[client] ensure no dns, http, or other network comms in AFL fuzzing mode

2015-05-14 17:51:25 -07:00 · 2015-05-14 17:51:25 -07:00 · 136d017afb
commit 136d017afb
parent 7817d28a2d
3 changed files with 49 additions and 6 deletions
--- a/client/config_init.c
+++ b/client/config_init.c
@ -1869,12 +1869,6 @@ validate_options(fko_cli_options_t *options)
            snprintf(options->http_user_agent, HTTP_MAX_USER_AGENT_LEN,
                "%s%s", "Fwknop/", MY_VERSION);

-#if AFL_FUZZING
-    /* Don't issue IP resolution requests in AFL fuzzing mode
-    */
-    options->resolve_ip_http_https = 0;
-#endif
-
    if(options->http_proxy[0] != 0x0 && options->spa_proto != FKO_PROTO_HTTP)
    {
        log_msg(LOG_VERBOSITY_ERROR,
--- a/client/http_resolve_host.c
+++ b/client/http_resolve_host.c
@ -45,6 +45,10 @@
  #include <sys/wait.h>
 #endif

+#if AFL_FUZZING
+  #define AFL_SET_RESOLVE_HOST "192.168.12.123" /* force to non-routable IP */
+#endif
+
 struct url
 {
    char    port[MAX_PORT_STR_LEN+1];
@ -95,6 +99,19 @@ try_url(struct url *url, fko_cli_options_t *options)
    hints.ai_socktype = SOCK_STREAM;
    hints.ai_protocol = IPPROTO_TCP;

+#if AFL_FUZZING
+    /* Make sure to not generate any resolution requests when compiled
+     * for AFL fuzzing cycles
+    */
+    strlcpy(options->allow_ip_str, AFL_SET_RESOLVE_HOST,
+            sizeof(options->allow_ip_str));
+    log_msg(LOG_VERBOSITY_INFO,
+                "\n[+] AFL fuzzing cycle, force IP resolution to: %s",
+                options->allow_ip_str);
+
+    return(1);
+#endif
+
    error = getaddrinfo(url->host, url->port, &hints, &result);
    if (error != 0)
    {
@ -381,6 +398,19 @@ resolve_ip_https(fko_cli_options_t *options)
        strlcat(wget_ssl_cmd, WGET_RESOLVE_URL_SSL, sizeof(wget_ssl_cmd));
    }

+#if AFL_FUZZING
+    /* Make sure to not generate any resolution requests when compiled
+     * for AFL fuzzing cycles
+    */
+    strlcpy(options->allow_ip_str, AFL_SET_RESOLVE_HOST,
+            sizeof(options->allow_ip_str));
+    log_msg(LOG_VERBOSITY_INFO,
+                "\n[+] AFL fuzzing cycle, force IP resolution to: %s",
+                options->allow_ip_str);
+
+    return(1);
+#endif
+
 #if HAVE_EXECVPE
    if(strtoargv(wget_ssl_cmd, wget_argv, &wget_argc, options) != 1)
    {
--- a/client/spa_comm.c
+++ b/client/spa_comm.c
@ -119,6 +119,14 @@ send_spa_packet_tcp_or_udp(const char *spa_data, const int sd_len,

    snprintf(port_str, MAX_PORT_STR_LEN+1, "%d", options->spa_dst_port);

+#if AFL_FUZZING
+    /* Make sure to never send SPA packets under AFL fuzzing cycles
+    */
+    log_msg(LOG_VERBOSITY_NORMAL,
+        "AFL fuzzing enabled, SPA packet not actually sent.");
+    return res;
+#endif
+
    error = getaddrinfo(options->spa_server_str, port_str, &hints, &result);

    if (error != 0)
@ -590,6 +598,9 @@ send_spa_packet_http(const char *spa_data, const int sd_len,
        return 0;
    }

+    /* In AFL fuzzing mode, the following function will not send
+     * the SPA packet.
+    */
    return send_spa_packet_tcp_or_udp(http_buf, strlen(http_buf), options);
 }

@ -684,6 +695,14 @@ send_spa_packet(fko_ctx_t ctx, fko_cli_options_t *options)
         * the ip address */
        hints.ai_family = AF_INET;

+#if AFL_FUZZING
+        /* Make sure to never send SPA packets under AFL fuzzing cycles
+        */
+        log_msg(LOG_VERBOSITY_NORMAL,
+            "AFL fuzzing enabled, SPA packet not actually sent.");
+        return res;
+#endif
+
        if (resolve_dest_adr(options->spa_server_str, &hints, ip_str, sizeof(ip_str)) != 0)
        {
            log_msg(LOG_VERBOSITY_ERROR, "[*] Unable to resolve %s as an ip address",