|
Questions: 2
|
||||||
|
Q: _rfb._tcp.local. PTR IN
|
||||||
|
Q: _airport._tcp.local. PTR IN
|
||||||
|
|
||||||
|
Input: in/test-89.bin
|
||||||
|
Packet Length: 459
|
||||||
|
Answers: 2 + 7
|
||||||
|
A: _airport._tcp.local. PTR IN 4500 [24] Hristo's Time Capsule._airport._tcp.local.
|
||||||
|
A: Hristo's Time Capsule._device-info._tcp.local. TXT IN 4500 [23] model=TimeCapsule6,116
|
||||||
|
A: Hristos-Time-Capsule.local. A IN FLUSH 120 [4] 192.168.254.49
|
||||||
|
A: Hristo's Time Capsule._airport._tcp.local. TXT IN FLUSH 4500 [168] waMA=70-73-CB-B4-C9-B3,raMA=70-73-CB-BB-04-E7,raM2=70-73-CB-BB-04-E8,raNm=nbis-test,raCh=11,rCh2=132,raSt=0,raNA=0,syFl=0x820C,syAP=116,syVs=7.6.8,srcv=76800.1,bjSd=30
|
||||||
|
A: Hristos-Time-Capsule.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:7273:cbff:feb4:c9b3
|
||||||
|
A: Hristo's Time Capsule._airport._tcp.local. SRV IN FLUSH 120 [8] 5009 Hristos-Time-Capsule.local.
|
||||||
|
A: Hristos-Time-Capsule.local. A IN FLUSH 120 [4] 169.254.23.40
|
||||||
|
A: Hristos-Time-Capsule.local. NSEC IN FLUSH 120 [8] Hristos-Time-Capsule...local. 00 04 40 00 00 08
|
||||||
|
A: Hristo's Time Capsule.local. NSEC IN FLUSH 4500 [9] Hristo's Time Capsule._airport._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
|
||||||
|
Input: in/test-91.bin
|
||||||
|
Packet Length: 279
|
||||||
|
Answers: 2 + 6
|
||||||
|
A: Sofiya Ivanova’s MacBook._device-info._tcp.local. TXT IN 4500 [17] model=Macmini2,1
|
||||||
|
A: _rfb._tcp.local. PTR IN 4500 [29] Sofiya Ivanova’s MacBook._rfb._tcp.local.
|
||||||
|
A: Sofiya Ivanova’s MacBook._rfb._tcp.local. TXT IN FLUSH 4500 [1]
|
||||||
|
A: Sofiya Ivanova’s MacBook._rfb._tcp.local. SRV IN FLUSH 120 [32] 5900 Sofiya-Ivanovas-MacBook.local.
|
||||||
|
A: Sofiya-Ivanovas-MacBook.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:021c:b3ff:feb2:72a3
|
||||||
|
A: Sofiya-Ivanovas-MacBook.local. A IN FLUSH 120 [4] 192.168.254.20
|
||||||
|
A: Sofiya Ivanova’s MacBook.local. NSEC IN FLUSH 4500 [9] Sofiya Ivanova’s MacBook._rfb._tcp.local. 00 05 00 00 80 00 40
|
||||||
|
A: Sofiya-Ivanovas-MacBook.local. NSEC IN FLUSH 120 [8] Sofiya-Ivanovas-MacBook...local. 00 04 40 00 00 08
|
||||||
|
|
||||||
|
Input: in/test-95.bin
|
||||||
|
Packet Length: 286
|
||||||
|
Questions: 3
|
||||||
|
Q: _afpovertcp._tcp.local. PTR IN
|
||||||
|
Q: _smb._tcp.local. PTR IN
|
||||||
|
Q: _adisk._tcp.local. PTR IN
|
||||||
|
Answers: 6 + 0
|
||||||
|
A: _afpovertcp._tcp.local. PTR IN 2353 [29] Sofiya Ivanova’s MacBook._afpovertcp._tcp.local.
|
||||||
|
A: _afpovertcp._tcp.local. PTR IN 3973 [22] Hristo’s Mac mini._afpovertcp._tcp.local.
|
||||||
|
A: _afpovertcp._tcp.local. PTR IN 2353 [24] Hristo's Time Capsule._afpovertcp._tcp.local.
|
||||||
|
A: _smb._tcp.local. PTR IN 2353 [29] Sofiya Ivanova’s MacBook._smb._tcp.local.
|
||||||
|
A: _smb._tcp.local. PTR IN 3792 [22] Hristo’s Mac mini._smb._tcp.local.
|
||||||
|
A: _smb._tcp.local. PTR IN 2353 [24] Hristo's Time Capsule._smb._tcp.local.
|
||||||
|
|
||||||
|
Input: in/test-96.bin
|
||||||
|
Packet Length: 319
|
||||||
|
Answers: 2 + 3
|
||||||
|
A: Hristo's Time Capsule._device-info._tcp.local. TXT IN 4500 [23] model=TimeCapsule6,116
|
||||||
|
A: _adisk._tcp.local. PTR IN 4500 [24] Hristo's Time Capsule._adisk._tcp.local.
|
||||||
|
A: Hristo's Time Capsule._adisk._tcp.local. TXT IN FLUSH 4500 [110] sys=waMA=70:73:CB:B4:C9:B3,adVF=0x1000; dk2=adVF=0x1083,adVN=Capsule,adVU=55fabb8b-a63b-5441-9874-6edb504eb30a
|
||||||
|
A: Hristo's Time Capsule._adisk._tcp.local. SRV IN FLUSH 120 [29] 9 Hristos-Time-Capsule.local.
|
||||||
|
A: Hristo's Time Capsule.local. NSEC IN FLUSH 4500 [9] Hristo's Time Capsule._adisk._tcp.local. 00 05 00 00 80 00 40
|
113
components/mdns/test_afl_fuzz_host/test.c
Normal file
113
components/mdns/test_afl_fuzz_host/test.c
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#ifdef MDNS_TEST_MODE
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <signal.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "mdns.h"
|
||||||
|
|
||||||
|
void mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len);
|
||||||
|
|
||||||
|
int main(int argc, char** argv)
|
||||||
|
{
|
||||||
|
const char * mdns_hostname = "minifritz";
|
||||||
|
const char * mdns_instance = "Hristo's Time Capsule";
|
||||||
|
const char * arduTxtData[4] = {
|
||||||
|
"board=esp32",
|
||||||
|
"tcp_check=no",
|
||||||
|
"ssh_upload=no",
|
||||||
|
"auth_upload=no"
|
||||||
|
};
|
||||||
|
const uint8_t mac[6] = {0xDE, 0xAD, 0xBE, 0xEF, 0x00, 0x32};
|
||||||
|
|
||||||
|
mdns_server_t * mdns = NULL;
|
||||||
|
uint8_t buf[1460];
|
||||||
|
char winstance[21+strlen(mdns_hostname)];
|
||||||
|
|
||||||
|
sprintf(winstance, "%s [%02x:%02x:%02x:%02x:%02x:%02x]", mdns_hostname, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
|
||||||
|
|
||||||
|
if (mdns_init(TCPIP_ADAPTER_IF_ETH, &mdns)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_set_hostname(mdns, mdns_hostname)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_set_instance(mdns, mdns_instance)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_service_add(mdns, "_workstation", "_tcp", 9)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_service_instance_set(mdns, "_workstation", "_tcp", winstance)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_service_add(mdns, "_arduino", "_tcp", 3232)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_service_txt_set(mdns, "_arduino", "_tcp", 4, arduTxtData)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_service_add(mdns, "_http", "_tcp", 80)) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mdns_service_instance_set(mdns, "_http", "_tcp", "ESP WebServer")) {
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (
|
||||||
|
mdns_service_add(mdns, "_afpovertcp", "_tcp", 548)
|
||||||
|
|| mdns_service_add(mdns, "_rfb", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_smb", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_adisk", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_airport", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_printer", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_airplay", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_raop", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_uscan", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_uscans", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_ippusb", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_scanner", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_ipp", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_ipps", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_pdl-datastream", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_ptp", "_tcp", 885)
|
||||||
|
|| mdns_service_add(mdns, "_sleep-proxy", "_udp", 885))
|
||||||
|
{
|
||||||
|
abort();
|
||||||
|
}
|
||||||
|
|
||||||
|
while (__AFL_LOOP(1000)) {
|
||||||
|
memset(buf, 0, 1460);
|
||||||
|
size_t len = read(0, buf, 1460);
|
||||||
|
mdns_query(mdns, "_afpovertcp", "_tcp", 0);
|
||||||
|
mdns_parse_packet(mdns, buf, len);
|
||||||
|
mdns_query_end(mdns);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
Loading…
Reference in a new issue