Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'cermak_dhcpserver_fuzzer_test' into 'master'

Browse source 
LWIP_Fuzzer: Added AFL tests for lwip dhcpserver, client and dns

See merge request idf/esp-idf!2399
This commit is contained in:
Ivan Grokhotkov 2018-05-29 22:28:43 +08:00
parent 2c65313a72 bb25d0a348
commit 4ea2cab208
39 changed files with 860 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
components/lwip/test_afl_host/Makefile Normal file
View file

@ -0,0 +1,58 @@
COMPONENTS_DIR=../..
CFLAGS=-std=gnu99 -Og -ggdb -ffunction-sections -fdata-sections -nostdlib -Wall -Werror=all -Wno-int-to-pointer-cast -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wextra \
-Wno-unused-parameter -Wno-sign-compare -Wno-address -Wno-unused-variable -DESP_PLATFORM -D IDF_VER=\"v3.1\" -MMD -MP -DWITH_POSIX
INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/include/lwip/port -I $(COMPONENTS_DIR)/lwip/include/lwip/posix -I $(COMPONENTS_DIR)/lwip/apps/ping -I $(COMPONENTS_DIR)/app_trace/include -I $(COMPONENTS_DIR)/app_update/include -I $(COMPONENTS_DIR)/bootloader_support/include -I $(COMPONENTS_DIR)/bt/include -I $(COMPONENTS_DIR)/coap/port/include -I $(COMPONENTS_DIR)/coap/port/include/coap -I $(COMPONENTS_DIR)/coap/libcoap/include -I \ $(COMPONENTS_DIR)/coap/libcoap/include/coap -I $(COMPONENTS_DIR)/console -I $(COMPONENTS_DIR)/cxx/include -I $(COMPONENTS_DIR)/driver/include -I $(COMPONENTS_DIR)/esp-tls -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/esp_adc_cal/include -I $(COMPONENTS_DIR)/ethernet/include -I $(COMPONENTS_DIR)/expat/port/include -I $(COMPONENTS_DIR)/expat/include/expat -I $(COMPONENTS_DIR)/fatfs/src -I $(COMPONENTS_DIR)/freertos/include -I $(COMPONENTS_DIR)/heap/include -I \ $(COMPONENTS_DIR)/idf_test/include -I $(COMPONENTS_DIR)/jsmn/include -I $(COMPONENTS_DIR)/json/cJSON -I $(COMPONENTS_DIR)/libsodium/libsodium/src/libsodium/include -I $(COMPONENTS_DIR)/libsodium/port_include -I $(COMPONENTS_DIR)/log/include -I /home/david/esp/esp-idf/examples/wifi/simple_wifi/main/include -I $(COMPONENTS_DIR)/mbedtls/port/include -I $(COMPONENTS_DIR)/mbedtls/include -I $(COMPONENTS_DIR)/mdns/include -I $(COMPONENTS_DIR)/micro-ecc/micro-ecc -I \ $(COMPONENTS_DIR)/newlib/platform_include -I $(COMPONENTS_DIR)/newlib/include -I $(COMPONENTS_DIR)/nghttp/port/include -I $(COMPONENTS_DIR)/nghttp/nghttp2/lib/includes -I $(COMPONENTS_DIR)/nvs_flash/include -I $(COMPONENTS_DIR)/openssl/include -I $(COMPONENTS_DIR)/pthread/include -I $(COMPONENTS_DIR)/sdmmc/include -I $(COMPONENTS_DIR)/smartconfig/include -I $(COMPONENTS_DIR)/soc/esp32/include -I $(COMPONENTS_DIR)/soc/include -I $(COMPONENTS_DIR)/spi_flash/include -I \ $(COMPONENTS_DIR)/spiffs/include -I $(COMPONENTS_DIR)/tcpip_adapter/include -I $(COMPONENTS_DIR)/ulp/include -I $(COMPONENTS_DIR)/vfs/include -I $(COMPONENTS_DIR)/wear_levelling/include -I $(COMPONENTS_DIR)/wpa_supplicant/include -I $(COMPONENTS_DIR)/wpa_supplicant/port/include -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/xtensa-debug-module/include
TEST_NAME=test
FUZZ=afl-fuzz
LD=$(CC)
ifeq ($(MODE),dhcp_client)
DEPENDENCY_INJECTION=-include dhcp_di.h
OBJECTS=dhcp.o network_mock.o test_dhcp_client.o
SAMPLE_PACKETS=in_dhcp_client
else ifeq ($(MODE),dhcp_server)
DEPENDENCY_INJECTION=-include dhcpserver_di.h
OBJECTS=dhcpserver.o test_dhcp_server.o network_mock.o
SAMPLE_PACKETS=in_dhcp_server
else ifeq ($(MODE),dns)
CFLAGS+=-DNOT_MOCK_DNS
DEPENDENCY_INJECTION=-include dns_di.h
OBJECTS=dns.o test_dns.o network_mock.o
SAMPLE_PACKETS=in_dns
else
$(error Please specify MODE: dhcp_server, dhcp_client, dns)
endif
ifeq ($(INSTR),off)
CC=gcc
CFLAGS+=-DINSTR_IS_OFF
TEST_NAME=test_sim
else
CC=afl-clang-fast
endif
CFLAGS+=$(INC_DIRS)
all: $(TEST_NAME)
dns.o: ../core/dns.c
@echo "[CC] $<"
@$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@
dhcp.o: ../core/ipv4/dhcp.c
@echo "[CC] $<"
@$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@
dhcpserver.o: ../apps/dhcpserver.c
@echo "[CC] $<"
@$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@
%.o: %.c
@echo "[CC] $<"
@$(CC) $(CFLAGS) -c $< -o $@
$(TEST_NAME): $(OBJECTS)
@echo "[LD] $@"
@$(LD) $(OBJECTS) -o $@ $(LDLIBS)
fuzz: $(TEST_NAME)
@$(FUZZ) -t 500 -i "$(SAMPLE_PACKETS)" -o "out" -- ./$(TEST_NAME)

32
components/lwip/test_afl_host/dhcp_di.h Normal file
View file

@ -0,0 +1,32 @@
#include "no_warn_host.h"
#include "lwip/opt.h"
#include "lwip/stats.h"
#include "lwip/mem.h"
#include "lwip/udp.h"
#include "lwip/ip_addr.h"
#include "lwip/netif.h"
#include "lwip/def.h"
#include "lwip/dhcp.h"
#include "lwip/autoip.h"
#include "lwip/dns.h"
#include "netif/etharp.h"
void __assert_func(const char *file, int line, const char *func, const char *expr)
{
printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr);
abort();
}
static void dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
void (*dhcp_test_static_dhcp_recv)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL;
void dhcp_test_init_di()
{
dhcp_test_static_dhcp_recv = dhcp_recv;
}
void dhcp_test_dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
{
dhcp_test_static_dhcp_recv(arg, pcb, p, addr, port);
}

22
components/lwip/test_afl_host/dhcpserver_di.h Normal file
View file

@ -0,0 +1,22 @@
/*
* dhcpserver dependecy injection -- preincluded to inject interface test functions into static variables
*
*/
#include "no_warn_host.h"
#include "lwip/pbuf.h"
#include "lwip/udp.h"
#include "tcpip_adapter.h"
static void handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
void (*dhcp_test_static_handle_hdcp)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL;
void dhcp_test_init_di()
{
dhcp_test_static_handle_hdcp = handle_dhcp;
}
void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
{
dhcp_test_static_handle_hdcp(arg, pcb, p, addr, port);
}

59
components/lwip/test_afl_host/dns_di.h Normal file
View file

@ -0,0 +1,59 @@
/*
* dns.c dependecy injection -- preincluded to inject interface test functions into static variables
*
*/
#include "no_warn_host.h"
#include "lwip/opt.h"
#include "lwip/udp.h"
#include "lwip/mem.h"
#include "lwip/memp.h"
#include "lwip/dns.h"
#include "lwip/ip_addr.h"
#define ipaddr_aton(cp, addr) ip4addr_aton(cp, addr)
extern uint32_t g_random_numbers[8];
extern uint32_t g_random_numbers_cnt;
void __assert_func(const char *file, int line, const char *func, const char *expr)
{
printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr);
abort();
}
int ip4addr_aton(const char *cp, ip4_addr_t *addr)
{
return 0;
}
static err_t dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype);
static void dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
void (*dns_test_static_dns_recv)(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL;
err_t (*dns_test_static_dns_enqueue)(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) = NULL;
void dns_test_init_di()
{
dns_test_static_dns_recv = dns_recv;
dns_test_static_dns_enqueue = dns_enqueue;
}
err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype)
{
return dns_test_static_dns_enqueue(name, hostnamelen, found, callback_arg, dns_addrtype);
}
void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
{
dns_test_static_dns_recv(s, pcb, p, addr, port);
}
void dns_test_inject_port_and_txid(int port, int txid)
{
// inject random numbers
g_random_numbers[0] = port; //for port
g_random_numbers[1] = txid; //for txid
g_random_numbers_cnt = 0; // let's start with the port
}

BIN
components/lwip/test_afl_host/in_dhcp_client/data0.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data1.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data2.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data3.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data4.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data5.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data6.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data7.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_client/data8.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data0.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data1.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data2.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data3.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data4.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data5.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dhcp_server/data6.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out0.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out10.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out28.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out29.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out30.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out31.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out32.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out33.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out34.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out35.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out36.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out37.bin Normal file
View file

Binary file not shown.

BIN
components/lwip/test_afl_host/in_dns/out38.bin Normal file
View file

Binary file not shown.

237
components/lwip/test_afl_host/network_mock.c Normal file
View file

@ -0,0 +1,237 @@
#include "no_warn_host.h"
#include "lwip/opt.h"
#include "lwip/def.h"
#include "lwip/pbuf.h"
#include "lwip/udp.h"
#include "tcpip_adapter.h"
#include <string.h>
#include <stdio.h>
const ip_addr_t ip_addr_any;
const ip_addr_t ip_addr_broadcast;
const ip_addr_t ip_addr_any_type;
struct ip_globals ip_data;
struct netif *netif_list;
struct udp_pcb mock_pcb;
uint32_t g_random_numbers[8] = {0};
uint32_t g_random_numbers_cnt = 0;
struct pbuf* pbuf_skip(struct pbuf* in, u16_t in_offset, u16_t* out_offset)
{
u16_t offset_left = in_offset;
struct pbuf* q = in;
/* get the correct pbuf */
while ((q != NULL) && (q->len <= offset_left)) {
offset_left -= q->len;
q = q->next;
}
if (out_offset != NULL) {
*out_offset = offset_left;
}
return q;
}
void pbuf_put_at(struct pbuf* p, u16_t offset, u8_t data)
{
u16_t q_idx;
struct pbuf* q = pbuf_skip(p, offset, &q_idx);
/* write requested data if pbuf is OK */
if ((q != NULL) && (q->len > q_idx)) {
((u8_t*)q->payload)[q_idx] = data;
}
}
u8_t pbuf_get_at(struct pbuf* p, u16_t offset)
{
u16_t q_idx;
struct pbuf* q = pbuf_skip(p, offset, &q_idx);
/* return requested data if pbuf is OK */
if ((q != NULL) && (q->len > q_idx)) {
return ((u8_t*)q->payload)[q_idx];
}
return 0;
}
err_t pbuf_take(struct pbuf *buf, const void *dataptr, u16_t len)
{
return ERR_OK;
}
err_t pbuf_take_at(struct pbuf *buf, const void *dataptr, u16_t len, u16_t offset)
{
return ERR_OK;
}
struct udp_pcb * udp_new_ip_type(u8_t type)
{
return &mock_pcb;
}
u16_t lwip_htons(u16_t n)
{
return ((n & 0xff) << 8) | ((n & 0xff00) >> 8);
}
u32_t lwip_htonl(u32_t n)
{
return ((n & 0xff) << 24) |
((n & 0xff00) << 8) |
((n & 0xff0000UL) >> 8) |
((n & 0xff000000UL) >> 24);
}
esp_err_t tcpip_adapter_get_ip_info(tcpip_adapter_if_t tcpip_if, tcpip_adapter_ip_info_t *ip_info)
{
return ESP_OK;
}
struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type)
{
struct pbuf * p;
p = (struct pbuf *)malloc(MEMP_PBUF_POOL);
p->tot_len = length;
p->next = NULL;
p->type = PBUF_POOL;
p->len = length;
p->payload = malloc(length);
return p;
}
u8_t pbuf_free(struct pbuf *p)
{
if (p) {
if (p->payload) {
free(p->payload);
p->payload = NULL;
}
free (p);
p = NULL;
}
return 1;
}
err_t udp_sendto(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port)
{
return ESP_OK;
}
void udp_remove(struct udp_pcb *pcb)
{
if (pcb == NULL)
{
free(pcb);
}
}
struct udp_pcb *udp_new(void)
{
return malloc(sizeof(struct udp_pcb));
}
err_t udp_bind(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port)
{
return ESP_OK;
}
void udp_recv(struct udp_pcb *pcb, udp_recv_fn recv, void *recv_arg)
{
}
void udp_disconnect(struct udp_pcb *pcb)
{
}
#ifndef NOT_MOCK_DNS
void dns_setserver(u8_t numdns, const ip_addr_t *dnsserver)
{
}
#endif
uint32_t esp_random(void)
{
// Preparation for injecting favorable random numbers
return g_random_numbers[g_random_numbers_cnt++ % 8];
}
err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q)
{
return ESP_OK;
}
u32_t lwip_ntohl(u32_t x)
{
return lwip_htonl(x);
}
void netif_set_addr(struct netif *netif, const ip4_addr_t *ipaddr, const ip4_addr_t *netmask,
const ip4_addr_t *gw)
{
}
void pbuf_realloc(struct pbuf *p, u16_t size)
{
if (p != NULL)
{
uint8_t *buf = malloc(size);
free(p->payload);
p->payload = buf;
p->len = size;
p->tot_len = size;
}
}
u16_t pbuf_copy_partial(struct pbuf *buf, void *dataptr, u16_t len, u16_t offset)
{
struct pbuf *p;
u16_t left;
u16_t buf_copy_len;
u16_t copied_total = 0;
LWIP_ERROR("pbuf_copy_partial: invalid buf", (buf != NULL), return 0;);
LWIP_ERROR("pbuf_copy_partial: invalid dataptr", (dataptr != NULL), return 0;);
left = 0;
if ((buf == NULL) || (dataptr == NULL)) {
return 0;
}
/* Note some systems use byte copy if dataptr or one of the pbuf payload pointers are unaligned. */
for (p = buf; len != 0 && p != NULL; p = p->next) {
if ((offset != 0) && (offset >= p->len)) {
/* don't copy from this buffer -> on to the next */
offset -= p->len;
} else {
/* copy from this buffer. maybe only partially. */
buf_copy_len = p->len - offset;
if (buf_copy_len > len)
buf_copy_len = len;
/* copy the necessary parts of the buffer */
MEMCPY(&((char*)dataptr)[left], &((char*)p->payload)[offset], buf_copy_len);
copied_total += buf_copy_len;
left += buf_copy_len;
len -= buf_copy_len;
offset = 0;
}
}
return copied_total;
}
err_t udp_connect(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port)
{
return ESP_OK;
}
err_t udp_sendto_if(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif)
{
return ESP_OK;
}
err_t udp_sendto_if_src(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif, const ip_addr_t *src_ip)
{
return ESP_OK;
}

5
components/lwip/test_afl_host/no_warn_host.h Normal file
View file

@ -0,0 +1,5 @@
// Note: these undefs and defines are used to suppress warnings and errors when compiling esp32 idf on host gcc/clang
#undef __nonnull
#define __warning__ deprecated
#define IRAM_ATTR
#define __ESP_ATTR_H__

220
components/lwip/test_afl_host/sdkconfig.h Normal file
View file

@ -0,0 +1,220 @@
/*
*
* Automatically generated file; DO NOT EDIT.
* Espressif IoT Development Framework Configuration
*
*/
#define CONFIG_ESP32_PHY_MAX_TX_POWER 20
#define CONFIG_TRACEMEM_RESERVE_DRAM 0x0
#define CONFIG_FREERTOS_MAX_TASK_NAME_LEN 16
#define CONFIG_FATFS_LFN_NONE 1
#define CONFIG_TCP_RECVMBOX_SIZE 6
#define CONFIG_FATFS_CODEPAGE_437 1
#define CONFIG_LWIP_ETHARP_TRUST_IP_MAC 1
#define CONFIG_TCP_WND_DEFAULT 5744
#define CONFIG_SPIFFS_USE_MAGIC_LENGTH 1
#define CONFIG_IPC_TASK_STACK_SIZE 1024
#define CONFIG_FATFS_PER_FILE_CACHE 1
#define CONFIG_ESPTOOLPY_FLASHFREQ "40m"
#define CONFIG_MBEDTLS_KEY_EXCHANGE_RSA 1
#define CONFIG_UDP_RECVMBOX_SIZE 6
#define CONFIG_FREERTOS_QUEUE_REGISTRY_SIZE 0
#define CONFIG_MBEDTLS_AES_C 1
#define CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED 1
#define CONFIG_MBEDTLS_GCM_C 1
#define CONFIG_ESPTOOLPY_FLASHSIZE "2MB"
#define CONFIG_HEAP_POISONING_DISABLED 1
#define CONFIG_SPIFFS_CACHE_WR 1
#define CONFIG_BROWNOUT_DET_LVL_SEL_0 1
#define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER 1
#define CONFIG_SPIFFS_CACHE 1
#define CONFIG_INT_WDT 1
#define CONFIG_MBEDTLS_SSL_PROTO_TLS1 1
#define CONFIG_MBEDTLS_ECDSA_C 1
#define CONFIG_ESPTOOLPY_FLASHFREQ_40M 1
#define CONFIG_LOG_BOOTLOADER_LEVEL_INFO 1
#define CONFIG_ESPTOOLPY_FLASHSIZE_2MB 1
#define CONFIG_BTDM_CONTROLLER_PINNED_TO_CORE 0
#define CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS 1
#define CONFIG_MBEDTLS_ECDH_C 1
#define CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE 1
#define CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM 10
#define CONFIG_MBEDTLS_SSL_ALPN 1
#define CONFIG_MBEDTLS_PEM_WRITE_C 1
#define CONFIG_LOG_DEFAULT_LEVEL_INFO 1
#define CONFIG_BT_RESERVE_DRAM 0x0
#define CONFIG_FATFS_FS_LOCK 0
#define CONFIG_IP_LOST_TIMER_INTERVAL 120
#define CONFIG_SPIFFS_META_LENGTH 4
#define CONFIG_ESP32_PANIC_PRINT_REBOOT 1
#define CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED 1
#define CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED 1
#define CONFIG_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_LWIP_MAX_SOCKETS 10
#define CONFIG_LWIP_NETIF_LOOPBACK 1
#define CONFIG_ESP_WIFI_MODE_AP 1
#define CONFIG_EMAC_TASK_PRIORITY 20
#define CONFIG_TIMER_TASK_STACK_DEPTH 2048
#define CONFIG_TCP_MSS 1436
#define CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED 1
#define CONFIG_FATFS_CODEPAGE 437
#define CONFIG_ESP32_DEFAULT_CPU_FREQ_160 1
#define CONFIG_ULP_COPROC_RESERVE_MEM 0
#define CONFIG_LWIP_MAX_UDP_PCBS 16
#define CONFIG_ESPTOOLPY_BAUD 115200
#define CONFIG_INT_WDT_CHECK_CPU1 1
#define CONFIG_ADC_CAL_LUT_ENABLE 1
#define CONFIG_FLASHMODE_DIO 1
#define CONFIG_ESPTOOLPY_AFTER_RESET 1
#define CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED 1
#define CONFIG_LWIP_DHCPS_MAX_STATION_NUM 8
#define CONFIG_TOOLPREFIX "xtensa-esp32-elf-"
#define CONFIG_MBEDTLS_ECP_C 1
#define CONFIG_FREERTOS_IDLE_TASK_STACKSIZE 1024
#define CONFIG_MBEDTLS_RC4_DISABLED 1
#define CONFIG_CONSOLE_UART_NUM 0
#define CONFIG_ESP32_APPTRACE_LOCK_ENABLE 1
#define CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_RC 1
#define CONFIG_ESPTOOLPY_BAUD_115200B 1
#define CONFIG_TCP_OVERSIZE_MSS 1
#define CONFIG_FOUR_UNIVERSAL_MAC_ADDRESS 1
#define CONFIG_CONSOLE_UART_DEFAULT 1
#define CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 16384
#define CONFIG_NUMBER_OF_UNIVERSAL_MAC_ADDRESS 4
#define CONFIG_ESPTOOLPY_FLASHSIZE_DETECT 1
#define CONFIG_TIMER_TASK_STACK_SIZE 3584
#define CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE 1
#define CONFIG_MBEDTLS_X509_CRL_PARSE_C 1
#define CONFIG_LWIP_DHCPS_LEASE_UNIT 60
#define CONFIG_SPIFFS_USE_MAGIC 1
#define CONFIG_TCPIP_TASK_STACK_SIZE 2048
#define CONFIG_TASK_WDT 1
#define CONFIG_MAIN_TASK_STACK_SIZE 3584
#define CONFIG_SPIFFS_PAGE_CHECK 1
#define CONFIG_LWIP_MAX_ACTIVE_TCP 16
#define CONFIG_TASK_WDT_TIMEOUT_S 5
#define CONFIG_INT_WDT_TIMEOUT_MS 300
#define CONFIG_ESP32_RTC_XTAL_BOOTSTRAP_CYCLES 100
#define CONFIG_ESPTOOLPY_FLASHMODE "dio"
#define CONFIG_NEWLIB_STDIN_LINE_ENDING_CR 1
#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA 1
#define CONFIG_ESPTOOLPY_BEFORE "default_reset"
#define CONFIG_ADC2_DISABLE_DAC 1
#define CONFIG_LOG_DEFAULT_LEVEL 3
#define CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION 1
#define CONFIG_TIMER_QUEUE_LENGTH 10
#define CONFIG_MAKE_WARN_UNDEFINED_VARIABLES 1
#define CONFIG_FATFS_TIMEOUT_MS 10000
#define CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM 32
#define CONFIG_MAX_STA_CONN 4
#define CONFIG_MBEDTLS_CCM_C 1
#define CONFIG_ESP32_PHY_MAX_WIFI_TX_POWER 20
#define CONFIG_ESP32_RTC_CLK_CAL_CYCLES 1024
#define CONFIG_ESP32_WIFI_TX_BA_WIN 6
#define CONFIG_ESP32_WIFI_NVS_ENABLED 1
#define CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED 1
#define CONFIG_LIBSODIUM_USE_MBEDTLS_SHA 1
#define CONFIG_DMA_RX_BUF_NUM 10
#define CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED 1
#define CONFIG_TCP_SYNMAXRTX 6
#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 1
#define CONFIG_ESP_WIFI_SSID "myssid"
#define CONFIG_PYTHON "python"
#define CONFIG_MBEDTLS_ECP_NIST_OPTIM 1
#define CONFIG_ESP32_TIME_SYSCALL_USE_RTC_FRC1 1
#define CONFIG_ESPTOOLPY_COMPRESSED 1
#define CONFIG_PARTITION_TABLE_FILENAME "partitions_singleapp.csv"
#define CONFIG_TCP_SND_BUF_DEFAULT 5744
#define CONFIG_LWIP_DHCP_MAX_NTP_SERVERS 1
#define CONFIG_TCP_MSL 60000
#define CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 1
#define CONFIG_LWIP_SO_REUSE_RXTOALL 1
#define CONFIG_PARTITION_TABLE_SINGLE_APP 1
#define CONFIG_ESP32_WIFI_RX_BA_WIN 6
#define CONFIG_MBEDTLS_X509_CSR_PARSE_C 1
#define CONFIG_SPIFFS_USE_MTIME 1
#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA 1
#define CONFIG_LWIP_DHCP_DOES_ARP_CHECK 1
#define CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE 2304
#define CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V 1
#define CONFIG_ESP32_DEEP_SLEEP_WAKEUP_DELAY 2000
#define CONFIG_BROWNOUT_DET_LVL 0
#define CONFIG_MBEDTLS_PEM_PARSE_C 1
#define CONFIG_SPIFFS_GC_MAX_RUNS 10
#define CONFIG_ESP_WIFI_PASSWORD "mypassword"
#define CONFIG_ESP32_APPTRACE_DEST_NONE 1
#define CONFIG_PARTITION_TABLE_CUSTOM_APP_BIN_OFFSET 0x10000
#define CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 1
#define CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA 1
#define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM 32
#define CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED 1
#define CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED 1
#define CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1 1
#define CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ 160
#define CONFIG_MBEDTLS_HARDWARE_AES 1
#define CONFIG_FREERTOS_HZ 100
#define CONFIG_LOG_COLORS 1
#define CONFIG_ESP32_PHY_CALIBRATION_AND_DATA_STORAGE 1
#define CONFIG_STACK_CHECK_NONE 1
#define CONFIG_ADC_CAL_EFUSE_TP_ENABLE 1
#define CONFIG_FREERTOS_ASSERT_FAIL_ABORT 1
#define CONFIG_BROWNOUT_DET 1
#define CONFIG_ESP32_XTAL_FREQ 40
#define CONFIG_MONITOR_BAUD_115200B 1
#define CONFIG_LOG_BOOTLOADER_LEVEL 3
#define CONFIG_MBEDTLS_TLS_ENABLED 1
#define CONFIG_LWIP_MAX_RAW_PCBS 16
#define CONFIG_MBEDTLS_SSL_SESSION_TICKETS 1
#define CONFIG_SPIFFS_MAX_PARTITIONS 3
#define CONFIG_ESP_ERR_TO_NAME_LOOKUP 1
#define CONFIG_MBEDTLS_SSL_RENEGOTIATION 1
#define CONFIG_ESPTOOLPY_BEFORE_RESET 1
#define CONFIG_ESPTOOLPY_BAUD_OTHER_VAL 115200
#define CONFIG_SPIFFS_OBJ_NAME_LEN 32
#define CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT 5
#define CONFIG_PARTITION_TABLE_MD5 1
#define CONFIG_TCPIP_RECVMBOX_SIZE 32
#define CONFIG_TCP_MAXRTX 12
#define CONFIG_ESPTOOLPY_AFTER "hard_reset"
#define CONFIG_LWIP_SO_REUSE 1
#define CONFIG_ESP32_XTAL_FREQ_40 1
#define CONFIG_DMA_TX_BUF_NUM 10
#define CONFIG_LWIP_MAX_LISTENING_TCP 16
#define CONFIG_FREERTOS_INTERRUPT_BACKTRACE 1
#define CONFIG_WL_SECTOR_SIZE 4096
#define CONFIG_ESP32_DEBUG_OCDAWARE 1
#define CONFIG_TIMER_TASK_PRIORITY 1
#define CONFIG_MBEDTLS_TLS_CLIENT 1
#define CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED 1
#define CONFIG_MONITOR_BAUD 115200
#define CONFIG_FREERTOS_CORETIMER_0 1
#define CONFIG_PARTITION_TABLE_CUSTOM_FILENAME "partitions.csv"
#define CONFIG_MBEDTLS_HAVE_TIME 1
#define CONFIG_FREERTOS_CHECK_STACKOVERFLOW_CANARY 1
#define CONFIG_TCP_QUEUE_OOSEQ 1
#define CONFIG_ADC_CAL_EFUSE_VREF_ENABLE 1
#define CONFIG_MBEDTLS_TLS_SERVER 1
#define CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT 1
#define CONFIG_FREERTOS_ISR_STACKSIZE 1536
#define CONFIG_OPENSSL_ASSERT_DO_NOTHING 1
#define CONFIG_WL_SECTOR_SIZE_4096 1
#define CONFIG_OPTIMIZATION_LEVEL_DEBUG 1
#define CONFIG_ESP32_WIFI_AMPDU_TX_ENABLED 1
#define CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED 1
#define CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED 1
#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA 1
#define CONFIG_SYSTEM_EVENT_QUEUE_SIZE 32
#define CONFIG_ESP32_WIFI_TX_BUFFER_TYPE 1
#define CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED 1
#define CONFIG_LWIP_LOOPBACK_MAX_PBUFS 8
#define CONFIG_APP_OFFSET 0x10000
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_SPIFFS_PAGE_SIZE 256
#define CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED 1
#define CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0 1
#define CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT 3072
#define CONFIG_MONITOR_BAUD_OTHER_VAL 115200
#define CONFIG_NEWLIB_STDOUT_LINE_ENDING_CRLF 1
#define CONFIG_ESPTOOLPY_PORT "/dev/ttyUSB0"
#define CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS 1
#define CONFIG_ESP_WIFI_IS_SOFTAP 1

84
components/lwip/test_afl_host/test_dhcp_client.c Normal file
View file

@ -0,0 +1,84 @@
#include "no_warn_host.h"
#include "lwip/opt.h"
#include "lwip/stats.h"
#include "lwip/mem.h"
#include "lwip/udp.h"
#include "lwip/ip_addr.h"
#include "lwip/netif.h"
#include "lwip/def.h"
#include "lwip/dhcp.h"
#include "lwip/autoip.h"
#include "lwip/dns.h"
#include "netif/etharp.h"
#include <string.h>
const ip_addr_t ip_addr_any;
const ip_addr_t ip_addr_broadcast;
struct ip_globals ip_data;
struct netif *netif_list;
struct netif mynetif;
ip4_addr_t server_ip;
//
// Dependency injected test functions
void dhcp_test_dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
void dhcp_test_init_di();
//
// Test starts here
//
int main(int argc, char** argv)
{
uint8_t *buf;
struct pbuf *p;
FILE *file;
size_t len = 1460;
dhcp_test_init_di();
mynetif.flags = NETIF_FLAG_UP | NETIF_FLAG_ETHARP;
mynetif.mtu = 576;
IP4_ADDR(&server_ip, 192,168,4,1);
dhcp_start(&mynetif);
ip_data.current_input_netif = &mynetif;
ip_data.current_netif = &mynetif;
#ifdef INSTR_IS_OFF
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
buf = p->payload;
memset(buf, 0, 1460);
if (argc != 2)
{
printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n");
return 1;
}
//
// Note: parameter1 is a file (mangled packet) which caused the crash
file = fopen(argv[1], "r");
if (file) {
len = fread(buf, 1, 1460, file);
}
fclose(file);
int i;
for (i=0; i<1; i++) {
#else
while (__AFL_LOOP(1000)) {
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
buf = p->payload;
memset(buf, 0, 1460);
size_t len = read(0, buf, 1460);
#endif
p->len = len;
p->tot_len = len;
p->next = NULL;
dhcp_test_dhcp_recv(NULL, NULL, p, &ip_addr_any, 0);
}
return 0;
}

64
components/lwip/test_afl_host/test_dhcp_server.c Normal file
View file

@ -0,0 +1,64 @@
#include "no_warn_host.h"
#include "lwip/pbuf.h"
#include "lwip/udp.h"
#include "tcpip_adapter.h"
#include <string.h>
#include <stdio.h>
const ip_addr_t ip_addr_any;
ip4_addr_t server_ip;
struct netif mynetif;
// Dependency injected static function to pass the packet into parser
void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
void dhcp_test_init_di();
//
// Test starts here
//
int main(int argc, char** argv)
{
uint8_t *buf;
struct pbuf *p;
FILE *file;
size_t len = 1460;
dhcp_test_init_di();
IP4_ADDR(&server_ip, 192,168,4,1);
dhcps_start(&mynetif, server_ip);
#ifdef INSTR_IS_OFF
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
buf = p->payload;
memset(buf, 0, 1460);
if (argc != 2)
{
printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n");
return 1;
}
//
// Note: parameter1 is a file (mangled packet) which caused the crash
file = fopen(argv[1], "r");
if (file) {
len = fread(buf, 1, 1460, file);
}
fclose(file);
int i;
for (i=0; i<1; i++) {
#else
while (__AFL_LOOP(1000)) {
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
buf = p->payload;
memset(buf, 0, 1460);
size_t len = read(0, buf, 1460);
#endif
p->len = len;
p->tot_len = len;
p->next = NULL;
dhcp_test_handle_dhcp(NULL, NULL, p, &ip_addr_any, 0);
}
return 0;
}

79
components/lwip/test_afl_host/test_dns.c Normal file
View file

@ -0,0 +1,79 @@
#include "no_warn_host.h"
#include "lwip/opt.h"
#include "lwip/udp.h"
#include "lwip/mem.h"
#include "lwip/memp.h"
#include "lwip/dns.h"
#include "lwip/ip_addr.h"
#include <string.h>
const ip_addr_t ip_addr_any;
const ip_addr_t ip_addr_broadcast;
struct ip_globals ip_data;
struct netif *netif_list;
struct netif mynetif;
ip4_addr_t server_ip;
//
// Dependency injected test functions
void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
void dns_test_inject_port_and_txid(int port, int txid);
void dns_test_init_di();
err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype);
//
// Test starts here
//
int main(int argc, char** argv)
{
uint8_t *buf;
struct pbuf *p;
FILE *file;
size_t len = 1460;
dns_test_init_di();
#ifdef INSTR_IS_OFF
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
buf = p->payload;
memset(buf, 0, 1460);
if (argc != 2)
{
printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n");
return 1;
}
//
// Note: parameter1 is a file (mangled packet) which caused the crash
file = fopen(argv[1], "r");
if (file) {
len = fread(buf, 1, 1460, file);
}
fclose(file);
int i;
for (i=0; i<1; i++) {
#else
while (__AFL_LOOP(1000)) {
p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
buf = p->payload;
memset(buf, 0, 1460);
size_t len = read(0, buf, 1460);
#endif
p->len = len;
p->tot_len = len;
p->next = NULL;
// Pretend that the response is from our pending querries
dns_test_inject_port_and_txid(1024, (buf[0]<<8) + buf[1]);
dns_test_dns_enqueue("test", 4, NULL, NULL, 0);
// Process the packet
dns_test_dns_recv(NULL, NULL, p, &ip_addr_any, 0);
}
return 0;
}