From 0a189c2d739929e61df7c0d326b8a22da6112f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Tempel?= Date: Tue, 13 Aug 2019 15:28:45 +0200 Subject: [PATCH] fuzzing/gnrc_tcp: Initialize --- fuzzing/gnrc_tcp/Makefile | 14 +++++ fuzzing/gnrc_tcp/input/ack.dat | Bin 0 -> 20 bytes fuzzing/gnrc_tcp/input/fin_ack.dat | Bin 0 -> 20 bytes fuzzing/gnrc_tcp/input/payload.dat | Bin 0 -> 20 bytes fuzzing/gnrc_tcp/input/syn.dat | Bin 0 -> 40 bytes fuzzing/gnrc_tcp/main.c | 95 +++++++++++++++++++++++++++++ 6 files changed, 109 insertions(+) create mode 100644 fuzzing/gnrc_tcp/Makefile create mode 100644 fuzzing/gnrc_tcp/input/ack.dat create mode 100644 fuzzing/gnrc_tcp/input/fin_ack.dat create mode 100644 fuzzing/gnrc_tcp/input/payload.dat create mode 100644 fuzzing/gnrc_tcp/input/syn.dat create mode 100644 fuzzing/gnrc_tcp/main.c diff --git a/fuzzing/gnrc_tcp/Makefile b/fuzzing/gnrc_tcp/Makefile new file mode 100644 index 0000000000..d2761c2dec --- /dev/null +++ b/fuzzing/gnrc_tcp/Makefile @@ -0,0 +1,14 @@ +include ../Makefile.fuzzing_common + +TCP_SERVER_ADDR ?= "2001:db8::1" +TCP_SERVER_ADDR_PREFIX ?= 64 +TCP_SERVER_PORT ?= 4223 + +CFLAGS += -DSERVER_ADDR=\"$(TCP_SERVER_ADDR)\" +CFLAGS += -DSERVER_ADDR_PREFIX=$(TCP_SERVER_ADDR_PREFIX) +CFLAGS += -DSERVER_PORT=$(TCP_SERVER_PORT) + +USEMODULE += gnrc_ipv6 +USEMODULE += gnrc_tcp + +include $(RIOTBASE)/Makefile.include diff --git a/fuzzing/gnrc_tcp/input/ack.dat b/fuzzing/gnrc_tcp/input/ack.dat new file mode 100644 index 0000000000000000000000000000000000000000..574b5bafea3b4be1897390ce58eacc11a5fd35ea GIT binary patch literal 20 bcmdnCUZDP@h5gkq + * + * This file is subject to the terms and conditions of the GNU Lesser + * General Public License v2.1. See the file LICENSE in the top level + * directory for more details. + */ + +#include +#include + +#include "thread.h" +#include "fuzzing.h" + +#include "net/af.h" +#include "net/gnrc/tcp.h" +#include "net/ipv6/addr.h" +#include "net/gnrc/pkt.h" + +static uint32_t demux = GNRC_NETREG_DEMUX_CTX_ALL; +static gnrc_nettype_t ntype = GNRC_NETTYPE_TCP; + +static void *tcploop(void *arg) +{ + mutex_t *tcpmtx = arg; + gnrc_tcp_tcb_t tcb; + gnrc_tcp_ep_t ep; + + if (gnrc_tcp_ep_from_str(&ep, "[" SERVER_ADDR "]")) { + errx(EXIT_FAILURE, "gnrc_tcp_ep_from_str failed"); + } + ep.port = SERVER_PORT; + + for (;;) { + gnrc_tcp_tcb_init(&tcb); + mutex_unlock(tcpmtx); + + int ret = gnrc_tcp_open_passive(&tcb, &ep); + if (!ret) { + errx(EXIT_FAILURE, "gnrc_tcp_open_passive failed: %d\n", ret); + } + } + + return NULL; +} + +static void inittcp(void) +{ + static char tcpthr[THREAD_STACKSIZE_DEFAULT]; + static mutex_t tcpmtx = MUTEX_INIT_LOCKED; + kernel_pid_t pid; + + pid = thread_create(tcpthr, sizeof(tcpthr), THREAD_PRIORITY_MAIN, + 0, tcploop, &tcpmtx, "gnrc_tcp fuzzing"); + if (pid < 0) { + errx(EXIT_FAILURE, "thread_create failed: %d\n", pid); + } + + mutex_lock(&tcpmtx); /* wait until tcp is initialized */ +} + +void initialize(ipv6_addr_t *addr) +{ + if (ipv6_addr_from_str(addr, SERVER_ADDR) == NULL) { + errx(EXIT_FAILURE, "ipv6_addr_from_str failed"); + } + if (fuzzing_init(addr, SERVER_ADDR_PREFIX)) { + errx(EXIT_FAILURE, "fuzzing_init failed"); + } + + inittcp(); +} + +int main(void) +{ + ipv6_addr_t myaddr; + gnrc_pktsnip_t *ipkt, *tpkt; + + initialize(&myaddr); + if (!(ipkt = gnrc_ipv6_hdr_build(NULL, NULL, &myaddr))) { + errx(EXIT_FAILURE, "gnrc_ipv6_hdr_build failed"); + } + if (!(tpkt = gnrc_pktbuf_add(ipkt, NULL, 0, GNRC_NETTYPE_TCP))) { + errx(EXIT_FAILURE, "gnrc_pktbuf_add failed"); + } + + if (fuzzing_read_packet(STDIN_FILENO, tpkt)) { + errx(EXIT_FAILURE, "fuzzing_read_packet failed"); + } + if (!gnrc_netapi_dispatch_receive(ntype, demux, tpkt)) { + errx(EXIT_FAILURE, "couldn't find any subscriber"); + } + + return EXIT_SUCCESS; +}