Changeset 1858 for zzufTweet

Timestamp:

Nov 2, 2007, 11:45:54 PM (12 years ago)

Author:

Sam Hocevar

Message:

• Network destination port choosing with -p/--ports.
• Renamed -p/--pick into -l/--list to avoid conflicts.

Location:

zzuf/trunk/src

Files:

• fd.c (modified) (5 diffs)
• fd.h (modified) (1 diff)
• fuzz.c (modified) (1 diff)
• fuzz.h (modified) (1 diff)
• lib-fd.c (modified) (3 diffs)
• libzzuf.c (modified) (1 diff)
• opts.c (modified) (1 diff)
• opts.h (modified) (1 diff)
• zzuf.c (modified) (11 diffs)

zzuf/trunk/src/fd.c

@@ -44 +44 @@
 #endif
 
+/* Network port cherry picking */
+static int *ports = NULL;
+static int static_ports[512];
+
 /* File descriptor cherry picking */
-static int *ranges = NULL;
-static int static_ranges[512];
+static int *list = NULL;
+static int static_list[512];
 
 /* File descriptor stuff. When program is launched, we use the static array of
@@ -96 +100 @@
 }
 
-/* This function is the same as _zz_bytes() */
-void _zz_pick(char const *list)
+void _zz_ports(char const *list)
 {   
-    ranges = _zz_allocrange(list, static_ranges);
+    ports = _zz_allocrange(list, static_ports);
+}
+
+void _zz_list(char const *list)
+{   
+    list = _zz_allocrange(list, static_list);
 }
 
@@ -190 +198 @@
     if(fds != static_fds)
         free(fds);
-    if(ranges != static_ranges)
-        free(ranges);
+    if(list != static_list)
+        free(list);
+    if(ports != static_ports)
+        free(ports);
 }
 
@@ -215 +225 @@
 
     return 1;
+}
+
+int _zz_portwatched(int port)
+{
+    return _zz_isinrange(port, ports);
 }
 
@@ -274 +289 @@
 
     /* Check whether we should ignore the fd */
-    if(ranges)
+    if(list)
     {
         static int idx = 0;
 
-        files[i].active = _zz_isinrange(++idx, ranges);
+        files[i].active = _zz_isinrange(++idx, list);
     }
     else

zzuf/trunk/src/fd.h

@@ -27 +27 @@
 
 extern int _zz_mustwatch(char const *);
+extern int _zz_portwatched(int);
 extern int _zz_iswatched(int);
 extern void _zz_register(int);

zzuf/trunk/src/fuzz.c

@@ -66 +66 @@
 }
 
-/* This function is the same as _zz_pick() */
 void _zz_bytes(char const *list)
 {

zzuf/trunk/src/fuzz.h

@@ -19 +19 @@
 extern void _zz_fuzzing(char const *);
 extern void _zz_bytes(char const *);
-extern void _zz_pick(char const *);
+extern void _zz_list(char const *);
+extern void _zz_ports(char const *);
 extern void _zz_protect(char const *);
 extern void _zz_refuse(char const *);

zzuf/trunk/src/lib-fd.c

@@ -43 +43 @@
 #if defined HAVE_SYS_SOCKET_H
 #   include <sys/socket.h>
+#endif
+#if defined HAVE_NETINET_IN_H
+#   include <netinet/in.h>
 #endif
 #if defined HAVE_SYS_UIO_H
@@ -172 +175 @@
     LOADSYM(accept);
     ret = ORIG(accept)(sockfd, addr, addrlen);
-    if(!_zz_ready || _zz_islocked(-1) || !_zz_network)
+    if(!_zz_ready || _zz_islocked(-1) || !_zz_network
+         || !_zz_iswatched(sockfd) || !_zz_isactive(sockfd))
         return ret;
 
@@ -198 +202 @@
     if(ret >= 0)
     {
+        const struct sockaddr_in* in = (const struct sockaddr_in *)my_addr;
+        long int port;
+
+        switch(my_addr->sa_family)
+        {
+        case AF_INET:
+#if defined AF_INET6
+        case AF_INET6:
+#endif
+#if defined AF_UNIX
+        case AF_UNIX:
+#endif
+        case AF_UNSPEC:
+            port = ntohs(in->sin_port);
+            if(!_zz_portwatched(port))
+            {
+                _zz_unregister(sockfd);
+                return ret;
+            }
+            break;
+        default:
+            break;
+        }
+
         debug("%s(%i, %p, %i) = %i", __func__,
               sockfd, my_addr, (int)addrlen, ret);
-        _zz_register(ret);
     }
 

zzuf/trunk/src/libzzuf.c

@@ -91 +91 @@
         _zz_bytes(tmp);
 
-    tmp = getenv("ZZUF_PICK");
+    tmp = getenv("ZZUF_LIST");
     if(tmp && *tmp)
-        _zz_pick(tmp);
+        _zz_list(tmp);
+
+    tmp = getenv("ZZUF_PORTS");
+    if(tmp && *tmp)
+        _zz_ports(tmp);
 
     tmp = getenv("ZZUF_PROTECT");

zzuf/trunk/src/opts.c

@@ -34 +34 @@
 void _zz_opts_init(struct opts *opts)
 {
-    opts->fuzzing = opts->bytes = opts->pick = NULL;
+    opts->fuzzing = opts->bytes = opts->list = opts->ports = NULL;
     opts->protect = opts->refuse = NULL;
     opts->seed = DEFAULT_SEED;

zzuf/trunk/src/opts.h

@@ -21 +21 @@
     char **oldargv;
     char **newargv;
-    char *fuzzing, *bytes, *pick, *protect, *refuse;
+    char *fuzzing, *bytes, *list, *ports, *protect, *refuse;
     uint32_t seed;
     uint32_t endseed;

zzuf/trunk/src/zzuf.c

@@ -147 +147 @@
     int cmdline = 0;
 #endif
+    int network = 0;
     int i;
 
@@ -169 +170 @@
 #endif
 #define OPTSTR OPTSTR_REGEX OPTSTR_RLIMIT_MEM OPTSTR_RLIMIT_CPU \
-                "Ab:B:C:dD:f:F:imnp:P:qr:R:s:St:vxhV"
+                "Ab:B:C:dD:f:F:il:mnp:P:qr:R:s:St:vxhV"
 #define MOREINFO "Try `%s --help' for more information.\n"
         int option_index = 0;
@@ -193 +194 @@
             { "include",     1, NULL, 'I' },
 #endif
+            { "list",        1, NULL, 'l' },
             { "md5",         0, NULL, 'm' },
             { "max-memory",  1, NULL, 'M' },
             { "network",     0, NULL, 'n' },
-            { "pick",        1, NULL, 'p' },
+            { "ports",       1, NULL, 'p' },
             { "protect",     1, NULL, 'P' },
             { "quiet",       0, NULL, 'q' },
@@ -276 +278 @@
             break;
 #endif
+        case 'l': /* --list */
+            opts->list = myoptarg;
+            break;
         case 'm': /* --md5 */
             opts->md5 = 1;
@@ -287 +292 @@
         case 'n': /* --network */
             setenv("ZZUF_NETWORK", "1", 1);
-            break;
-        case 'p': /* --pick */
-            opts->pick = myoptarg;
+            network = 1;
+            break;
+        case 'p': /* --ports */
+            opts->ports = myoptarg;
             break;
         case 'P': /* --protect */
@@ -343 +349 @@
     }
 
+    if(opts->ports && !network)
+    {
+        fprintf(stderr, "%s: port option (-p) requires network fuzzing (-n)\n",
+                argv[0]);
+        printf(MOREINFO, argv[0]);
+        _zz_opts_fini(opts);
+        return EXIT_FAILURE;
+    }
+
     _zz_setratio(opts->minratio, opts->maxratio);
     _zz_setseed(opts->seed);
@@ -397 +412 @@
     if(opts->bytes)
         setenv("ZZUF_BYTES", opts->bytes, 1);
-    if(opts->pick)
-        setenv("ZZUF_PICK", opts->pick, 1);
+    if(opts->list)
+        setenv("ZZUF_LIST", opts->list, 1);
+    if(opts->ports)
+        setenv("ZZUF_PORTS", opts->ports, 1);
     if(opts->protect)
         setenv("ZZUF_PROTECT", opts->protect, 1);
@@ -451 +468 @@
     if(opts->bytes)
         _zz_bytes(opts->bytes);
-    if(opts->pick)
-        _zz_pick(opts->pick);
+    if(opts->list)
+        _zz_list(opts->list);
+    if(opts->ports)
+        _zz_ports(opts->ports);
     if(opts->protect)
         _zz_protect(opts->protect);
@@ -1147 +1166 @@
     printf(                                        "[-M megabytes] ");
 #endif
-    printf(                                                       "[-b ranges]\n");
-    printf("              [-P protect] [-R refuse] [-p pick]");
+    printf(                                                       "[-b ranges] [-p ports]\n");
+    printf("              [-P protect] [-R refuse] [-l list]");
 #if defined HAVE_REGEX_H
     printf(                                                " [-I include] [-E exclude]");
@@ -1177 +1196 @@
     printf("  -I, --include <regex>     only fuzz files matching <regex>\n");
 #endif
+    printf("  -l, --list <list>         only fuzz Nth descriptor with N in <list>\n");
     printf("  -m, --md5                 compute the output's MD5 hash\n");
 #if defined HAVE_SETRLIMIT && defined ZZUF_RLIMIT_MEM
@@ -1182 +1202 @@
 #endif
     printf("  -n, --network             fuzz network input\n");
-    printf("  -p, --pick <list>         only fuzz Nth descriptor with N in <list>\n");
+    printf("  -p, --ports <list>        only fuzz network destination ports in <list>\n");
     printf("  -P, --protect <list>      protect bytes and characters in <list>\n");
     printf("  -q, --quiet               do not print children's messages\n");