diff options
author | Thomas Habets <habets@google.com> | 2016-11-23 13:50:14 +0000 |
---|---|---|
committer | Thomas Habets <habets@google.com> | 2016-11-23 13:50:37 +0000 |
commit | 0ca1d6002d51abfcfd3eb9b09d607392acb21b59 (patch) | |
tree | 317d0c12b7d92319de462a6ea17a5b60ac63aadf | |
parent | ccc88a3007613da3c255717adc180c484206046f (diff) | |
download | arping-0ca1d6002d51abfcfd3eb9b09d607392acb21b59.tar.gz |
Add fuzzing code
-rw-r--r-- | HACKING.md | 8 | ||||
-rw-r--r-- | fuzz/pingip/normal.data | bin | 0 -> 60 bytes | |||
-rw-r--r-- | src/Makefile.am | 8 | ||||
-rw-r--r-- | src/fuzz_pingip.c | 73 | ||||
-rw-r--r-- | src/fuzz_pingmac.c | 56 |
5 files changed, 143 insertions, 2 deletions
@@ -12,3 +12,11 @@ 9. Upload to http://www.habets.pp.se/synscan/files/ 10. Update webpage. 11. Send email to synscan-announce@googlegroups.com + +## Fuzzing + +```shell +CC=/path/to/afl-gcc ./configure +make +/path/to/afl-fuzz -i fuzz/pingip/ -o fuzz/out/ ./src/fuzz_pingip +``` diff --git a/fuzz/pingip/normal.data b/fuzz/pingip/normal.data Binary files differnew file mode 100644 index 0000000..e4f1251 --- /dev/null +++ b/fuzz/pingip/normal.data diff --git a/src/Makefile.am b/src/Makefile.am index e8d722f..b901655 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -3,11 +3,15 @@ include $(top_srcdir)/Makefile.am.common sbin_PROGRAMS = arping -arping_SOURCES = arping.c arping_main.c unix.c +noinst_PROGRAMS = fuzz_pingip +arping_SOURCES = arping.c arping_main.c unix.c arping_LDADD = $(LIBOBJS) +fuzz_pingip_SOURCES = arping.c fuzz_pingip.c unix.c mock_libpcap.c mock_libnet.c +fuzz_pingip_LDADD = $(LIBOBJS) + TESTS=arping_test check_PROGRAMS=arping_test -arping_test_SOURCES=arping.c arping_test.c unix.c mock_libpcap.c mock_libnet.c +arping_test_SOURCES=arping.c arping_test.c unix.c mock_libpcap.c mock_libnet.c. arping_test_LDADD=$(LIBOBJS) -lcheck -lpthread diff --git a/src/fuzz_pingip.c b/src/fuzz_pingip.c new file mode 100644 index 0000000..a59955b --- /dev/null +++ b/src/fuzz_pingip.c @@ -0,0 +1,73 @@ +/* arping/src/fuzz_pingip.c + * + * Copyright (C) 2016 Thomas Habets <thomas@habets.se> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include<errno.h> +#include<string.h> +#include<stdio.h> +#include<stdlib.h> +#include<unistd.h> +#include<inttypes.h> + +#include<pcap.h> + +#include"arping.h" + +int +main() +{ + const size_t maxpacket = 1500; + char* const packet = calloc(1, maxpacket); + size_t packet_size = 0; + + // Read packet. + { + char* p = packet; + size_t size = maxpacket; + while (size > 0) { + const ssize_t n = read(STDIN_FILENO, p, size); + if (n == 0) { + break; + } + if (n < 0) { + fprintf(stderr, "read(): %s\n", strerror(errno)); + return 1; + } + size -= n; + p += n; + } + packet_size = p - packet; + } + + struct pcap_pkthdr pkthdr; + pkthdr.ts.tv_sec = time(NULL); + pkthdr.ts.tv_usec = 0; + pkthdr.len = packet_size; + pkthdr.caplen = packet_size; + + dstip = htonl(0x12345678); + pingip_recv(NULL, &pkthdr, packet); + + free(packet); + return 0; +} +/* ---- Emacs Variables ---- + * Local Variables: + * c-basic-offset: 8 + * indent-tabs-mode: nil + * End: + */ diff --git a/src/fuzz_pingmac.c b/src/fuzz_pingmac.c new file mode 100644 index 0000000..f595e28 --- /dev/null +++ b/src/fuzz_pingmac.c @@ -0,0 +1,56 @@ +#include<errno.h> +#include<string.h> +#include<stdio.h> +#include<stdlib.h> +#include<unistd.h> +#include<inttypes.h> + +#include<pcap.h> + +#include"arping.h" + +int +main() +{ + const size_t maxpacket = 1500; + char* const packet = calloc(1, maxpacket); + size_t packet_size = 0; + + // Read packet. + { + char* p = packet; + size_t size = maxpacket; + while (size > 0) { + const ssize_t n = read(STDIN_FILENO, p, size); + if (n == 0) { + break; + } + if (n < 0) { + fprintf(stderr, "read(): %s\n", strerror(errno)); + return 1; + } + size -= n; + p += n; + } + packet_size = p - packet; + } + + struct pcap_pkthdr pkthdr; + pkthdr.ts.tv_sec = time(NULL); + pkthdr.ts.tv_usec = 0; + pkthdr.len = packet_size; + pkthdr.caplen = packet_size; + + verbose = 9; + dstip = htonl(0x12345678); + pingip_recv(NULL, &pkthdr, packet); + + free(packet); + return 0; +} +/* ---- Emacs Variables ---- + * Local Variables: + * c-basic-offset: 8 + * indent-tabs-mode: nil + * End: + */ |