Merge branch 'feature/mdns_afl_fuzz' into 'master'

Feature/mdns afl fuzz

Implement AFL Fuzz for testing MDNS parser stability

See merge request !632
This commit is contained in:
Ivan Grokhotkov 2017-04-10 11:55:31 +08:00
commit 05e6fba6c3
21 changed files with 562 additions and 32 deletions

View file

@ -18,7 +18,11 @@
extern "C" { extern "C" {
#endif #endif
#ifndef MDNS_TEST_MODE
#include <tcpip_adapter.h> #include <tcpip_adapter.h>
#else
#include "esp32_compat.h"
#endif
struct mdns_server_s; struct mdns_server_s;
typedef struct mdns_server_s mdns_server_t; typedef struct mdns_server_s mdns_server_t;

View file

@ -14,6 +14,7 @@
#include "mdns.h" #include "mdns.h"
#include <string.h> #include <string.h>
#ifndef MDNS_TEST_MODE
#include "sdkconfig.h" #include "sdkconfig.h"
#include "freertos/FreeRTOS.h" #include "freertos/FreeRTOS.h"
#include "freertos/queue.h" #include "freertos/queue.h"
@ -23,6 +24,7 @@
#include "lwip/igmp.h" #include "lwip/igmp.h"
#include "lwip/udp.h" #include "lwip/udp.h"
#include "esp_wifi.h" #include "esp_wifi.h"
#endif
#define MDNS_FLAGS_AUTHORITATIVE 0x8400 #define MDNS_FLAGS_AUTHORITATIVE 0x8400
@ -162,6 +164,9 @@ static const char * MDNS_DEFAULT_DOMAIN = "local";
static const char * MDNS_SUB_STR = "_sub"; static const char * MDNS_SUB_STR = "_sub";
static mdns_server_t * _mdns_servers[TCPIP_ADAPTER_IF_MAX] = {0,0,0}; static mdns_server_t * _mdns_servers[TCPIP_ADAPTER_IF_MAX] = {0,0,0};
#ifndef MDNS_TEST_MODE
static TaskHandle_t _mdns_service_task_handle = NULL; static TaskHandle_t _mdns_service_task_handle = NULL;
static QueueSetHandle_t _mdns_queue_set = NULL; static QueueSetHandle_t _mdns_queue_set = NULL;
@ -257,6 +262,7 @@ esp_err_t _mdns_server_deinit(mdns_server_t * server)
} }
return ESP_OK; return ESP_OK;
} }
#endif
/** /**
* @brief send packet over UDP * @brief send packet over UDP
@ -269,8 +275,11 @@ esp_err_t _mdns_server_deinit(mdns_server_t * server)
*/ */
static size_t _mdns_server_write(mdns_server_t * server, uint8_t * data, size_t len) static size_t _mdns_server_write(mdns_server_t * server, uint8_t * data, size_t len)
{ {
#ifndef MDNS_TEST_MODE
struct pbuf* pbt = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM); struct pbuf* pbt = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_RAM);
if (pbt != NULL) { if (pbt == NULL) {
return 0;
}
uint8_t* dst = (uint8_t *)pbt->payload; uint8_t* dst = (uint8_t *)pbt->payload;
memcpy(dst, data, len); memcpy(dst, data, len);
err_t err = udp_sendto(server->pcb, pbt, &(server->pcb->remote_ip), server->pcb->remote_port); err_t err = udp_sendto(server->pcb, pbt, &(server->pcb->remote_ip), server->pcb->remote_port);
@ -278,16 +287,16 @@ static size_t _mdns_server_write(mdns_server_t * server, uint8_t * data, size_t
if (err) { if (err) {
return 0; return 0;
} }
#endif
return len; return len;
}
return 0;
} }
/* /*
* MDNS Servers * MDNS Servers
* */ * */
static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len); #ifndef MDNS_TEST_MODE
void mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len);
/** /**
* @brief the main MDNS service task. Packets are received and parsed here * @brief the main MDNS service task. Packets are received and parsed here
@ -305,7 +314,7 @@ static void _mdns_service_task(void *pvParameters)
mdns_server_t * server = _mdns_servers[i]; mdns_server_t * server = _mdns_servers[i];
if (server && server->queue == queue) { if (server && server->queue == queue) {
MDNS_MUTEX_LOCK(); MDNS_MUTEX_LOCK();
_mdns_parse_packet(server, (uint8_t*)pb->payload, pb->len); mdns_parse_packet(server, (uint8_t*)pb->payload, pb->len);
MDNS_MUTEX_UNLOCK(); MDNS_MUTEX_UNLOCK();
break; break;
} }
@ -314,6 +323,7 @@ static void _mdns_service_task(void *pvParameters)
} }
} }
} }
#endif
/** /**
* @brief get the server assigned to particular interface * @brief get the server assigned to particular interface
@ -342,6 +352,7 @@ static mdns_server_t * _mdns_server_get(tcpip_adapter_if_t tcpip_if)
*/ */
static esp_err_t _mdns_server_add(mdns_server_t * server) static esp_err_t _mdns_server_add(mdns_server_t * server)
{ {
#ifndef MDNS_TEST_MODE
if (!_mdns_service_semaphore) { if (!_mdns_service_semaphore) {
_mdns_service_semaphore = xSemaphoreCreateMutex(); _mdns_service_semaphore = xSemaphoreCreateMutex();
if (!_mdns_service_semaphore) { if (!_mdns_service_semaphore) {
@ -374,7 +385,7 @@ static esp_err_t _mdns_server_add(mdns_server_t * server)
if (err) { if (err) {
return err; return err;
} }
#endif
_mdns_servers[server->tcpip_if] = server; _mdns_servers[server->tcpip_if] = server;
return ESP_OK; return ESP_OK;
@ -391,11 +402,11 @@ static esp_err_t _mdns_server_add(mdns_server_t * server)
*/ */
static esp_err_t _mdns_server_remove(mdns_server_t * server) static esp_err_t _mdns_server_remove(mdns_server_t * server)
{ {
_mdns_servers[server->tcpip_if] = NULL;
#ifndef MDNS_TEST_MODE
//stop UDP //stop UDP
_mdns_server_deinit(server); _mdns_server_deinit(server);
_mdns_servers[server->tcpip_if] = NULL;
if (xQueueRemoveFromSet(server->queue, _mdns_queue_set) != pdPASS) { if (xQueueRemoveFromSet(server->queue, _mdns_queue_set) != pdPASS) {
return ESP_FAIL; return ESP_FAIL;
} }
@ -417,7 +428,7 @@ static esp_err_t _mdns_server_remove(mdns_server_t * server)
} }
MDNS_SERVICE_UNLOCK(); MDNS_SERVICE_UNLOCK();
} }
#endif
return ESP_OK; return ESP_OK;
} }
@ -1294,7 +1305,7 @@ static inline uint16_t _mdns_read_u16(const uint8_t * packet, uint16_t index)
* @param data byte array holding the packet data * @param data byte array holding the packet data
* @param len length of the byte array * @param len length of the byte array
*/ */
static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len) void mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len)
{ {
static mdns_name_t n; static mdns_name_t n;
static mdns_result_temp_t a; static mdns_result_temp_t a;
@ -1309,11 +1320,13 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
if (questions) { if (questions) {
uint8_t qs = questions; uint8_t qs = questions;
mdns_answer_item_t * answers = NULL; mdns_answer_item_t * answer_items = NULL;
while(qs--) { while(qs--) {
content = _mdns_parse_fqdn(data, content, name); content = _mdns_parse_fqdn(data, content, name);
if (!content) { if (!content) {
answers = 0;
additional = 0;
break;//error break;//error
} }
@ -1323,7 +1336,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
if (!name->service[0] || !name->proto[0]) { if (!name->service[0] || !name->proto[0]) {
if (type == MDNS_TYPE_A || type == MDNS_TYPE_AAAA || type == MDNS_TYPE_ANY) {//send A + AAAA if (type == MDNS_TYPE_A || type == MDNS_TYPE_AAAA || type == MDNS_TYPE_ANY) {//send A + AAAA
if (name->host[0] && server->hostname && server->hostname[0] && !strcmp(name->host, server->hostname)) { if (name->host[0] && server->hostname && server->hostname[0] && !strcmp(name->host, server->hostname)) {
answers = _mdns_add_answer(answers, NULL, MDNS_ANSWER_A); answer_items = _mdns_add_answer(answer_items, NULL, MDNS_ANSWER_A);
} }
} }
continue; continue;
@ -1336,7 +1349,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
mdns_srv_item_t * s = server->services; mdns_srv_item_t * s = server->services;
while(s) { while(s) {
if (s->service->service && s->service->proto) { if (s->service->service && s->service->proto) {
answers = _mdns_add_answer(answers, s->service, MDNS_ANSWER_SDPTR); answer_items = _mdns_add_answer(answer_items, s->service, MDNS_ANSWER_SDPTR);
} }
s = s->next; s = s->next;
} }
@ -1354,7 +1367,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
} }
if (type == MDNS_TYPE_PTR) { if (type == MDNS_TYPE_PTR) {
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_ALL); answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_ALL);
} else if (type == MDNS_TYPE_TXT) { } else if (type == MDNS_TYPE_TXT) {
//match instance/host //match instance/host
const char * host = (si->service->instance)?si->service->instance const char * host = (si->service->instance)?si->service->instance
@ -1363,7 +1376,7 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) { if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) {
continue; continue;
} }
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_TXT); answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_TXT);
} else if (type == MDNS_TYPE_SRV) { } else if (type == MDNS_TYPE_SRV) {
//match instance/host //match instance/host
const char * host = (si->service->instance)?si->service->instance const char * host = (si->service->instance)?si->service->instance
@ -1372,16 +1385,16 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) { if (!host || !host[0] || !name->host[0] || strcmp(name->host, host)) {
continue; continue;
} }
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_SRV | MDNS_ANSWER_A); answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_SRV | MDNS_ANSWER_A);
} else if (type == MDNS_TYPE_ANY) {//send all } else if (type == MDNS_TYPE_ANY) {//send all
//match host //match host
if (!name->host[0] || !server->hostname || !server->hostname[0] || strcmp(name->host, server->hostname)) { if (!name->host[0] || !server->hostname || !server->hostname[0] || strcmp(name->host, server->hostname)) {
answers = _mdns_add_answer(answers, si->service, MDNS_ANSWER_ALL); answer_items = _mdns_add_answer(answer_items, si->service, MDNS_ANSWER_ALL);
} }
} }
} }
if (answers) { if (answer_items) {
_mdns_send_answers(server, answers); _mdns_send_answers(server, answer_items);
} }
} }
@ -1392,30 +1405,37 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
while(content < (data + len)) { while(content < (data + len)) {
content = _mdns_parse_fqdn(data, content, name); content = _mdns_parse_fqdn(data, content, name);
if (!content) { if (!content) {
break;//error return;//error
} }
uint16_t type = _mdns_read_u16(content, MDNS_TYPE_OFFSET); uint16_t type = _mdns_read_u16(content, MDNS_TYPE_OFFSET);
uint16_t data_len = _mdns_read_u16(content, MDNS_LEN_OFFSET); uint16_t data_len = _mdns_read_u16(content, MDNS_LEN_OFFSET);
const uint8_t * data_ptr = content + MDNS_DATA_OFFSET; const uint8_t * data_ptr = content + MDNS_DATA_OFFSET;
content = data_ptr + data_len; content = data_ptr + data_len;
if(content > (data + len)){
return;
}
if (type == MDNS_TYPE_PTR) { if (type == MDNS_TYPE_PTR) {
if (!_mdns_parse_fqdn(data, data_ptr, name)) { if (!_mdns_parse_fqdn(data, data_ptr, name)) {
continue;//error continue;//error
} }
#ifndef MDNS_TEST_MODE
if (server->search.host[0] || if (server->search.host[0] ||
(strcmp(name->service, server->search.service) != 0) || (strcmp(name->service, server->search.service) != 0) ||
(strcmp(name->proto, server->search.proto) != 0)) { (strcmp(name->proto, server->search.proto) != 0)) {
continue;//not searching for service or wrong service/proto continue;//not searching for service or wrong service/proto
} }
#endif
strlcpy(answer->instance, name->host, MDNS_NAME_BUF_LEN); strlcpy(answer->instance, name->host, MDNS_NAME_BUF_LEN);
} else if (type == MDNS_TYPE_SRV) { } else if (type == MDNS_TYPE_SRV) {
#ifndef MDNS_TEST_MODE
if (server->search.host[0] || if (server->search.host[0] ||
(strcmp(name->service, server->search.service) != 0) || (strcmp(name->service, server->search.service) != 0) ||
(strcmp(name->proto, server->search.proto) != 0)) { (strcmp(name->proto, server->search.proto) != 0)) {
continue;//not searching for service or wrong service/proto continue;//not searching for service or wrong service/proto
} }
#endif
if (answer->instance[0]) { if (answer->instance[0]) {
if (strcmp(answer->instance, name->host) != 0) { if (strcmp(answer->instance, name->host) != 0) {
continue;//instance name is not the same as the one in the PTR record continue;//instance name is not the same as the one in the PTR record
@ -1444,6 +1464,9 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
uint16_t i=0,b=0, y; uint16_t i=0,b=0, y;
while(i < data_len) { while(i < data_len) {
uint8_t partLen = data_ptr[i++]; uint8_t partLen = data_ptr[i++];
if((i+partLen) > data_len){
break;//error
}
//check if partLen will fit in the buffer //check if partLen will fit in the buffer
if (partLen > (MDNS_TXT_MAX_LEN - b - 1)) { if (partLen > (MDNS_TXT_MAX_LEN - b - 1)) {
break; break;
@ -1459,9 +1482,11 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
answer->txt[b] = 0; answer->txt[b] = 0;
} else if (type == MDNS_TYPE_AAAA) { } else if (type == MDNS_TYPE_AAAA) {
if (server->search.host[0]) { if (server->search.host[0]) {
#ifndef MDNS_TEST_MODE
if (strcmp(name->host, server->search.host) != 0) { if (strcmp(name->host, server->search.host) != 0) {
continue;//wrong host continue;//wrong host
} }
#endif
} else if (!answer->ptr) { } else if (!answer->ptr) {
strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN); strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN);
} else if (strcmp(answer->host, name->host) != 0) { } else if (strcmp(answer->host, name->host) != 0) {
@ -1470,9 +1495,11 @@ static void _mdns_parse_packet(mdns_server_t * server, const uint8_t * data, siz
memcpy(answer->addrv6, data_ptr, sizeof(ip6_addr_t)); memcpy(answer->addrv6, data_ptr, sizeof(ip6_addr_t));
} else if (type == MDNS_TYPE_A) { } else if (type == MDNS_TYPE_A) {
if (server->search.host[0]) { if (server->search.host[0]) {
#ifndef MDNS_TEST_MODE
if (strcmp(name->host, server->search.host) != 0) { if (strcmp(name->host, server->search.host) != 0) {
continue;//wrong host continue;//wrong host
} }
#endif
} else if (!answer->ptr) { } else if (!answer->ptr) {
strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN); strlcpy(answer->host, name->host, MDNS_NAME_BUF_LEN);
} else if (strcmp(answer->host, name->host) != 0) { } else if (strcmp(answer->host, name->host) != 0) {
@ -1611,12 +1638,11 @@ esp_err_t mdns_set_hostname(mdns_server_t * server, const char * hostname)
} }
MDNS_MUTEX_LOCK(); MDNS_MUTEX_LOCK();
free((char*)server->hostname); free((char*)server->hostname);
server->hostname = (char *)malloc(strlen(hostname)+1); server->hostname = strndup(hostname, MDNS_NAME_BUF_LEN - 1);
if (!server->hostname) { if (!server->hostname) {
MDNS_MUTEX_UNLOCK(); MDNS_MUTEX_UNLOCK();
return ESP_ERR_NO_MEM; return ESP_ERR_NO_MEM;
} }
strlcpy((char *)server->hostname, hostname, MDNS_NAME_BUF_LEN);
MDNS_MUTEX_UNLOCK(); MDNS_MUTEX_UNLOCK();
return ERR_OK; return ERR_OK;
} }
@ -1631,12 +1657,11 @@ esp_err_t mdns_set_instance(mdns_server_t * server, const char * instance)
} }
MDNS_MUTEX_LOCK(); MDNS_MUTEX_LOCK();
free((char*)server->instance); free((char*)server->instance);
server->instance = (char *)malloc(strlen(instance)+1); server->instance = strndup(instance, MDNS_NAME_BUF_LEN - 1);
if (!server->instance) { if (!server->instance) {
MDNS_MUTEX_UNLOCK(); MDNS_MUTEX_UNLOCK();
return ESP_ERR_NO_MEM; return ESP_ERR_NO_MEM;
} }
strlcpy((char *)server->instance, instance, MDNS_NAME_BUF_LEN);
MDNS_MUTEX_UNLOCK(); MDNS_MUTEX_UNLOCK();
return ERR_OK; return ERR_OK;
} }
@ -1812,7 +1837,7 @@ esp_err_t mdns_service_remove_all(mdns_server_t * server)
* MDNS QUERY * MDNS QUERY
* */ * */
uint32_t mdns_query(mdns_server_t * server, const char * service, const char * proto, uint32_t timeout) size_t mdns_query(mdns_server_t * server, const char * service, const char * proto, uint32_t timeout)
{ {
if (!server || !service) { if (!server || !service) {
return 0; return 0;

View file

@ -0,0 +1,35 @@
TEST_NAME=test
FUZZ=afl-fuzz
CC=afl-clang-fast
CPP=$(CC)
LD=$(CC)
OBJECTS=mdns.o test.o
CFLAGS=-DMDNS_TEST_MODE -I. -I../include
OS := $(shell uname)
ifeq ($(OS),Darwin)
LDLIBS=
else
LDLIBS=-lbsd
CFLAGS+=-DUSE_BSD_STRING
endif
all: $(TEST_NAME)
%.o: %.c
@echo "[CC] $<"
@$(CC) $(CFLAGS) -c $< -o $@
mdns.o: ../mdns.c
@echo "[CC] $<"
@$(CC) $(CFLAGS) -c $< -o $@
$(TEST_NAME): $(OBJECTS)
@echo "[LD] $@"
@$(LD) $(LDLIBS) $(OBJECTS) -o $@
fuzz: $(TEST_NAME)
@$(FUZZ) -i "in" -o "out" -- ./$(TEST_NAME)
clean:
@rm -rf *.o *.SYM $(TEST_NAME) out

View file

@ -0,0 +1,58 @@
## Introduction
This test uses [american fuzzy lop](http://lcamtuf.coredump.cx/afl/) to mangle real mdns packets and look for exceptions caused by the parser.
A few actuall packets are collected and exported as bins in the ```in``` folder, which is then passed as input to AFL when testing. The setup procedure for the test includes all possible services and scenarios that could be used with the given input packets. Output of the parser before fuzzing can be found in [input_packets.txt](input_packets.txt)
## Installing AFL
To run the test yourself, you need to dounload the [latest afl archive](http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz) and extract it to a folder on your computer.
The rest of the document will refer to that folder as ```PATH_TO_AFL```.
### Preparation
- On Mac, you will need to insall the latest Xcode and llvm support from [Homebrew](https://brew.sh)
```bash
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew install --with-clang --with-lld --HEAD llvm
export PATH="/usr/local/opt/llvm/bin:$PATH"
```
- On Ubuntu you need the following packages:
```bash
sudo apt-get install make clang llvm libbsd-dev
```
### Compile AFL
Compiling AFL is as easy as running make:
```bash
cd [PATH_TO_AFL]
make
cd llvm_mode/
make
```
After successful compilation, you can export the following variables to your shell (you can also add them to your profile if you want to use afl in other projects)
```bash
export AFL_PATH=[PATH_TO_AFL]
export PATH="$AFL_PATH:$PATH"
```
## Running the test
Apple has a crash reporting service that could interfere with AFLs normal operation. To turn that off, run the following command:
```bash
launchctl unload -w /System/Library/LaunchAgents/com.apple.ReportCrash.plist
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist
```
Ubuntu has a similar service. To turn that off, run as root:
```bash
echo core >/proc/sys/kernel/core_pattern
```
After going through all of the requirements above, you can ```cd``` into this test's folder and simply run ```make fuzz```.

View file

@ -0,0 +1,129 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef _ESP32_COMPAT_H_
#define _ESP32_COMPAT_H_
#ifdef MDNS_TEST_MODE
#ifdef USE_BSD_STRING
#include <bsd/string.h>
#endif
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <unistd.h>
#include <signal.h>
#include <sys/time.h>
#define ERR_OK 0
#define ESP_OK 0
#define ESP_FAIL -1
#define ESP_ERR_NO_MEM 0x101
#define ESP_ERR_INVALID_ARG 0x102
#define ESP_ERR_INVALID_STATE 0x103
#define ESP_ERR_INVALID_SIZE 0x104
#define ESP_ERR_NOT_FOUND 0x105
#define ESP_ERR_NOT_SUPPORTED 0x106
#define ESP_ERR_TIMEOUT 0x107
#define ESP_ERR_INVALID_RESPONSE 0x108
#define ESP_ERR_INVALID_CRC 0x109
#define pdTRUE true
#define pdFALSE false
#define portMAX_DELAY 0xFFFFFFFF
#define portTICK_PERIOD_MS 1
#define xSemaphoreTake(s,d)
#define xSemaphoreGive(s)
#define xSemaphoreCreateMutex() malloc(1)
#define vSemaphoreDelete(s) free(s)
#define xQueueCreate(n,s) malloc((n)*(s))
#define vQueueDelete(q) free(q)
#define xQueueReceive(q, d, t) (ESP_OK)
#define vTaskDelay(m) usleep((m)*1000)
#define pbuf_free(p) free(p)
#define tcpip_adapter_get_ip_info(i,d)
#define tcpip_adapter_get_ip6_linklocal(i,d) (ESP_OK)
#define tcpip_adapter_get_hostname(i, n) *(n) = "esp32-0123456789AB"
#define IP4_ADDR(ipaddr, a,b,c,d) \
(ipaddr)->addr = ((uint32_t)((d) & 0xff) << 24) | \
((uint32_t)((c) & 0xff) << 16) | \
((uint32_t)((b) & 0xff) << 8) | \
(uint32_t)((a) & 0xff)
typedef uint32_t esp_err_t;
typedef void * xSemaphoreHandle;
typedef void * xQueueHandle;
typedef enum {
TCPIP_ADAPTER_IF_STA = 0, /**< ESP32 station interface */
TCPIP_ADAPTER_IF_AP, /**< ESP32 soft-AP interface */
TCPIP_ADAPTER_IF_ETH, /**< ESP32 ethernet interface */
TCPIP_ADAPTER_IF_MAX
} tcpip_adapter_if_t;
typedef enum {
WIFI_MODE_NULL = 0, /**< null mode */
WIFI_MODE_STA, /**< WiFi station mode */
WIFI_MODE_AP, /**< WiFi soft-AP mode */
WIFI_MODE_APSTA, /**< WiFi station + soft-AP mode */
WIFI_MODE_MAX
} wifi_mode_t;
struct udp_pcb {
uint8_t dummy;
};
struct ip4_addr {
uint32_t addr;
};
typedef struct ip4_addr ip4_addr_t;
struct ip6_addr {
uint32_t addr[4];
};
typedef struct ip6_addr ip6_addr_t;
typedef struct {
ip4_addr_t ip;
ip4_addr_t netmask;
ip4_addr_t gw;
} tcpip_adapter_ip_info_t;
inline esp_err_t esp_wifi_get_mode(wifi_mode_t * mode)
{
*mode = WIFI_MODE_APSTA;
return ESP_OK;
}
inline uint32_t xTaskGetTickCount()
{
struct timeval tv;
struct timezone tz;
if (gettimeofday(&tv, &tz) == 0) {
return (tv.tv_sec * 1000) + (tv.tv_usec / 1000);
}
return 0;
}
#endif //MDNS_TEST_MODE
#endif //_ESP32_COMPAT_H_

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,166 @@
Input: in/test-14.bin
Packet Length: 568
Questions: 18
Q: _airport._tcp.local. PTR IN
Q: _http._tcp.local. PTR IN
Q: _printer._tcp.local. PTR IN
Q: _sub._http._tcp.local. PTR IN
Q: _airplay._tcp.local. PTR IN
Q: _raop._tcp.local. PTR IN
Q: _uscan._tcp.local. PTR IN
Q: _uscans._tcp.local. PTR IN
Q: _ippusb._tcp.local. PTR IN
Q: _scanner._tcp.local. PTR IN
Q: _ipp._tcp.local. PTR IN
Q: _ipps._tcp.local. PTR IN
Q: _pdl-datastream._tcp.local. PTR IN
Q: _ptp._tcp.local. PTR IN
Q: _sleep-proxy._udp.local. PTR IN
Q: 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. TXT IN
Q: Hristo's AirPort Express._airport._tcp.local. TXT IN
Q: Hristo's Time Capsule._airport._tcp.local. TXT IN
Answers: 7 + 0
A: _airport._tcp.local. PTR IN 2272 [2] Hristo's AirPort Express._airport._tcp.local.
A: _airport._tcp.local. PTR IN 2272 [2] Hristo's Time Capsule._airport._tcp.local.
A: _http._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._http._tcp.local.
A: _printer._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._printer._tcp.local.
A: _ipp._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._ipp._tcp.local.
A: _pdl-datastream._tcp.local. PTR IN 2535 [23] HP LaserJet CP1025nw._pdl-datastream._tcp.local.
A: _sleep-proxy._udp.local. PTR IN 2535 [38] 50-34-10-70.1 Hristo's Time Capsule._sleep-proxy._udp.local.
Input: in/test-15.bin
Packet Length: 524
Answers: 3 + 3
A: Hristo's AirPort Express._airport._tcp.local. TXT IN FLUSH 4500 [166] waMA=98-01-A7-E5-8F-A1,raMA=98-01-A7-E8-C2-2E,raM2=98-01-A7-E8-C2-2F,raNm=your-ssid,raCh=1,rCh2=52,raSt=0,raNA=1,syFl=0x8A0C,syAP=115,syVs=7.6.8,srcv=76800.1,bjSd=23
A: 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. TXT IN FLUSH 4500 [134] txtvers=1; ch=2; cn=0,1; et=0,4; sv=false; da=true; sr=44100; ss=16; pw=false; vn=65537; tp=TCP,UDP; vs=105.1; am=AirPort10,115; fv=76800.1; sf=0x1
A: _raop._tcp.local. PTR IN 4500 [2] 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local.
A: 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. SRV IN FLUSH 120 [32] 5000 Hristos-AirPort-Express.local.
A: Hristo's AirPort Express.local. NSEC IN FLUSH 4500 [9] Hristo's AirPort Express._airport._tcp.local. 00 05 00 00 80 00 40
A: 9801A7E58FA1@Hristo's AirPort Express.local. NSEC IN FLUSH 4500 [9] 9801A7E58FA1@Hristo's AirPort Express._raop._tcp.local. 00 05 00 00 80 00 40
Input: in/test-16.bin
Packet Length: 254
Answers: 1 + 1
A: Hristo's Time Capsule._airport._tcp.local. TXT IN FLUSH 4500 [168] waMA=70-73-CB-B4-C9-B3,raMA=70-73-CB-BB-04-E7,raM2=70-73-CB-BB-04-E8,raNm=nbis-test,raCh=11,rCh2=132,raSt=0,raNA=0,syFl=0x820C,syAP=116,syVs=7.6.8,srcv=76800.1,bjSd=30
A: Hristo's Time Capsule.local. NSEC IN FLUSH 4500 [9] Hristo's Time Capsule._airport._tcp.local. 00 05 00 00 80 00 40
Input: in/test-28.bin
Packet Length: 62
Questions: 1
Q: Hristo's Time Capsule._afpovertcp._tcp.local. SRV IN FLUSH
Input: in/test-29.bin
Packet Length: 39
Questions: 2
Q: minifritz.local. A IN FLUSH
Q: minifritz.local. AAAA IN FLUSH
Input: in/test-31.bin
Packet Length: 91
Answers: 2 + 1
A: minifritz.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:142e:54ff:b8c4:fd09
A: minifritz.local. A IN FLUSH 120 [4] 192.168.254.16
A: minifritz.local. NSEC IN FLUSH 120 [8] minifritz...local. 00 04 40 00 00 08
Input: in/test-53.bin
Packet Length: 140
Questions: 2
Q: _smb._tcp.local. PTR IN
Q: Sofiya-Ivanovas-MacBook.local. A IN
Answers: 2 + 0
A: _smb._tcp.local. PTR IN 3061 [29] Sofiya Ivanovas MacBook._smb._tcp.local.
A: _smb._tcp.local. PTR IN 3062 [24] Hristo's Time Capsule._smb._tcp.local.
Input: in/test-56.bin
Packet Length: 262
Answers: 2 + 6
A: Hristos Mac mini._device-info._tcp.local. TXT IN 4500 [28] model=Macmini6,2; osxvers=16
A: _smb._tcp.local. PTR IN 4500 [22] Hristos Mac mini._smb._tcp.local.
A: Hristos Mac mini._smb._tcp.local. TXT IN FLUSH 4500 [1]
A: Hristos Mac mini._smb._tcp.local. SRV IN FLUSH 120 [18] 445 minifritz.local.
A: minifritz.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:142e:54ff:b8c4:fd09
A: minifritz.local. A IN FLUSH 120 [4] 192.168.254.16
A: Hristos Mac mini.local. NSEC IN FLUSH 4500 [9] Hristos Mac mini._smb._tcp.local. 00 05 00 00 80 00 40
A: minifritz.local. NSEC IN FLUSH 120 [8] minifritz...local. 00 04 40 00 00 08
Input: in/test-63.bin
Packet Length: 147
Questions: 2
Q: _afpovertcp._tcp.local. PTR IN
Q: Sofiya-Ivanovas-MacBook.local. A IN
Answers: 2 + 0
A: _afpovertcp._tcp.local. PTR IN 2881 [29] Sofiya Ivanovas MacBook._afpovertcp._tcp.local.
A: _afpovertcp._tcp.local. PTR IN 2881 [24] Hristo's Time Capsule._afpovertcp._tcp.local.
Input: in/test-66.bin
Packet Length: 269
Answers: 2 + 6
A: Hristos Mac mini._device-info._tcp.local. TXT IN 4500 [28] model=Macmini6,2; osxvers=16
A: _afpovertcp._tcp.local. PTR IN 4500 [22] Hristos Mac mini._afpovertcp._tcp.local.
A: Hristos Mac mini._afpovertcp._tcp.local. TXT IN FLUSH 4500 [1]
A: Hristos Mac mini._afpovertcp._tcp.local. SRV IN FLUSH 120 [18] 548 minifritz.local.
A: minifritz.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:142e:54ff:b8c4:fd09
A: minifritz.local. A IN FLUSH 120 [4] 192.168.254.16
A: Hristos Mac mini.local. NSEC IN FLUSH 4500 [9] Hristos Mac mini._afpovertcp._tcp.local. 00 05 00 00 80 00 40
A: minifritz.local. NSEC IN FLUSH 120 [8] minifritz...local. 00 04 40 00 00 08
Input: in/test-83.bin
Packet Length: 105
Answers: 1 + 2
A: Sofiya-Ivanovas-MacBook.local. A IN FLUSH 120 [4] 192.168.254.20
A: Sofiya-Ivanovas-MacBook.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:021c:b3ff:feb2:72a3
A: Sofiya-Ivanovas-MacBook.local. NSEC IN FLUSH 120 [8] Sofiya-Ivanovas-MacBook...local. 00 04 40 00 00 08
Input: in/test-88.bin
Packet Length: 48
Questions: 2
Q: _rfb._tcp.local. PTR IN
Q: _airport._tcp.local. PTR IN
Input: in/test-89.bin
Packet Length: 459
Answers: 2 + 7
A: _airport._tcp.local. PTR IN 4500 [24] Hristo's Time Capsule._airport._tcp.local.
A: Hristo's Time Capsule._device-info._tcp.local. TXT IN 4500 [23] model=TimeCapsule6,116
A: Hristos-Time-Capsule.local. A IN FLUSH 120 [4] 192.168.254.49
A: Hristo's Time Capsule._airport._tcp.local. TXT IN FLUSH 4500 [168] waMA=70-73-CB-B4-C9-B3,raMA=70-73-CB-BB-04-E7,raM2=70-73-CB-BB-04-E8,raNm=nbis-test,raCh=11,rCh2=132,raSt=0,raNA=0,syFl=0x820C,syAP=116,syVs=7.6.8,srcv=76800.1,bjSd=30
A: Hristos-Time-Capsule.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:7273:cbff:feb4:c9b3
A: Hristo's Time Capsule._airport._tcp.local. SRV IN FLUSH 120 [8] 5009 Hristos-Time-Capsule.local.
A: Hristos-Time-Capsule.local. A IN FLUSH 120 [4] 169.254.23.40
A: Hristos-Time-Capsule.local. NSEC IN FLUSH 120 [8] Hristos-Time-Capsule...local. 00 04 40 00 00 08
A: Hristo's Time Capsule.local. NSEC IN FLUSH 4500 [9] Hristo's Time Capsule._airport._tcp.local. 00 05 00 00 80 00 40
Input: in/test-91.bin
Packet Length: 279
Answers: 2 + 6
A: Sofiya Ivanovas MacBook._device-info._tcp.local. TXT IN 4500 [17] model=Macmini2,1
A: _rfb._tcp.local. PTR IN 4500 [29] Sofiya Ivanovas MacBook._rfb._tcp.local.
A: Sofiya Ivanovas MacBook._rfb._tcp.local. TXT IN FLUSH 4500 [1]
A: Sofiya Ivanovas MacBook._rfb._tcp.local. SRV IN FLUSH 120 [32] 5900 Sofiya-Ivanovas-MacBook.local.
A: Sofiya-Ivanovas-MacBook.local. AAAA IN FLUSH 120 [16] fe80:0000:0000:0000:021c:b3ff:feb2:72a3
A: Sofiya-Ivanovas-MacBook.local. A IN FLUSH 120 [4] 192.168.254.20
A: Sofiya Ivanovas MacBook.local. NSEC IN FLUSH 4500 [9] Sofiya Ivanovas MacBook._rfb._tcp.local. 00 05 00 00 80 00 40
A: Sofiya-Ivanovas-MacBook.local. NSEC IN FLUSH 120 [8] Sofiya-Ivanovas-MacBook...local. 00 04 40 00 00 08
Input: in/test-95.bin
Packet Length: 286
Questions: 3
Q: _afpovertcp._tcp.local. PTR IN
Q: _smb._tcp.local. PTR IN
Q: _adisk._tcp.local. PTR IN
Answers: 6 + 0
A: _afpovertcp._tcp.local. PTR IN 2353 [29] Sofiya Ivanovas MacBook._afpovertcp._tcp.local.
A: _afpovertcp._tcp.local. PTR IN 3973 [22] Hristos Mac mini._afpovertcp._tcp.local.
A: _afpovertcp._tcp.local. PTR IN 2353 [24] Hristo's Time Capsule._afpovertcp._tcp.local.
A: _smb._tcp.local. PTR IN 2353 [29] Sofiya Ivanovas MacBook._smb._tcp.local.
A: _smb._tcp.local. PTR IN 3792 [22] Hristos Mac mini._smb._tcp.local.
A: _smb._tcp.local. PTR IN 2353 [24] Hristo's Time Capsule._smb._tcp.local.
Input: in/test-96.bin
Packet Length: 319
Answers: 2 + 3
A: Hristo's Time Capsule._device-info._tcp.local. TXT IN 4500 [23] model=TimeCapsule6,116
A: _adisk._tcp.local. PTR IN 4500 [24] Hristo's Time Capsule._adisk._tcp.local.
A: Hristo's Time Capsule._adisk._tcp.local. TXT IN FLUSH 4500 [110] sys=waMA=70:73:CB:B4:C9:B3,adVF=0x1000; dk2=adVF=0x1083,adVN=Capsule,adVU=55fabb8b-a63b-5441-9874-6edb504eb30a
A: Hristo's Time Capsule._adisk._tcp.local. SRV IN FLUSH 120 [29] 9 Hristos-Time-Capsule.local.
A: Hristo's Time Capsule.local. NSEC IN FLUSH 4500 [9] Hristo's Time Capsule._adisk._tcp.local. 00 05 00 00 80 00 40

View file

@ -0,0 +1,113 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifdef MDNS_TEST_MODE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
#include "mdns.h"
void mdns_parse_packet(mdns_server_t * server, const uint8_t * data, size_t len);
int main(int argc, char** argv)
{
const char * mdns_hostname = "minifritz";
const char * mdns_instance = "Hristo's Time Capsule";
const char * arduTxtData[4] = {
"board=esp32",
"tcp_check=no",
"ssh_upload=no",
"auth_upload=no"
};
const uint8_t mac[6] = {0xDE, 0xAD, 0xBE, 0xEF, 0x00, 0x32};
mdns_server_t * mdns = NULL;
uint8_t buf[1460];
char winstance[21+strlen(mdns_hostname)];
sprintf(winstance, "%s [%02x:%02x:%02x:%02x:%02x:%02x]", mdns_hostname, mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
if (mdns_init(TCPIP_ADAPTER_IF_ETH, &mdns)) {
abort();
}
if (mdns_set_hostname(mdns, mdns_hostname)) {
abort();
}
if (mdns_set_instance(mdns, mdns_instance)) {
abort();
}
if (mdns_service_add(mdns, "_workstation", "_tcp", 9)) {
abort();
}
if (mdns_service_instance_set(mdns, "_workstation", "_tcp", winstance)) {
abort();
}
if (mdns_service_add(mdns, "_arduino", "_tcp", 3232)) {
abort();
}
if (mdns_service_txt_set(mdns, "_arduino", "_tcp", 4, arduTxtData)) {
abort();
}
if (mdns_service_add(mdns, "_http", "_tcp", 80)) {
abort();
}
if (mdns_service_instance_set(mdns, "_http", "_tcp", "ESP WebServer")) {
abort();
}
if (
mdns_service_add(mdns, "_afpovertcp", "_tcp", 548)
|| mdns_service_add(mdns, "_rfb", "_tcp", 885)
|| mdns_service_add(mdns, "_smb", "_tcp", 885)
|| mdns_service_add(mdns, "_adisk", "_tcp", 885)
|| mdns_service_add(mdns, "_airport", "_tcp", 885)
|| mdns_service_add(mdns, "_printer", "_tcp", 885)
|| mdns_service_add(mdns, "_airplay", "_tcp", 885)
|| mdns_service_add(mdns, "_raop", "_tcp", 885)
|| mdns_service_add(mdns, "_uscan", "_tcp", 885)
|| mdns_service_add(mdns, "_uscans", "_tcp", 885)
|| mdns_service_add(mdns, "_ippusb", "_tcp", 885)
|| mdns_service_add(mdns, "_scanner", "_tcp", 885)
|| mdns_service_add(mdns, "_ipp", "_tcp", 885)
|| mdns_service_add(mdns, "_ipps", "_tcp", 885)
|| mdns_service_add(mdns, "_pdl-datastream", "_tcp", 885)
|| mdns_service_add(mdns, "_ptp", "_tcp", 885)
|| mdns_service_add(mdns, "_sleep-proxy", "_udp", 885))
{
abort();
}
while (__AFL_LOOP(1000)) {
memset(buf, 0, 1460);
size_t len = read(0, buf, 1460);
mdns_query(mdns, "_afpovertcp", "_tcp", 0);
mdns_parse_packet(mdns, buf, len);
mdns_query_end(mdns);
}
return 0;
}
#endif