forked from osmocom/wireshark
Tools: Fuzz subsets of large files.
If our capture file has more than a designated maximum number of packets, fuzz a random subset.
This commit is contained in:
parent
749a8d0912
commit
dc521850e5
|
@ -66,7 +66,7 @@ while getopts "2b:C:d:e:agp:P:o:t:" OPTCHAR ; do
|
|||
P) MIN_PLUGINS=$OPTARG ;;
|
||||
o) CHANGE_OFFSET=$OPTARG ;;
|
||||
t) RUN_MAX_SECONDS=$(( RUN_START_SECONDS + OPTARG )) ;;
|
||||
*) printf "Unknown option %s" "$OPTCHAR"
|
||||
*) printf "Unknown option %s\n" "$OPTCHAR"
|
||||
esac
|
||||
done
|
||||
shift $((OPTIND - 1))
|
||||
|
@ -144,7 +144,7 @@ if [ "$MAX_PASSES" -gt 0 ]; then
|
|||
HOWMANY="$MAX_PASSES passes"
|
||||
fi
|
||||
echo -n "Running $RUNNER $COMMON_ARGS with args: "
|
||||
printf "\"%s\" " "${RUNNER_ARGS[@]}"
|
||||
printf "\"%s\"\n" "${RUNNER_ARGS[@]}"
|
||||
echo "($HOWMANY)"
|
||||
echo ""
|
||||
|
||||
|
@ -183,7 +183,6 @@ while { [ $PASS -lt "$MAX_PASSES" ] || [ "$MAX_PASSES" -lt 1 ]; } && ! $DONE ; d
|
|||
if [ "$OSTYPE" == "cygwin" ] ; then
|
||||
CF=$( cygpath --windows "$CF" )
|
||||
fi
|
||||
printf " %s: " "$( basename "$CF" )"
|
||||
|
||||
"$CAPINFOS" "$CF" > /dev/null 2> "$TMP_DIR/$ERR_FILE"
|
||||
RETVAL=$?
|
||||
|
@ -196,13 +195,25 @@ while { [ $PASS -lt "$MAX_PASSES" ] || [ "$MAX_PASSES" -lt 1 ]; } && ! $DONE ; d
|
|||
ws_exit_error
|
||||
fi
|
||||
|
||||
# Choose a random subset of large captures.
|
||||
CF_PACKETS=$( "$CAPINFOS" -T -r -c "$CF" | cut -f2 )
|
||||
if [[ CF_PACKETS -gt $MAX_FUZZ_PACKETS ]] ; then
|
||||
START_PACKET=$(( CF_PACKETS - MAX_FUZZ_PACKETS ))
|
||||
START_PACKET=$( shuf --input-range=1-$START_PACKET --head-count=1 )
|
||||
END_PACKET=$(( START_PACKET + MAX_FUZZ_PACKETS ))
|
||||
KEEP=-r
|
||||
PACKET_RANGE="$START_PACKET-$END_PACKET"
|
||||
printf " Fuzzing packets %d-%d of %d\n" "$START_PACKET" "$END_PACKET" "$CF_PACKETS"
|
||||
fi
|
||||
|
||||
DISSECTOR_BUG=0
|
||||
VG_ERR_CNT=0
|
||||
|
||||
"$EDITCAP" -E "$ERR_PROB" -o "$CHANGE_OFFSET" $KEEP "$CF" "$TMP_DIR/$TMP_FILE" $PACKET_RANGE > /dev/null 2>&1
|
||||
printf " %s: " "$( basename "$CF" )"
|
||||
"$EDITCAP" -E "$ERR_PROB" -o "$CHANGE_OFFSET" $KEEP "$CF" "$TMP_DIR/$TMP_FILE" "$PACKET_RANGE" > /dev/null 2>&1
|
||||
RETVAL=$?
|
||||
if [ $RETVAL -ne 0 ] ; then
|
||||
"$EDITCAP" -E "$ERR_PROB" -o "$CHANGE_OFFSET" $KEEP -T ether "$CF" "$TMP_DIR/$TMP_FILE" $PACKET_RANGE \
|
||||
"$EDITCAP" -E "$ERR_PROB" -o "$CHANGE_OFFSET" $KEEP -T ether "$CF" "$TMP_DIR/$TMP_FILE" "$PACKET_RANGE" \
|
||||
> /dev/null 2>&1
|
||||
RETVAL=$?
|
||||
if [ $RETVAL -ne 0 ] ; then
|
||||
|
|
|
@ -50,6 +50,8 @@ MAX_VMEM=1000000
|
|||
MAX_STACK=2033
|
||||
# Insert z times an error into the capture file (0.02 seems to be a good value to find errors)
|
||||
ERR_PROB=0.02
|
||||
# Maximum number of packets to fuzz
|
||||
MAX_FUZZ_PACKETS=50000
|
||||
|
||||
# Call *after* any changes to WIRESHARK_BIN_DIR (e.g., via command-line options)
|
||||
function ws_bind_exec_paths() {
|
||||
|
|
Loading…
Reference in New Issue