lwIP might support different hardware address lengths (when using
Ethernet and 6LoWPAN for instance). Match provided lladdr length
from Router Advertisement to the current network interface instead
of comparing against longest that can be stored.
ping in raw mode does some set up and sets timeout, but clean
up procedure is missing. That is needed for case if PING_RESULT() macro
is used for application exit.
Also implement stop functionality when using sockets.
Running ping is stopped when calling ping_init() again.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
By default, npcap keeps its DLLs not in system32 but in system32/npcap.
To load DLLs from there, mark them as "delay load DLLs" and adjust the
DLL search path before using/loading them.
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
Although ntohs and htons perform equivalent operations (a byte swap on
little-endian platforms), their semantic roles (as implied by the names)
are different.
In fuzz_common.c, we get integers from simulated network packages, and
convert them for host CPU use, so ntohs is the right variant to use.
Unfortunately, CC ?= afl-gcc doesn't work. This is because CC has a
default value (of "cc"), and the ?= operator only assigns a value if the
variable previously had none. "make" currently compiles with cc.
In this patch, I implemented the more elaborate way to achieve what was
probably intended: "make" will use afl-gcc now, and "make CC=foo" will
compile with "foo".
If the hostname is not set in the DISCOVER packet, then some servers might
issue an OFFER with hostname configured and consequently reject the REQUEST
with any other hostname.
Signed-off-by: Logan Gunthorpe <logang@deltatee.com>
Co-Authored-By: Simon Goldschmidt <goldsimon@gmx.de>
Enables to configure:
* DHCP_COARSE_TIMER_SECS
* if DHCP_DEFINE_CUSTOM_TIMEOUTS defined these addtional options are
available:
- DHCP_CALC_TIMEOUT_FROM_OFFERED_T0_LEASE to adjust the t0 lease timeout from the offered value
- DHCP_CALC_TIMEOUT_FROM_OFFERED_T1_RENEW same for t1 renew
- DHCP_CALC_TIMEOUT_FROM_OFFERED_T2_REBIND same for t2 rebind
- DHCP_NEXT_TIMEOUT_THRESHOLD to adjust the period of the next timeout
- DHCP_REQUEST_BACKOFF_SEQUENCE to adjust back-off times based on DHCP
request attempts
Also updates timeout type from u16 to u32 - eps useful when DHCP_COARSE_TIMER_SECS is a smaller number
Reproducer (in bash):
base64 -d <<< "H4sIAP/9L2QCA+3WoQ2AMBSE4QoCTFHBBJfgSRF4RDfpRmgmYBpGQRBCk4ZiSfk/+fJMK+5dZRVpzSQzSs6oPierDV4y87WxLQLwE42SfNCdDyHJB9/xZwAARPbMJbUq4JJmu4JVT1cAAACfbGIqoqcMzy90eu+aBw2+N28WFgAA" | gunzip | test/fuzz/lwip_fuzz2
Crash log:
../../src/core/altcp_tcp.c:178:13: runtime error: member access within null pointer of type 'struct tcp_pcb'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../src/core/altcp_tcp.c:178:13 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==192415==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000048 (pc 0x557065081703 bp 0x0aae0cb71204 sp 0x7ffd034dabc0 T0)
==192415==The signal is caused by a READ memory access.
==192415==Hint: address points to the zero page.
#0 0x557065081703 in altcp_tcp_setup_callbacks /.../lwip/test/fuzz/../../src/core/altcp_tcp.c:178:19
#1 0x55706508206f in altcp_tcp_setup /.../lwip/test/fuzz/../../src/core/altcp_tcp.c:189:3
#2 0x55706508206f in altcp_tcp_accept /.../lwip/test/fuzz/../../src/core/altcp_tcp.c:84:5
#3 0x557065095592 in tcp_input /.../lwip/test/fuzz/../../src/core/tcp_in.c:380:9
#4 0x5570650e752f in ip4_input /.../lwip/test/fuzz/../../src/core/ipv4/ip4.c:743:9
#5 0x55706513d4de in ethernet_input /.../lwip/test/fuzz/../../src/netif/ethernet.c:186:9
#6 0x557064fe0959 in input_pkt /.../lwip/test/fuzz/fuzz_common.c:209:9
#7 0x557064fdeb6a in input_pkts /.../lwip/test/fuzz/fuzz_common.c:257:9
#8 0x557064fdeb6a in lwip_fuzztest /.../lwip/test/fuzz/fuzz_common.c:669:3
#9 0x7ff4f578e189 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#10 0x7ff4f578e244 in __libc_start_main csu/../csu/libc-start.c:381:3
#11 0x557064f20420 in _start (/.../lwip/test/fuzz/lwip_fuzz2+0x81420) (BuildId: 8680a96430d5749c90111fe9c3a3d4f881a5dbcd)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /.../lwip/test/fuzz/../../src/core/altcp_tcp.c:178:19 in altcp_tcp_setup_callbacks
==192415==ABORTING
Aborted
A fuzzer may generate big packets, and it will interpret assertion
failures as bugs. Instead of asserting that the packet size is
reasonable, simply skip the packet when it's not the case.
