diff --git a/components/lwip/test_afl_host/Makefile b/components/lwip/test_afl_host/Makefile new file mode 100644 index 000000000..1762fc6fa --- /dev/null +++ b/components/lwip/test_afl_host/Makefile @@ -0,0 +1,36 @@ +COMPONENTS_DIR=../.. +CFLAGS=-std=gnu99 -Og -ggdb -ffunction-sections -fdata-sections -nostdlib -Wall -Werror=all -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-address -Wno-unused-variable -DESP_PLATFORM -D IDF_VER=\"v3.1-dev-961-ga2556229-dirty\" -MMD -MP -DWITH_POSIX \ +-DIRAM_ATTR='' -D__ESP_ATTR_H__ +INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/include/lwip/port -I $(COMPONENTS_DIR)/lwip/include/lwip/posix -I $(COMPONENTS_DIR)/lwip/apps/ping -I $(COMPONENTS_DIR)/app_trace/include -I $(COMPONENTS_DIR)/app_update/include -I $(COMPONENTS_DIR)/bootloader_support/include -I $(COMPONENTS_DIR)/bt/include -I $(COMPONENTS_DIR)/coap/port/include -I $(COMPONENTS_DIR)/coap/port/include/coap -I $(COMPONENTS_DIR)/coap/libcoap/include -I \ $(COMPONENTS_DIR)/coap/libcoap/include/coap -I $(COMPONENTS_DIR)/console -I $(COMPONENTS_DIR)/cxx/include -I $(COMPONENTS_DIR)/driver/include -I $(COMPONENTS_DIR)/esp-tls -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/esp_adc_cal/include -I $(COMPONENTS_DIR)/ethernet/include -I $(COMPONENTS_DIR)/expat/port/include -I $(COMPONENTS_DIR)/expat/include/expat -I $(COMPONENTS_DIR)/fatfs/src -I $(COMPONENTS_DIR)/freertos/include -I $(COMPONENTS_DIR)/heap/include -I \ $(COMPONENTS_DIR)/idf_test/include -I $(COMPONENTS_DIR)/jsmn/include -I $(COMPONENTS_DIR)/json/cJSON -I $(COMPONENTS_DIR)/libsodium/libsodium/src/libsodium/include -I $(COMPONENTS_DIR)/libsodium/port_include -I $(COMPONENTS_DIR)/log/include -I /home/david/esp/esp-idf/examples/wifi/simple_wifi/main/include -I $(COMPONENTS_DIR)/mbedtls/port/include -I $(COMPONENTS_DIR)/mbedtls/include -I $(COMPONENTS_DIR)/mdns/include -I $(COMPONENTS_DIR)/micro-ecc/micro-ecc -I \ $(COMPONENTS_DIR)/newlib/platform_include -I $(COMPONENTS_DIR)/newlib/include -I $(COMPONENTS_DIR)/nghttp/port/include -I $(COMPONENTS_DIR)/nghttp/nghttp2/lib/includes -I $(COMPONENTS_DIR)/nvs_flash/include -I $(COMPONENTS_DIR)/openssl/include -I $(COMPONENTS_DIR)/pthread/include -I $(COMPONENTS_DIR)/sdmmc/include -I $(COMPONENTS_DIR)/smartconfig/include -I $(COMPONENTS_DIR)/soc/esp32/include -I $(COMPONENTS_DIR)/soc/include -I $(COMPONENTS_DIR)/spi_flash/include -I \ $(COMPONENTS_DIR)/spiffs/include -I $(COMPONENTS_DIR)/tcpip_adapter/include -I $(COMPONENTS_DIR)/ulp/include -I $(COMPONENTS_DIR)/vfs/include -I $(COMPONENTS_DIR)/wear_levelling/include -I $(COMPONENTS_DIR)/wpa_supplicant/include -I $(COMPONENTS_DIR)/wpa_supplicant/port/include -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/xtensa-debug-module/include +TEST_NAME=test +FUZZ=afl-fuzz +LD=$(CC) +DHCPSERVER_C_DEPENDENCY_INJECTION=-include dhcpserver_di.h + +ifeq ($(MODE),sim) + CC=gcc + CFLAGS+=-DSIM + TEST_NAME=test_sim +else + CC=afl-clang-fast +endif + +CFLAGS+=$(INC_DIRS) +OBJECTS=dhcpserver.o test.o network_mock.o + +all: $(TEST_NAME) + +dhcpserver.o: ../apps/dhcpserver.c + @echo "[CC] $<" + $(CC) $(CFLAGS) $(DHCPSERVER_C_DEPENDENCY_INJECTION) -c $< -o $@ + +%.o: %.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) -c $< -o $@ + +$(TEST_NAME): $(OBJECTS) + @echo "[LD] $@" + @$(LD) $(OBJECTS) -o $@ $(LDLIBS) + +fuzz: $(TEST_NAME) + @$(FUZZ) -i "in" -o "out" -- ./$(TEST_NAME) diff --git a/components/lwip/test_afl_host/dhcpserver_di.h b/components/lwip/test_afl_host/dhcpserver_di.h new file mode 100644 index 000000000..4e5224eea --- /dev/null +++ b/components/lwip/test_afl_host/dhcpserver_di.h @@ -0,0 +1,21 @@ +/* + * dhcpserver dependecy injection -- preincluded to inject interface test functions into static variables + * + */ +#include "lwip/pbuf.h" +#include "lwip/udp.h" +#include "tcpip_adapter.h" + +static void handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); + +void (*dhcp_test_static_handle_hdcp)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL; + +void dhcp_test_init_di() +{ + dhcp_test_static_handle_hdcp = handle_dhcp; +} + +void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) +{ + dhcp_test_static_handle_hdcp(arg, pcb, p, addr, port); +} diff --git a/components/lwip/test_afl_host/in/data0.bin b/components/lwip/test_afl_host/in/data0.bin new file mode 100644 index 000000000..2875ab855 Binary files /dev/null and b/components/lwip/test_afl_host/in/data0.bin differ diff --git a/components/lwip/test_afl_host/in/data1.bin b/components/lwip/test_afl_host/in/data1.bin new file mode 100644 index 000000000..17c8877f8 Binary files /dev/null and b/components/lwip/test_afl_host/in/data1.bin differ diff --git a/components/lwip/test_afl_host/in/data2.bin b/components/lwip/test_afl_host/in/data2.bin new file mode 100644 index 000000000..b1c32b9bd Binary files /dev/null and b/components/lwip/test_afl_host/in/data2.bin differ diff --git a/components/lwip/test_afl_host/in/data3.bin b/components/lwip/test_afl_host/in/data3.bin new file mode 100644 index 000000000..6c6a7ae2d Binary files /dev/null and b/components/lwip/test_afl_host/in/data3.bin differ diff --git a/components/lwip/test_afl_host/in/data4.bin b/components/lwip/test_afl_host/in/data4.bin new file mode 100644 index 000000000..6d10ed9bd Binary files /dev/null and b/components/lwip/test_afl_host/in/data4.bin differ diff --git a/components/lwip/test_afl_host/in/data5.bin b/components/lwip/test_afl_host/in/data5.bin new file mode 100644 index 000000000..51f77595f Binary files /dev/null and b/components/lwip/test_afl_host/in/data5.bin differ diff --git a/components/lwip/test_afl_host/in/data6.bin b/components/lwip/test_afl_host/in/data6.bin new file mode 100644 index 000000000..636fb4101 Binary files /dev/null and b/components/lwip/test_afl_host/in/data6.bin differ diff --git a/components/lwip/test_afl_host/network_mock.c b/components/lwip/test_afl_host/network_mock.c new file mode 100644 index 000000000..be624cee1 --- /dev/null +++ b/components/lwip/test_afl_host/network_mock.c @@ -0,0 +1,74 @@ +#include +#include "lwip/opt.h" +#include "lwip/def.h" +#include "lwip/pbuf.h" +#include "lwip/udp.h" +#include "tcpip_adapter.h" +#include + +u16_t lwip_htons(u16_t n) +{ + return 0; +} + +u32_t lwip_htonl(u32_t n) +{ + return 0; +} + +esp_err_t tcpip_adapter_get_ip_info(tcpip_adapter_if_t tcpip_if, tcpip_adapter_ip_info_t *ip_info) +{ + return ESP_OK; +} + +struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type) +{ + struct pbuf * p; + p = (struct pbuf *)malloc(MEMP_PBUF_POOL); + p->tot_len = length; + p->next = NULL; + p->type = PBUF_POOL; + p->len = length; + p->payload = malloc(length); + return p; +} + +u8_t pbuf_free(struct pbuf *p) +{ + if (p) { + if (p->payload) { + free(p->payload); + p->payload = NULL; + } + free (p); + p = NULL; + } + return 1; +} + +err_t udp_sendto(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port) +{ + return ESP_OK; +} + +void udp_remove(struct udp_pcb *pcb) +{ +} + +struct udp_pcb *udp_new(void) +{ + return NULL; +} + +err_t udp_bind(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port) +{ + return ESP_OK; +} + +void udp_recv(struct udp_pcb *pcb, udp_recv_fn recv, void *recv_arg) +{ +} + +void udp_disconnect(struct udp_pcb *pcb) +{ +} diff --git a/components/lwip/test_afl_host/test.c b/components/lwip/test_afl_host/test.c new file mode 100644 index 000000000..821e56f57 --- /dev/null +++ b/components/lwip/test_afl_host/test.c @@ -0,0 +1,53 @@ +#include +#include "lwip/pbuf.h" +#include "lwip/udp.h" +#include "tcpip_adapter.h" +#include + +const ip_addr_t ip_addr_any; +ip4_addr_t server_ip; +struct netif mynetif; + +// Dependency injected static function to pass the packet into parser +void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); +void dhcp_test_init_di(); + +// Starting the test +int main() +{ + uint8_t *buf; + struct pbuf *p; + FILE *file; + size_t len = 1460; + + dhcp_test_init_di(); + + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + + IP4_ADDR(&server_ip, 192,168,4,1); + dhcps_start(&mynetif, server_ip); + +#ifdef SIM + memset(buf, 0, 1460); + + file = fopen("in/data1.bin", "r"); + if (file) { + len = fread(buf, 1, 1460, file); + } + fclose(file); + int i; + for (i=0; i<1; i++) { +#else + while (__AFL_LOOP(1000)) { + memset(buf, 0, 1460); + size_t len = read(0, buf, 1460); +#endif + p->len = len; + p->tot_len = len; + p->next = NULL; + + dhcp_test_handle_dhcp(NULL, NULL, p, &ip_addr_any, 0); + } + return 0; +}