summaryrefslogtreecommitdiff
path: root/dissector_fuzz.sh
blob: 40b61708f92320f36276d99d268ecf3d75462a62 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

#!/usr/bin/env bash
# -*- coding: utf-8 -*-
#
# dissector_fuzz.sh -- fuzz test netsniff-ng's dissector and pcap io methods
#		       with shitty pcap example files from the Wireshark archive
#
# Copyright (C) 2012 Daniel Borkmann <borkmann@redhat.com>
# Copyright (C) 2012 Stefan Seering <sseerin@imn.htwk-leipzig.de>
#
# Note: build and *install* the toolkit first before running this script!
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.

set -u

if [ ${BASH_VERSINFO} -lt 3 ] ; then
	echo 'Error: Your bash need to be version 3 or newer. Exiting.'
	exit 1 # operators like =~ produce errors silently in old bash versions, so exit here
fi

archive='ftp://wireshark.org/automated/captures/'
show_output='' # empty string evaluates to false
run_through='' # empty string evaluates to false
count_cores=0
count_files=0
netsniff_ng_opts=''

if [ $# -gt 0 ] ; then
	if [ "$1" = '-h' -o "$1" = '--help' -o "$1" = '--usage' ] ; then
		echo 'Usage: dissector_fuzz [-s (show netsniff-ng output, default: no)] [-r (keep running on errors, default: no)] [netsniff-ng long-args]'
		exit 0
	fi

	for opt in $@ ; do
		if [ "${opt}" = '-s' ] ; then
			show_output='true'
		elif [ "${opt}" = '-r' ] ; then
			run_through='true'
		else
			netsniff_ng_opts="${netsniff_ng_opts} ${opt}";
		fi
	done
fi

mkdir -p fuzzing
cd fuzzing
wget -r -Nc -np -nd -A.pcap "$archive"  |& grep -E "%|^--"
ulimit -c unlimited
rm -f core
for file in *.pcap
do
	echo "Testing file $file ..."
	if [ $show_output ]; then
		netsniff-ng --in "$file" "${netsniff_ng_opts}"
	else
		netsniff-ng --in "$file" "${netsniff_ng_opts}" > /dev/null
	fi
	if [ -e core ]; then
		echo "Fuck, core dumped on $file!"
		let count_cores=count_cores+1
		if [ $run_through ]; then
			rm core
		else
			exit
		fi
	fi
done

if which cowsay > /dev/null ; then
	echo_cmd='cowsay'
else
	echo_cmd='echo'
fi

${echo_cmd} 'Your fuckup Score'
echo " * tested pcaps: $count_files"
echo " * core dumps:   $count_cores"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-04 18:43:08 +0000
a0bf465911297dc76394f686'>ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()Dan Carpenter1-1/+1 Casting is a high precedence operation but "off" and "i" are in terms of bytes so we need to have some parenthesis here. Fixes: fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-01net/sched: matchall: Fix configuration raceYotam Gigi1-82/+45 In the current version, the matchall internal state is split into two structs: cls_matchall_head and cls_matchall_filter. This makes little sense, as matchall instance supports only one filter, and there is no situation where one exists and the other does not. In addition, that led to some races when filter was deleted while packet was processed. Unify that two structs into one, thus simplifying the process of matchall creation and deletion. As a result, the new, delete and get callbacks have a dummy implementation where all the work is done in destroy and change callbacks, as was done in cls_cgroup. Fixes: bf3994d2ed31 ("net/sched: introduce Match-all classifier") Reported-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Yotam Gigi <yotamg@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>