Changeset 1560 for zzuf


Ignore:
Timestamp:
Jan 5, 2007, 8:52:30 AM (14 years ago)
Author:
Sam Hocevar
Message:
  • Network support.
Location:
zzuf/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/doc/zzuf.1

    r1559 r1560  
    33zzuf \- multiple purpose fuzzer
    44.SH SYNOPSIS
    5 \fBzzuf\fR [\fB\-cdiqS\fR] [\fB\-r\fR \fIratio\fR] [\fB\-s\fR \fIseed\fR | \fB\-s\fR \fIstart:stop\fR]
    6 .br
    7               [\fB\-F\fR \fIchildren\fR] [\fB\-B\fR \fIbytes\fR] [\fB\-T\fR \fIseconds\fR]
    8 .br
    9               [\fB\-P\fR \fIlist\fR] [\fB\-R\fR \fIlist\fR]
    10 .br
    11               [\fB\-I\fR \fIinclude\fR] [\fB\-E\fR \fIexclude\fR] \fIPROGRAM\fR [\fIARGS\fR]...
     5\fBzzuf\fR [\fB\-cdiNqS\fR] [\fB\-r\fR \fIratio\fR] [\fB\-s\fR \fIseed\fR | \fB\-s\fR \fIstart:stop\fR]
     6.br
     7               [\fB\-F\fR \fIchildren\fR] [\fB\-B\fR \fIbytes\fR] [\fB\-T\fR \fIseconds\fR]
     8.br
     9               [\fB\-P\fR \fIlist\fR] [\fB\-R\fR \fIlist\fR]
     10.br
     11               [\fB\-I\fR \fIinclude\fR] [\fB\-E\fR \fIexclude\fR] \fIPROGRAM\fR [\fIARGS\fR]...
    1212.br
    1313\fBzzuf \-h\fR | \fB\-\-help\fR
     
    7777Multiple \fB\-I\fR flags can be specified, in which case files matching any one
    7878of the regular expressions will be fuzzed. See also the \fB\-c\fR flag.
     79.TP
     80\fB\-N\fR, \fB\-\-network\fR
     81Fuzz the application's network input. By default \fBzzuf\fR only fuzzes files.
    7982.TP
    8083\fB\-P\fR, \fB\-\-protect\fR=\fIlist\fR
     
    221224as an unprivileged user. This limitation will probably not be addressed.
    222225.PP
    223 Network fuzzing is not implemented. This feature will be added.
    224 .PP
    225226It is not yet possible to insert or drop bytes from the input, to fuzz
    226227according to the file format, or to do all these complicated operations. These
  • zzuf/trunk/src/libzzuf.c

    r1555 r1560  
    4646int   _zz_seed     = 0;
    4747int   _zz_signal   = 0;
     48int   _zz_network  = 0;
    4849
    4950/* Global tables */
     
    106107    if(tmp && *tmp == '1')
    107108        _zz_signal = 1;
     109
     110    tmp = getenv("ZZUF_NETWORK");
     111    if(tmp && *tmp == '1')
     112        _zz_network = 1;
    108113
    109114    _zz_fd_init();
  • zzuf/trunk/src/libzzuf.h

    r1555 r1560  
    3939extern int   _zz_seed;
    4040extern int   _zz_signal;
     41extern int   _zz_network;
    4142
    4243/* Internal tables TODO: merge them and use bitmasks */
  • zzuf/trunk/src/load-fd.c

    r1553 r1560  
    3333
    3434#include <sys/types.h>
     35#include <sys/socket.h>
    3536#include <unistd.h>
    3637#include <fcntl.h>
     
    4748static int     (*open64_orig)  (const char *file, int oflag, ...);
    4849#endif
     50static int     (*accept_orig)  (int sockfd, struct sockaddr *addr,
     51                                socklen_t *addrlen);
     52static int     (*socket_orig)  (int domain, int type, int protocol);
    4953static ssize_t (*read_orig)    (int fd, void *buf, size_t count);
    5054static off_t   (*lseek_orig)   (int fd, off_t offset, int whence);
     
    6064    LOADSYM(open64);
    6165#endif
     66    LOADSYM(accept);
     67    LOADSYM(socket);
    6268    LOADSYM(read);
    6369    LOADSYM(lseek);
     
    113119#endif
    114120
     121int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen)
     122{
     123    int ret;
     124
     125    if(!_zz_ready)
     126        LOADSYM(accept);
     127    ret = accept_orig(sockfd, addr, addrlen);
     128    if(!_zz_ready || _zz_disabled || !_zz_network)
     129        return ret;
     130
     131    if(ret >= 0)
     132    {
     133        debug("accept(%i, %p, %p) = %i", sockfd, addr, addrlen, ret);
     134        _zz_register(ret);
     135    }
     136
     137    return ret;
     138}
     139
     140int socket(int domain, int type, int protocol)
     141{
     142    int ret;
     143
     144    if(!_zz_ready)
     145        LOADSYM(socket);
     146    ret = socket_orig(domain, type, protocol);
     147    if(!_zz_ready || _zz_disabled || !_zz_network)
     148        return ret;
     149
     150    if(ret >= 0)
     151    {
     152        debug("socket(%i, %i, %i) = %i", domain, type, protocol, ret);
     153        _zz_register(ret);
     154    }
     155
     156    return ret;
     157}
     158
    115159ssize_t read(int fd, void *buf, size_t count)
    116160{
  • zzuf/trunk/src/zzuf.c

    r1555 r1560  
    111111            { "stdin",     0, NULL, 'i' },
    112112            { "include",   1, NULL, 'I' },
     113            { "network",   1, NULL, 'N' },
    113114            { "protect",   1, NULL, 'P' },
    114115            { "quiet",     0, NULL, 'q' },
     
    120121            { "version",   0, NULL, 'v' },
    121122        };
    122         int c = getopt_long(argc, argv, "B:cdE:F:hiI:P:qr:R:s:ST:v",
     123        int c = getopt_long(argc, argv, "B:cdE:F:hiI:NP:qr:R:s:ST:v",
    123124                            long_options, &option_index);
    124125#   else
    125126#       define MOREINFO "Try `%s -h' for more information.\n"
    126         int c = getopt(argc, argv, "B:cdE:F:hiI:P:qr:R:s:ST:v");
     127        int c = getopt(argc, argv, "B:cdE:F:hiI:NP:qr:R:s:ST:v");
    127128#   endif
    128129        if(c == -1)
     
    152153        case 'i': /* --stdin */
    153154            setenv("ZZUF_STDIN", "1", 1);
     155            break;
     156        case 'N': /* --network */
     157            setenv("ZZUF_NETWORK", "1", 1);
    154158            break;
    155159        case 's': /* --seed */
     
    550554static void usage(void)
    551555{
    552     printf("Usage: zzuf [ -cdiqS ] [ -r ratio ] [ -s seed | -s start:stop ]\n");
    553     printf("                       [ -F children ] [ -B bytes ] [ -T seconds ]\n");
    554     printf("                       [ -P protect ] [ -R refuse ]\n");
    555     printf("                       [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n");
     556    printf("Usage: zzuf [ -cdiNqS ] [ -r ratio ] [ -s seed | -s start:stop ]\n");
     557    printf("                        [ -F children ] [ -B bytes ] [ -T seconds ]\n");
     558    printf("                        [ -P protect ] [ -R refuse ]\n");
     559    printf("                        [ -I include ] [ -E exclude ] COMMAND [ARGS]...\n");
    556560    printf("       zzuf -h\n");
    557561    printf("       zzuf -v\n");
     
    567571    printf("  -i, --stdin              fuzz standard input\n");
    568572    printf("  -I, --include <regex>    only fuzz files matching <regex>\n");
     573    printf("  -N, --network            fuzz network input\n");
    569574    printf("  -P, --protect <list>     protect bytes and characters in <list>\n");
    570575    printf("  -q, --quiet              do not print children's messages\n");
     
    585590    printf("  -i               fuzz standard input\n");
    586591    printf("  -I <regex>       only fuzz files matching <regex>\n");
     592    printf("  -N               fuzz network input\n");
    587593    printf("  -P <list>        protect bytes and characters in <list>\n");
    588594    printf("  -q               do not print the fuzzed application's messages\n");
Note: See TracChangeset for help on using the changeset viewer.