DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

added test/fuzzing/ directory for fuzzing data and patches

Browse Source
This commit is contained in:
Michael Rash
2012-10-19 22:14:24 -04:00
parent 95001b7da8
commit 691d9503ee
8 changed files with 191 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile.am
View File

@@ -158,6 +158,13 @@ EXTRA_DIST = \
test/conf/tcp_pcap_filter_fwknopd.conf \
test/conf/icmp_pcap_filter_fwknopd.conf \
test/conf/tcp_server_fwknopd.conf \
test/fuzzing/tcp_server_fwknopd.conf \
test/fuzzing/patches/invalid_long_proto_define_enc_mode_trigger.patch \
test/fuzzing/patches/enable_perl_fko_bogus_packets.patch \
test/fuzzing/patches/invalid_access_format.patch \
test/fuzzing/patches/long_ip.patch \
test/fuzzing/patches/invalid_long_proto_define_rijndael_trigger.patch \
test/fuzzing/bogus_spa_packets \
test/hardening-check \
test/local_spa.key \
test/test-fwknop.pl \

0
test/bogus_spa_packets → test/fuzzing/bogus_spa_packets
View File

104
test/fuzzing/patches/enable_perl_fko_bogus_packets.patch Normal file
View File

@@ -0,0 +1,104 @@
diff --git a/lib/fko_message.c b/lib/fko_message.c
index 7d8237b..e627b0c 100644
--- a/lib/fko_message.c
+++ b/lib/fko_message.c
@@ -120,8 +120,8 @@ fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type)
if(!CTX_INITIALIZED(ctx))
return FKO_ERROR_CTX_NOT_INITIALIZED;
- if(msg_type < 0 || msg_type >= FKO_LAST_MSG_TYPE)
- return(FKO_ERROR_INVALID_DATA);
+// if(msg_type < 0 || msg_type >= FKO_LAST_MSG_TYPE)
+// return(FKO_ERROR_INVALID_DATA);
ctx->message_type = msg_type;
@@ -159,14 +159,14 @@ fko_set_spa_message(fko_ctx_t ctx, const char *msg)
/* Gotta have a valid string.
*/
- if(msg == NULL || strnlen(msg, MAX_SPA_MESSAGE_SIZE) == 0)
- return(FKO_ERROR_INVALID_DATA);
+// if(msg == NULL || strnlen(msg, MAX_SPA_MESSAGE_SIZE) == 0)
+// return(FKO_ERROR_INVALID_DATA);
/* --DSS XXX: Bail out for now. But consider just
* truncating in the future...
*/
- if(strnlen(msg, MAX_SPA_MESSAGE_SIZE) == MAX_SPA_MESSAGE_SIZE)
- return(FKO_ERROR_DATA_TOO_LARGE);
+// if(strnlen(msg, MAX_SPA_MESSAGE_SIZE) == MAX_SPA_MESSAGE_SIZE)
+ // return(FKO_ERROR_DATA_TOO_LARGE);
/* Basic message type and format checking...
*/
@@ -175,8 +175,8 @@ fko_set_spa_message(fko_ctx_t ctx, const char *msg)
else
res = validate_access_msg(msg);
- if(res != FKO_SUCCESS)
- return(res);
+// if(res != FKO_SUCCESS)
+// return(res);
/* Just in case this is a subsquent call to this function. We
* do not want to be leaking memory.
@@ -278,6 +278,8 @@ validate_nat_access_msg(const char *msg)
int res = FKO_SUCCESS;
int startlen = strnlen(msg, MAX_SPA_MESSAGE_SIZE);
+ return res;
+
if(startlen == MAX_SPA_MESSAGE_SIZE)
return(FKO_ERROR_INVALID_DATA);
diff --git a/lib/fko_nat_access.c b/lib/fko_nat_access.c
index 03a7cad..47a0fe4 100644
--- a/lib/fko_nat_access.c
+++ b/lib/fko_nat_access.c
@@ -45,17 +45,17 @@ fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
/* Gotta have a valid string.
*/
- if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0)
- return(FKO_ERROR_INVALID_DATA);
+// if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0)
+// return(FKO_ERROR_INVALID_DATA);
/* --DSS XXX: Bail out for now. But consider just
* truncating in the future...
*/
- if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE)
- return(FKO_ERROR_DATA_TOO_LARGE);
+// if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE)
+// return(FKO_ERROR_DATA_TOO_LARGE);
- if((res = validate_nat_access_msg(msg)) != FKO_SUCCESS)
- return(res);
+// if((res = validate_nat_access_msg(msg)) != FKO_SUCCESS)
+// return(res);
/* Just in case this is a subsquent call to this function. We
* do not want to be leaking memory.
diff --git a/lib/fko_user.c b/lib/fko_user.c
index 0c909dd..7f0f7eb 100644
--- a/lib/fko_user.c
+++ b/lib/fko_user.c
@@ -90,12 +90,12 @@ fko_set_username(fko_ctx_t ctx, const char *spoof_user)
/* Make sure it is just alpha-numeric chars and dashes
*/
- if(isalnum(username[0]) == 0)
- return(FKO_ERROR_INVALID_DATA);
+ // if(isalnum(username[0]) == 0)
+// return(FKO_ERROR_INVALID_DATA);
- for (i=1; i < strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
- if((isalnum(username[i]) == 0) && username[i] != '-')
- return(FKO_ERROR_INVALID_DATA);
+// for (i=1; i < strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+// if((isalnum(username[i]) == 0) && username[i] != '-')
+// return(FKO_ERROR_INVALID_DATA);
/* Just in case this is a subsquent call to this function. We
* do not want to be leaking memory.

40
test/fuzzing/patches/invalid_access_format.patch Normal file
View File

@@ -0,0 +1,40 @@
diff --git a/lib/fko_message.c b/lib/fko_message.c
index 9148c2d..8ac1aca 100644
--- a/lib/fko_message.c
+++ b/lib/fko_message.c
@@ -221,12 +221,12 @@ validate_proto_port_spec(const char *msg)
if(strncmp(ndx, "tcp", 3)
&& strncmp(ndx, "udp", 3)
&& strncmp(ndx, "icmp", 4)
- && strncmp(ndx, "none", 4))
- return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+ && strncmp(ndx, "none", 4));
+// return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
ndx = strchr(ndx, '/');
- if(ndx == NULL || ((1+(ndx - msg)) > MAX_PROTO_STR_LEN))
- return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+ if(ndx == NULL || ((1+(ndx - msg)) > MAX_PROTO_STR_LEN));
+// return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
/* Skip over the '/' and make sure we only have digits.
*/
@@ -234,14 +234,14 @@ validate_proto_port_spec(const char *msg)
/* Must have at least one digit for the port number
*/
- if(isdigit(*ndx) == 0)
- return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+ if(isdigit(*ndx) == 0);
+// return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
while(*ndx != '\0' && *ndx != ',')
{
port_str_len++;
- if((isdigit(*ndx) == 0) || (port_str_len > MAX_PORT_STR_LEN))
- return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
+ if((isdigit(*ndx) == 0) || (port_str_len > MAX_PORT_STR_LEN));
+// return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
ndx++;
}
return(FKO_SUCCESS);

13
test/fuzzing/patches/invalid_long_proto_define_enc_mode_trigger.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/lib/fko.h b/lib/fko.h
index 4910b17..14dcc8c 100644
--- a/lib/fko.h
+++ b/lib/fko.h
@@ -54,7 +54,7 @@ extern "C" {
/* General params
*/
-#define FKO_PROTOCOL_VERSION "2.0.2" /* The fwknop protocol version */
+#define FKO_PROTOCOL_VERSION "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" /* The fwknop protocol version */
/* Supported FKO Message types...
*/

13
test/fuzzing/patches/invalid_long_proto_define_rijndael_trigger.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/lib/fko.h b/lib/fko.h
index 4910b17..fd869a4 100644
--- a/lib/fko.h
+++ b/lib/fko.h
@@ -54,7 +54,7 @@ extern "C" {
/* General params
*/
-#define FKO_PROTOCOL_VERSION "2.0.2" /* The fwknop protocol version */
+#define FKO_PROTOCOL_VERSION "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" /* The fwknop protocol version */
/* Supported FKO Message types...
*/

13
test/fuzzing/patches/long_ip.patch Normal file
View File

@@ -0,0 +1,13 @@
diff --git a/lib/fko_limits.h b/lib/fko_limits.h
index 7efba4b..e2621a6 100644
--- a/lib/fko_limits.h
+++ b/lib/fko_limits.h
@@ -51,7 +51,7 @@
#define MIN_SPA_FIELDS 6
#define MAX_SPA_FIELDS 10
-#define MAX_IPV4_STR_LEN 16
+#define MAX_IPV4_STR_LEN 1000
#define MIN_IPV4_STR_LEN 7
/* Misc.

2
test/test-fwknop.pl
View File

@@ -100,7 +100,7 @@ my $loopback_intf = '';
my $anonymize_results = 0;
my $current_test_file = "$output_dir/init";
my $tarfile = 'test_fwknop.tar.gz';
my $bogus_pkts_file = 'bogus_spa_packets';
my $bogus_pkts_file = 'fuzzing/bogus_spa_packets';
my $fuzzing_key = 'testtest';
my $server_test_file = '';
my $use_valgrind = 0;