added test/fuzzing/ directory for fuzzing data and patches
authorMichael Rash <mbr@cipherdyne.org>
Sat, 20 Oct 2012 02:14:24 +0000 (22:14 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 20 Oct 2012 02:14:24 +0000 (22:14 -0400)
Makefile.am
test/fuzzing/bogus_spa_packets [moved from test/bogus_spa_packets with 100% similarity]
test/fuzzing/patches/enable_perl_fko_bogus_packets.patch [new file with mode: 0644]
test/fuzzing/patches/invalid_access_format.patch [new file with mode: 0644]
test/fuzzing/patches/invalid_long_proto_define_enc_mode_trigger.patch [new file with mode: 0644]
test/fuzzing/patches/invalid_long_proto_define_rijndael_trigger.patch [new file with mode: 0644]
test/fuzzing/patches/long_ip.patch [new file with mode: 0644]
test/test-fwknop.pl

index 71944c6..0b0ce97 100644 (file)
@@ -158,6 +158,13 @@ EXTRA_DIST = \
     test/conf/tcp_pcap_filter_fwknopd.conf \
     test/conf/icmp_pcap_filter_fwknopd.conf \
     test/conf/tcp_server_fwknopd.conf \
+    test/fuzzing/tcp_server_fwknopd.conf \
+    test/fuzzing/patches/invalid_long_proto_define_enc_mode_trigger.patch \
+    test/fuzzing/patches/enable_perl_fko_bogus_packets.patch \
+    test/fuzzing/patches/invalid_access_format.patch \
+    test/fuzzing/patches/long_ip.patch \
+    test/fuzzing/patches/invalid_long_proto_define_rijndael_trigger.patch \
+    test/fuzzing/bogus_spa_packets \
     test/hardening-check \
     test/local_spa.key \
     test/test-fwknop.pl \
diff --git a/test/fuzzing/patches/enable_perl_fko_bogus_packets.patch b/test/fuzzing/patches/enable_perl_fko_bogus_packets.patch
new file mode 100644 (file)
index 0000000..8e76804
--- /dev/null
@@ -0,0 +1,104 @@
+diff --git a/lib/fko_message.c b/lib/fko_message.c
+index 7d8237b..e627b0c 100644
+--- a/lib/fko_message.c
++++ b/lib/fko_message.c
+@@ -120,8 +120,8 @@ fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type)
+     if(!CTX_INITIALIZED(ctx))
+         return FKO_ERROR_CTX_NOT_INITIALIZED;
+-    if(msg_type < 0 || msg_type >= FKO_LAST_MSG_TYPE)
+-        return(FKO_ERROR_INVALID_DATA);
++//    if(msg_type < 0 || msg_type >= FKO_LAST_MSG_TYPE)
++//        return(FKO_ERROR_INVALID_DATA);
+     ctx->message_type = msg_type;
+@@ -159,14 +159,14 @@ fko_set_spa_message(fko_ctx_t ctx, const char *msg)
+     /* Gotta have a valid string.
+     */
+-    if(msg == NULL || strnlen(msg, MAX_SPA_MESSAGE_SIZE) == 0)
+-        return(FKO_ERROR_INVALID_DATA);
++//    if(msg == NULL || strnlen(msg, MAX_SPA_MESSAGE_SIZE) == 0)
++//        return(FKO_ERROR_INVALID_DATA);
+     /* --DSS XXX: Bail out for now.  But consider just
+      *            truncating in the future...
+     */
+-    if(strnlen(msg, MAX_SPA_MESSAGE_SIZE) == MAX_SPA_MESSAGE_SIZE)
+-        return(FKO_ERROR_DATA_TOO_LARGE);
++//    if(strnlen(msg, MAX_SPA_MESSAGE_SIZE) == MAX_SPA_MESSAGE_SIZE)
++ //       return(FKO_ERROR_DATA_TOO_LARGE);
+     /* Basic message type and format checking...
+     */
+@@ -175,8 +175,8 @@ fko_set_spa_message(fko_ctx_t ctx, const char *msg)
+     else
+         res = validate_access_msg(msg);
+-    if(res != FKO_SUCCESS)
+-        return(res);
++//    if(res != FKO_SUCCESS)
++//        return(res);
+     /* Just in case this is a subsquent call to this function.  We
+      * do not want to be leaking memory.
+@@ -278,6 +278,8 @@ validate_nat_access_msg(const char *msg)
+     int     res         = FKO_SUCCESS;
+     int     startlen    = strnlen(msg, MAX_SPA_MESSAGE_SIZE);
++    return res;
++
+     if(startlen == MAX_SPA_MESSAGE_SIZE)
+         return(FKO_ERROR_INVALID_DATA);
+diff --git a/lib/fko_nat_access.c b/lib/fko_nat_access.c
+index 03a7cad..47a0fe4 100644
+--- a/lib/fko_nat_access.c
++++ b/lib/fko_nat_access.c
+@@ -45,17 +45,17 @@ fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
+     /* Gotta have a valid string.
+     */
+-    if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0)
+-        return(FKO_ERROR_INVALID_DATA);
++//    if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0)
++//        return(FKO_ERROR_INVALID_DATA);
+     /* --DSS XXX: Bail out for now.  But consider just
+      *            truncating in the future...
+     */
+-    if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE)
+-        return(FKO_ERROR_DATA_TOO_LARGE);
++//    if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE)
++//        return(FKO_ERROR_DATA_TOO_LARGE);
+-    if((res = validate_nat_access_msg(msg)) != FKO_SUCCESS)
+-        return(res);
++//    if((res = validate_nat_access_msg(msg)) != FKO_SUCCESS)
++//        return(res);
+     /* Just in case this is a subsquent call to this function.  We
+      * do not want to be leaking memory.
+diff --git a/lib/fko_user.c b/lib/fko_user.c
+index 0c909dd..7f0f7eb 100644
+--- a/lib/fko_user.c
++++ b/lib/fko_user.c
+@@ -90,12 +90,12 @@ fko_set_username(fko_ctx_t ctx, const char *spoof_user)
+     /* Make sure it is just alpha-numeric chars and dashes
+     */
+-    if(isalnum(username[0]) == 0)
+-        return(FKO_ERROR_INVALID_DATA);
++ //   if(isalnum(username[0]) == 0)
++//        return(FKO_ERROR_INVALID_DATA);
+-    for (i=1; i < strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+-        if((isalnum(username[i]) == 0) && username[i] != '-')
+-            return(FKO_ERROR_INVALID_DATA);
++//    for (i=1; i < strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
++//        if((isalnum(username[i]) == 0) && username[i] != '-')
++//            return(FKO_ERROR_INVALID_DATA);
+     /* Just in case this is a subsquent call to this function.  We
+      * do not want to be leaking memory.
diff --git a/test/fuzzing/patches/invalid_access_format.patch b/test/fuzzing/patches/invalid_access_format.patch
new file mode 100644 (file)
index 0000000..2ebe818
--- /dev/null
@@ -0,0 +1,40 @@
+diff --git a/lib/fko_message.c b/lib/fko_message.c
+index 9148c2d..8ac1aca 100644
+--- a/lib/fko_message.c
++++ b/lib/fko_message.c
+@@ -221,12 +221,12 @@ validate_proto_port_spec(const char *msg)
+     if(strncmp(ndx, "tcp", 3)
+       && strncmp(ndx, "udp", 3)
+       && strncmp(ndx, "icmp", 4)
+-      && strncmp(ndx, "none", 4))
+-        return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
++      && strncmp(ndx, "none", 4));
++//        return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+     ndx = strchr(ndx, '/');
+-    if(ndx == NULL || ((1+(ndx - msg)) > MAX_PROTO_STR_LEN))
+-        return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
++    if(ndx == NULL || ((1+(ndx - msg)) > MAX_PROTO_STR_LEN));
++//        return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+     /* Skip over the '/' and make sure we only have digits.
+     */
+@@ -234,14 +234,14 @@ validate_proto_port_spec(const char *msg)
+     /* Must have at least one digit for the port number
+     */
+-    if(isdigit(*ndx) == 0)
+-        return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
++    if(isdigit(*ndx) == 0);
++//        return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+     while(*ndx != '\0' && *ndx != ',')
+     {
+         port_str_len++;
+-        if((isdigit(*ndx) == 0) || (port_str_len > MAX_PORT_STR_LEN))
+-            return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
++        if((isdigit(*ndx) == 0) || (port_str_len > MAX_PORT_STR_LEN));
++//            return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+         ndx++;
+     }
+     return(FKO_SUCCESS);
diff --git a/test/fuzzing/patches/invalid_long_proto_define_enc_mode_trigger.patch b/test/fuzzing/patches/invalid_long_proto_define_enc_mode_trigger.patch
new file mode 100644 (file)
index 0000000..f77a23e
--- /dev/null
@@ -0,0 +1,13 @@
+diff --git a/lib/fko.h b/lib/fko.h
+index 4910b17..14dcc8c 100644
+--- a/lib/fko.h
++++ b/lib/fko.h
+@@ -54,7 +54,7 @@ extern "C" {
+ /* General params
+ */
+-#define FKO_PROTOCOL_VERSION "2.0.2" /* The fwknop protocol version */
++#define FKO_PROTOCOL_VERSION "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" /* The fwknop protocol version */
+ /* Supported FKO Message types...
+ */
diff --git a/test/fuzzing/patches/invalid_long_proto_define_rijndael_trigger.patch b/test/fuzzing/patches/invalid_long_proto_define_rijndael_trigger.patch
new file mode 100644 (file)
index 0000000..f835586
--- /dev/null
@@ -0,0 +1,13 @@
+diff --git a/lib/fko.h b/lib/fko.h
+index 4910b17..fd869a4 100644
+--- a/lib/fko.h
++++ b/lib/fko.h
+@@ -54,7 +54,7 @@ extern "C" {
+ /* General params
+ */
+-#define FKO_PROTOCOL_VERSION "2.0.2" /* The fwknop protocol version */
++#define FKO_PROTOCOL_VERSION "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" /* The fwknop protocol version */
+ /* Supported FKO Message types...
+ */
diff --git a/test/fuzzing/patches/long_ip.patch b/test/fuzzing/patches/long_ip.patch
new file mode 100644 (file)
index 0000000..a2e7cf8
--- /dev/null
@@ -0,0 +1,13 @@
+diff --git a/lib/fko_limits.h b/lib/fko_limits.h
+index 7efba4b..e2621a6 100644
+--- a/lib/fko_limits.h
++++ b/lib/fko_limits.h
+@@ -51,7 +51,7 @@
+ #define MIN_SPA_FIELDS                6
+ #define MAX_SPA_FIELDS               10
+-#define MAX_IPV4_STR_LEN             16
++#define MAX_IPV4_STR_LEN             1000
+ #define MIN_IPV4_STR_LEN              7
+ /* Misc.
index d66c650..705ee19 100755 (executable)
@@ -100,7 +100,7 @@ my $loopback_intf = '';
 my $anonymize_results = 0;
 my $current_test_file = "$output_dir/init";
 my $tarfile = 'test_fwknop.tar.gz';
-my $bogus_pkts_file = 'bogus_spa_packets';
+my $bogus_pkts_file = 'fuzzing/bogus_spa_packets';
 my $fuzzing_key = 'testtest';
 my $server_test_file  = '';
 my $use_valgrind = 0;