Kenji Arai / mbed-os_TYBLE16

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers fuzz.c Source File

fuzz.c

00001 /*
00002  * Copyright (c) 2001-2003 Swedish Institute of Computer Science.
00003  * All rights reserved. 
00004  * 
00005  * Redistribution and use in source and binary forms, with or without modification, 
00006  * are permitted provided that the following conditions are met:
00007  *
00008  * 1. Redistributions of source code must retain the above copyright notice,
00009  *    this list of conditions and the following disclaimer.
00010  * 2. Redistributions in binary form must reproduce the above copyright notice,
00011  *    this list of conditions and the following disclaimer in the documentation
00012  *    and/or other materials provided with the distribution.
00013  * 3. The name of the author may not be used to endorse or promote products
00014  *    derived from this software without specific prior written permission. 
00015  *
00016  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 
00017  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
00018  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 
00019  * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
00020  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 
00021  * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
00022  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
00023  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 
00024  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
00025  * OF SUCH DAMAGE.
00026  *
00027  * This file is part of the lwIP TCP/IP stack.
00028  * 
00029  * Author: Erik Ekman <erik@kryo.se>
00030  *
00031  */
00032 
00033 #include "lwip/init.h"
00034 #include "lwip/netif.h"
00035 #include "lwip/dns.h"
00036 #include "netif/etharp.h"
00037 #if LWIP_IPV6
00038 #include "lwip/ethip6.h"
00039 #include "lwip/nd6.h"
00040 #endif
00041 
00042 #include "lwip/apps/httpd.h"
00043 #include "lwip/apps/snmp.h"
00044 #include "lwip/apps/lwiperf.h"
00045 #include "lwip/apps/mdns.h"
00046 
00047 #include <string.h>
00048 #include <stdio.h>
00049 
00050 /* This define enables multi packet processing.
00051  * For this, the input is interpreted as 2 byte length + data + 2 byte length + data...
00052  * #define LWIP_FUZZ_MULTI_PACKET
00053 */
00054 #ifdef LWIP_FUZZ_MULTI_PACKET
00055 u8_t pktbuf[20000];
00056 #else
00057 u8_t pktbuf[2000];
00058 #endif
00059 
00060 /* no-op send function */
00061 static err_t lwip_tx_func(struct netif *netif, struct pbuf *p)
00062 {
00063   LWIP_UNUSED_ARG(netif);
00064   LWIP_UNUSED_ARG(p);
00065   return ERR_OK;
00066 }
00067 
00068 static err_t testif_init(struct netif *netif)
00069 {
00070   netif->name[0] = 'f';
00071   netif->name[1] = 'z';
00072   netif->output = etharp_output;
00073   netif->linkoutput = lwip_tx_func;
00074   netif->mtu = 1500;
00075   netif->hwaddr_len = 6;
00076   netif->flags = NETIF_FLAG_BROADCAST | NETIF_FLAG_ETHARP | NETIF_FLAG_IGMP;
00077 
00078   netif->hwaddr[0] = 0x00;
00079   netif->hwaddr[1] = 0x23;
00080   netif->hwaddr[2] = 0xC1;
00081   netif->hwaddr[3] = 0xDE;
00082   netif->hwaddr[4] = 0xD0;
00083   netif->hwaddr[5] = 0x0D;
00084 
00085 #if LWIP_IPV6
00086   netif->output_ip6 = ethip6_output;
00087   netif->ip6_autoconfig_enabled = 1;
00088   netif_create_ip6_linklocal_address(netif, 1);
00089   netif->flags |= NETIF_FLAG_MLD6;
00090 #endif
00091 
00092   return ERR_OK;
00093 }
00094 
00095 static void input_pkt(struct netif *netif, const u8_t *data, size_t len)
00096 {
00097   struct pbuf *p, *q;
00098   err_t err;
00099 
00100   LWIP_ASSERT("pkt too big", len <= 0xFFFF);
00101   p = pbuf_alloc(PBUF_RAW, (u16_t)len, PBUF_POOL);
00102   LWIP_ASSERT("alloc failed", p);
00103   for(q = p; q != NULL; q = q->next) {
00104     MEMCPY(q->payload, data, q->len);
00105     data += q->len;
00106   }
00107   err = netif->input(p, netif);
00108   if (err != ERR_OK) {
00109     pbuf_free(p);
00110   }
00111 }
00112 
00113 static void input_pkts(struct netif *netif, const u8_t *data, size_t len)
00114 {
00115 #ifdef LWIP_FUZZ_MULTI_PACKET
00116   const u16_t max_packet_size = 1514;
00117   const u8_t *ptr = data;
00118   size_t rem_len = len;
00119 
00120   while (rem_len > sizeof(u16_t)) {
00121     u16_t frame_len;
00122     memcpy(&frame_len, ptr, sizeof(u16_t));
00123     ptr += sizeof(u16_t);
00124     rem_len -= sizeof(u16_t);
00125     frame_len = htons(frame_len) & 0x7FF;
00126     frame_len = LWIP_MIN(frame_len, max_packet_size);
00127     if (frame_len > rem_len) {
00128       frame_len = (u16_t)rem_len;
00129     }
00130     if (frame_len != 0) {
00131       input_pkt(netif, ptr, frame_len);
00132     }
00133     ptr += frame_len;
00134     rem_len -= frame_len;
00135   }
00136 #else /* LWIP_FUZZ_MULTI_PACKET */
00137   input_pkt(netif, data, len);
00138 #endif /* LWIP_FUZZ_MULTI_PACKET */
00139 }
00140 
00141 int main(int argc, char** argv)
00142 {
00143   struct netif net_test;
00144   ip4_addr_t addr;
00145   ip4_addr_t netmask;
00146   ip4_addr_t gw;
00147   size_t len;
00148 
00149   lwip_init();
00150 
00151   IP4_ADDR(&addr, 172, 30, 115, 84);
00152   IP4_ADDR(&netmask, 255, 255, 255, 0);
00153   IP4_ADDR(&gw, 172, 30, 115, 1);
00154 
00155   netif_add(&net_test, &addr, &netmask, &gw, &net_test, testif_init, ethernet_input);
00156   netif_set_up(&net_test);
00157   netif_set_link_up(&net_test);
00158 
00159 #if LWIP_IPV6
00160   nd6_tmr(); /* tick nd to join multicast groups */
00161 #endif
00162   dns_setserver(0, &net_test.gw);
00163 
00164   /* initialize apps */
00165   httpd_init();
00166   lwiperf_start_tcp_server_default(NULL, NULL);
00167   mdns_resp_init();
00168   mdns_resp_add_netif(&net_test, "hostname", 255);
00169   snmp_init();
00170 
00171   if(argc > 1) {
00172     FILE* f;
00173     const char* filename;
00174     printf("reading input from file... ");
00175     fflush(stdout);
00176     filename = argv[1];
00177     LWIP_ASSERT("invalid filename", filename != NULL);
00178     f = fopen(filename, "rb");
00179     LWIP_ASSERT("open failed", f != NULL);
00180     len = fread(pktbuf, 1, sizeof(pktbuf), f);
00181     fclose(f);
00182     printf("testing file: \"%s\"...\r\n", filename);
00183   } else {
00184     len = fread(pktbuf, 1, sizeof(pktbuf), stdin);
00185   }
00186   input_pkts(&net_test, pktbuf, len);
00187 
00188   return 0;
00189 }