From bb25d0a348c6bc5431f7c5af1c36b4cb24ced819 Mon Sep 17 00:00:00 2001 From: David Cermak Date: Fri, 18 May 2018 15:54:08 +0200 Subject: [PATCH] DnsFuzzer: Added fuzzer test for exercising lwip/dns receiving DNS responses --- components/lwip/test_afl_host/Makefile | 31 +++-- components/lwip/test_afl_host/dns_di.h | 59 ++++++++++ .../{in_client => in_dhcp_client}/data0.bin | Bin .../{in_client => in_dhcp_client}/data1.bin | Bin .../{in_client => in_dhcp_client}/data2.bin | Bin .../{in_client => in_dhcp_client}/data3.bin | Bin .../{in_client => in_dhcp_client}/data4.bin | Bin .../{in_client => in_dhcp_client}/data5.bin | Bin .../{in_client => in_dhcp_client}/data6.bin | Bin .../{in_client => in_dhcp_client}/data7.bin | Bin .../{in_client => in_dhcp_client}/data8.bin | Bin .../{in_server => in_dhcp_server}/data0.bin | Bin .../{in_server => in_dhcp_server}/data1.bin | Bin .../{in_server => in_dhcp_server}/data2.bin | Bin .../{in_server => in_dhcp_server}/data3.bin | Bin .../{in_server => in_dhcp_server}/data4.bin | Bin .../{in_server => in_dhcp_server}/data5.bin | Bin .../{in_server => in_dhcp_server}/data6.bin | Bin components/lwip/test_afl_host/in_dns/out0.bin | Bin 0 -> 77 bytes .../lwip/test_afl_host/in_dns/out10.bin | Bin 0 -> 53 bytes .../lwip/test_afl_host/in_dns/out28.bin | Bin 0 -> 53 bytes .../lwip/test_afl_host/in_dns/out29.bin | Bin 0 -> 135 bytes .../lwip/test_afl_host/in_dns/out30.bin | Bin 0 -> 301 bytes .../lwip/test_afl_host/in_dns/out31.bin | Bin 0 -> 113 bytes .../lwip/test_afl_host/in_dns/out32.bin | Bin 0 -> 117 bytes .../lwip/test_afl_host/in_dns/out33.bin | Bin 0 -> 360 bytes .../lwip/test_afl_host/in_dns/out34.bin | Bin 0 -> 57 bytes .../lwip/test_afl_host/in_dns/out35.bin | Bin 0 -> 85 bytes .../lwip/test_afl_host/in_dns/out36.bin | Bin 0 -> 300 bytes .../lwip/test_afl_host/in_dns/out37.bin | Bin 0 -> 312 bytes .../lwip/test_afl_host/in_dns/out38.bin | Bin 0 -> 164 bytes components/lwip/test_afl_host/network_mock.c | 109 +++++++++++++++++- .../{test_client.c => test_dhcp_client.c} | 0 .../{test_server.c => test_dhcp_server.c} | 0 components/lwip/test_afl_host/test_dns.c | 79 +++++++++++++ 35 files changed, 262 insertions(+), 16 deletions(-) create mode 100644 components/lwip/test_afl_host/dns_di.h rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data0.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data1.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data2.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data3.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data4.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data5.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data6.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data7.bin (100%) rename components/lwip/test_afl_host/{in_client => in_dhcp_client}/data8.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data0.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data1.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data2.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data3.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data4.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data5.bin (100%) rename components/lwip/test_afl_host/{in_server => in_dhcp_server}/data6.bin (100%) create mode 100644 components/lwip/test_afl_host/in_dns/out0.bin create mode 100644 components/lwip/test_afl_host/in_dns/out10.bin create mode 100644 components/lwip/test_afl_host/in_dns/out28.bin create mode 100644 components/lwip/test_afl_host/in_dns/out29.bin create mode 100644 components/lwip/test_afl_host/in_dns/out30.bin create mode 100644 components/lwip/test_afl_host/in_dns/out31.bin create mode 100644 components/lwip/test_afl_host/in_dns/out32.bin create mode 100644 components/lwip/test_afl_host/in_dns/out33.bin create mode 100644 components/lwip/test_afl_host/in_dns/out34.bin create mode 100644 components/lwip/test_afl_host/in_dns/out35.bin create mode 100644 components/lwip/test_afl_host/in_dns/out36.bin create mode 100644 components/lwip/test_afl_host/in_dns/out37.bin create mode 100644 components/lwip/test_afl_host/in_dns/out38.bin rename components/lwip/test_afl_host/{test_client.c => test_dhcp_client.c} (100%) rename components/lwip/test_afl_host/{test_server.c => test_dhcp_server.c} (100%) create mode 100644 components/lwip/test_afl_host/test_dns.c diff --git a/components/lwip/test_afl_host/Makefile b/components/lwip/test_afl_host/Makefile index a3da02e11..d20537977 100644 --- a/components/lwip/test_afl_host/Makefile +++ b/components/lwip/test_afl_host/Makefile @@ -5,14 +5,21 @@ INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/i TEST_NAME=test FUZZ=afl-fuzz LD=$(CC) -ifeq ($(MODE),client) - DHCP_C_DEPENDENCY_INJECTION=-include dhcp_di.h - OBJECTS=dhcp.o network_mock.o test_client.o - SAMPLE_PACKETS=in_client -else - DHCP_C_DEPENDENCY_INJECTION=-include dhcpserver_di.h - OBJECTS=dhcpserver.o test_server.o network_mock.o - SAMPLE_PACKETS=in_server +ifeq ($(MODE),dhcp_client) + DEPENDENCY_INJECTION=-include dhcp_di.h + OBJECTS=dhcp.o network_mock.o test_dhcp_client.o + SAMPLE_PACKETS=in_dhcp_client +else ifeq ($(MODE),dhcp_server) + DEPENDENCY_INJECTION=-include dhcpserver_di.h + OBJECTS=dhcpserver.o test_dhcp_server.o network_mock.o + SAMPLE_PACKETS=in_dhcp_server +else ifeq ($(MODE),dns) + CFLAGS+=-DNOT_MOCK_DNS + DEPENDENCY_INJECTION=-include dns_di.h + OBJECTS=dns.o test_dns.o network_mock.o + SAMPLE_PACKETS=in_dns +else + $(error Please specify MODE: dhcp_server, dhcp_client, dns) endif ifeq ($(INSTR),off) @@ -27,13 +34,17 @@ CFLAGS+=$(INC_DIRS) all: $(TEST_NAME) +dns.o: ../core/dns.c + @echo "[CC] $<" + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ + dhcp.o: ../core/ipv4/dhcp.c @echo "[CC] $<" - @$(CC) $(CFLAGS) $(DHCP_C_DEPENDENCY_INJECTION) -c $< -o $@ + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ dhcpserver.o: ../apps/dhcpserver.c @echo "[CC] $<" - @$(CC) $(CFLAGS) $(DHCP_C_DEPENDENCY_INJECTION) -c $< -o $@ + @$(CC) $(CFLAGS) $(DEPENDENCY_INJECTION) -c $< -o $@ %.o: %.c @echo "[CC] $<" diff --git a/components/lwip/test_afl_host/dns_di.h b/components/lwip/test_afl_host/dns_di.h new file mode 100644 index 000000000..4cb0b715c --- /dev/null +++ b/components/lwip/test_afl_host/dns_di.h @@ -0,0 +1,59 @@ +/* + * dns.c dependecy injection -- preincluded to inject interface test functions into static variables + * + */ +#include "no_warn_host.h" + +#include "lwip/opt.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/memp.h" +#include "lwip/dns.h" +#include "lwip/ip_addr.h" + +#define ipaddr_aton(cp, addr) ip4addr_aton(cp, addr) + +extern uint32_t g_random_numbers[8]; +extern uint32_t g_random_numbers_cnt; + +void __assert_func(const char *file, int line, const char *func, const char *expr) +{ + printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr); + abort(); +} + +int ip4addr_aton(const char *cp, ip4_addr_t *addr) +{ + return 0; +} + +static err_t dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype); +static void dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); + +void (*dns_test_static_dns_recv)(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL; +err_t (*dns_test_static_dns_enqueue)(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) = NULL; + + +void dns_test_init_di() +{ + dns_test_static_dns_recv = dns_recv; + dns_test_static_dns_enqueue = dns_enqueue; +} + +err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype) +{ + return dns_test_static_dns_enqueue(name, hostnamelen, found, callback_arg, dns_addrtype); +} + +void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) +{ + dns_test_static_dns_recv(s, pcb, p, addr, port); +} + +void dns_test_inject_port_and_txid(int port, int txid) +{ + // inject random numbers + g_random_numbers[0] = port; //for port + g_random_numbers[1] = txid; //for txid + g_random_numbers_cnt = 0; // let's start with the port +} \ No newline at end of file diff --git a/components/lwip/test_afl_host/in_client/data0.bin b/components/lwip/test_afl_host/in_dhcp_client/data0.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data0.bin rename to components/lwip/test_afl_host/in_dhcp_client/data0.bin diff --git a/components/lwip/test_afl_host/in_client/data1.bin b/components/lwip/test_afl_host/in_dhcp_client/data1.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data1.bin rename to components/lwip/test_afl_host/in_dhcp_client/data1.bin diff --git a/components/lwip/test_afl_host/in_client/data2.bin b/components/lwip/test_afl_host/in_dhcp_client/data2.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data2.bin rename to components/lwip/test_afl_host/in_dhcp_client/data2.bin diff --git a/components/lwip/test_afl_host/in_client/data3.bin b/components/lwip/test_afl_host/in_dhcp_client/data3.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data3.bin rename to components/lwip/test_afl_host/in_dhcp_client/data3.bin diff --git a/components/lwip/test_afl_host/in_client/data4.bin b/components/lwip/test_afl_host/in_dhcp_client/data4.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data4.bin rename to components/lwip/test_afl_host/in_dhcp_client/data4.bin diff --git a/components/lwip/test_afl_host/in_client/data5.bin b/components/lwip/test_afl_host/in_dhcp_client/data5.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data5.bin rename to components/lwip/test_afl_host/in_dhcp_client/data5.bin diff --git a/components/lwip/test_afl_host/in_client/data6.bin b/components/lwip/test_afl_host/in_dhcp_client/data6.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data6.bin rename to components/lwip/test_afl_host/in_dhcp_client/data6.bin diff --git a/components/lwip/test_afl_host/in_client/data7.bin b/components/lwip/test_afl_host/in_dhcp_client/data7.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data7.bin rename to components/lwip/test_afl_host/in_dhcp_client/data7.bin diff --git a/components/lwip/test_afl_host/in_client/data8.bin b/components/lwip/test_afl_host/in_dhcp_client/data8.bin similarity index 100% rename from components/lwip/test_afl_host/in_client/data8.bin rename to components/lwip/test_afl_host/in_dhcp_client/data8.bin diff --git a/components/lwip/test_afl_host/in_server/data0.bin b/components/lwip/test_afl_host/in_dhcp_server/data0.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data0.bin rename to components/lwip/test_afl_host/in_dhcp_server/data0.bin diff --git a/components/lwip/test_afl_host/in_server/data1.bin b/components/lwip/test_afl_host/in_dhcp_server/data1.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data1.bin rename to components/lwip/test_afl_host/in_dhcp_server/data1.bin diff --git a/components/lwip/test_afl_host/in_server/data2.bin b/components/lwip/test_afl_host/in_dhcp_server/data2.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data2.bin rename to components/lwip/test_afl_host/in_dhcp_server/data2.bin diff --git a/components/lwip/test_afl_host/in_server/data3.bin b/components/lwip/test_afl_host/in_dhcp_server/data3.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data3.bin rename to components/lwip/test_afl_host/in_dhcp_server/data3.bin diff --git a/components/lwip/test_afl_host/in_server/data4.bin b/components/lwip/test_afl_host/in_dhcp_server/data4.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data4.bin rename to components/lwip/test_afl_host/in_dhcp_server/data4.bin diff --git a/components/lwip/test_afl_host/in_server/data5.bin b/components/lwip/test_afl_host/in_dhcp_server/data5.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data5.bin rename to components/lwip/test_afl_host/in_dhcp_server/data5.bin diff --git a/components/lwip/test_afl_host/in_server/data6.bin b/components/lwip/test_afl_host/in_dhcp_server/data6.bin similarity index 100% rename from components/lwip/test_afl_host/in_server/data6.bin rename to components/lwip/test_afl_host/in_dhcp_server/data6.bin diff --git a/components/lwip/test_afl_host/in_dns/out0.bin b/components/lwip/test_afl_host/in_dns/out0.bin new file mode 100644 index 0000000000000000000000000000000000000000..8a68ce66350feb3cb04cd9edc6602d281d7bf717 GIT binary patch literal 77 zcmezNscBmr8 WoCBf<3_-FC3`{}{ENgCxp9264x)VnL literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out10.bin b/components/lwip/test_afl_host/in_dns/out10.bin new file mode 100644 index 0000000000000000000000000000000000000000..e9f8c73fcbd2a911a8677624f6ba4303c5db1cdf GIT binary patch literal 53 zcmYf9Xl!6$1VSKSOV2FHNlfBQEiNcZEiTSXV@l3r07)L;fhb|T#=vqpUUw1zTWk!p literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out28.bin b/components/lwip/test_afl_host/in_dns/out28.bin new file mode 100644 index 0000000000000000000000000000000000000000..92ed4c510b1b63a38cbf20bf85188ef261530906 GIT binary patch literal 53 zcmdm_+t|Rs2!ueumY!LXlbFPrT3k?+T3no&#+01L0Fpew15v^h!N77kUUw1zRpAUP literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out29.bin b/components/lwip/test_afl_host/in_dns/out29.bin new file mode 100644 index 0000000000000000000000000000000000000000..40dc982a03372303489b1d769cfc07bd671e0233 GIT binary patch literal 135 zcmccA)7Zek$iT_~1Y9MVxv9FjiOKoJtce8$IjPLa`MC^0S;hlAKoyJ(4BV0oq8wmV q`Nb8C>FkM#1v#0y=?7#F7=e@l&A7(EBKX(jFB-oVm2Za5{|f-t)*)g5 literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out30.bin b/components/lwip/test_afl_host/in_dns/out30.bin new file mode 100644 index 0000000000000000000000000000000000000000..d7eff8b989a174190e8ad9bd6c238f3e2e844c5e GIT binary patch literal 301 zcmY$dYHVO&WZ+<6VPIe>$jnRUOwLFwDoILBEMd+|Enxu4F&^LnkwE4i1{NcMtLi9x z!Q*#P`JeWq@P+R%pz?!NQ28NcD13oO8m6Y1R0n>F7SNFAjzIrtZQg)WX73T zUYr7C8yPbt=QEXNGaxAvW&=uC8koY=m{=Z=Mv@i-NgEo$r43D)lk;Dd;WMBYcrko`9_>{b2-QpCM_|lXDMgv9zWS_TaIoH_Z)i8&eh#U%`EdHG5CDV0F=Wr;bNDL|7!iueQ=7+5wi Ka9TBhGynkWQ5i=7 literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out33.bin b/components/lwip/test_afl_host/in_dns/out33.bin new file mode 100644 index 0000000000000000000000000000000000000000..dc5b666c7d4bec296dfd366ba6dd4d15e38337d2 GIT binary patch literal 360 zcmYe_(AdDh$iT_K!oa{%l$n>!nUSBIom!b#P{5p*TEYO7V?4mazzU=pSdKCni4>P4 zrev1pmK7xH8kw0|8X6c_SaOyY>!v0am*^TYr{*MaCgvtq<>w`q7c(d4=Q12H0GR4eG>WWLE6`7OwNr9*9hkono-{lAgN_CwO&A-OBJ<6bcI-aj z%D@D&pG}8BoIS5t*U-?=k`w5-6fm1PzbKsnNr@y_iMgdQOo_1(Q*u62X*RMVVK$&% aBV$vT8Y9aCu}Efsr7ew3VA7^W2c!Wy{!@AY literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out34.bin b/components/lwip/test_afl_host/in_dns/out34.bin new file mode 100644 index 0000000000000000000000000000000000000000..55e9f0c3d8c0753d43c8e0a81f9acebb9afd5eea GIT binary patch literal 57 zcmeYiXl!6$1VSL-%1taONiE9FFD~IsEiNcZEiTSXV@l3r04X@Y15w5l!N77kUUw1z Dj+G6D literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out35.bin b/components/lwip/test_afl_host/in_dns/out35.bin new file mode 100644 index 0000000000000000000000000000000000000000..8d7c652e0abbea48110c41e3d9cb43c432191e02 GIT binary patch literal 85 zcmcbs+t|Rs$iTz^1RRM~=4K{FmZnT)`E0qxsmXaM%z3FL3_y9t13V0@K$?LemqCyv jx!A~vxx65mwag$nCGUXz0TYlC1_pK)29_Deg%4F%WZ+<6VPIfREXZUpPEF5E%`0Kb%x3_KGaldpkqitBwhSz0Q#W~|@K116 zq41|Hw?N@fJ===H-?jEQ3V+J?%c%SiGgQ9+(gOkvOi=s9+4G8Z4GoQrITOo^Q$TEE z=KP{`1|%htU?pY-W-uiN7EHV9rY| GVE_Ozr#yK8 literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out37.bin b/components/lwip/test_afl_host/in_dns/out37.bin new file mode 100644 index 0000000000000000000000000000000000000000..9c06a7b29259c34a1ae85cb22042c77e184a5701 GIT binary patch literal 312 zcmaFu+1S9q$iTtC!oa{&U|^}6oS#>cm|RlKl$OewSWu9Ys+*Em%$%26!T?mpcz_2) zGB7aoF|Y{!n9PU9UxCIqLgSmE@rBX&rfB>QG``RQNd_jM{Y*zMGDx!L73&(Bnj3K@ zmKOuvsB2)tl$_60n$3WuNQ@0AVPs(rQ)6t(oSdJFtU?&1!ra6HrozbbfEtnk;$T}0 PjZ9$jhDOZ!Md=Ixa3@J? literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/in_dns/out38.bin b/components/lwip/test_afl_host/in_dns/out38.bin new file mode 100644 index 0000000000000000000000000000000000000000..31bf8c2da53e77c3412444de1050f4ee22c1e5bb GIT binary patch literal 164 zcmZQ-YHVO&WMF0h0^YLX?oNV&=Tm5(c0`#sfSI ztU#K9g_A)~uspH6Sht`kKSehwu~OH-#FDuzvj9~idwFJFN`86q0gVH;5S>gG46>Ly cIg)eoOH&dH3V;gBK^8GE02Q)m1aCVB0JRG)i~s-t literal 0 HcmV?d00001 diff --git a/components/lwip/test_afl_host/network_mock.c b/components/lwip/test_afl_host/network_mock.c index 9e9ae4829..cf35fdb63 100644 --- a/components/lwip/test_afl_host/network_mock.c +++ b/components/lwip/test_afl_host/network_mock.c @@ -9,23 +9,84 @@ const ip_addr_t ip_addr_any; const ip_addr_t ip_addr_broadcast; +const ip_addr_t ip_addr_any_type; struct ip_globals ip_data; struct netif *netif_list; +struct udp_pcb mock_pcb; +uint32_t g_random_numbers[8] = {0}; +uint32_t g_random_numbers_cnt = 0; +struct pbuf* pbuf_skip(struct pbuf* in, u16_t in_offset, u16_t* out_offset) +{ + u16_t offset_left = in_offset; + struct pbuf* q = in; + + /* get the correct pbuf */ + while ((q != NULL) && (q->len <= offset_left)) { + offset_left -= q->len; + q = q->next; + } + if (out_offset != NULL) { + *out_offset = offset_left; + } + return q; +} + +void pbuf_put_at(struct pbuf* p, u16_t offset, u8_t data) +{ + u16_t q_idx; + struct pbuf* q = pbuf_skip(p, offset, &q_idx); + + /* write requested data if pbuf is OK */ + if ((q != NULL) && (q->len > q_idx)) { + ((u8_t*)q->payload)[q_idx] = data; + } +} + +u8_t pbuf_get_at(struct pbuf* p, u16_t offset) +{ + u16_t q_idx; + struct pbuf* q = pbuf_skip(p, offset, &q_idx); + + /* return requested data if pbuf is OK */ + if ((q != NULL) && (q->len > q_idx)) { + return ((u8_t*)q->payload)[q_idx]; + } + return 0; +} + +err_t pbuf_take(struct pbuf *buf, const void *dataptr, u16_t len) +{ + return ERR_OK; +} + +err_t pbuf_take_at(struct pbuf *buf, const void *dataptr, u16_t len, u16_t offset) +{ + return ERR_OK; +} + +struct udp_pcb * udp_new_ip_type(u8_t type) +{ + return &mock_pcb; +} + u16_t lwip_htons(u16_t n) { - return 0; + return ((n & 0xff) << 8) | ((n & 0xff00) >> 8); } u32_t lwip_htonl(u32_t n) { - return 0; +return ((n & 0xff) << 24) | + ((n & 0xff00) << 8) | + ((n & 0xff0000UL) >> 8) | + ((n & 0xff000000UL) >> 24); } esp_err_t tcpip_adapter_get_ip_info(tcpip_adapter_if_t tcpip_if, tcpip_adapter_ip_info_t *ip_info) { - return ESP_OK; + return ESP_OK; } struct pbuf * pbuf_alloc(pbuf_layer layer, u16_t length, pbuf_type type) @@ -84,13 +145,16 @@ void udp_disconnect(struct udp_pcb *pcb) { } +#ifndef NOT_MOCK_DNS void dns_setserver(u8_t numdns, const ip_addr_t *dnsserver) { } +#endif uint32_t esp_random(void) { - return 0; + // Preparation for injecting favorable random numbers + return g_random_numbers[g_random_numbers_cnt++ % 8]; } err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q) @@ -100,7 +164,7 @@ err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q u32_t lwip_ntohl(u32_t x) { - return 0; + return lwip_htonl(x); } void netif_set_addr(struct netif *netif, const ip4_addr_t *ipaddr, const ip4_addr_t *netmask, @@ -120,10 +184,43 @@ void pbuf_realloc(struct pbuf *p, u16_t size) } } -u16_t pbuf_copy_partial(struct pbuf *p, void *dataptr, u16_t len, u16_t offset) +u16_t pbuf_copy_partial(struct pbuf *buf, void *dataptr, u16_t len, u16_t offset) { + struct pbuf *p; + u16_t left; + u16_t buf_copy_len; + u16_t copied_total = 0; + + LWIP_ERROR("pbuf_copy_partial: invalid buf", (buf != NULL), return 0;); + LWIP_ERROR("pbuf_copy_partial: invalid dataptr", (dataptr != NULL), return 0;); + + left = 0; + + if ((buf == NULL) || (dataptr == NULL)) { return 0; + } + + /* Note some systems use byte copy if dataptr or one of the pbuf payload pointers are unaligned. */ + for (p = buf; len != 0 && p != NULL; p = p->next) { + if ((offset != 0) && (offset >= p->len)) { + /* don't copy from this buffer -> on to the next */ + offset -= p->len; + } else { + /* copy from this buffer. maybe only partially. */ + buf_copy_len = p->len - offset; + if (buf_copy_len > len) + buf_copy_len = len; + /* copy the necessary parts of the buffer */ + MEMCPY(&((char*)dataptr)[left], &((char*)p->payload)[offset], buf_copy_len); + copied_total += buf_copy_len; + left += buf_copy_len; + len -= buf_copy_len; + offset = 0; + } + } + return copied_total; } + err_t udp_connect(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port) { return ESP_OK; diff --git a/components/lwip/test_afl_host/test_client.c b/components/lwip/test_afl_host/test_dhcp_client.c similarity index 100% rename from components/lwip/test_afl_host/test_client.c rename to components/lwip/test_afl_host/test_dhcp_client.c diff --git a/components/lwip/test_afl_host/test_server.c b/components/lwip/test_afl_host/test_dhcp_server.c similarity index 100% rename from components/lwip/test_afl_host/test_server.c rename to components/lwip/test_afl_host/test_dhcp_server.c diff --git a/components/lwip/test_afl_host/test_dns.c b/components/lwip/test_afl_host/test_dns.c new file mode 100644 index 000000000..131a8b3ed --- /dev/null +++ b/components/lwip/test_afl_host/test_dns.c @@ -0,0 +1,79 @@ +#include "no_warn_host.h" + +#include "lwip/opt.h" +#include "lwip/udp.h" +#include "lwip/mem.h" +#include "lwip/memp.h" +#include "lwip/dns.h" +#include "lwip/ip_addr.h" + +#include + +const ip_addr_t ip_addr_any; +const ip_addr_t ip_addr_broadcast; +struct ip_globals ip_data; +struct netif *netif_list; +struct netif mynetif; +ip4_addr_t server_ip; + +// +// Dependency injected test functions +void dns_test_dns_recv(void *s, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port); +void dns_test_inject_port_and_txid(int port, int txid); + +void dns_test_init_di(); +err_t dns_test_dns_enqueue(const char *name, size_t hostnamelen, dns_found_callback found, void *callback_arg, u8_t dns_addrtype); + +// +// Test starts here +// +int main(int argc, char** argv) +{ + uint8_t *buf; + struct pbuf *p; + FILE *file; + size_t len = 1460; + + dns_test_init_di(); + +#ifdef INSTR_IS_OFF + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + if (argc != 2) + { + printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n"); + return 1; + } + // + // Note: parameter1 is a file (mangled packet) which caused the crash + file = fopen(argv[1], "r"); + if (file) { + len = fread(buf, 1, 1460, file); + } + fclose(file); + int i; + for (i=0; i<1; i++) { +#else + while (__AFL_LOOP(1000)) { + p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL); + buf = p->payload; + memset(buf, 0, 1460); + size_t len = read(0, buf, 1460); +#endif + p->len = len; + p->tot_len = len; + p->next = NULL; + + // Pretend that the response is from our pending querries + dns_test_inject_port_and_txid(1024, (buf[0]<<8) + buf[1]); + dns_test_dns_enqueue("test", 4, NULL, NULL, 0); + + // Process the packet + dns_test_dns_recv(NULL, NULL, p, &ip_addr_any, 0); + } + + + + return 0; +}