#ifdef AFLFUZZ_APPLAYER
int AppLayerParserRequestFromFile(uint8_t ipproto, AppProto alproto, char *filename)
{
+ struct timeval ts;
+ memset(&ts, 0, sizeof(ts));
+ gettimeofday(&ts, NULL);
+
int result = 1;
Flow *f = NULL;
TcpSession ssn;
f->protomap = FlowGetProtoMapping(f->proto);
f->alproto = alproto;
- uint8_t buffer[64];
+ uint8_t buffer[65536];
+ uint32_t cnt = 0;
#ifdef AFLFUZZ_PERSISTANT_MODE
while (__AFL_LOOP(1000)) {
if (size < sizeof(buffer))
done = 1;
+ char outfilename[256];
+ snprintf(outfilename, sizeof(outfilename), "dump/%u-%u.%u",
+ (unsigned int)ts.tv_sec, (unsigned int)ts.tv_usec, cnt);
+ FILE *out_fp = fopen(outfilename, "w");
+ BUG_ON(out_fp == NULL);
+ (void)fwrite(buffer, size, 1, out_fp);
+ fclose(out_fp);
//SCLogInfo("result %u done %d start %d", (uint)result, done, start);
uint8_t flags = STREAM_TOSERVER;
-
if (start--) {
flags |= STREAM_START;
}
(void)AppLayerParserParse(NULL, alp_tctx, f, alproto, flags,
buffer, size);
+ cnt++;
+
if (done)
break;
}
}
#endif /* AFLFUZZ_PERSISTANT_MODE */
+ /* if we get here there was no crash, so we can remove our files */
+ uint32_t x = 0;
+ for (x = 0; x < cnt; x++) {
+ char rmfilename[256];
+ snprintf(rmfilename, sizeof(rmfilename), "dump/%u-%u.%u",
+ (unsigned int)ts.tv_sec, (unsigned int)ts.tv_usec, x);
+ unlink(rmfilename);
+ }
+
+ result = 0;
+
+end:
+ if (alp_tctx != NULL)
+ AppLayerParserThreadCtxFree(alp_tctx);
+ if (f != NULL) {
+ FlowFree(f);
+ }
+ return result;
+}
+
+/* load a serie of files generated by DecoderParseDataFromFile() in
+ * the same order as it was produced. */
+int AppLayerParserRequestFromFileSerie(uint8_t ipproto, AppProto alproto, char *fileprefix)
+{
+ uint32_t cnt = 0;
+ int start = 1;
+ int result = 1;
+ Flow *f = NULL;
+ TcpSession ssn;
+ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
+
+ memset(&ssn, 0, sizeof(ssn));
+
+ f = SCCalloc(1, sizeof(Flow));
+ if (f == NULL)
+ goto end;
+ FLOW_INITIALIZE(f);
+
+ f->flags |= FLOW_IPV4;
+ f->src.addr_data32[0] = 0x01020304;
+ f->dst.addr_data32[0] = 0x05060708;
+ f->sp = 10000;
+ f->dp = 80;
+ f->protoctx = &ssn;
+ f->proto = ipproto;
+ f->protomap = FlowGetProtoMapping(f->proto);
+ f->alproto = alproto;
+
+ uint8_t buffer[65536];
+
+ char filename[256];
+ snprintf(filename, sizeof(filename), "dump/%s.%u", fileprefix, cnt);
+ FILE *fp;
+ while ((fp = fopen(filename, "r")) != NULL)
+ {
+ memset(buffer, 0, sizeof(buffer));
+
+ size_t size = fread(&buffer, 1, sizeof(buffer), fp);
+
+ uint8_t flags = STREAM_TOSERVER;
+ if (start--) {
+ flags |= STREAM_START;
+ }
+
+ (void)AppLayerParserParse(NULL, alp_tctx, f, alproto, flags,
+ buffer, size);
+
+ fclose(fp);
+ cnt++;
+
+ snprintf(filename, sizeof(filename), "dump/%s.%u", fileprefix, cnt);
+ }
+
result = 0;
end:
int AppLayerParserFromFile(uint8_t ipproto, AppProto alproto, char *filename)
{
+ struct timeval ts;
+ memset(&ts, 0, sizeof(ts));
+ gettimeofday(&ts, NULL);
+
int result = 1;
Flow *f = NULL;
TcpSession ssn;
f->protomap = FlowGetProtoMapping(f->proto);
f->alproto = alproto;
- uint8_t buffer[64];
+ uint8_t buffer[65536];
+ uint32_t cnt = 0;
#ifdef AFLFUZZ_PERSISTANT_MODE
while (__AFL_LOOP(1000)) {
if (size < sizeof(buffer))
done = 1;
+ char outfilename[256];
+ snprintf(outfilename, sizeof(outfilename), "dump/%u-%u.%u",
+ (unsigned int)ts.tv_sec, (unsigned int)ts.tv_usec, cnt);
+ FILE *out_fp = fopen(outfilename, "w");
+ BUG_ON(out_fp == NULL);
+ (void)fwrite(buffer, size, 1, out_fp);
+ fclose(out_fp);
//SCLogInfo("result %u done %d start %d", (uint)result, done, start);
uint8_t flags = 0;
(void)AppLayerParserParse(NULL, alp_tctx, f, alproto, flags,
buffer, size);
+
+ cnt++;
+
if (done)
break;
}
}
#endif /* AFLFUZZ_PERSISTANT_MODE */
+ /* if we get here there was no crash, so we can remove our files */
+ uint32_t x = 0;
+ for (x = 0; x < cnt; x++) {
+ char rmfilename[256];
+ snprintf(rmfilename, sizeof(rmfilename), "dump/%u-%u.%u",
+ (unsigned int)ts.tv_sec, (unsigned int)ts.tv_usec, x);
+ unlink(rmfilename);
+ }
+
+ result = 0;
+end:
+ if (alp_tctx != NULL)
+ AppLayerParserThreadCtxFree(alp_tctx);
+ if (f != NULL) {
+ FlowFree(f);
+ }
+ return result;
+}
+
+/* load a serie of files generated by DecoderParseDataFromFile() in
+ * the same order as it was produced. */
+int AppLayerParserFromFileSerie(uint8_t ipproto, AppProto alproto, char *fileprefix)
+{
+ uint32_t cnt = 0;
+ int start = 1;
+ int result = 1;
+ Flow *f = NULL;
+ TcpSession ssn;
+ AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
+
+ memset(&ssn, 0, sizeof(ssn));
+
+ f = SCCalloc(1, sizeof(Flow));
+ if (f == NULL)
+ goto end;
+ FLOW_INITIALIZE(f);
+
+ f->flags |= FLOW_IPV4;
+ f->src.addr_data32[0] = 0x01020304;
+ f->dst.addr_data32[0] = 0x05060708;
+ f->sp = 10000;
+ f->dp = 80;
+ f->protoctx = &ssn;
+ f->proto = ipproto;
+ f->protomap = FlowGetProtoMapping(f->proto);
+ f->alproto = alproto;
+
+ uint8_t buffer[65536];
+ int flip = 0;
+ char filename[256];
+ snprintf(filename, sizeof(filename), "dump/%s.%u", fileprefix, cnt);
+ FILE *fp;
+ while ((fp = fopen(filename, "r")) != NULL)
+ {
+ memset(buffer, 0, sizeof(buffer));
+
+ size_t size = fread(&buffer, 1, sizeof(buffer), fp);
+
+ uint8_t flags = 0;
+ if (flip) {
+ flags = STREAM_TOCLIENT;
+ flip = 0;
+ } else {
+ flags = STREAM_TOSERVER;
+ flip = 1;
+ }
+
+ if (start--) {
+ flags |= STREAM_START;
+ }
+
+ (void)AppLayerParserParse(NULL, alp_tctx, f, alproto, flags,
+ buffer, size);
+
+ fclose(fp);
+ cnt++;
+
+ snprintf(filename, sizeof(filename), "dump/%s.%u", fileprefix, cnt);
+ }
+
result = 0;
+
end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
}
return result;
}
+
#endif /* AFLFUZZ_APPLAYER */
/***** Unittests *****/
AppLayerParserSetup();
RegisterSMBParsers();
exit(AppLayerParserFromFile(IPPROTO_TCP, ALPROTO_SMB, opt_arg));
-
+ } else if(strstr(opt_name, "afl-dcerpc-request") != NULL) {
+ //printf("arg: //%s\n", opt_arg);
+ MpmTableSetup();
+ SpmTableSetup();
+ AppLayerProtoDetectSetup();
+ AppLayerParserSetup();
+ RegisterDCERPCParsers();
+ if (strcmp(opt_name, "afl-dcerpc-request") == 0)
+ exit(AppLayerParserRequestFromFile(IPPROTO_TCP, ALPROTO_DCERPC, opt_arg));
+ else
+ exit(AppLayerParserRequestFromFileSerie(IPPROTO_TCP, ALPROTO_DCERPC, opt_arg));
+ } else if(strstr(opt_name, "afl-dcerpc") != NULL) {
+ //printf("arg: //%s\n", opt_arg);
+ MpmTableSetup();
+ SpmTableSetup();
+ AppLayerProtoDetectSetup();
+ AppLayerParserSetup();
+ RegisterDCERPCParsers();
+ if (strcmp(opt_name, "afl-dcerpc") == 0)
+ exit(AppLayerParserFromFile(IPPROTO_TCP, ALPROTO_DCERPC, opt_arg));
+ else
+ exit(AppLayerParserFromFileSerie(IPPROTO_TCP, ALPROTO_DCERPC, opt_arg));
} else if(strcmp(opt_name, "afl-modbus-request") == 0) {
//printf("arg: //%s\n", opt_arg);
AppLayerParserSetup();
{"afl-mime", required_argument, 0 , 0},
{"afl-dnp3-request", required_argument, 0, 0},
{"afl-dnp3", required_argument, 0, 0},
+ {"afl-dcerpc", required_argument, 0, 0},
+ {"afl-dcerpc-serie", required_argument, 0, 0},
+ {"afl-dcerpc-request", required_argument, 0, 0},
+ {"afl-dcerpc-request-serie", required_argument, 0, 0},
/* Other AFL options. */
{"afl-rules", required_argument, 0 , 0},
projects / thirdparty / suricata.git / commitdiff
