DhcpFuzzer: dhcp client addded

diff --git a/components/lwip/test_afl_host/Makefile b/components/lwip/test_afl_host/Makefile
index 1762fc6faf1608645e170bcf2379f4dfe6c44e00..a3da02e11e48374900a18cf0de2e1af412e7c816 100644 (file)
--- a/components/lwip/test_afl_host/Makefile
+++ b/components/lwip/test_afl_host/Makefile
@@ -1,28 +1,39 @@
 COMPONENTS_DIR=../..
-CFLAGS=-std=gnu99 -Og -ggdb -ffunction-sections -fdata-sections -nostdlib -Wall -Werror=all -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-address   -Wno-unused-variable -DESP_PLATFORM -D IDF_VER=\"v3.1-dev-961-ga2556229-dirty\" -MMD -MP   -DWITH_POSIX \
--DIRAM_ATTR='' -D__ESP_ATTR_H__
+CFLAGS=-std=gnu99 -Og -ggdb -ffunction-sections -fdata-sections -nostdlib -Wall  -Werror=all -Wno-int-to-pointer-cast -Wno-error=unused-function -Wno-error=unused-variable -Wno-error=deprecated-declarations -Wextra \
+-Wno-unused-parameter -Wno-sign-compare -Wno-address   -Wno-unused-variable -DESP_PLATFORM -D IDF_VER=\"v3.1\" -MMD -MP -DWITH_POSIX
 INC_DIRS=-I . -I $(COMPONENTS_DIR)/lwip/include/lwip -I $(COMPONENTS_DIR)/lwip/include/lwip/port -I $(COMPONENTS_DIR)/lwip/include/lwip/posix -I $(COMPONENTS_DIR)/lwip/apps/ping -I $(COMPONENTS_DIR)/app_trace/include -I $(COMPONENTS_DIR)/app_update/include -I $(COMPONENTS_DIR)/bootloader_support/include -I $(COMPONENTS_DIR)/bt/include -I $(COMPONENTS_DIR)/coap/port/include -I $(COMPONENTS_DIR)/coap/port/include/coap -I $(COMPONENTS_DIR)/coap/libcoap/include -I \ $(COMPONENTS_DIR)/coap/libcoap/include/coap -I $(COMPONENTS_DIR)/console -I $(COMPONENTS_DIR)/cxx/include -I $(COMPONENTS_DIR)/driver/include -I $(COMPONENTS_DIR)/esp-tls -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/esp_adc_cal/include -I $(COMPONENTS_DIR)/ethernet/include -I $(COMPONENTS_DIR)/expat/port/include -I $(COMPONENTS_DIR)/expat/include/expat -I $(COMPONENTS_DIR)/fatfs/src -I $(COMPONENTS_DIR)/freertos/include -I $(COMPONENTS_DIR)/heap/include -I \ $(COMPONENTS_DIR)/idf_test/include -I $(COMPONENTS_DIR)/jsmn/include -I $(COMPONENTS_DIR)/json/cJSON -I $(COMPONENTS_DIR)/libsodium/libsodium/src/libsodium/include -I $(COMPONENTS_DIR)/libsodium/port_include -I $(COMPONENTS_DIR)/log/include -I /home/david/esp/esp-idf/examples/wifi/simple_wifi/main/include -I $(COMPONENTS_DIR)/mbedtls/port/include -I $(COMPONENTS_DIR)/mbedtls/include -I $(COMPONENTS_DIR)/mdns/include -I $(COMPONENTS_DIR)/micro-ecc/micro-ecc -I \ $(COMPONENTS_DIR)/newlib/platform_include -I $(COMPONENTS_DIR)/newlib/include -I $(COMPONENTS_DIR)/nghttp/port/include -I $(COMPONENTS_DIR)/nghttp/nghttp2/lib/includes -I $(COMPONENTS_DIR)/nvs_flash/include -I $(COMPONENTS_DIR)/openssl/include -I $(COMPONENTS_DIR)/pthread/include -I $(COMPONENTS_DIR)/sdmmc/include -I $(COMPONENTS_DIR)/smartconfig/include -I $(COMPONENTS_DIR)/soc/esp32/include -I $(COMPONENTS_DIR)/soc/include -I $(COMPONENTS_DIR)/spi_flash/include -I \ $(COMPONENTS_DIR)/spiffs/include -I $(COMPONENTS_DIR)/tcpip_adapter/include -I $(COMPONENTS_DIR)/ulp/include -I $(COMPONENTS_DIR)/vfs/include -I $(COMPONENTS_DIR)/wear_levelling/include -I $(COMPONENTS_DIR)/wpa_supplicant/include -I $(COMPONENTS_DIR)/wpa_supplicant/port/include -I $(COMPONENTS_DIR)/esp32/include -I $(COMPONENTS_DIR)/xtensa-debug-module/include
 TEST_NAME=test
 FUZZ=afl-fuzz
 LD=$(CC)
-DHCPSERVER_C_DEPENDENCY_INJECTION=-include dhcpserver_di.h
+ifeq ($(MODE),client)
+    DHCP_C_DEPENDENCY_INJECTION=-include dhcp_di.h
+    OBJECTS=dhcp.o network_mock.o test_client.o
+    SAMPLE_PACKETS=in_client
+else 
+    DHCP_C_DEPENDENCY_INJECTION=-include dhcpserver_di.h
+    OBJECTS=dhcpserver.o test_server.o network_mock.o
+    SAMPLE_PACKETS=in_server
+endif
 
-ifeq ($(MODE),sim)
+ifeq ($(INSTR),off)
     CC=gcc
-    CFLAGS+=-DSIM
+    CFLAGS+=-DINSTR_IS_OFF
     TEST_NAME=test_sim
 else
     CC=afl-clang-fast
 endif
 
 CFLAGS+=$(INC_DIRS)
-OBJECTS=dhcpserver.o test.o network_mock.o
 
 all: $(TEST_NAME)
 
+dhcp.o: ../core/ipv4/dhcp.c
+       @echo "[CC] $<"
+       @$(CC) $(CFLAGS) $(DHCP_C_DEPENDENCY_INJECTION) -c $< -o $@
+
 dhcpserver.o: ../apps/dhcpserver.c
        @echo "[CC] $<"
-       $(CC) $(CFLAGS) $(DHCPSERVER_C_DEPENDENCY_INJECTION) -c $< -o $@
+       @$(CC) $(CFLAGS) $(DHCP_C_DEPENDENCY_INJECTION) -c $< -o $@
 
 %.o: %.c
        @echo "[CC] $<"
@@ -33,4 +44,4 @@ $(TEST_NAME): $(OBJECTS)
        @$(LD)  $(OBJECTS) -o $@ $(LDLIBS)
 
 fuzz: $(TEST_NAME)
-       @$(FUZZ) -i "in" -o "out" -- ./$(TEST_NAME)
+       @$(FUZZ) -t 500 -i "$(SAMPLE_PACKETS)" -o "out" -- ./$(TEST_NAME)

diff --git a/components/lwip/test_afl_host/dhcp_di.h b/components/lwip/test_afl_host/dhcp_di.h
new file mode 100644 (file)
index 0000000..5e7d960
--- /dev/null
+++ b/components/lwip/test_afl_host/dhcp_di.h
@@ -0,0 +1,32 @@
+#include "no_warn_host.h"
+#include "lwip/opt.h"
+#include "lwip/stats.h"
+#include "lwip/mem.h"
+#include "lwip/udp.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+#include "lwip/def.h"
+#include "lwip/dhcp.h"
+#include "lwip/autoip.h"
+#include "lwip/dns.h"
+#include "netif/etharp.h"
+
+void __assert_func(const char *file, int line, const char *func, const char *expr)
+{
+    printf("Assert failed in %s, %s:%d (%s)", func, file, line, expr);
+    abort();
+}
+
+static void dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
+
+void (*dhcp_test_static_dhcp_recv)(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port) = NULL;
+
+void dhcp_test_init_di()
+{
+    dhcp_test_static_dhcp_recv = dhcp_recv;
+}
+
+void dhcp_test_dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port)
+{
+    dhcp_test_static_dhcp_recv(arg, pcb, p, addr, port);
+}

diff --git a/components/lwip/test_afl_host/dhcpserver_di.h b/components/lwip/test_afl_host/dhcpserver_di.h
index 4e5224eea4c00703dcd1f5f0b312b4078e2abeb8..4b38aa5a483724ff6b7c2212f94ffcba420a6d9d 100644 (file)
--- a/components/lwip/test_afl_host/dhcpserver_di.h
+++ b/components/lwip/test_afl_host/dhcpserver_di.h
@@ -2,6 +2,7 @@
  * dhcpserver dependecy injection -- preincluded to inject interface test functions into static variables
  * 
  */
+#include "no_warn_host.h"
 #include "lwip/pbuf.h"
 #include "lwip/udp.h"
 #include "tcpip_adapter.h"

diff --git a/components/lwip/test_afl_host/in_client/data0.bin b/components/lwip/test_afl_host/in_client/data0.bin
new file mode 100644 (file)
index 0000000..afd14b5
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data0.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data1.bin b/components/lwip/test_afl_host/in_client/data1.bin
new file mode 100644 (file)
index 0000000..4f92add
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data1.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data2.bin b/components/lwip/test_afl_host/in_client/data2.bin
new file mode 100644 (file)
index 0000000..f8891fb
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data2.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data3.bin b/components/lwip/test_afl_host/in_client/data3.bin
new file mode 100644 (file)
index 0000000..d97ab4e
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data3.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data4.bin b/components/lwip/test_afl_host/in_client/data4.bin
new file mode 100644 (file)
index 0000000..e56a683
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data4.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data5.bin b/components/lwip/test_afl_host/in_client/data5.bin
new file mode 100644 (file)
index 0000000..a007ed8
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data5.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data6.bin b/components/lwip/test_afl_host/in_client/data6.bin
new file mode 100644 (file)
index 0000000..6569521
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data6.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data7.bin b/components/lwip/test_afl_host/in_client/data7.bin
new file mode 100644 (file)
index 0000000..6e26d91
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data7.bin differ

diff --git a/components/lwip/test_afl_host/in_client/data8.bin b/components/lwip/test_afl_host/in_client/data8.bin
new file mode 100644 (file)
index 0000000..7f52ba2
Binary files /dev/null and b/components/lwip/test_afl_host/in_client/data8.bin differ

diff --git a/components/lwip/test_afl_host/in/data0.bin b/components/lwip/test_afl_host/in_server/data0.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data0.bin
rename to components/lwip/test_afl_host/in_server/data0.bin

diff --git a/components/lwip/test_afl_host/in/data1.bin b/components/lwip/test_afl_host/in_server/data1.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data1.bin
rename to components/lwip/test_afl_host/in_server/data1.bin

diff --git a/components/lwip/test_afl_host/in/data2.bin b/components/lwip/test_afl_host/in_server/data2.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data2.bin
rename to components/lwip/test_afl_host/in_server/data2.bin

diff --git a/components/lwip/test_afl_host/in/data3.bin b/components/lwip/test_afl_host/in_server/data3.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data3.bin
rename to components/lwip/test_afl_host/in_server/data3.bin

diff --git a/components/lwip/test_afl_host/in/data4.bin b/components/lwip/test_afl_host/in_server/data4.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data4.bin
rename to components/lwip/test_afl_host/in_server/data4.bin

diff --git a/components/lwip/test_afl_host/in/data5.bin b/components/lwip/test_afl_host/in_server/data5.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data5.bin
rename to components/lwip/test_afl_host/in_server/data5.bin

diff --git a/components/lwip/test_afl_host/in/data6.bin b/components/lwip/test_afl_host/in_server/data6.bin
similarity index 100%
rename from components/lwip/test_afl_host/in/data6.bin
rename to components/lwip/test_afl_host/in_server/data6.bin

diff --git a/components/lwip/test_afl_host/network_mock.c b/components/lwip/test_afl_host/network_mock.c
index be624cee14cf581d90ea1e7078fac34743e53c9b..9e9ae4829956b3030c7b80d4149949dc7743094f 100644 (file)
--- a/components/lwip/test_afl_host/network_mock.c
+++ b/components/lwip/test_afl_host/network_mock.c
@@ -1,10 +1,17 @@
-#include <stdio.h>
+#include "no_warn_host.h"
 #include "lwip/opt.h"
 #include "lwip/def.h"
 #include "lwip/pbuf.h"
 #include "lwip/udp.h"
 #include "tcpip_adapter.h"
 #include <string.h>
+#include <stdio.h>
+
+const ip_addr_t ip_addr_any;
+const ip_addr_t ip_addr_broadcast;
+struct ip_globals ip_data;
+struct netif *netif_list;
+
 
 u16_t lwip_htons(u16_t n)
 {
@@ -53,11 +60,15 @@ err_t udp_sendto(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u
 
 void udp_remove(struct udp_pcb *pcb)
 {
+    if (pcb == NULL)
+    {
+        free(pcb);
+    }
 }
 
 struct udp_pcb *udp_new(void)
 {
-    return NULL;
+    return malloc(sizeof(struct udp_pcb));
 }
 
 err_t udp_bind(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port)
@@ -72,3 +83,58 @@ void udp_recv(struct udp_pcb *pcb, udp_recv_fn recv, void *recv_arg)
 void udp_disconnect(struct udp_pcb *pcb)
 {
 }
+
+void dns_setserver(u8_t numdns, const ip_addr_t *dnsserver)
+{
+}
+
+uint32_t esp_random(void)
+{
+    return 0;
+}
+
+err_t etharp_query(struct netif *netif, const ip4_addr_t *ipaddr, struct pbuf *q)
+{
+    return ESP_OK;
+}
+
+u32_t lwip_ntohl(u32_t x)
+{
+    return 0;
+}
+
+void netif_set_addr(struct netif *netif, const ip4_addr_t *ipaddr, const ip4_addr_t *netmask,
+                    const ip4_addr_t *gw)
+{
+}
+
+void pbuf_realloc(struct pbuf *p, u16_t size)
+{
+    if (p != NULL)
+    {
+        uint8_t *buf = malloc(size);
+        free(p->payload);
+        p->payload = buf;
+        p->len = size;
+        p->tot_len = size;
+    }
+}
+
+u16_t pbuf_copy_partial(struct pbuf *p, void *dataptr, u16_t len, u16_t offset)
+{
+    return 0;
+}
+err_t udp_connect(struct udp_pcb *pcb, const ip_addr_t *ipaddr, u16_t port)
+{
+    return ESP_OK;
+}
+
+err_t udp_sendto_if(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif)
+{
+    return ESP_OK;
+}
+
+err_t udp_sendto_if_src(struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *dst_ip, u16_t dst_port, struct netif *netif, const ip_addr_t *src_ip)
+{
+    return ESP_OK;
+}
\ No newline at end of file

diff --git a/components/lwip/test_afl_host/no_warn_host.h b/components/lwip/test_afl_host/no_warn_host.h
new file mode 100644 (file)
index 0000000..37ab01e
--- /dev/null
+++ b/components/lwip/test_afl_host/no_warn_host.h
@@ -0,0 +1,5 @@
+// Note: these undefs and defines are used to suppress warnings and errors when compiling esp32 idf on host gcc/clang
+#undef  __nonnull
+#define __warning__ deprecated
+#define IRAM_ATTR
+#define __ESP_ATTR_H__

diff --git a/components/lwip/test_afl_host/sdkconfig.h b/components/lwip/test_afl_host/sdkconfig.h
new file mode 100644 (file)
index 0000000..6f14a26
--- /dev/null
+++ b/components/lwip/test_afl_host/sdkconfig.h
@@ -0,0 +1,220 @@
+/*
+ *
+ * Automatically generated file; DO NOT EDIT.
+ * Espressif IoT Development Framework Configuration
+ *
+ */
+#define CONFIG_ESP32_PHY_MAX_TX_POWER 20
+#define CONFIG_TRACEMEM_RESERVE_DRAM 0x0
+#define CONFIG_FREERTOS_MAX_TASK_NAME_LEN 16
+#define CONFIG_FATFS_LFN_NONE 1
+#define CONFIG_TCP_RECVMBOX_SIZE 6
+#define CONFIG_FATFS_CODEPAGE_437 1
+#define CONFIG_LWIP_ETHARP_TRUST_IP_MAC 1
+#define CONFIG_TCP_WND_DEFAULT 5744
+#define CONFIG_SPIFFS_USE_MAGIC_LENGTH 1
+#define CONFIG_IPC_TASK_STACK_SIZE 1024
+#define CONFIG_FATFS_PER_FILE_CACHE 1
+#define CONFIG_ESPTOOLPY_FLASHFREQ "40m"
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_RSA 1
+#define CONFIG_UDP_RECVMBOX_SIZE 6
+#define CONFIG_FREERTOS_QUEUE_REGISTRY_SIZE 0
+#define CONFIG_MBEDTLS_AES_C 1
+#define CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED 1
+#define CONFIG_MBEDTLS_GCM_C 1
+#define CONFIG_ESPTOOLPY_FLASHSIZE "2MB"
+#define CONFIG_HEAP_POISONING_DISABLED 1
+#define CONFIG_SPIFFS_CACHE_WR 1
+#define CONFIG_BROWNOUT_DET_LVL_SEL_0 1
+#define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER 1
+#define CONFIG_SPIFFS_CACHE 1
+#define CONFIG_INT_WDT 1
+#define CONFIG_MBEDTLS_SSL_PROTO_TLS1 1
+#define CONFIG_MBEDTLS_ECDSA_C 1
+#define CONFIG_ESPTOOLPY_FLASHFREQ_40M 1
+#define CONFIG_LOG_BOOTLOADER_LEVEL_INFO 1
+#define CONFIG_ESPTOOLPY_FLASHSIZE_2MB 1
+#define CONFIG_BTDM_CONTROLLER_PINNED_TO_CORE 0
+#define CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS 1
+#define CONFIG_MBEDTLS_ECDH_C 1
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_ELLIPTIC_CURVE 1
+#define CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM 10
+#define CONFIG_MBEDTLS_SSL_ALPN 1
+#define CONFIG_MBEDTLS_PEM_WRITE_C 1
+#define CONFIG_LOG_DEFAULT_LEVEL_INFO 1
+#define CONFIG_BT_RESERVE_DRAM 0x0
+#define CONFIG_FATFS_FS_LOCK 0
+#define CONFIG_IP_LOST_TIMER_INTERVAL 120
+#define CONFIG_SPIFFS_META_LENGTH 4
+#define CONFIG_ESP32_PANIC_PRINT_REBOOT 1
+#define CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED 1
+#define CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED 1
+#define CONFIG_CONSOLE_UART_BAUDRATE 115200
+#define CONFIG_LWIP_MAX_SOCKETS 10
+#define CONFIG_LWIP_NETIF_LOOPBACK 1
+#define CONFIG_ESP_WIFI_MODE_AP 1
+#define CONFIG_EMAC_TASK_PRIORITY 20
+#define CONFIG_TIMER_TASK_STACK_DEPTH 2048
+#define CONFIG_TCP_MSS 1436
+#define CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED 1
+#define CONFIG_FATFS_CODEPAGE 437
+#define CONFIG_ESP32_DEFAULT_CPU_FREQ_160 1
+#define CONFIG_ULP_COPROC_RESERVE_MEM 0
+#define CONFIG_LWIP_MAX_UDP_PCBS 16
+#define CONFIG_ESPTOOLPY_BAUD 115200
+#define CONFIG_INT_WDT_CHECK_CPU1 1
+#define CONFIG_ADC_CAL_LUT_ENABLE 1
+#define CONFIG_FLASHMODE_DIO 1
+#define CONFIG_ESPTOOLPY_AFTER_RESET 1
+#define CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED 1
+#define CONFIG_LWIP_DHCPS_MAX_STATION_NUM 8
+#define CONFIG_TOOLPREFIX "xtensa-esp32-elf-"
+#define CONFIG_MBEDTLS_ECP_C 1
+#define CONFIG_FREERTOS_IDLE_TASK_STACKSIZE 1024
+#define CONFIG_MBEDTLS_RC4_DISABLED 1
+#define CONFIG_CONSOLE_UART_NUM 0
+#define CONFIG_ESP32_APPTRACE_LOCK_ENABLE 1
+#define CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_RC 1
+#define CONFIG_ESPTOOLPY_BAUD_115200B 1
+#define CONFIG_TCP_OVERSIZE_MSS 1
+#define CONFIG_FOUR_UNIVERSAL_MAC_ADDRESS 1
+#define CONFIG_CONSOLE_UART_DEFAULT 1
+#define CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN 16384
+#define CONFIG_NUMBER_OF_UNIVERSAL_MAC_ADDRESS 4
+#define CONFIG_ESPTOOLPY_FLASHSIZE_DETECT 1
+#define CONFIG_TIMER_TASK_STACK_SIZE 3584
+#define CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE 1
+#define CONFIG_MBEDTLS_X509_CRL_PARSE_C 1
+#define CONFIG_LWIP_DHCPS_LEASE_UNIT 60
+#define CONFIG_SPIFFS_USE_MAGIC 1
+#define CONFIG_TCPIP_TASK_STACK_SIZE 2048
+#define CONFIG_TASK_WDT 1
+#define CONFIG_MAIN_TASK_STACK_SIZE 3584
+#define CONFIG_SPIFFS_PAGE_CHECK 1
+#define CONFIG_LWIP_MAX_ACTIVE_TCP 16
+#define CONFIG_TASK_WDT_TIMEOUT_S 5
+#define CONFIG_INT_WDT_TIMEOUT_MS 300
+#define CONFIG_ESP32_RTC_XTAL_BOOTSTRAP_CYCLES 100
+#define CONFIG_ESPTOOLPY_FLASHMODE "dio"
+#define CONFIG_NEWLIB_STDIN_LINE_ENDING_CR 1
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA 1
+#define CONFIG_ESPTOOLPY_BEFORE "default_reset"
+#define CONFIG_ADC2_DISABLE_DAC 1
+#define CONFIG_LOG_DEFAULT_LEVEL 3
+#define CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION 1
+#define CONFIG_TIMER_QUEUE_LENGTH 10
+#define CONFIG_MAKE_WARN_UNDEFINED_VARIABLES 1
+#define CONFIG_FATFS_TIMEOUT_MS 10000
+#define CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM 32
+#define CONFIG_MAX_STA_CONN 4
+#define CONFIG_MBEDTLS_CCM_C 1
+#define CONFIG_ESP32_PHY_MAX_WIFI_TX_POWER 20
+#define CONFIG_ESP32_RTC_CLK_CAL_CYCLES 1024
+#define CONFIG_ESP32_WIFI_TX_BA_WIN 6
+#define CONFIG_ESP32_WIFI_NVS_ENABLED 1
+#define CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED 1
+#define CONFIG_LIBSODIUM_USE_MBEDTLS_SHA 1
+#define CONFIG_DMA_RX_BUF_NUM 10
+#define CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED 1
+#define CONFIG_TCP_SYNMAXRTX 6
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 1
+#define CONFIG_ESP_WIFI_SSID "myssid"
+#define CONFIG_PYTHON "python"
+#define CONFIG_MBEDTLS_ECP_NIST_OPTIM 1
+#define CONFIG_ESP32_TIME_SYSCALL_USE_RTC_FRC1 1
+#define CONFIG_ESPTOOLPY_COMPRESSED 1
+#define CONFIG_PARTITION_TABLE_FILENAME "partitions_singleapp.csv"
+#define CONFIG_TCP_SND_BUF_DEFAULT 5744
+#define CONFIG_LWIP_DHCP_MAX_NTP_SERVERS 1
+#define CONFIG_TCP_MSL 60000
+#define CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 1
+#define CONFIG_LWIP_SO_REUSE_RXTOALL 1
+#define CONFIG_PARTITION_TABLE_SINGLE_APP 1
+#define CONFIG_ESP32_WIFI_RX_BA_WIN 6
+#define CONFIG_MBEDTLS_X509_CSR_PARSE_C 1
+#define CONFIG_SPIFFS_USE_MTIME 1
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA 1
+#define CONFIG_LWIP_DHCP_DOES_ARP_CHECK 1
+#define CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE 2304
+#define CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V 1
+#define CONFIG_ESP32_DEEP_SLEEP_WAKEUP_DELAY 2000
+#define CONFIG_BROWNOUT_DET_LVL 0
+#define CONFIG_MBEDTLS_PEM_PARSE_C 1
+#define CONFIG_SPIFFS_GC_MAX_RUNS 10
+#define CONFIG_ESP_WIFI_PASSWORD "mypassword"
+#define CONFIG_ESP32_APPTRACE_DEST_NONE 1
+#define CONFIG_PARTITION_TABLE_CUSTOM_APP_BIN_OFFSET 0x10000
+#define CONFIG_MBEDTLS_SSL_PROTO_TLS1_2 1
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA 1
+#define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER_NUM 32
+#define CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED 1
+#define CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED 1
+#define CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1 1
+#define CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ 160
+#define CONFIG_MBEDTLS_HARDWARE_AES 1
+#define CONFIG_FREERTOS_HZ 100
+#define CONFIG_LOG_COLORS 1
+#define CONFIG_ESP32_PHY_CALIBRATION_AND_DATA_STORAGE 1
+#define CONFIG_STACK_CHECK_NONE 1
+#define CONFIG_ADC_CAL_EFUSE_TP_ENABLE 1
+#define CONFIG_FREERTOS_ASSERT_FAIL_ABORT 1
+#define CONFIG_BROWNOUT_DET 1
+#define CONFIG_ESP32_XTAL_FREQ 40
+#define CONFIG_MONITOR_BAUD_115200B 1
+#define CONFIG_LOG_BOOTLOADER_LEVEL 3
+#define CONFIG_MBEDTLS_TLS_ENABLED 1
+#define CONFIG_LWIP_MAX_RAW_PCBS 16
+#define CONFIG_MBEDTLS_SSL_SESSION_TICKETS 1
+#define CONFIG_SPIFFS_MAX_PARTITIONS 3
+#define CONFIG_ESP_ERR_TO_NAME_LOOKUP 1
+#define CONFIG_MBEDTLS_SSL_RENEGOTIATION 1
+#define CONFIG_ESPTOOLPY_BEFORE_RESET 1
+#define CONFIG_ESPTOOLPY_BAUD_OTHER_VAL 115200
+#define CONFIG_SPIFFS_OBJ_NAME_LEN 32
+#define CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT 5
+#define CONFIG_PARTITION_TABLE_MD5 1
+#define CONFIG_TCPIP_RECVMBOX_SIZE 32
+#define CONFIG_TCP_MAXRTX 12
+#define CONFIG_ESPTOOLPY_AFTER "hard_reset"
+#define CONFIG_LWIP_SO_REUSE 1
+#define CONFIG_ESP32_XTAL_FREQ_40 1
+#define CONFIG_DMA_TX_BUF_NUM 10
+#define CONFIG_LWIP_MAX_LISTENING_TCP 16
+#define CONFIG_FREERTOS_INTERRUPT_BACKTRACE 1
+#define CONFIG_WL_SECTOR_SIZE 4096
+#define CONFIG_ESP32_DEBUG_OCDAWARE 1
+#define CONFIG_TIMER_TASK_PRIORITY 1
+#define CONFIG_MBEDTLS_TLS_CLIENT 1
+#define CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED 1
+#define CONFIG_MONITOR_BAUD 115200
+#define CONFIG_FREERTOS_CORETIMER_0 1
+#define CONFIG_PARTITION_TABLE_CUSTOM_FILENAME "partitions.csv"
+#define CONFIG_MBEDTLS_HAVE_TIME 1
+#define CONFIG_FREERTOS_CHECK_STACKOVERFLOW_CANARY 1
+#define CONFIG_TCP_QUEUE_OOSEQ 1
+#define CONFIG_ADC_CAL_EFUSE_VREF_ENABLE 1
+#define CONFIG_MBEDTLS_TLS_SERVER 1
+#define CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT 1
+#define CONFIG_FREERTOS_ISR_STACKSIZE 1536
+#define CONFIG_OPENSSL_ASSERT_DO_NOTHING 1
+#define CONFIG_WL_SECTOR_SIZE_4096 1
+#define CONFIG_OPTIMIZATION_LEVEL_DEBUG 1
+#define CONFIG_ESP32_WIFI_AMPDU_TX_ENABLED 1
+#define CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED 1
+#define CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED 1
+#define CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA 1
+#define CONFIG_SYSTEM_EVENT_QUEUE_SIZE 32
+#define CONFIG_ESP32_WIFI_TX_BUFFER_TYPE 1
+#define CONFIG_ESP32_WIFI_AMPDU_RX_ENABLED 1
+#define CONFIG_LWIP_LOOPBACK_MAX_PBUFS 8
+#define CONFIG_APP_OFFSET 0x10000
+#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
+#define CONFIG_SPIFFS_PAGE_SIZE 256
+#define CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED 1
+#define CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0 1
+#define CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT 3072
+#define CONFIG_MONITOR_BAUD_OTHER_VAL 115200
+#define CONFIG_NEWLIB_STDOUT_LINE_ENDING_CRLF 1
+#define CONFIG_ESPTOOLPY_PORT "/dev/ttyUSB0"
+#define CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS 1
+#define CONFIG_ESP_WIFI_IS_SOFTAP 1

diff --git a/components/lwip/test_afl_host/test_client.c b/components/lwip/test_afl_host/test_client.c
new file mode 100644 (file)
index 0000000..fee5d01
--- /dev/null
+++ b/components/lwip/test_afl_host/test_client.c
@@ -0,0 +1,84 @@
+#include "no_warn_host.h"
+#include "lwip/opt.h"
+#include "lwip/stats.h"
+#include "lwip/mem.h"
+#include "lwip/udp.h"
+#include "lwip/ip_addr.h"
+#include "lwip/netif.h"
+#include "lwip/def.h"
+#include "lwip/dhcp.h"
+#include "lwip/autoip.h"
+#include "lwip/dns.h"
+#include "netif/etharp.h"
+#include <string.h>
+
+const ip_addr_t ip_addr_any;
+const ip_addr_t ip_addr_broadcast;
+struct ip_globals ip_data;
+struct netif *netif_list;
+struct netif mynetif;
+ip4_addr_t server_ip;
+
+//
+// Dependency injected test functions
+void dhcp_test_dhcp_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
+void dhcp_test_init_di();
+
+//
+// Test starts here
+//
+int main(int argc, char** argv)
+{
+    uint8_t *buf;
+    struct pbuf *p;
+    FILE *file;
+    size_t len = 1460;
+
+    dhcp_test_init_di();
+    
+    mynetif.flags = NETIF_FLAG_UP | NETIF_FLAG_ETHARP;
+    mynetif.mtu = 576;
+
+
+    IP4_ADDR(&server_ip, 192,168,4,1);
+    dhcp_start(&mynetif);
+
+    ip_data.current_input_netif = &mynetif;
+    ip_data.current_netif = &mynetif;
+
+#ifdef INSTR_IS_OFF
+    p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
+    buf = p->payload;
+    memset(buf, 0, 1460);
+    if (argc != 2)
+    {
+        printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n");
+        return 1;
+    }
+    //
+    // Note: parameter1 is a file (mangled packet) which caused the crash
+    file = fopen(argv[1], "r");
+    if (file) {
+    len = fread(buf, 1, 1460, file);
+    }
+    fclose(file);
+    int i;
+    for (i=0; i<1; i++) {
+#else
+    while (__AFL_LOOP(1000)) {
+        p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
+        buf = p->payload;
+        memset(buf, 0, 1460);
+        size_t len = read(0, buf, 1460);
+#endif
+        p->len = len;
+        p->tot_len = len;
+        p->next = NULL;
+
+        dhcp_test_dhcp_recv(NULL, NULL, p, &ip_addr_any, 0);
+    }
+
+
+    
+    return 0;
+}

diff --git a/components/lwip/test_afl_host/test.c b/components/lwip/test_afl_host/test_server.c
similarity index 70%
rename from components/lwip/test_afl_host/test.c
rename to components/lwip/test_afl_host/test_server.c
index 821e56f57fa1c7db2ae0e24905d2b065dd06c809..4ed3792bf182e84ffe22094da8c8319a551e74e2 100644 (file)
--- a/components/lwip/test_afl_host/test.c
+++ b/components/lwip/test_afl_host/test_server.c
@@ -1,8 +1,9 @@
-#include <stdio.h>
+#include "no_warn_host.h"
 #include "lwip/pbuf.h"
 #include "lwip/udp.h"
 #include "tcpip_adapter.h"
 #include <string.h>
+#include <stdio.h>
 
 const ip_addr_t ip_addr_any;
 ip4_addr_t server_ip;
@@ -12,8 +13,10 @@ struct netif mynetif;
 void dhcp_test_handle_dhcp(void *arg, struct udp_pcb *pcb, struct pbuf *p, const ip_addr_t *addr, u16_t port);
 void dhcp_test_init_di();
 
-// Starting the test
-int main()
+//
+// Test starts here
+//
+int main(int argc, char** argv)
 {
     uint8_t *buf;
     struct pbuf *p;
@@ -22,24 +25,32 @@ int main()
 
     dhcp_test_init_di();
 
-    p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
-    buf = p->payload;
-
     IP4_ADDR(&server_ip, 192,168,4,1);
     dhcps_start(&mynetif, server_ip);
 
-#ifdef SIM
+#ifdef INSTR_IS_OFF
+    p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
+    buf = p->payload;
     memset(buf, 0, 1460);
-
-    file = fopen("in/data1.bin", "r");
+    if (argc != 2)
+    {
+        printf("Non-instrumentation mode: please supply a file name created by AFL to reproduce crash\n");
+        return 1;
+    }
+    //
+    // Note: parameter1 is a file (mangled packet) which caused the crash
+    file = fopen(argv[1], "r");
     if (file) {
     len = fread(buf, 1, 1460, file);
     }
     fclose(file);
+
     int i;
     for (i=0; i<1; i++) {
 #else
     while (__AFL_LOOP(1000)) {
+        p = pbuf_alloc(PBUF_RAW, len, PBUF_POOL);
+        buf = p->payload;
         memset(buf, 0, 1460);
         size_t len = read(0, buf, 1460);
 #endif