1*6f9cba8fSJoseph Mingrone #include <stdio.h>
2*6f9cba8fSJoseph Mingrone #include <stdlib.h>
3*6f9cba8fSJoseph Mingrone #include <fcntl.h>
4*6f9cba8fSJoseph Mingrone #include <errno.h>
5*6f9cba8fSJoseph Mingrone
6*6f9cba8fSJoseph Mingrone #include <pcap/pcap.h>
7*6f9cba8fSJoseph Mingrone
8*6f9cba8fSJoseph Mingrone FILE * outfile = NULL;
9*6f9cba8fSJoseph Mingrone
bufferToFile(const char * name,const uint8_t * Data,size_t Size)10*6f9cba8fSJoseph Mingrone static int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
11*6f9cba8fSJoseph Mingrone FILE * fd;
12*6f9cba8fSJoseph Mingrone if (remove(name) != 0) {
13*6f9cba8fSJoseph Mingrone if (errno != ENOENT) {
14*6f9cba8fSJoseph Mingrone printf("failed remove, errno=%d\n", errno);
15*6f9cba8fSJoseph Mingrone return -1;
16*6f9cba8fSJoseph Mingrone }
17*6f9cba8fSJoseph Mingrone }
18*6f9cba8fSJoseph Mingrone fd = fopen(name, "wb");
19*6f9cba8fSJoseph Mingrone if (fd == NULL) {
20*6f9cba8fSJoseph Mingrone printf("failed open, errno=%d\n", errno);
21*6f9cba8fSJoseph Mingrone return -2;
22*6f9cba8fSJoseph Mingrone }
23*6f9cba8fSJoseph Mingrone if (fwrite (Data, 1, Size, fd) != Size) {
24*6f9cba8fSJoseph Mingrone fclose(fd);
25*6f9cba8fSJoseph Mingrone return -3;
26*6f9cba8fSJoseph Mingrone }
27*6f9cba8fSJoseph Mingrone fclose(fd);
28*6f9cba8fSJoseph Mingrone return 0;
29*6f9cba8fSJoseph Mingrone }
30*6f9cba8fSJoseph Mingrone
fuzz_openFile(const char * name)31*6f9cba8fSJoseph Mingrone void fuzz_openFile(const char * name) {
32*6f9cba8fSJoseph Mingrone if (outfile != NULL) {
33*6f9cba8fSJoseph Mingrone fclose(outfile);
34*6f9cba8fSJoseph Mingrone }
35*6f9cba8fSJoseph Mingrone outfile = fopen(name, "w");
36*6f9cba8fSJoseph Mingrone }
37*6f9cba8fSJoseph Mingrone
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)38*6f9cba8fSJoseph Mingrone int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
39*6f9cba8fSJoseph Mingrone pcap_t * pkts;
40*6f9cba8fSJoseph Mingrone char errbuf[PCAP_ERRBUF_SIZE];
41*6f9cba8fSJoseph Mingrone const u_char *pkt;
42*6f9cba8fSJoseph Mingrone struct pcap_pkthdr *header;
43*6f9cba8fSJoseph Mingrone struct pcap_stat stats;
44*6f9cba8fSJoseph Mingrone int r;
45*6f9cba8fSJoseph Mingrone
46*6f9cba8fSJoseph Mingrone //initialize output file
47*6f9cba8fSJoseph Mingrone if (outfile == NULL) {
48*6f9cba8fSJoseph Mingrone outfile = fopen("/dev/null", "w");
49*6f9cba8fSJoseph Mingrone if (outfile == NULL) {
50*6f9cba8fSJoseph Mingrone return 0;
51*6f9cba8fSJoseph Mingrone }
52*6f9cba8fSJoseph Mingrone }
53*6f9cba8fSJoseph Mingrone
54*6f9cba8fSJoseph Mingrone //rewrite buffer to a file as libpcap does not have buffer inputs
55*6f9cba8fSJoseph Mingrone if (bufferToFile("/tmp/fuzz.pcap", Data, Size) < 0) {
56*6f9cba8fSJoseph Mingrone return 0;
57*6f9cba8fSJoseph Mingrone }
58*6f9cba8fSJoseph Mingrone
59*6f9cba8fSJoseph Mingrone //initialize structure
60*6f9cba8fSJoseph Mingrone pkts = pcap_open_offline("/tmp/fuzz.pcap", errbuf);
61*6f9cba8fSJoseph Mingrone if (pkts == NULL) {
62*6f9cba8fSJoseph Mingrone fprintf(outfile, "Couldn't open pcap file %s\n", errbuf);
63*6f9cba8fSJoseph Mingrone return 0;
64*6f9cba8fSJoseph Mingrone }
65*6f9cba8fSJoseph Mingrone
66*6f9cba8fSJoseph Mingrone //loop over packets
67*6f9cba8fSJoseph Mingrone r = pcap_next_ex(pkts, &header, &pkt);
68*6f9cba8fSJoseph Mingrone while (r > 0) {
69*6f9cba8fSJoseph Mingrone //TODO pcap_offline_filter
70*6f9cba8fSJoseph Mingrone fprintf(outfile, "packet length=%d/%d\n",header->caplen, header->len);
71*6f9cba8fSJoseph Mingrone r = pcap_next_ex(pkts, &header, &pkt);
72*6f9cba8fSJoseph Mingrone }
73*6f9cba8fSJoseph Mingrone if (pcap_stats(pkts, &stats) == 0) {
74*6f9cba8fSJoseph Mingrone fprintf(outfile, "number of packets=%d\n", stats.ps_recv);
75*6f9cba8fSJoseph Mingrone }
76*6f9cba8fSJoseph Mingrone //close structure
77*6f9cba8fSJoseph Mingrone pcap_close(pkts);
78*6f9cba8fSJoseph Mingrone
79*6f9cba8fSJoseph Mingrone return 0;
80*6f9cba8fSJoseph Mingrone }
81