Merge branch 'master' of github.com:sctplab/usrsctp
diff --git a/fuzzer/build-fuzzer.sh b/fuzzer/build-fuzzer.sh
index f188031..59111e1 100755
--- a/fuzzer/build-fuzzer.sh
+++ b/fuzzer/build-fuzzer.sh
@@ -1,30 +1,50 @@
-#!/bin/sh
+#!/usr/bin/env bash
set -e
NPROC=1
+# OS detection
if [ "$(uname)" = "Linux" ]; then
- NPROC=$(nproc)
- CC=clang-9
+ NPROC=$(nproc)
+ CC=clang-10
+ LINKER=ld.lld-10
elif [ "$(uname)" = "Darwin" ]; then
- NPROC=$(sysctl -n hw.ncpu)
- CC=/usr/local/opt/llvm/bin/clang
+ NPROC=$(sysctl -n hw.ncpu)
+ CC=/usr/local/opt/llvm/bin/clang
+ LINKER=/usr/local/opt/llvm/bin/ld.lld
elif [ "$(uname)" = "FreeBSD" ]; then
- NPROC=$(sysctl -n hw.ncpu)
- CC=clang90
+ NPROC=$(sysctl -n hw.ncpu)
+ CC=clang-devel
+ LINKER=ld.lld-devel
else
- echo "Error: $(uname) not supported, sorry!"
- exit 1
+ echo "Error: $(uname) not supported, sorry!"
+ exit 1
fi
+# Check if we have a compiler
if ! [ -x "$(command -v $CC)" ]; then
- echo "Error: $CC is not installed!" >&2
- exit 1
+ echo "Error: $CC is not installed!" >&2
+ exit 1
fi
echo "OS :" $(uname)
echo "CC :" $CC
echo "NP :" $NPROC
-cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_address=1 -DCMAKE_C_COMPILER="$CC" -DCMAKE_BUILD_TYPE=RelWithDebInfo .
+# Go to script directory
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$SCRIPT_DIR"
+cd ".."
+
+pwd
+
+# Find and then delete all files under current directory (.) that:
+# 1. contains "cmake" (case-&insensitive) in its path (wholename)
+# 2. name is not CMakeLists.txt
+find . -iwholename '*cmake*' -not -name CMakeLists.txt -delete
+
+# Build with ASAN / MSAN
+cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_address=1 -DCMAKE_LINKER="$LINKER" -DCMAKE_C_COMPILER="$CC" -DCMAKE_BUILD_TYPE=RelWithDebInfo .
+#cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_memory=1 -DCMAKE_LINKER="$LINKER" -DCMAKE_C_COMPILER="$CC" -DCMAKE_BUILD_TYPE=RelWithDebInfo .
+
make -j"$NPROC"
diff --git a/fuzzer/check-input.sh b/fuzzer/check-input.sh
index 51ea703..78c152c 100755
--- a/fuzzer/check-input.sh
+++ b/fuzzer/check-input.sh
@@ -4,27 +4,37 @@
# usage: check-input.sh input_data
#
-set -e
-set -u
+set -e # stop on error
+set -u # uinitialized variables -> error!
#make
+C_RED='\033[0;31m' # RED
+C_GRN='\033[0;32m' # RED
+C_NOC='\033[0m' # No Color
+
echo "Fuzzer Input: $1"
echo "########## Beginning Fuzzer Chain"
echo ""
set +e
-./fuzzer_connect_multi_verbose -timeout=30 $1 2>$1.log
+./fuzzer_connect_multi_verbose -timeout=30 $1 > $1.log 2>&1
FUZZER_RETVAL=$?
set -e
+echo "Fuzzer returncode: $FUZZER_RETVAL"
+
if [ "$FUZZER_RETVAL" -eq "0" ]; then
- echo "Execution successful - fuzzer terminated without an issue"
+ echo -e "$C_RED"
+ echo "$1 - NOT REPRODUCABLE"
+ echo -e "$C_NOC"
elif [ "$FUZZER_RETVAL" -eq "77" ]; then
- echo "Exceution successful - found an issue!"
+ echo -e "$C_GRN"
+ echo "$1 - REPRODUCABLE"
+ echo -e "$C_NOC"
else
- echo "Internal error, exiting!"
- exit
+ echo "Unexpected return code: $FUZZER_RETVAL - handle with care..!"
+ #exit
fi
grep "# SCTP_PACKET" $1.log > $1.pcap-log
@@ -38,7 +48,7 @@
# Open Wireshark if we have an X session
if [ -z ${DISPLAY+x} ]; then
- echo "\$DISPLAY unset, skipping wireshark"
+ echo "\$DISPLAY unset, skipping wireshark"
else
- wireshark $1.pcapng
+ wireshark $1.pcapng
fi
diff --git a/fuzzer/fuzzer_connect_multi.sh b/fuzzer/fuzzer_connect_multi.sh
index 665cfd6..f7ac359 100755
--- a/fuzzer/fuzzer_connect_multi.sh
+++ b/fuzzer/fuzzer_connect_multi.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
-export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0
+export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0:detect_leaks=1
ulimit -c unlimited
mkdir -p CORPUS_CONNECT
diff --git a/fuzzer/text2pcap.sh b/fuzzer/text2pcap.sh
deleted file mode 100644
index 0c46c3b..0000000
--- a/fuzzer/text2pcap.sh
+++ /dev/null
@@ -1 +0,0 @@
-text2pcap -n -l 248 -D -t "%H:%M:%S." fuzzer.log fuzzer.pcapng
diff --git a/programs/programs_helper.c b/programs/programs_helper.c
index 4cfea15..49185c2 100644
--- a/programs/programs_helper.c
+++ b/programs/programs_helper.c
@@ -53,12 +53,8 @@
{
va_list ap;
- fprintf(stderr, "[S]");
-
- debug_printf_runtime();
-
va_start(ap, format);
- vfprintf(stderr, format, ap);
+ vprintf(format, ap);
va_end(ap);
}
diff --git a/usrsctplib/netinet/sctp_callout.c b/usrsctplib/netinet/sctp_callout.c
index 3ba5270..4ca094f 100755
--- a/usrsctplib/netinet/sctp_callout.c
+++ b/usrsctplib/netinet/sctp_callout.c
@@ -59,13 +59,13 @@
* Callout/Timer routines for OS that doesn't have them
*/
#if defined(__APPLE__) || defined(__Userspace__)
-static int ticks = 0;
+static uint32_t ticks = 0;
#else
extern int ticks;
#endif
-int sctp_get_tick_count(void) {
- int ret;
+uint32_t sctp_get_tick_count(void) {
+ uint32_t ret;
SCTP_TIMERQ_LOCK();
ret = ticks;
@@ -218,7 +218,7 @@
}
void
-sctp_handle_tick(int delta)
+sctp_handle_tick(uint32_t elapsed_ticks)
{
sctp_os_timer_t *c;
void (*c_func)(void *);
@@ -227,10 +227,10 @@
SCTP_TIMERQ_LOCK();
/* update our tick count */
- ticks += delta;
+ ticks += elapsed_ticks;
c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue));
while (c) {
- if (c->c_time <= ticks) {
+ if (SCTP_UINT32_GE(ticks, c->c_time)) {
sctp_os_timer_next = TAILQ_NEXT(c, tqe);
TAILQ_REMOVE(&SCTP_BASE_INFO(callqueue), c, tqe);
c_func = c->c_func;
diff --git a/usrsctplib/netinet/sctp_callout.h b/usrsctplib/netinet/sctp_callout.h
index 3ac6c5b..334204e 100755
--- a/usrsctplib/netinet/sctp_callout.h
+++ b/usrsctplib/netinet/sctp_callout.h
@@ -84,13 +84,13 @@
#endif
#endif
-int sctp_get_tick_count(void);
+uint32_t sctp_get_tick_count(void);
TAILQ_HEAD(calloutlist, sctp_callout);
struct sctp_callout {
TAILQ_ENTRY(sctp_callout) tqe;
- int c_time; /* ticks to the event */
+ uint32_t c_time; /* ticks to the event */
void *c_arg; /* function argument */
void (*c_func)(void *); /* function to call */
int c_flags; /* state of this entry */
@@ -103,7 +103,7 @@
void sctp_os_timer_init(sctp_os_timer_t *tmr);
void sctp_os_timer_start(sctp_os_timer_t *, int, void (*)(void *), void *);
int sctp_os_timer_stop(sctp_os_timer_t *);
-void sctp_handle_tick(int delta);
+void sctp_handle_tick(uint32_t);
#define SCTP_OS_TIMER_INIT sctp_os_timer_init
#define SCTP_OS_TIMER_START sctp_os_timer_start
diff --git a/usrsctplib/user_socket.c b/usrsctplib/user_socket.c
index bde5428..df4dbec 100755
--- a/usrsctplib/user_socket.c
+++ b/usrsctplib/user_socket.c
@@ -3528,7 +3528,7 @@
return;
}
-void usrsctp_handle_timers(int delta)
+void usrsctp_handle_timers(uint32_t delta)
{
sctp_handle_tick(delta);
}
diff --git a/usrsctplib/usrsctp.h b/usrsctplib/usrsctp.h
index c717431..e71df16 100644
--- a/usrsctplib/usrsctp.h
+++ b/usrsctplib/usrsctp.h
@@ -315,7 +315,7 @@
uint32_t sre_length;
uint16_t sre_error;
sctp_assoc_t sre_assoc_id;
- uint8_t sre_data[4];
+ uint8_t sre_data[];
};
/* shutdown event */
@@ -1042,7 +1042,7 @@
void
-usrsctp_handle_timers(int delta);
+usrsctp_handle_timers(uint32_t delta);
#define SCTP_DUMP_OUTBOUND 1
#define SCTP_DUMP_INBOUND 0