- Timestamp:
- Nov 2, 2007, 11:45:54 PM (13 years ago)
- Location:
- zzuf/trunk/src
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
zzuf/trunk/src/fd.c
r1794 r1858 44 44 #endif 45 45 46 /* Network port cherry picking */ 47 static int *ports = NULL; 48 static int static_ports[512]; 49 46 50 /* File descriptor cherry picking */ 47 static int * ranges= NULL;48 static int static_ ranges[512];51 static int *list = NULL; 52 static int static_list[512]; 49 53 50 54 /* File descriptor stuff. When program is launched, we use the static array of … … 96 100 } 97 101 98 /* This function is the same as _zz_bytes() */ 99 void _zz_pick(char const *list) 102 void _zz_ports(char const *list) 100 103 { 101 ranges = _zz_allocrange(list, static_ranges); 104 ports = _zz_allocrange(list, static_ports); 105 } 106 107 void _zz_list(char const *list) 108 { 109 list = _zz_allocrange(list, static_list); 102 110 } 103 111 … … 190 198 if(fds != static_fds) 191 199 free(fds); 192 if(ranges != static_ranges) 193 free(ranges); 200 if(list != static_list) 201 free(list); 202 if(ports != static_ports) 203 free(ports); 194 204 } 195 205 … … 215 225 216 226 return 1; 227 } 228 229 int _zz_portwatched(int port) 230 { 231 return _zz_isinrange(port, ports); 217 232 } 218 233 … … 274 289 275 290 /* Check whether we should ignore the fd */ 276 if( ranges)291 if(list) 277 292 { 278 293 static int idx = 0; 279 294 280 files[i].active = _zz_isinrange(++idx, ranges);295 files[i].active = _zz_isinrange(++idx, list); 281 296 } 282 297 else -
zzuf/trunk/src/fd.h
r1791 r1858 27 27 28 28 extern int _zz_mustwatch(char const *); 29 extern int _zz_portwatched(int); 29 30 extern int _zz_iswatched(int); 30 31 extern void _zz_register(int); -
zzuf/trunk/src/fuzz.c
r1794 r1858 66 66 } 67 67 68 /* This function is the same as _zz_pick() */69 68 void _zz_bytes(char const *list) 70 69 { -
zzuf/trunk/src/fuzz.h
r1791 r1858 19 19 extern void _zz_fuzzing(char const *); 20 20 extern void _zz_bytes(char const *); 21 extern void _zz_pick(char const *); 21 extern void _zz_list(char const *); 22 extern void _zz_ports(char const *); 22 23 extern void _zz_protect(char const *); 23 24 extern void _zz_refuse(char const *); -
zzuf/trunk/src/lib-fd.c
r1855 r1858 43 43 #if defined HAVE_SYS_SOCKET_H 44 44 # include <sys/socket.h> 45 #endif 46 #if defined HAVE_NETINET_IN_H 47 # include <netinet/in.h> 45 48 #endif 46 49 #if defined HAVE_SYS_UIO_H … … 172 175 LOADSYM(accept); 173 176 ret = ORIG(accept)(sockfd, addr, addrlen); 174 if(!_zz_ready || _zz_islocked(-1) || !_zz_network) 177 if(!_zz_ready || _zz_islocked(-1) || !_zz_network 178 || !_zz_iswatched(sockfd) || !_zz_isactive(sockfd)) 175 179 return ret; 176 180 … … 198 202 if(ret >= 0) 199 203 { 204 const struct sockaddr_in* in = (const struct sockaddr_in *)my_addr; 205 long int port; 206 207 switch(my_addr->sa_family) 208 { 209 case AF_INET: 210 #if defined AF_INET6 211 case AF_INET6: 212 #endif 213 #if defined AF_UNIX 214 case AF_UNIX: 215 #endif 216 case AF_UNSPEC: 217 port = ntohs(in->sin_port); 218 if(!_zz_portwatched(port)) 219 { 220 _zz_unregister(sockfd); 221 return ret; 222 } 223 break; 224 default: 225 break; 226 } 227 200 228 debug("%s(%i, %p, %i) = %i", __func__, 201 229 sockfd, my_addr, (int)addrlen, ret); 202 _zz_register(ret);203 230 } 204 231 -
zzuf/trunk/src/libzzuf.c
r1791 r1858 91 91 _zz_bytes(tmp); 92 92 93 tmp = getenv("ZZUF_ PICK");93 tmp = getenv("ZZUF_LIST"); 94 94 if(tmp && *tmp) 95 _zz_pick(tmp); 95 _zz_list(tmp); 96 97 tmp = getenv("ZZUF_PORTS"); 98 if(tmp && *tmp) 99 _zz_ports(tmp); 96 100 97 101 tmp = getenv("ZZUF_PROTECT"); -
zzuf/trunk/src/opts.c
r1801 r1858 34 34 void _zz_opts_init(struct opts *opts) 35 35 { 36 opts->fuzzing = opts->bytes = opts-> pick= NULL;36 opts->fuzzing = opts->bytes = opts->list = opts->ports = NULL; 37 37 opts->protect = opts->refuse = NULL; 38 38 opts->seed = DEFAULT_SEED; -
zzuf/trunk/src/opts.h
r1801 r1858 21 21 char **oldargv; 22 22 char **newargv; 23 char *fuzzing, *bytes, * pick, *protect, *refuse;23 char *fuzzing, *bytes, *list, *ports, *protect, *refuse; 24 24 uint32_t seed; 25 25 uint32_t endseed; -
zzuf/trunk/src/zzuf.c
r1802 r1858 147 147 int cmdline = 0; 148 148 #endif 149 int network = 0; 149 150 int i; 150 151 … … 169 170 #endif 170 171 #define OPTSTR OPTSTR_REGEX OPTSTR_RLIMIT_MEM OPTSTR_RLIMIT_CPU \ 171 "Ab:B:C:dD:f:F:i mnp:P:qr:R:s:St:vxhV"172 "Ab:B:C:dD:f:F:il:mnp:P:qr:R:s:St:vxhV" 172 173 #define MOREINFO "Try `%s --help' for more information.\n" 173 174 int option_index = 0; … … 193 194 { "include", 1, NULL, 'I' }, 194 195 #endif 196 { "list", 1, NULL, 'l' }, 195 197 { "md5", 0, NULL, 'm' }, 196 198 { "max-memory", 1, NULL, 'M' }, 197 199 { "network", 0, NULL, 'n' }, 198 { "p ick",1, NULL, 'p' },200 { "ports", 1, NULL, 'p' }, 199 201 { "protect", 1, NULL, 'P' }, 200 202 { "quiet", 0, NULL, 'q' }, … … 276 278 break; 277 279 #endif 280 case 'l': /* --list */ 281 opts->list = myoptarg; 282 break; 278 283 case 'm': /* --md5 */ 279 284 opts->md5 = 1; … … 287 292 case 'n': /* --network */ 288 293 setenv("ZZUF_NETWORK", "1", 1); 289 break; 290 case 'p': /* --pick */ 291 opts->pick = myoptarg; 294 network = 1; 295 break; 296 case 'p': /* --ports */ 297 opts->ports = myoptarg; 292 298 break; 293 299 case 'P': /* --protect */ … … 343 349 } 344 350 351 if(opts->ports && !network) 352 { 353 fprintf(stderr, "%s: port option (-p) requires network fuzzing (-n)\n", 354 argv[0]); 355 printf(MOREINFO, argv[0]); 356 _zz_opts_fini(opts); 357 return EXIT_FAILURE; 358 } 359 345 360 _zz_setratio(opts->minratio, opts->maxratio); 346 361 _zz_setseed(opts->seed); … … 397 412 if(opts->bytes) 398 413 setenv("ZZUF_BYTES", opts->bytes, 1); 399 if(opts->pick) 400 setenv("ZZUF_PICK", opts->pick, 1); 414 if(opts->list) 415 setenv("ZZUF_LIST", opts->list, 1); 416 if(opts->ports) 417 setenv("ZZUF_PORTS", opts->ports, 1); 401 418 if(opts->protect) 402 419 setenv("ZZUF_PROTECT", opts->protect, 1); … … 451 468 if(opts->bytes) 452 469 _zz_bytes(opts->bytes); 453 if(opts->pick) 454 _zz_pick(opts->pick); 470 if(opts->list) 471 _zz_list(opts->list); 472 if(opts->ports) 473 _zz_ports(opts->ports); 455 474 if(opts->protect) 456 475 _zz_protect(opts->protect); … … 1147 1166 printf( "[-M megabytes] "); 1148 1167 #endif 1149 printf( "[-b ranges] \n");1150 printf(" [-P protect] [-R refuse] [- p pick]");1168 printf( "[-b ranges] [-p ports]\n"); 1169 printf(" [-P protect] [-R refuse] [-l list]"); 1151 1170 #if defined HAVE_REGEX_H 1152 1171 printf( " [-I include] [-E exclude]"); … … 1177 1196 printf(" -I, --include <regex> only fuzz files matching <regex>\n"); 1178 1197 #endif 1198 printf(" -l, --list <list> only fuzz Nth descriptor with N in <list>\n"); 1179 1199 printf(" -m, --md5 compute the output's MD5 hash\n"); 1180 1200 #if defined HAVE_SETRLIMIT && defined ZZUF_RLIMIT_MEM … … 1182 1202 #endif 1183 1203 printf(" -n, --network fuzz network input\n"); 1184 printf(" -p, --p ick <list> only fuzz Nth descriptor with Nin <list>\n");1204 printf(" -p, --ports <list> only fuzz network destination ports in <list>\n"); 1185 1205 printf(" -P, --protect <list> protect bytes and characters in <list>\n"); 1186 1206 printf(" -q, --quiet do not print children's messages\n");
Note: See TracChangeset
for help on using the changeset viewer.