// Constants defined in the Fuzz class definition.
constexpr size_t Fuzz::BUFFER_SIZE;
+constexpr size_t Fuzz::MAX_SEND_SIZE;
constexpr useconds_t Fuzz::SLEEP_INTERVAL;
constexpr long Fuzz::LOOP_COUNT;
// and AFL seems to get confused in this case. At any rate, without
// some form of synchronization, this approach does not work.
- // Send the data to the main Kea thread.
- ssize_t sent = sendto(sockfd, buf, length, 0, sockaddr_ptr_,
+ // Send the data to the main Kea thread. Limit the size of the
+ // packets that can be sent.
+ size_t send_len = (length < MAX_SEND_SIZE) ? length : MAX_SEND_SIZE;
+ ssize_t sent = sendto(sockfd, buf, send_len, 0, sockaddr_ptr_,
sockaddr_len_);
if (sent < 0) {
+ // TODO: If we get here, we may well hang: AFL has sent us a
+ // packet but by continuing, we are not letting Kea process it
+ // and trigger AFL to send another. For the time being, we
+ // are restricting the size of packets Kea can send us.
LOG_ERROR(fuzz_logger, FUZZ_SEND_ERROR).arg(strerror(errno));
continue;
} else if (sent != length) {
void setAddress(int ipversion);
/// @brief size of the buffer used to transfer data between AFL and Kea.
- static constexpr size_t BUFFER_SIZE = 65536;
+ ///
+ /// This is much larger than the data that will be sent to Kea (so AFL
+ /// data being trimmed). However, it does allow for AFL to send quite
+ /// large packets without resulting in timeouts or synchronization
+ /// problems with the fuzzing thread.
+ static constexpr size_t BUFFER_SIZE = 128000;
+
+ /// @brief maximum size of packets fuzzing thread will send to Kea
+ ///
+ /// This is below the maximum size of data that can be put into a
+ /// single UDP datagram.
+ static constexpr size_t MAX_SEND_SIZE = 64000;
/// @brief Delay before rereading if read from stdin returns an error (us)
static constexpr useconds_t SLEEP_INTERVAL = 50000;
projects / thirdparty / kea.git / commitdiff
