From 5afa9bb664e9577520c00e00d50454e8b9b1043f Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 20 Feb 2020 13:02:13 +0100 Subject: [PATCH 1/8] Only join threads which are actually started. This should fix https://github.com/sctplab/usrsctp/issues/435. --- usrsctplib/netinet/sctp_bsd_addr.c | 2 ++ usrsctplib/netinet/sctp_callout.c | 2 ++ usrsctplib/netinet/sctp_pcb.c | 6 ++++++ usrsctplib/netinet/sctp_pcb.h | 2 ++ usrsctplib/netinet/sctp_usrreq.c | 13 +++++++++---- 5 files changed, 21 insertions(+), 4 deletions(-) diff --git a/usrsctplib/netinet/sctp_bsd_addr.c b/usrsctplib/netinet/sctp_bsd_addr.c index 8547f447c..dc159b5c1 100755 --- a/usrsctplib/netinet/sctp_bsd_addr.c +++ b/usrsctplib/netinet/sctp_bsd_addr.c @@ -203,6 +203,8 @@ sctp_startup_iterator(void) #elif defined(__Userspace__) if (sctp_userspace_thread_create(&sctp_it_ctl.thread_proc, &sctp_iterator_thread)) { SCTP_PRINTF("ERROR: Creating sctp_iterator_thread failed.\n"); + } else { + SCTP_BASE_VAR(iterator_thread_started) = 1; } #endif } diff --git a/usrsctplib/netinet/sctp_callout.c b/usrsctplib/netinet/sctp_callout.c index ed1a4d6d4..681cad285 100755 --- a/usrsctplib/netinet/sctp_callout.c +++ b/usrsctplib/netinet/sctp_callout.c @@ -227,6 +227,8 @@ sctp_start_timer(void) rc = sctp_userspace_thread_create(&SCTP_BASE_VAR(timer_thread), user_sctp_timer_iterate); if (rc) { SCTP_PRINTF("ERROR; return code from sctp_thread_create() is %d\n", rc); + } else { + SCTP_BASE_VAR(timer_thread_started) = 1; } } diff --git a/usrsctplib/netinet/sctp_pcb.c b/usrsctplib/netinet/sctp_pcb.c index 3cc565d08..f67e2643e 100755 --- a/usrsctplib/netinet/sctp_pcb.c +++ b/usrsctplib/netinet/sctp_pcb.c @@ -6782,7 +6782,13 @@ sctp_pcb_init(void) (void)pthread_cond_init(&sctp_it_ctl.iterator_wakeup, NULL); #endif #endif +#if defined(__Userspace__) + if (start_threads) { + sctp_startup_iterator(); + } +#else sctp_startup_iterator(); +#endif #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) sctp_startup_mcore_threads(); diff --git a/usrsctplib/netinet/sctp_pcb.h b/usrsctplib/netinet/sctp_pcb.h index 551bbfb8e..4beffca2a 100755 --- a/usrsctplib/netinet/sctp_pcb.h +++ b/usrsctplib/netinet/sctp_pcb.h @@ -315,6 +315,8 @@ struct sctp_base_info { userland_mutex_t timer_mtx; userland_thread_t timer_thread; int timer_thread_should_exit; + int iterator_thread_started; + int timer_thread_started; #if !defined(__Userspace_os_Windows) pthread_mutexattr_t mtx_attr; #if defined(INET) || defined(INET6) diff --git a/usrsctplib/netinet/sctp_usrreq.c b/usrsctplib/netinet/sctp_usrreq.c index 6a19f62aa..6c39755ca 100755 --- a/usrsctplib/netinet/sctp_usrreq.c +++ b/usrsctplib/netinet/sctp_usrreq.c @@ -161,11 +161,14 @@ sctp_init(void) SCTP_BASE_VAR(conn_output) = conn_output; SCTP_BASE_VAR(debug_printf) = debug_printf; SCTP_BASE_VAR(crc32c_offloaded) = 0; + SCTP_BASE_VAR(iterator_thread_started) = 0; + SCTP_BASE_VAR(timer_thread_started) = 0; #endif #if defined(__Userspace__) sctp_pcb_init(start_threads); - if (start_threads) + if (start_threads) { sctp_start_timer(); + } #else sctp_pcb_init(); #endif @@ -252,12 +255,14 @@ sctp_finish(void) } #endif atomic_cmpset_int(&SCTP_BASE_VAR(timer_thread_should_exit), 0, 1); + if (SCTP_BASE_VAR(timer_thread_started)) { #if defined(__Userspace_os_Windows) - WaitForSingleObject(SCTP_BASE_VAR(timer_thread), INFINITE); - CloseHandle(SCTP_BASE_VAR(timer_thread)); + WaitForSingleObject(SCTP_BASE_VAR(timer_thread), INFINITE); + CloseHandle(SCTP_BASE_VAR(timer_thread)); #else - pthread_join(SCTP_BASE_VAR(timer_thread), NULL); + pthread_join(SCTP_BASE_VAR(timer_thread), NULL); #endif + } #endif sctp_pcb_finish(); #if defined(__Windows__) From fffd324ed7c9fecd85f65d25df2f75db126951dd Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 20 Feb 2020 15:16:57 +0100 Subject: [PATCH 2/8] Missed by the last commit. --- usrsctplib/netinet/sctp_pcb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usrsctplib/netinet/sctp_pcb.c b/usrsctplib/netinet/sctp_pcb.c index f67e2643e..c40db406a 100755 --- a/usrsctplib/netinet/sctp_pcb.c +++ b/usrsctplib/netinet/sctp_pcb.c @@ -6877,7 +6877,7 @@ sctp_pcb_finish(void) } #endif #if defined(__Userspace__) - if (sctp_it_ctl.thread_proc) { + if (SCTP_BASE_VAR(iterator_thread_started)) { #if defined(__Userspace_os_Windows) WaitForSingleObject(sctp_it_ctl.thread_proc, INFINITE); CloseHandle(sctp_it_ctl.thread_proc); From 054c8db7234d7f758bc10663ff511627b24609f8 Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 20 Feb 2020 15:54:37 +0100 Subject: [PATCH 3/8] Fix the non-default stream schedulers such that they don't interleave user messages when it is not allowed. Thanks to Christian Wright for reporting the issue and provding a patch for the priority scheduler. --- usrsctplib/netinet/sctp_ss_functions.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/usrsctplib/netinet/sctp_ss_functions.c b/usrsctplib/netinet/sctp_ss_functions.c index 59ef9cdfa..553354523 100755 --- a/usrsctplib/netinet/sctp_ss_functions.c +++ b/usrsctplib/netinet/sctp_ss_functions.c @@ -30,7 +30,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet/sctp_ss_functions.c 345505 2019-03-25 16:40:54Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_ss_functions.c 358028 2020-02-17 18:05:03Z tuexen $"); #endif #include @@ -521,6 +521,9 @@ sctp_ss_prio_select(struct sctp_tcb *stcb SCTP_UNUSED, struct sctp_nets *net, { struct sctp_stream_out *strq, *strqt, *strqn; + if (asoc->ss_data.locked_on_sending) { + return (asoc->ss_data.locked_on_sending); + } strqt = asoc->ss_data.last_out_stream; prio_again: /* Find the next stream to use */ @@ -697,6 +700,9 @@ sctp_ss_fb_select(struct sctp_tcb *stcb SCTP_UNUSED, struct sctp_nets *net, { struct sctp_stream_out *strq = NULL, *strqt; + if (asoc->ss_data.locked_on_sending) { + return (asoc->ss_data.locked_on_sending); + } if (asoc->ss_data.last_out_stream == NULL || TAILQ_FIRST(&asoc->ss_data.out.wheel) == TAILQ_LAST(&asoc->ss_data.out.wheel, sctpwheel_listhead)) { strqt = TAILQ_FIRST(&asoc->ss_data.out.wheel); @@ -905,6 +911,9 @@ sctp_ss_fcfs_select(struct sctp_tcb *stcb SCTP_UNUSED, struct sctp_nets *net, struct sctp_stream_out *strq; struct sctp_stream_queue_pending *sp; + if (asoc->ss_data.locked_on_sending) { + return (asoc->ss_data.locked_on_sending); + } sp = TAILQ_FIRST(&asoc->ss_data.out.list); default_again: if (sp != NULL) { From 71dad431290b5fa3778d134b66da769b24bffebf Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 20 Feb 2020 16:01:48 +0100 Subject: [PATCH 4/8] Epochify SCTP in the FreeBSD kernel. --- usrsctplib/netinet/sctp_bsd_addr.c | 20 +------ usrsctplib/netinet/sctp_output.c | 35 +++++++++++- usrsctplib/netinet/sctp_usrreq.c | 88 ++++++++++++++++++++++++++---- usrsctplib/netinet/sctputil.c | 37 +++++++++++-- usrsctplib/netinet6/sctp6_usrreq.c | 27 ++++++++- 5 files changed, 169 insertions(+), 38 deletions(-) diff --git a/usrsctplib/netinet/sctp_bsd_addr.c b/usrsctplib/netinet/sctp_bsd_addr.c index dc159b5c1..4559cc72b 100755 --- a/usrsctplib/netinet/sctp_bsd_addr.c +++ b/usrsctplib/netinet/sctp_bsd_addr.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet/sctp_bsd_addr.c 353480 2019-10-13 18:17:08Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_bsd_addr.c 358080 2020-02-18 19:41:55Z tuexen $"); #endif #include @@ -747,24 +747,6 @@ void sctp_addr_change_event_handler(void *arg __unused, struct ifaddr *ifa, int cmd) { sctp_addr_change(ifa, cmd); } - -void -sctp_add_or_del_interfaces(int (*pred)(struct ifnet *), int add) -{ - struct ifnet *ifn; - struct ifaddr *ifa; - - IFNET_RLOCK(); - CK_STAILQ_FOREACH(ifn, &MODULE_GLOBAL(ifnet), if_link) { - if (!(*pred)(ifn)) { - continue; - } - CK_STAILQ_FOREACH(ifa, &ifn->if_addrhead, ifa_link) { - sctp_addr_change(ifa, add ? RTM_ADD : RTM_DELETE); - } - } - IFNET_RUNLOCK(); -} #endif #if defined(__APPLE__) void diff --git a/usrsctplib/netinet/sctp_output.c b/usrsctplib/netinet/sctp_output.c index 47c901d59..ecdcf9332 100755 --- a/usrsctplib/netinet/sctp_output.c +++ b/usrsctplib/netinet/sctp_output.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 357705 2020-02-09 22:05:41Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_output.c 358083 2020-02-18 21:25:17Z tuexen $"); #endif #include @@ -13531,6 +13531,9 @@ sctp_lower_sosend(struct socket *so, #endif ) { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif ssize_t sndlen = 0, max_len, local_add_more; int error, len; struct mbuf *top = NULL; @@ -14120,7 +14123,13 @@ sctp_lower_sosend(struct socket *so, atomic_add_int(&stcb->asoc.refcnt, -1); free_cnt_applied = 0; /* release this lock, otherwise we hang on ourselves */ +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_abort_an_association(stcb->sctp_ep, stcb, mm, SCTP_SO_LOCKED); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif /* now relock the stcb so everything is sane */ hold_tcblock = 0; stcb = NULL; @@ -14466,7 +14475,13 @@ sctp_lower_sosend(struct socket *so, /* a collision took us forward? */ queue_only = 0; } else { +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); queue_only = 1; } @@ -14524,6 +14539,9 @@ sctp_lower_sosend(struct socket *so, * the input via the net is happening * and I don't need to start output :-D */ +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif if (hold_tcblock == 0) { if (SCTP_TCB_TRYLOCK(stcb)) { hold_tcblock = 1; @@ -14536,6 +14554,9 @@ sctp_lower_sosend(struct socket *so, stcb, SCTP_OUTPUT_FROM_USR_SEND, SCTP_SO_LOCKED); } +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif } if (hold_tcblock == 1) { SCTP_TCB_UNLOCK(stcb); @@ -14735,8 +14756,14 @@ sctp_lower_sosend(struct socket *so, "%s:%d at %s", __FILE__, __LINE__, __func__); op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), msg); +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_LOCKED); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif /* now relock the stcb so everything is sane */ hold_tcblock = 0; stcb = NULL; @@ -14807,6 +14834,9 @@ sctp_lower_sosend(struct socket *so, stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, stcb->asoc.total_flight_count); } +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif if ((queue_only == 0) && (nagle_applies == 0) && (stcb->asoc.peers_rwnd && un_sent)) { /* we can attempt to send too. */ if (hold_tcblock == 0) { @@ -14839,6 +14869,9 @@ sctp_lower_sosend(struct socket *so, (void)sctp_med_chunk_output(inp, stcb, &stcb->asoc, &num_out, &reason, 1, 1, &now, &now_filled, frag_point, SCTP_SO_LOCKED); } +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif SCTPDBG(SCTP_DEBUG_OUTPUT1, "USR Send complete qo:%d prw:%d unsent:%d tf:%d cooq:%d toqs:%d err:%d\n", queue_only, stcb->asoc.peers_rwnd, un_sent, stcb->asoc.total_flight, stcb->asoc.chunks_on_out_queue, diff --git a/usrsctplib/netinet/sctp_usrreq.c b/usrsctplib/netinet/sctp_usrreq.c index 6c39755ca..21f9eea1c 100755 --- a/usrsctplib/netinet/sctp_usrreq.c +++ b/usrsctplib/netinet/sctp_usrreq.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 356270 2020-01-02 13:55:10Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 358083 2020-02-18 21:25:17Z tuexen $"); #endif #include @@ -683,19 +683,22 @@ SYSCTL_PROC(_net_inet_sctp, OID_AUTO, getcred, CTLTYPE_OPAQUE | CTLFLAG_RW, #ifdef INET #if defined(__Panda__) || defined(__Windows__) || defined(__Userspace__) int -#elif defined(__FreeBSD__) && __FreeBSD_version > 690000 +#elif defined(__FreeBSD__) static void #else static int #endif sctp_abort(struct socket *so) { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif struct sctp_inpcb *inp; uint32_t flags; inp = (struct sctp_inpcb *)so->so_pcb; if (inp == NULL) { -#if defined(__FreeBSD__) && __FreeBSD_version > 690000 +#if defined(__FreeBSD__) return; #else SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); @@ -703,6 +706,9 @@ sctp_abort(struct socket *so) #endif } +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_must_try_again: flags = inp->sctp_flags; #ifdef SCTP_LOG_CLOSING @@ -735,7 +741,8 @@ sctp_abort(struct socket *so) goto sctp_must_try_again; } } -#if defined(__FreeBSD__) && __FreeBSD_version > 690000 +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); return; #else return (0); @@ -896,6 +903,9 @@ sctpconn_bind(struct socket *so, struct sockaddr *addr) void sctp_close(struct socket *so) { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif struct sctp_inpcb *inp; uint32_t flags; @@ -906,6 +916,9 @@ sctp_close(struct socket *so) /* Inform all the lower layer assoc that we * are done. */ +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_must_try_again: flags = inp->sctp_flags; #ifdef SCTP_LOG_CLOSING @@ -953,6 +966,9 @@ sctp_close(struct socket *so) goto sctp_must_try_again; } } +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return; } @@ -1125,9 +1141,18 @@ sctp_sendm(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, * definitions) but this is not advisable. This code is used * by FreeBSD when sending a file with sendfile() though. */ +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif int ret; +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif ret = sctp_output(inp, inp->pkt, addr, inp->control, p, flags); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif inp->pkt = NULL; inp->control = NULL; return (ret); @@ -1155,6 +1180,9 @@ sctp_disconnect(struct socket *so) SCTP_INP_RUNLOCK(inp); return (0); } else { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif struct sctp_association *asoc; struct sctp_tcb *stcb; @@ -1172,6 +1200,9 @@ sctp_disconnect(struct socket *so) SCTP_INP_RUNLOCK(inp); return (0); } +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif #if defined(__Userspace__) if (((so->so_options & SCTP_SO_LINGER) && (so->so_linger == 0)) || @@ -1197,6 +1228,9 @@ sctp_disconnect(struct socket *so) (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_USRREQ + SCTP_LOC_3); /* No unlock tcb assoc is gone */ +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return (0); } if (TAILQ_EMPTY(&asoc->send_queue) && @@ -1269,12 +1303,18 @@ sctp_disconnect(struct socket *so) SCTP_INP_RUNLOCK(inp); (void)sctp_free_assoc(inp, stcb, SCTP_NORMAL_PROC, SCTP_FROM_SCTP_USRREQ + SCTP_LOC_5); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return (0); } else { sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED); } } soisdisconnecting(so); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif SCTP_TCB_UNLOCK(stcb); SCTP_INP_RUNLOCK(inp); return (0); @@ -1373,6 +1413,9 @@ sctp_shutdown(struct socket *so) * a SHUT_WR or SHUT_RDWR. * This means we put the shutdown flag against it. */ +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif struct sctp_tcb *stcb; struct sctp_association *asoc; struct sctp_nets *netp; @@ -1411,6 +1454,9 @@ sctp_shutdown(struct socket *so) SCTP_INP_RUNLOCK(inp); return (0); } +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif if (stcb->asoc.alternate) { netp = stcb->asoc.alternate; } else { @@ -1449,6 +1495,9 @@ sctp_shutdown(struct socket *so) SCTP_INP_RUNLOCK(inp); sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_LOCKED); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return (0); } } @@ -1457,6 +1506,9 @@ sctp_shutdown(struct socket *so) sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_CLOSING, SCTP_SO_LOCKED); SCTP_TCB_UNLOCK(stcb); SCTP_INP_RUNLOCK(inp); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return (0); } } @@ -7836,13 +7888,14 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize, int sctp_ctloutput(struct socket *so, struct sockopt *sopt) { - void *optval = NULL; - size_t optsize = 0; - void *p; - int error = 0; #if defined(__FreeBSD__) + struct epoch_tracker et; struct sctp_inpcb *inp; #endif + void *optval = NULL; + void *p; + size_t optsize = 0; + int error = 0; #if defined(__FreeBSD__) if ((sopt->sopt_level == SOL_SOCKET) && @@ -7895,7 +7948,13 @@ sctp_ctloutput(struct socket *so, struct sockopt *sopt) p = (void *)sopt->sopt_p; #endif if (sopt->sopt_dir == SOPT_SET) { +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif error = sctp_setopt(so, sopt->sopt_name, optval, optsize, p); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif } else if (sopt->sopt_dir == SOPT_GET) { error = sctp_getopt(so, sopt->sopt_name, optval, &optsize, p); } else { @@ -7940,6 +7999,9 @@ sctp_connect(struct socket *so, struct mbuf *nam, struct proc *p) #endif #endif +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif #ifdef SCTP_MVRF int i, fnd = 0; #endif @@ -7961,7 +8023,7 @@ sctp_connect(struct socket *so, struct mbuf *nam, struct proc *p) } #if defined(__Userspace__) - /* TODO __Userspace__ falls into this code for IPv6 stuff at the moment... */ + /* TODO __Userspace__ falls into this code for IPv6 stuff at the moment... */ #endif #if !defined(__Windows__) && !defined(__Userspace_os_Linux) && !defined(__Userspace_os_Windows) switch (addr->sa_family) { @@ -8017,7 +8079,9 @@ sctp_connect(struct socket *so, struct mbuf *nam, struct proc *p) SCTP_INP_INCR_REF(inp); SCTP_ASOC_CREATE_LOCK(inp); create_lock_on = 1; - +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif if ((inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) || (inp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE)) { @@ -8122,10 +8186,12 @@ sctp_connect(struct socket *so, struct mbuf *nam, struct proc *p) sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); SCTP_TCB_UNLOCK(stcb); out_now: +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif if (create_lock_on) { SCTP_ASOC_CREATE_UNLOCK(inp); } - SCTP_INP_DECR_REF(inp); return (error); } diff --git a/usrsctplib/netinet/sctputil.c b/usrsctplib/netinet/sctputil.c index a074a84bf..0f9b1b2ce 100755 --- a/usrsctplib/netinet/sctputil.c +++ b/usrsctplib/netinet/sctputil.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet/sctputil.c 357775 2020-02-11 20:02:20Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctputil.c 358083 2020-02-18 21:25:17Z tuexen $"); #endif #include @@ -1419,11 +1419,17 @@ sctp_expand_mapping_array(struct sctp_association *asoc, uint32_t needed) static void sctp_iterator_work(struct sctp_iterator *it) { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif + struct sctp_inpcb *tinp; int iteration_count = 0; int inp_skip = 0; int first_in = 1; - struct sctp_inpcb *tinp; +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif SCTP_INP_INFO_RLOCK(); SCTP_ITERATOR_LOCK(); sctp_it_ctl.cur_it = it; @@ -1441,6 +1447,9 @@ sctp_iterator_work(struct sctp_iterator *it) (*it->function_atend) (it->pointer, it->val); } SCTP_FREE(it, SCTP_M_ITER); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return; } select_a_new_ep: @@ -1661,6 +1670,9 @@ sctp_handle_addr_wq(void) void sctp_timeout_handler(void *t) { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif struct sctp_inpcb *inp; struct sctp_tcb *stcb; struct sctp_nets *net; @@ -1795,6 +1807,9 @@ sctp_timeout_handler(void *t) /* record in stopped what t-o occurred */ tmr->stopped_from = type; +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif /* mark as being serviced now */ if (SCTP_OS_TIMER_PENDING(&tmr->timer)) { /* @@ -1998,7 +2013,6 @@ sctp_timeout_handler(void *t) sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); /* no need to unlock on tcb its gone */ goto out_decr; - case SCTP_TIMER_TYPE_STRRESET: if ((stcb == NULL) || (inp == NULL)) { break; @@ -2031,7 +2045,6 @@ sctp_timeout_handler(void *t) sctp_delete_prim_timer(inp, stcb, net); SCTP_STAT_INCR(sctps_timodelprim); break; - case SCTP_TIMER_TYPE_AUTOCLOSE: if ((stcb == NULL) || (inp == NULL)) { break; @@ -2138,8 +2151,11 @@ sctp_timeout_handler(void *t) out_no_decr: SCTPDBG(SCTP_DEBUG_TIMER1, "Timer now complete (type = %d)\n", type); -#if defined(__FreeBSD__) && __FreeBSD_version >= 801000 +#if defined(__FreeBSD__) +#if __FreeBSD_version >= 801000 CURVNET_RESTORE(); +#endif + NET_EPOCH_EXIT(et); #endif } @@ -5621,6 +5637,9 @@ sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, uint32_t rwnd_req) { /* User pulled some data, do we need a rwnd update? */ +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif int r_unlocked = 0; uint32_t dif, rwnd; struct socket *so = NULL; @@ -5631,7 +5650,7 @@ sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, atomic_add_int(&stcb->asoc.refcnt, 1); if ((SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_ACK_SENT) || - (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { + (stcb->asoc.state & (SCTP_STATE_ABOUT_TO_BE_FREED | SCTP_STATE_SHUTDOWN_RECEIVED))) { /* Pre-check If we are freeing no update */ goto no_lock; } @@ -5676,11 +5695,17 @@ sctp_user_rcvd(struct sctp_tcb *stcb, uint32_t *freed_so_far, int hold_rlock, goto out; } SCTP_STAT_INCR(sctps_wu_sacks_sent); +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_send_sack(stcb, SCTP_SO_LOCKED); sctp_chunk_output(stcb->sctp_ep, stcb, SCTP_OUTPUT_FROM_USR_RCVD, SCTP_SO_LOCKED); /* make sure no timer is running */ +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif sctp_timer_stop(SCTP_TIMER_TYPE_RECV, stcb->sctp_ep, stcb, NULL, SCTP_FROM_SCTPUTIL + SCTP_LOC_6); SCTP_TCB_UNLOCK(stcb); diff --git a/usrsctplib/netinet6/sctp6_usrreq.c b/usrsctplib/netinet6/sctp6_usrreq.c index 23b1813e7..91cbfac38 100644 --- a/usrsctplib/netinet6/sctp6_usrreq.c +++ b/usrsctplib/netinet6/sctp6_usrreq.c @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet6/sctp6_usrreq.c 355264 2019-12-01 16:14:44Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet6/sctp6_usrreq.c 358083 2020-02-18 21:25:17Z tuexen $"); #endif #include @@ -710,6 +710,9 @@ static int #endif sctp6_abort(struct socket *so) { +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif struct sctp_inpcb *inp; uint32_t flags; @@ -722,6 +725,9 @@ sctp6_abort(struct socket *so) return (EINVAL); #endif } +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_must_try_again: flags = inp->sctp_flags; #ifdef SCTP_LOG_CLOSING @@ -754,6 +760,7 @@ sctp6_abort(struct socket *so) } } #if (defined(__FreeBSD__) && __FreeBSD_version > 690000) || defined(__Windows__) + NET_EPOCH_EXIT(et); return; #else return (0); @@ -1134,9 +1141,18 @@ sctp6_send(struct socket *so, int flags, struct mbuf *m, struct mbuf *nam, * optionaly switch back to this code (by changing back the * defininitions but this is not advisable. */ +#if defined(__FreeBSD__) + struct epoch_tracker et; +#endif int ret; +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif ret = sctp_output(inp, inp->pkt, addr, inp->control, p, flags); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif inp->pkt = NULL; inp->control = NULL; return (ret); @@ -1172,6 +1188,9 @@ static int sctp6_connect(struct socket *so, struct mbuf *nam, struct proc *p) { struct sockaddr *addr = mtod(nam, struct sockaddr *); +#endif +#if defined(__FreeBSD__) + struct epoch_tracker et; #endif uint32_t vrf_id; int error = 0; @@ -1313,8 +1332,14 @@ sctp6_connect(struct socket *so, struct mbuf *nam, struct proc *p) } SCTP_SET_STATE(stcb, SCTP_STATE_COOKIE_WAIT); (void)SCTP_GETTIME_TIMEVAL(&stcb->asoc.time_entered); +#if defined(__FreeBSD__) + NET_EPOCH_ENTER(et); +#endif sctp_send_initiate(inp, stcb, SCTP_SO_LOCKED); SCTP_TCB_UNLOCK(stcb); +#if defined(__FreeBSD__) + NET_EPOCH_EXIT(et); +#endif return (error); } From a3d91ccb1d0a15364444ea36edfc0c0966457768 Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 20 Feb 2020 16:42:28 +0100 Subject: [PATCH 5/8] Remove unused timer type. --- usrsctplib/netinet/sctp_constants.h | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/usrsctplib/netinet/sctp_constants.h b/usrsctplib/netinet/sctp_constants.h index 9a9dd6b1d..fbbe73b54 100755 --- a/usrsctplib/netinet/sctp_constants.h +++ b/usrsctplib/netinet/sctp_constants.h @@ -34,7 +34,7 @@ #ifdef __FreeBSD__ #include -__FBSDID("$FreeBSD: head/sys/netinet/sctp_constants.h 357500 2020-02-04 12:34:16Z tuexen $"); +__FBSDID("$FreeBSD: head/sys/netinet/sctp_constants.h 358169 2020-02-20 15:37:44Z tuexen $"); #endif #ifndef _NETINET_SCTP_CONSTANTS_H_ @@ -551,14 +551,13 @@ extern void getwintimeofday(struct timeval *tv); #define SCTP_TIMER_TYPE_ASCONF 10 #define SCTP_TIMER_TYPE_SHUTDOWNGUARD 11 #define SCTP_TIMER_TYPE_AUTOCLOSE 12 -#define SCTP_TIMER_TYPE_EVENTWAKE 13 -#define SCTP_TIMER_TYPE_STRRESET 14 -#define SCTP_TIMER_TYPE_INPKILL 15 -#define SCTP_TIMER_TYPE_ASOCKILL 16 -#define SCTP_TIMER_TYPE_ADDR_WQ 17 -#define SCTP_TIMER_TYPE_PRIM_DELETED 18 +#define SCTP_TIMER_TYPE_STRRESET 13 +#define SCTP_TIMER_TYPE_INPKILL 14 +#define SCTP_TIMER_TYPE_ASOCKILL 15 +#define SCTP_TIMER_TYPE_ADDR_WQ 16 +#define SCTP_TIMER_TYPE_PRIM_DELETED 17 /* add new timers here - and increment LAST */ -#define SCTP_TIMER_TYPE_LAST 19 +#define SCTP_TIMER_TYPE_LAST 18 #define SCTP_IS_TIMER_TYPE_VALID(t) (((t) > SCTP_TIMER_TYPE_NONE) && \ ((t) < SCTP_TIMER_TYPE_LAST)) From c5abb7a4e65449e32c33fa7703a7bc234bdffb82 Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 20 Feb 2020 20:06:03 +0100 Subject: [PATCH 6/8] Start a timer thread even if no threads should be started. --- usrsctplib/netinet/sctp_pcb.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/usrsctplib/netinet/sctp_pcb.c b/usrsctplib/netinet/sctp_pcb.c index c40db406a..016aa603d 100755 --- a/usrsctplib/netinet/sctp_pcb.c +++ b/usrsctplib/netinet/sctp_pcb.c @@ -6782,13 +6782,7 @@ sctp_pcb_init(void) (void)pthread_cond_init(&sctp_it_ctl.iterator_wakeup, NULL); #endif #endif -#if defined(__Userspace__) - if (start_threads) { - sctp_startup_iterator(); - } -#else sctp_startup_iterator(); -#endif #if defined(__FreeBSD__) && defined(SCTP_MCORE_INPUT) && defined(SMP) sctp_startup_mcore_threads(); From 6036f341bfc8a3a2ee768f8bdf4fd26be1ed1ce2 Mon Sep 17 00:00:00 2001 From: Felix Weinrank Date: Thu, 12 Mar 2020 18:24:50 +0100 Subject: [PATCH 7/8] Sync fuzzing changes back to master (#440) --- CMakeLists.txt | 3 +- fuzzer/CORPUS_CONNECT/addip-000000 | Bin 0 -> 45 bytes fuzzer/CORPUS_CONNECT/addip-000001 | Bin 0 -> 45 bytes fuzzer/CORPUS_CONNECT/addip-000002 | Bin 0 -> 73 bytes fuzzer/CORPUS_CONNECT/addip-000003 | Bin 0 -> 73 bytes fuzzer/CORPUS_CONNECT/addip-000004 | Bin 0 -> 49 bytes fuzzer/CORPUS_CONNECT/addip-000005 | Bin 0 -> 45 bytes fuzzer/CORPUS_CONNECT/addip-000006 | Bin 0 -> 49 bytes fuzzer/CORPUS_CONNECT/addip-000007 | Bin 0 -> 45 bytes fuzzer/CORPUS_CONNECT/addip-000008 | Bin 0 -> 73 bytes fuzzer/CORPUS_CONNECT/addip-000009 | Bin 0 -> 73 bytes fuzzer/CORPUS_CONNECT/addip-000010 | Bin 0 -> 49 bytes fuzzer/CORPUS_CONNECT/addip-000011 | Bin 0 -> 49 bytes fuzzer/CORPUS_CONNECT/dummy-01 | Bin 0 -> 73 bytes fuzzer/CORPUS_CONNECT/rtcweb-000000 | Bin 101 -> 101 bytes fuzzer/CORPUS_CONNECT/rtcweb-000001 | Bin 421 -> 421 bytes fuzzer/CORPUS_CONNECT/rtcweb-000002 | Bin 329 -> 329 bytes fuzzer/CORPUS_CONNECT/rtcweb-000003 | Bin 5 -> 15 bytes fuzzer/CORPUS_CONNECT/rtcweb-000004 | Bin 25 -> 25 bytes fuzzer/CORPUS_CONNECT/rtcweb-000005 | Bin 17 -> 17 bytes fuzzer/CORPUS_CONNECT/rtcweb-000006 | Bin 25 -> 25 bytes fuzzer/CORPUS_CONNECT/rtcweb-000007 | Bin 17 -> 17 bytes fuzzer/CORPUS_CONNECT/rtcweb-000008 | Bin 21 -> 21 bytes fuzzer/CORPUS_CONNECT/rtcweb-000009 | Bin 17 -> 17 bytes fuzzer/CORPUS_CONNECT/rtcweb-000010 | Bin 33 -> 33 bytes fuzzer/CORPUS_CONNECT/rtcweb-000011 | Bin 17 -> 17 bytes fuzzer/CORPUS_CONNECT/rtcweb-000012 | Bin 25 -> 25 bytes fuzzer/CORPUS_CONNECT/rtcweb-000013 | Bin 17 -> 17 bytes fuzzer/CORPUS_CONNECT/rtcweb-000014 | Bin 25 -> 25 bytes fuzzer/CORPUS_CONNECT/rtcweb-000015 | Bin 17 -> 17 bytes fuzzer/CORPUS_CONNECT/rtcweb-000016 | Bin 25 -> 9 bytes fuzzer/CORPUS_CONNECT/rtcweb-000017 | Bin 41 -> 15 bytes fuzzer/CORPUS_CONNECT/rtcweb-000018 | Bin 37 -> 5 bytes fuzzer/CORPUS_CONNECT/rtcweb-000019 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000020 | Bin 33 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000021 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000022 | Bin 25 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000023 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000024 | Bin 25 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000025 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000026 | Bin 15 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000027 | Bin 5 -> 0 bytes fuzzer/CORPUS_CONNECT/rtcweb-000028 | Bin 15 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000000 | Bin 129 -> 109 bytes fuzzer/CORPUS_CONNECT/tsctp-000001 | Bin 505 -> 429 bytes fuzzer/CORPUS_CONNECT/tsctp-000002 | Bin 385 -> 337 bytes fuzzer/CORPUS_CONNECT/tsctp-000004 | Bin 45 -> 217 bytes fuzzer/CORPUS_CONNECT/tsctp-000005 | Bin 45 -> 217 bytes fuzzer/CORPUS_CONNECT/tsctp-000006 | Bin 45 -> 17 bytes fuzzer/CORPUS_CONNECT/tsctp-000007 | Bin 1041 -> 17 bytes fuzzer/CORPUS_CONNECT/tsctp-000008 | Bin 1041 -> 9 bytes fuzzer/CORPUS_CONNECT/tsctp-000009 | Bin 1041 -> 15 bytes fuzzer/CORPUS_CONNECT/tsctp-000010 | Bin 1041 -> 5 bytes fuzzer/CORPUS_CONNECT/tsctp-000011 | Bin 1041 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000012 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000013 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000014 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000015 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000016 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000017 | Bin 9 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000020 | Bin 137 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000021 | Bin 529 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000022 | Bin 401 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000024 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000025 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000026 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000027 | Bin 1145 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000028 | Bin 1361 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000029 | Bin 929 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000030 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000031 | Bin 1361 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000032 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000033 | Bin 929 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000034 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000035 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000036 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000037 | Bin 9 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000038 | Bin 15 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000039 | Bin 5 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000040 | Bin 137 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000041 | Bin 529 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000042 | Bin 401 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000043 | Bin 15 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000044 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000045 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000046 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000047 | Bin 1205 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000048 | Bin 1381 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000049 | Bin 45 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000050 | Bin 1029 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000051 | Bin 1205 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000052 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000053 | Bin 1205 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000054 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000055 | Bin 17 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000056 | Bin 9 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000057 | Bin 15 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-000058 | Bin 5 -> 0 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000000 | Bin 0 -> 109 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000001 | Bin 0 -> 429 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000002 | Bin 0 -> 337 bytes .../{tsctp-000023 => tsctp-i-data-000003} | Bin fuzzer/CORPUS_CONNECT/tsctp-i-data-000004 | Bin 0 -> 221 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000005 | Bin 0 -> 221 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000006 | Bin 0 -> 17 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000007 | Bin 0 -> 17 bytes fuzzer/CORPUS_CONNECT/tsctp-i-data-000008 | Bin 0 -> 9 bytes .../{tsctp-000018 => tsctp-i-data-000009} | Bin .../{tsctp-000019 => tsctp-i-data-000010} | Bin fuzzer/build-fuzzer.sh | 4 +- fuzzer/check-input.sh | 2 +- fuzzer/crashtest.py | 1 - fuzzer/fuzzer_connect.c | 222 ++++++++---------- fuzzer/fuzzer_connect_multi.sh | 4 +- programs/programs_helper.c | 16 +- usrsctplib/CMakeLists.txt | 12 +- usrsctplib/netinet/sctp_auth.c | 12 +- 117 files changed, 133 insertions(+), 143 deletions(-) create mode 100644 fuzzer/CORPUS_CONNECT/addip-000000 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000001 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000002 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000003 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000004 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000005 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000006 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000007 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000008 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000009 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000010 create mode 100644 fuzzer/CORPUS_CONNECT/addip-000011 create mode 100644 fuzzer/CORPUS_CONNECT/dummy-01 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000019 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000020 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000021 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000022 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000023 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000024 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000025 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000026 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000027 delete mode 100644 fuzzer/CORPUS_CONNECT/rtcweb-000028 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000011 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000012 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000013 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000014 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000015 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000016 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000017 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000020 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000021 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000022 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000024 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000025 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000026 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000027 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000028 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000029 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000030 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000031 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000032 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000033 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000034 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000035 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000036 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000037 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000038 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000039 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000040 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000041 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000042 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000043 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000044 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000045 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000046 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000047 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000048 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000049 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000050 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000051 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000052 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000053 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000054 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000055 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000056 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000057 delete mode 100644 fuzzer/CORPUS_CONNECT/tsctp-000058 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000000 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000001 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000002 rename fuzzer/CORPUS_CONNECT/{tsctp-000023 => tsctp-i-data-000003} (100%) create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000004 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000005 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000006 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000007 create mode 100644 fuzzer/CORPUS_CONNECT/tsctp-i-data-000008 rename fuzzer/CORPUS_CONNECT/{tsctp-000018 => tsctp-i-data-000009} (100%) rename fuzzer/CORPUS_CONNECT/{tsctp-000019 => tsctp-i-data-000010} (100%) diff --git a/CMakeLists.txt b/CMakeLists.txt index ba3b594ee..37270d1d3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -259,8 +259,9 @@ elseif (CMAKE_C_COMPILER_ID MATCHES "Clang" OR CMAKE_C_COMPILER_ID MATCHES "Appl endif () if (sctp_build_fuzzer) + set(CMAKE_BUILD_TYPE "DEBUG") add_definitions(-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O1 -fsanitize=fuzzer-no-link") endif () endif () diff --git a/fuzzer/CORPUS_CONNECT/addip-000000 b/fuzzer/CORPUS_CONNECT/addip-000000 new file mode 100644 index 0000000000000000000000000000000000000000..e3c24629947093f7c33ad462206ba0e8512677f3 GIT binary patch literal 45 rcmZQzVPMc literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/addip-000002 b/fuzzer/CORPUS_CONNECT/addip-000002 new file mode 100644 index 0000000000000000000000000000000000000000..d151a570399f2ba0304300b40a55d7aae883fc0c GIT binary patch literal 73 zcmZSJXJF7^U|?W2uv{f}-Eam!EAK6(S0R>SVJ|qD;;Tg~WG~xau-v0C;~)crLIIye a90Mx@$CZxDLHv3~Mn(X*zY*2| literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/addip-000003 b/fuzzer/CORPUS_CONNECT/addip-000003 new file mode 100644 index 0000000000000000000000000000000000000000..943b3e39b5756f63fee98479cbbf0b2670e7e203 GIT binary patch literal 73 zcmZSJXJF7^U|?W&<5%aq|DsaNWN%KEKY!5W&Fm}AteG`;?q1~;)5=pO%s9xvpzw9o bmXi#u3>;TZRt6tnWDsBkY6S7?85tP?dTtj8 literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/addip-000004 b/fuzzer/CORPUS_CONNECT/addip-000004 new file mode 100644 index 0000000000000000000000000000000000000000..1d05d6fdb695e6350d31d5a2f663294de837573c GIT binary patch literal 49 zcmV-10M7pa4*&ot00003qtDSE#VLu{)zTSn4ry%Y=Jp&Iuwm2F^Y`@Hxz$!vfB*mp Ha1JlKcKQdOvOUXA)pwsAptkWIzG{0bL17 literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/addip-000006 b/fuzzer/CORPUS_CONNECT/addip-000006 new file mode 100644 index 0000000000000000000000000000000000000000..5152f0ac591c31175f890100105c68410dcfa2b5 GIT binary patch literal 49 zcmV-10M7pa4*&ot00003nV}PDnf5`cGcP%dF0%dDKYe=)#Yq61t7T@5i}_L4Xmc5yl4qjmH$i literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/addip-000009 b/fuzzer/CORPUS_CONNECT/addip-000009 new file mode 100644 index 0000000000000000000000000000000000000000..32871149e8ec5f6fc5c10f754f055203df964d73 GIT binary patch literal 73 zcmZSJXJF7^U|?YW@ZIjNic9%M{r``q^R^$F|C8gvSFLj#M-J4@{0jEo1E7z7xB8ex0@=^qy} literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/addip-000010 b/fuzzer/CORPUS_CONNECT/addip-000010 new file mode 100644 index 0000000000000000000000000000000000000000..3fe2c7424ecd8650f9c08888b867301fd2625303 GIT binary patch literal 49 zcmV-10M7pa4*&ot00003F$d=A?X#@@cQ&1rxVdheQj-&L8)lc5#MyR^-|j!9fB*mp Ha1JpEuADhx)1_f~gwZDXN20=#Z(`wpRSz;SDE!<$ b*@l6Yf#b@_%HRWx3<8WmjUawKBO@aK+Rzuz literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000000 b/fuzzer/CORPUS_CONNECT/rtcweb-000000 index fd2da797fc8ab5f0c88ad5ccb4063aafb945a984..396919d0622126b66fdf8cf42550ef6c893c2b2c 100644 GIT binary patch delta 83 zcmYdI^<`jWU`W!t{;M0cTYPyM7#LU%0C58c1Lpz$gAGj#3=9oS3@T~P n@?X5qCeFUaTr4A$?K$i|(N_Whg^?Y@ delta 83 zcmYdI^<`jWU`Wz1I?lo%Q+S+#_5XkW)h}Zj7#LU%0C58c1Lpz$gAGj#3=9oS3@S@X no7Pom*sT`fj4WwQL%QnSc#Rbt}4^B-e5K&nf-@wAa!NAPG*uc!d)^HH0iJj5I+tJrm z*D2UV!BEc-D8e9HpAMoJ;^mmYbiykz1t$8QUe^P;<;uy*V1y_G11pdN6bnKZ1My$o z6z*U|k^r)k^sYbcgZbxii!VhOxbIk+`u9cgV!nfqeJuZ405LuY0 owdb%qhJSb%*g%eb%7 literal 421 zcmZQzVqjeInd!j>2ARU+46OhEi%z{{+Q7iTasY@MI2bq&@E>ewVqjosU}8`yX7-!$ z;oi-sbssamYdV#yjwmL6Hd$tJIAw{Zztff{Rt+o+91P41j19~TYz+s2n%EgVyd8aA zb)AA;6b$tYfg%jNHnAXz;pS;}FrDxUOo0iO<3<`Fw_G_{8H^BRU|@Z>!X1nVDFz@rN$>j8 zJ_eb>;|#3-|37Z=<(c?aLLtpr{)_k7#M!r)YbIE5t=yy(z9mQQanaL&$ihUeJ%`;V z9+VLPnF-UEQrFt8<-i`8V)irsIC*L-q;b4HE}n;|C=B44fmbMvj+ftF-U&^ delta 211 zcmX@fbdqU;s0y!5ECUGKJk1WK6JCKSFu`)%NaHipgAEfcbyRjA7w%w0NHGA}Ng77S zSr}vrk2A3T|L?#0Wz5945(-O7o7Pom*sT`fj4Wwt;J1OOuO0*e3u diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000009 b/fuzzer/CORPUS_CONNECT/rtcweb-000009 index 5b06d525544bbd68fc1c67bc959a66ae2d8f6c2c..a16bf61e8bef6d14b338a046005a3f1e5ebf4144 100644 GIT binary patch literal 17 WcmZQzW?&F_+~Uj2AX9jp0SEvbB?Bn{ literal 17 XcmZQzW?&HTU;Q$cL8kCH0}ucJAIbx$ diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000010 b/fuzzer/CORPUS_CONNECT/rtcweb-000010 index 31c5831136689d089037cad11e0eccd94b5a6cc5..0c77ccbfc556c29bfac75663d335812f5c05e47a 100644 GIT binary patch literal 33 lcmZQzU}unf+~Ui}z{mgs#vX||Ir$3C8Hss$sX2-a3;<@~2L=ED literal 33 ocmZQzU}li>U;Q$UfsuiUfq}u;t+c8tGcR37p)xhGSdoDN0CgV+r2qf` diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000011 b/fuzzer/CORPUS_CONNECT/rtcweb-000011 index d43bd7ddbcfd23865d72bf4d543ba0fcce4f7f70..a29822bcd2b9d13eda160b9eccacd5f5fe355a3c 100644 GIT binary patch literal 17 WcmZQzW?&F_+~Ui}AX9jp0SEvbE(0n6 literal 17 XcmZQzW?&HTU;Q$UL8kCH0}ucJAJYS= diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000012 b/fuzzer/CORPUS_CONNECT/rtcweb-000012 index adea816bb7703475eb8815887ca0ed2920c993b7..588a6849616adcd5afcfb22307f38f92468cf908 100644 GIT binary patch literal 25 fcmZQ*Vqg$s;AIec+~UiVQrDes;7xW$(TL^CilFaQ8e83uCz literal 25 ecmZQ*Vqg$s;AIdJoqEaCfAz~45Y52IzyJVBjs{u) diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000015 b/fuzzer/CORPUS_CONNECT/rtcweb-000015 index 3fedd69ae215c531f903bdbb33036878c536ce4b..913ffa2b0609a6d14e3757ff5891a25c5556c0af 100644 GIT binary patch literal 17 WcmZQ*Vqg#eLY|cJ-l+@>42%F4wgRmH literal 17 WcmZQ*Vqg#eLLSknmrNNL7#IN*&H`Zo diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000016 b/fuzzer/CORPUS_CONNECT/rtcweb-000016 index dcb85000cdce6b53f794d5bd8ed2dfa6e70b729c..d5dfc52ede7f940005fced677787915f847ef24c 100644 GIT binary patch literal 9 QcmZQzXJFt+Des*M00j*K4FCWD literal 25 bcmZQzU}li;U;Q$kfsp|Oj2KveEFc>IE!hH> diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000017 b/fuzzer/CORPUS_CONNECT/rtcweb-000017 index 5c32e8fd553c5bc86119feb11b88c911aa3f1d37..634f886604efc805206886f0caa72521d2b1266c 100644 GIT binary patch literal 15 OcmZSJU|?WjfCB&ks{joE literal 41 mcmZQzW?&HTU;Q$kL8kCH0|+oPh>1?UWX8Y<<{5!0AOQfH$OWnZ diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000018 b/fuzzer/CORPUS_CONNECT/rtcweb-000018 index cad34eb596975bf704912fb1548a6d6199849ccf..9f51d75c3e753b58db25b76bd0ee98574af7beeb 100644 GIT binary patch literal 5 McmZSJV_;wb002P%6951J literal 37 ncmZQzW?&EyoqEZPL8kCH0|+oP2>P#nnZUpZgbWNuOh5tvdgcYE diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000019 b/fuzzer/CORPUS_CONNECT/rtcweb-000019 deleted file mode 100644 index 47925c52910bc01a96098ff75893f051197226c1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 XcmZQzW?&HTU;Q$HL8kCH0}ucJALRq9 diff --git a/fuzzer/CORPUS_CONNECT/rtcweb-000020 b/fuzzer/CORPUS_CONNECT/rtcweb-000020 deleted file mode 100644 index c01b3cb230950afd93f7c003c095a2c479e4caa8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33 kcmZQzU}uo^U;Q$Xfsp|Oj6D)_a`F}2N~@|;ixhzZ0CLX);3ieLUwUN1UuA=Wdf8N8%XGA+cKTb$r@V9{lsGpgEv4NR^t>GY0 M6AuF$11kdq01M_L+5i9m delta 113 zcmd08WE5p!WMF78)w{BTL8kCH1LObyM`pkMIZ;+3nw3v=9a1dn>1d4({ MGf#FM%?4n?(X9yHwSW}q}q8LuiVgl0%ufP;?oPF4mZL>U-ZfgGS%5V{zM zzxj@ECnJ&skexMs!Z}r#e*$kFpMQW2=q?8KBMk_DaUKA93#bp|uSrQB*>B$Ok15zY zIoC$!%DIZZ@BDcWC!Z1R{QNi}eZgN0fAKJ|fgDB4uxqi1Jv3#y)62{0dj#g!RK87G HdGQheag2l_ literal 505 zcmZQzVqpBSjsMXx2ARU+42=K(*H!KO-@w4YasY@MI2bq&@E>ewVqjosU}8{N+5adj zuxXVa%T~M6wxlrO@2YB&pB5Th*XjI;>vHBl*TBNS!NAPG*uc!d)^HH0iH$)-i|N<` z2T=w=AP)qZ7+4uNuAHn4Vqj-%@OJcd)pZJXQ83gq1WB?O$ATyZHw#uUo$v}wfr%Yg z^h`nS1nLb&h%x|;V_*QAha?Em&A_l`fp8}yBSHemY%tZkvIFMVBeUQBY{22yH|KWU zS<}?G^TCwdOwB;Ss`*Acr@vrU=brQK_0`Ah7PT0DX)GQ`2o$v}wfeF=f6Q(a)BzE)4$;x1a zC<6m4kOLG8LKg$^H{TKNWJHnxva_a7IH$@WQ+S+#@&Et8o5$xLU}NB5U|>Jez`($A z0Einn7&s5`A8cr1U|?uqVo;fsE-40Jp%Jy&R#X$Tu3xqov84)r-W`n8Tl^qN+g~u5f|NlQS`|ZyLptT2pxPgO#^8o+B zh9;o$1||lTH|KWUS<}?G^TCwdOwB;Ss`*Acr@vrU=brQK_0`Ah7PSp53>*y1Ku<6; zur(Y6YT^O%SsB=XP(+LA*a8Pp20@@G2s8u5IY91aVqp9M@&nBNx~iT38*tdavj0(5 zVACo;maTTBZAoFm-&NHlKP@!2uG9Gw*X7KA4#R#-dz+y42L15wdUUgrk;`O#$%T)n L%5-1Nxn2YSc++PF diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000004 b/fuzzer/CORPUS_CONNECT/tsctp-000004 index 840eedf30e5e61a385f0deb6bbf4834a296d5cb5..0ae84fcd99c30d7b268e8b744df4ce4b9890322e 100644 GIT binary patch literal 217 XcmZQzU}m@xc=Pyt1_)4h93}t&;eR$; literal 45 wcmZQzVPMc|lIEXR`GC)8R0J{(fH~;_u diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000005 b/fuzzer/CORPUS_CONNECT/tsctp-000005 index e540d44eb18c8633e27ed44e6215f3206a20ed4e..0a15a24f27edafb0e3bde2ee1210074bf73526d8 100644 GIT binary patch literal 217 acmZQz;AXfHc=PxI1_lO3AXaxACIA5G)iz}S literal 45 wcmZQzVPMcF^**jwqRw55`OG7p(w&sMuvewi|N<`2T=w=1_)>d0H1OPQUCw| diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000006 b/fuzzer/CORPUS_CONNECT/tsctp-000006 index 00019dc491cb3f43f36de21e6a1fbbe3e4a0cf0b..d64c7244bc38df1848fc5780daf77efa80e4a4a9 100644 GIT binary patch literal 17 XcmZQzW?&Eqym@>+gG~N^1|R?cBjyAy literal 45 wcmZQzWnj=@U}Vr>F^**jwqRw55`OG7p(w&sMuvewi|N<`2T=w=1_)>d0H2-*Qvd(} diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000007 b/fuzzer/CORPUS_CONNECT/tsctp-000007 index c7f499d34e6ec4ad1ee455454ac8553583c13e5b..51feb52060e9e8ea622a8a59704690a5176e327e 100644 GIT binary patch literal 17 XcmZQzW?&Eqym@>9gG~N^1|R?cBku$+ literal 1041 ecmZQzU}h0GGW+dM1_)4h90j8xFd70QHUt3FlLwOk diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000008 b/fuzzer/CORPUS_CONNECT/tsctp-000008 index 94d5c0bd0024fe4b3d1db13497c8580ee40f4525..a39021531eb22f03ed70c9792c0c41106b53f409 100644 GIT binary patch literal 9 QcmZQzXJFuPNYmN?00W-^kN^Mx literal 1041 hcmZQzU}h0GGW+c>1_lO3AXaxA1*0J_8UiCW1OVKj2bBN- diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000009 b/fuzzer/CORPUS_CONNECT/tsctp-000009 index 4d49f378e3faa97698845c689f26c699bc343acc..634f886604efc805206886f0caa72521d2b1266c 100644 GIT binary patch literal 15 OcmZSJU|?WjfCB&ks{joE literal 1041 hcmZQzU}h0GGW+ds1_lNuAXaxA1*0J_8UiCW1OVi(2bTZ< diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000010 b/fuzzer/CORPUS_CONNECT/tsctp-000010 index 2829bb6aea87d49f086e394ee0d5e1d68a9752d4..9f51d75c3e753b58db25b76bd0ee98574af7beeb 100644 GIT binary patch literal 5 McmZSJV_;wb002P%6951J literal 1041 hcmZQz;ARmxGW+cx1_lOZAXaxA1*0J_8UiCW1ON?02cZA} diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000011 b/fuzzer/CORPUS_CONNECT/tsctp-000011 deleted file mode 100644 index a39993144b1947a8b42d06e9e32f6d8ebd24dc32..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1041 hcmZQz;ARmxGW+dc1_lNeAXaxA1*0J_8UiCW1OOFM2crN0 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000012 b/fuzzer/CORPUS_CONNECT/tsctp-000012 deleted file mode 100644 index c81a1768b4a4af5e75782515efc4327fe8207c8f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45 wcmZQzWnj=@U}Vs^XcWsJ=EuU&K8=${aLvXeGBOMdT1>|lIEXR`GC)8R0J}U0IRF3v diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000013 b/fuzzer/CORPUS_CONNECT/tsctp-000013 deleted file mode 100644 index 9457b75de69c5991afb9c7f6fde68abe4bc20806..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 XcmZQzW?&FFGW+dM2AQ1W3_t(?DjWo; diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000014 b/fuzzer/CORPUS_CONNECT/tsctp-000014 deleted file mode 100644 index 777f11b5a51ff3c3933efe3fd320228e3fab033c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 XcmZQzW?&FFGW+ds2ATBZ3_t(?Di8#v diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000015 b/fuzzer/CORPUS_CONNECT/tsctp-000015 deleted file mode 100644 index e749a26e054d0aa86edf076878e7c75003d1b56c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 XcmZQzW?&FFGW+cx2AQ1W3_t(?DmMhH diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000016 b/fuzzer/CORPUS_CONNECT/tsctp-000016 deleted file mode 100644 index ed8f9fc0a63ec59ab223aeb79f8eeebb2e4c0bcd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 XcmZQzW?&FFGW+dc2AQ1W3_t(?DnJCR diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000017 b/fuzzer/CORPUS_CONNECT/tsctp-000017 deleted file mode 100644 index 1b15ab1999b63355d27a40ba3cb877f314751b4a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9 QcmZQzXJFu{tJ?Vw00ut-zW@LL diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000020 b/fuzzer/CORPUS_CONNECT/tsctp-000020 deleted file mode 100644 index 69d60102b3da59cfd8291acd6b54e099cbe75c26..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 137 zcmZQzWMJqx^`NeYL8kCH1LOby=XfTrJix}l!N9KmIK+Rjp~-=v zfr&xo{zda<^hHQE70edes6~Q eJ$RtQ-gME@ucaT3IE%OD)|}$ykv%fy(k1{H4T=r` diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000022 b/fuzzer/CORPUS_CONNECT/tsctp-000022 deleted file mode 100644 index 22317e0ca159fc9a9f31c8fc5a4c7f162bbbd23c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 401 zcmZSJVql!$?da>O>lEywV5n!v00f4{u^@_JmJt`2PIv{Tz(h~ogHxt6(p#>atPDno zGBB_LIY6->bTJVB(L~`+Mn;4TklAtSL0u1nOyO|`#{d7%@l0HKfQ^BJfr0%<0|Nug z0U&PRVBkJ*i2q$ETaQ$jC4-XfYjI;2_E%$N&LN0P4{Rxc~qF diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000025 b/fuzzer/CORPUS_CONNECT/tsctp-000025 deleted file mode 100644 index 9afda34a7fd34b92f95a941541e6ef3cb87c1520..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45 wcmZQzVPMc&DMWyHmB&p_g`yV0y)GBOMdT1>|lIEXR`GC)8x0K&-#ssI20 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000026 b/fuzzer/CORPUS_CONNECT/tsctp-000026 deleted file mode 100644 index 85ddaf14b49649aa3e08a599ead653a0178e2463..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45 wcmZQzWnj=@U}VrRG>&DMWyHmB&p_g`yV0y)GBOMdT1>|lIEXR`GC)8x0K)YMs{jB1 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000027 b/fuzzer/CORPUS_CONNECT/tsctp-000027 deleted file mode 100644 index ce9027d9aa31d8fe58d80bcb17f10f3b7802f734..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1145 zcmZQ@U}Ly(j%VUZ1_V%d90tIF1?;a?2yZbk4g+sFLjAQG$zM#v$X{!a{KY(s{IwRz WUo6AIU#tucz;a_9lD}9<@fQGqEf(Ma diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000028 b/fuzzer/CORPUS_CONNECT/tsctp-000028 deleted file mode 100644 index be15835731725627900eb479edb188aaa663a05b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1361 zcmZQ@U}Ly(j%VU}1_)pTQtFPw064IK{j~wfUyQ@RTaHkFZA9`H(=hVaCM16`4$ETaQ$jC4-XfYjI;2_E%$N&LN0P6h-x&QzG diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000031 b/fuzzer/CORPUS_CONNECT/tsctp-000031 deleted file mode 100644 index bb605880b38d74716c1f6a715a856a5ce1a5e7f7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1361 zcmZQ@;A6OPj%VU-1_)pVQtFPw066e~{j~?lUyQ@RTaHkF?M3nz(=hVaJ|urJ4r8jS+B diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000036 b/fuzzer/CORPUS_CONNECT/tsctp-000036 deleted file mode 100644 index cdd9e2b5c30e024ce796095f6cc13f7099a1490e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 XcmZQzW?&FF$20L5gG}&o1|R?c9(DtJ diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000037 b/fuzzer/CORPUS_CONNECT/tsctp-000037 deleted file mode 100644 index e9db8bb4e789e17abde44c4f0d919b23b8fb2559..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9 QcmZQzXJFt6tzXOn00e{qivR!s diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000038 b/fuzzer/CORPUS_CONNECT/tsctp-000038 deleted file mode 100644 index 634f886604efc805206886f0caa72521d2b1266c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15 OcmZSJU|?WjfCB&ks{joE diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000039 b/fuzzer/CORPUS_CONNECT/tsctp-000039 deleted file mode 100644 index 9f51d75c3e753b58db25b76bd0ee98574af7beeb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5 McmZSJV_;wb002P%6951J diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000040 b/fuzzer/CORPUS_CONNECT/tsctp-000040 deleted file mode 100644 index 2e9f0c11aed33b3d140f4a157304739e5085e39f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 137 zcmZQzWMJrs^?ml7L8kCH1LOby2gF!y4zMwBFfgzmX<%SrIRL~B91PqC4)GssXmVg^ zU}8}D%DsaB)rPlO@t;&*C$lf$zj5m?w^@CoPM81DgAFs)1RGd@`k5IR8<-i`85#~U hFz^8RtPE^GD5Ax5Y=MI)gCGM0Gy}ysuAHn41^|>vCW`<7 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000041 b/fuzzer/CORPUS_CONNECT/tsctp-000041 deleted file mode 100644 index 25d1d45bf99c9c50aafffa08d9743577e449d759..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 529 zcmZQzVqg;Z7KmIK+Rjp~-=v zfr&w7#fkNW+sofOAL`wrw#Hj9Xt9gY=EKhgcvwE|ox0W4B)5SDsGpgEv4NR^ouT0% z0|Og_h!)ea1rDMNf(#JQ#K6kHaph!X5Cc2o1aC)QS6!!I7X?E-Ly)wmaV%KXj#M5n zo$v}wfr;nOd}BfG1?mk(h%x|;V_*QAha?CR0|8?O;Z8O>lEywV5n!v00f@Ku^@_JM=B4PPIv{Tz{K-szOf(UPPSb+Ss9EF zWnf?ha)4q%=wcwgF@ta?BO^iv$n1#qefFF|rtmle?Yy@LPMhPPSqpHyEbvoGMkaqBO)S$(5Um;cd&4KvjQ z8(4t)nHd-xm>Jj^8V)ir@BsO&3~WFsqQ!J4x$W#3=q%+0LttLx&QzG diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000045 b/fuzzer/CORPUS_CONNECT/tsctp-000045 deleted file mode 100644 index 702654ceff42c25bf515a31e30ce30e3a68634b3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45 wcmZQzVPMc&E1k;=o+=eBvm9xIkpGBOMdT1>|lIEXR`GC)8x0L}9V>Hq)$ diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000046 b/fuzzer/CORPUS_CONNECT/tsctp-000046 deleted file mode 100644 index 768a67182c5622b409c7235e70afbfa2c95d5553..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45 wcmZQzWnj=@U}VtnG>&E1k;=o+=eBvm9xIkpGBOMdT1>|lIEXR`GC)8x0L~u>>i_@% diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000047 b/fuzzer/CORPUS_CONNECT/tsctp-000047 deleted file mode 100644 index 66de2ee5546d3b09825b9513104e8282b3d6a2b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1205 zcmZSJXJF7^U|?W&Y&auQ)A+!#p{vS0f@PlWR-ac~A4EFm&3$<8;yU@lEe>o98xDxE z+5pwUfV$%#1`aG>_u9f73#1tbv2z`v?zKa5FVhfkuRW4`nTLRT9gy71G6dY~h~!?@ ULG4~vh8$q|;DqE}Hd?tC01q7^hX4Qo diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000048 b/fuzzer/CORPUS_CONNECT/tsctp-000048 deleted file mode 100644 index 6d54d1a8837647a48c15000361c71975ff1cee83..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1381 zcmZSJXJF7^U|?Xjc`Z8EW4F@b8}?6RJ=w0=9$X;x`rA~UvcF}DuR0%?{&!$w*l<9M z)fuQ31Q>x>-Ej~D2Ntk4x$W#3=q%+0LvH%y8r+H diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000050 b/fuzzer/CORPUS_CONNECT/tsctp-000050 deleted file mode 100644 index 248cc34bc3ac1b3d2e1f4976230564ba54fff454..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1029 zcmZSJXJF7^U|?XrnX`V{y%w#YsImdIRunPYa#As8pO_Zgu2%k$-T@&z`cG*?qwMQ?)67fQ1G->tTv3xCCVTXEM5cS!4Om=~Y=WXA#hFAi)B8xDxE z1_ITB05cG)I}T#tzyfw}5ZJX4_c9J*=Q={&8;s;$rXk?o5G4094*~avBDt4k2)H*4 X$-S(D+P$m{Il%HE9Lc?Gv~n*1Srj8v diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000052 b/fuzzer/CORPUS_CONNECT/tsctp-000052 deleted file mode 100644 index df60fbebe106a292a4d9a73435651a863a5d4908..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17 WcmZQzW?&FFAjay%Ad_^Q0SEvTdIEL; diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000053 b/fuzzer/CORPUS_CONNECT/tsctp-000053 deleted file mode 100644 index 2463c07b4b0ae793cd5ece8af5235c07e5b81cc0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1205 zcmZSJXJF7^U|?YGlH}hMIjQ63W2x`V5)uw?Bf6`1@lRNMf59YX&W+m@_B-$~Y&ams z8Ua)b0xUqR?l_2n0}t4}kzm(C+{-wKo$Cm7ZxoVynTCLSqmkUpJOtbugXCV8A>iIv XB=@ooYWMOoGX8 N0|O5O8v`o?0{~g&C4m3{ literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-i-data-000001 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000001 new file mode 100644 index 0000000000000000000000000000000000000000..6cf7ae9f057eb142137a04462adc9bb342dcab57 GIT binary patch literal 429 zcmZQzVqjdeOe$2LL8kCH1LObyb0@vcYG7bsIRL~B91PqC4)GssXmVg^U}8|&FZgi( zr=Y()PH}I~DCzqjOS$vyg2u<=mz!-aa{c*oSiXUUfrEjWfw6&^fvw>n0|Ns)V}Q4# zudA+8u#1ABo*__#;Y?*Zh+^U-ZfgGS%5V{zM zA2Ln2lMzV*$j*A(oI4BVp9#T+Uk|VW-NnFuqydM&Ov|&H%Gd0y{n7HA$9?mHhRR2; ywyVB~Ja}>A^LOHJb{As!i-&;?=^%>1>kJ2&PIv{Tz{ITF=C{kFLiMkltPDno zGBB_LIY6->bTJS=WSVd%Ba#G=o%OakcNT+8;c*7W|Nkch8-6{&#sIX8{YV1?1Iqy* zZs1_xK5&TtU_+AwLjx0oifMUPQ~8>mwLe;(^SEzb&`|m4)ppevkq0kseEv@S&F;bm z7NCA+2F39{G uKbCUm+Xan}$1gYAT;%%m<*+=u9SR>0F^hUiT>Htlm-kC_!Q*8c<9z_c2V+zK literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000023 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000003 similarity index 100% rename from fuzzer/CORPUS_CONNECT/tsctp-000023 rename to fuzzer/CORPUS_CONNECT/tsctp-i-data-000003 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-i-data-000004 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000004 new file mode 100644 index 0000000000000000000000000000000000000000..dd6bd0d1195daed61126e5dcaea572e059fe10e5 GIT binary patch literal 221 XcmZQ@U}m^8A=vOM0|KZ!4if+XxLYq{0}ucJ9zp}B literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-i-data-000007 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000007 new file mode 100644 index 0000000000000000000000000000000000000000..997f527245f3fec23cdc0d051e7bf92bfee9a3d6 GIT binary patch literal 17 XcmZQzW?&GQ5N!C3K_>q{0}ucJ9!mqL literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-i-data-000008 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000008 new file mode 100644 index 0000000000000000000000000000000000000000..3cb69ad7d16c59908e854a43b86c5ac43905047b GIT binary patch literal 9 QcmZQzXJFu%JLzpE00!0ql>h($ literal 0 HcmV?d00001 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000018 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000009 similarity index 100% rename from fuzzer/CORPUS_CONNECT/tsctp-000018 rename to fuzzer/CORPUS_CONNECT/tsctp-i-data-000009 diff --git a/fuzzer/CORPUS_CONNECT/tsctp-000019 b/fuzzer/CORPUS_CONNECT/tsctp-i-data-000010 similarity index 100% rename from fuzzer/CORPUS_CONNECT/tsctp-000019 rename to fuzzer/CORPUS_CONNECT/tsctp-i-data-000010 diff --git a/fuzzer/build-fuzzer.sh b/fuzzer/build-fuzzer.sh index e6cb6bc71..8016ec49f 100755 --- a/fuzzer/build-fuzzer.sh +++ b/fuzzer/build-fuzzer.sh @@ -41,7 +41,7 @@ pwd find . -iwholename '*cmake*' -not -name CMakeLists.txt -delete # Build with ASAN / MSAN -cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_address=1 -DCMAKE_LINKER="$CC" -DCMAKE_C_COMPILER="$CC" -DCMAKE_BUILD_TYPE=Debug . -#cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_memory=1 -DCMAKE_LINKER="$CC" -DCMAKE_C_COMPILER="$CC" -DCMAKE_BUILD_TYPE=RelWithDebInfo . +cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_address=1 -DCMAKE_LINKER="$CC" -DCMAKE_C_COMPILER="$CC" . +#cmake -Dsctp_build_fuzzer=1 -Dsctp_build_programs=0 -Dsctp_invariants=1 -Dsctp_sanitizer_memory=1 -DCMAKE_LINKER="$CC" -DCMAKE_C_COMPILER="$CC" . make -j"$NPROC" diff --git a/fuzzer/check-input.sh b/fuzzer/check-input.sh index 31f117a0f..fbcbe2644 100755 --- a/fuzzer/check-input.sh +++ b/fuzzer/check-input.sh @@ -18,7 +18,7 @@ echo "########## Beginning Fuzzer Chain" echo "" set +e -./fuzzer_connect_multi_verbose -timeout=30 $1 > $1.log 2>&1 +./fuzzer_connect_multi_verbose -timeout=10 $1 > $1.log 2>&1 FUZZER_RETVAL=$? set -e diff --git a/fuzzer/crashtest.py b/fuzzer/crashtest.py index ce51e0af0..5338db091 100755 --- a/fuzzer/crashtest.py +++ b/fuzzer/crashtest.py @@ -5,7 +5,6 @@ import re reportdir = "reports/" -fuzzer = "./fuzzer_connect_multi" class bcolors: HEADER = '\033[95m' diff --git a/fuzzer/fuzzer_connect.c b/fuzzer/fuzzer_connect.c index 79505db6e..be44941d7 100644 --- a/fuzzer/fuzzer_connect.c +++ b/fuzzer/fuzzer_connect.c @@ -39,9 +39,16 @@ //#define FUZZ_VERBOSE #define FUZZ_INTERLEAVING -//#define FUZZ_EXPLICIT_EOR #define FUZZ_STREAM_RESET -#define FUZZ_DISABLE_LINGER + +#define FUZZ_B_INJECT_INIT_ACK (1 << 0) +#define FUZZ_B_INJECT_COOKIE_ACK (1 << 1) +#define FUZZ_B_SEND_DATA (1 << 2) +#define FUZZ_B_SEND_STREAM_RESET (1 << 3) +#define FUZZ_B_INJECT_DATA (1 << 4) +#define FUZZ_B_I_DATA_SUPPORT (1 << 5) +#define FUZZ_B_RESERVED1 (1 << 6) +#define FUZZ_B_RESERVED2 (1 << 7) #define BUFFER_SIZE 4096 #define COMMON_HEADER_SIZE 12 @@ -70,6 +77,7 @@ dump_packet(const void *buffer, size_t bufferlen, int inout) { #endif // FUZZ_VERBOSE } + static int conn_output(void *addr, void *buf, size_t length, uint8_t tos, uint8_t set_df) { @@ -176,7 +184,7 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) SCTP_STREAM_CHANGE_EVENT, SCTP_SEND_FAILED_EVENT }; - int enable; + int optval; int result; struct sctp_initmsg initmsg; #if defined(FUZZ_STREAM_RESET) || defined(FUZZ_INTERLEAVING) @@ -184,52 +192,41 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) #endif // defined(FUZZ_STREAM_RESET) || defined(FUZZ_INTERLEAVING) // WITH COMMON HEADER! - char fuzz_init_ack[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00\x02\x00\x01\xf8" \ - "\xc7\xa1\xb0\x4d\x00\x1c\x71\xc7\x00\x0a\xff\xff\x03\x91\x94\x1b" \ - "\x80\x00\x00\x04\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80" \ - "\x82\x00\x00\x00\x80\x02\x00\x24\x61\x6c\x7e\x52\x2a\xdb\xe0\xa2" \ - "\xaa\x78\x25\x1e\x12\xc5\x01\x9e\x4c\x60\x16\xdf\x01\x6d\xa1\xd5" \ - "\xcd\xbe\xa7\x5d\xa2\x73\xf4\x1b\x80\x04\x00\x08\x00\x03\x00\x01" \ - "\x80\x03\x00\x07\x00\x80\xc1\x00\x00\x06\x00\x14\x2a\x02\xc6\xa0" \ - "\x40\x15\x00\x11\x00\x00\x00\x00\x00\x00\x00\x83\x00\x05\x00\x08" \ - "\xd4\xc9\x79\x53\x00\x07\x01\x80\x4b\x41\x4d\x45\x2d\x42\x53\x44" \ - "\x20\x31\x2e\x31\x00\x00\x00\x00\x64\x11\x49\x00\x00\x00\x00\x00" \ - "\xac\xde\x0c\x00\x00\x00\x00\x00\x60\xea\x00\x00\x00\x00\x00\x00" \ - "\x00\x00\x00\x00\xb2\xd4\x38\x45\xc7\xa1\xb0\x4d\xd4\xc9\x79\x52" \ + char fuzz_init_ack[] = "\x13\x89\x13\x88\x49\xa4\xac\xb2\x00\x00\x00\x00\x02\x00\x01\xb4" \ + "\x2b\xe8\x47\x40\x00\x1c\x71\xc7\xff\xff\xff\xff\xed\x69\x58\xec" \ + "\xc0\x06\x00\x08\x00\x00\x07\xc4\x80\x00\x00\x04\xc0\x00\x00\x04" \ + "\x80\x08\x00\x0b\xc0\xc2\x0f\xc1\x80\x82\x40\x00\x80\x02\x00\x24" \ + "\x40\x39\xcf\x32\xd6\x60\xcf\xfa\x3f\x2f\xa9\x52\xed\x2b\xf2\xe6" \ + "\x2f\xb7\x81\x96\xf8\xda\xe9\xa0\x62\x01\x79\xe1\x0d\x5f\x38\xaa" \ + "\x80\x04\x00\x08\x00\x03\x00\x01\x80\x03\x00\x06\x80\xc1\x00\x00" \ + "\x00\x07\x01\x50\x4b\x41\x4d\x45\x2d\x42\x53\x44\x20\x31\x2e\x31" \ + "\x00\x00\x00\x00\x64\xdb\x63\x00\x00\x00\x00\x00\xc9\x76\x03\x00" \ + "\x00\x00\x00\x00\x60\xea\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + "\xb2\xac\xa4\x49\x2b\xe8\x47\x40\xd4\xc9\x79\x52\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\xd4\xc9\x79\x53" \ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00" \ - "\xd4\xc9\x79\x53\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ - "\x05\x00\x00\x00\x00\x00\x00\x00\xd9\x05\x13\x89\x01\x01\x00\x00" \ - "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x80\x45\x38\xd4\xb2" \ - "\x00\x1c\x71\xc7\x00\x01\xff\xff\xac\x40\x9b\x94\x80\x00\x00\x04" \ - "\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80\x82\x00\x00\x00" \ - "\x80\x02\x00\x24\xc8\x24\x46\x8c\x7e\x88\x2e\xb7\x88\x8b\xdd\xa1" \ - "\x55\x8b\xb4\xc0\x26\xe3\x21\xbb\xb0\x66\xfd\xb2\xd4\xde\xf9\x77" \ - "\x4f\xe4\x7c\xbf\x80\x04\x00\x08\x00\x03\x00\x01\x80\x03\x00\x07" \ - "\x00\x80\xc1\x00\x00\x0c\x00\x08\x00\x05\x00\x06\x00\x06\x00\x14" \ - "\x2a\x02\xc6\xa0\x40\x15\x00\x11\x00\x00\x00\x00\x00\x00\x00\x82" \ - "\x00\x05\x00\x08\xd4\xc9\x79\x52\x02\x00\x01\xf8\xc7\xa1\xb0\x4d" \ - "\x00\x1c\x71\xc7\x00\x01\xff\xff\x03\x91\x94\x1b\x80\x00\x00\x04" \ - "\xc0\x00\x00\x04\x80\x08\x00\x09\xc0\x0f\xc1\x80\x82\x00\x00\x00" \ - "\x80\x02\x00\x24\x61\x6c\x7e\x52\x2a\xdb\xe0\xa2\xaa\x78\x25\x1e" \ - "\x12\xc5\x01\x9e\x4c\x60\x16\xdf\x01\x6d\xa1\xd5\xcd\xbe\xa7\x5d" \ - "\xa2\x73\xf4\x1b\x80\x04\x00\x08\x00\x03\x00\x01\x80\x03\x00\x07" \ - "\x00\x80\xc1\x00\x00\x06\x00\x14\x2a\x02\xc6\xa0\x40\x15\x00\x11" \ - "\x00\x00\x00\x00\x00\x00\x00\x83\x00\x05\x00\x08\xd4\xc9\x79\x53" \ - "\x64\x30\x8a\xb9\x7c\xe5\x93\x69\x52\xa9\xc8\xd5\xa1\x1b\x7d\xef" \ - "\xea\xfa\x23\x32"; + "\x00\x00\x00\x00\x5a\x76\x13\x89\x01\x00\x00\x00\x00\x00\x00\x00" \ + "\x00\x00\x00\x00\x01\x00\x00\x62\x49\xa4\xac\xb2\x00\x1c\x71\xc7" \ + "\x00\x01\xff\xff\x82\xe6\xc8\x44\x80\x00\x00\x04\xc0\x00\x00\x04" \ + "\x80\x08\x00\x0b\xc0\xc2\x0f\xc1\x80\x82\x40\x00\x80\x02\x00\x24" \ + "\xb6\xbb\xb5\x7f\xbb\x4b\x0e\xb5\x42\xf6\x75\x18\x4f\x79\x0f\x24" \ + "\x1c\x44\x0b\xd6\x62\xa9\x84\xe7\x2c\x3c\x7f\xad\x1b\x67\x81\x57" \ + "\x80\x04\x00\x08\x00\x03\x00\x01\x80\x03\x00\x06\x80\xc1\x00\x00" \ + "\x00\x0c\x00\x06\x00\x05\x00\x00\x02\x00\x01\xb4\x2b\xe8\x47\x40" \ + "\x00\x1c\x71\xc7\x00\x01\xff\xff\xed\x69\x58\xec\xc0\x06\x00\x08" \ + "\x00\x00\x07\xc4\x80\x00\x00\x04\xc0\x00\x00\x04\x80\x08\x00\x0b" \ + "\xc0\xc2\x0f\xc1\x80\x82\x40\x00\x80\x02\x00\x24\x40\x39\xcf\x32" \ + "\xd6\x60\xcf\xfa\x3f\x2f\xa9\x52\xed\x2b\xf2\xe6\x2f\xb7\x81\x96" \ + "\xf8\xda\xe9\xa0\x62\x01\x79\xe1\x0d\x5f\x38\xaa\x80\x04\x00\x08" \ + "\x00\x03\x00\x01\x80\x03\x00\x06\x80\xc1\x00\x00\x81\xe1\x1e\x81" \ + "\xea\x41\xeb\xf0\x12\xd9\x74\xbe\x13\xfd\x4b\x6c\x5c\xa2\x8f\x00"; // WITH COMMON HEADER! char fuzz_cookie_ack[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00\x0b\x00\x00\x04"; // WITH COMMON HEADER! - char fuzz_abort[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00\x06\x00\x00\x08\x00\x0c\x00\x04"; - - // WITH COMMON HEADER! - char fuzz_i_data[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00" \ - "\x00\x1b\x04\x42\xa3\x58\x90\xe2\xba\x9e\x8c\xfc\x08\x00\x45\x02" \ - "\x04\x34\x00\x00\x40\x00\x40\x84\x9a\x0b\xd4\xc9\x79\x52\xd4\xc9" \ - "\x79\x53\x65\x75\x13\x89\x11\x97\x93\x37\x26\x6c\xb7\x65\x40\x02" \ - "\x04\x14\x96\xff\xad\xc1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + char fuzz_i_data[] = "\x13\x89\x13\x88\x07\x01\x6c\xd3\x00\x00\x00\x00\x40\x03" \ + "\x00\xdc\x2d\x2b\x46\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ "\x00\x27\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ @@ -242,6 +239,11 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ + "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"; + + // WITH COMMON HEADER! + char fuzz_data[] = "\x13\x89\x13\x88\x27\xc4\xbf\xdf\x00\x00\x00\x00\x00\x03" \ + "\x00\xd8\x79\x64\xb7\xc1\x00\x00\x00\x00\x00\x00\x00\x27\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ @@ -254,47 +256,8 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" \ - "\x41\x41"; + "\x41\x41\x41\x41\x41\x41"; + char fuzz_common_header[] = "\x13\x89\x13\x88\x54\xc2\x7c\x46\x00\x00\x00\x00"; @@ -326,7 +289,6 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) assert(result == 0); memset(&event, 0, sizeof(event)); - event.se_assoc_id = SCTP_ALL_ASSOC; event.se_on = 1; for (i = 0; i < (sizeof(event_types) / sizeof(uint16_t)); i++) { event.se_type = event_types[i]; @@ -334,19 +296,13 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) assert(result == 0); } - enable = 1; - result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_RECVRCVINFO, &enable, sizeof(enable)); - assert(result == 0); - - enable = 1; - result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_RECVNXTINFO, &enable, sizeof(enable)); + optval = 1; + result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_RECVRCVINFO, &optval, sizeof(optval)); assert(result == 0); -#if defined(FUZZ_EXPLICIT_EOR) - enable = 1; - result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_EXPLICIT_EOR, &enable, sizeof(enable)); + optval = 1; + result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_RECVNXTINFO, &optval, sizeof(optval)); assert(result == 0); -#endif // defined(FUZZ_EXPLICIT_EOR) #if defined(FUZZ_STREAM_RESET) assoc_val.assoc_id = SCTP_ALL_ASSOC; @@ -359,14 +315,17 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) #if !defined(SCTP_INTERLEAVING_SUPPORTED) #define SCTP_INTERLEAVING_SUPPORTED 0x00001206 #endif // !defined(SCTP_INTERLEAVING_SUPPORTED) - enable = 2; - result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_FRAGMENT_INTERLEAVE, &enable, sizeof(enable)); - assert(result == 0); - memset(&assoc_val, 0, sizeof(assoc_val)); - assoc_val.assoc_value = 1; - result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_INTERLEAVING_SUPPORTED, &assoc_val, sizeof(assoc_val)); - assert(result == 0); + if (data[0] & FUZZ_B_I_DATA_SUPPORT) { + optval = 2; + result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_FRAGMENT_INTERLEAVE, &optval, sizeof(optval)); + assert(result == 0); + + memset(&assoc_val, 0, sizeof(assoc_val)); + assoc_val.assoc_value = 1; + result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_INTERLEAVING_SUPPORTED, &assoc_val, sizeof(assoc_val)); + assert(result == 0); + } #endif // defined(FUZZ_INTERLEAVING) memset((void *)&bind6, 0, sizeof(struct sockaddr_in6)); @@ -380,6 +339,11 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) result = usrsctp_bind(socket_client, (struct sockaddr *)&bind6, sizeof(bind6)); assert(result == 0); + // Disable Nagle. + optval = 1; + result = usrsctp_setsockopt(socket_client, IPPROTO_SCTP, SCTP_NODELAY, &optval, sizeof(optval)); + assert(result == 0); + usrsctp_set_upcall(socket_client, handle_upcall, NULL); memset(&sconn, 0, sizeof(struct sockaddr_conn)); @@ -394,17 +358,17 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) result = usrsctp_connect(socket_client, (struct sockaddr *)&sconn, sizeof(struct sockaddr_conn)); assert(result == 0 || errno == EINPROGRESS); - if (data[0] & (1 << 0)) { + if (data[0] & FUZZ_B_INJECT_INIT_ACK) { fuzzer_printf("Injecting INIT-ACK\n"); common_header = (struct sctp_common_header*) fuzz_init_ack; common_header->verification_tag = assoc_vtag; - dump_packet(fuzz_init_ack, 516, SCTP_DUMP_INBOUND); - usrsctp_conninput((void *)1, fuzz_init_ack, 516, 0); + dump_packet(fuzz_init_ack, 448, SCTP_DUMP_INBOUND); + usrsctp_conninput((void *)1, fuzz_init_ack, 448, 0); } - if (data[0] & (1 << 1)) { + if (data[0] & FUZZ_B_INJECT_COOKIE_ACK) { fuzzer_printf("Injecting COOKIE-ACK\n"); common_header = (struct sctp_common_header*) fuzz_cookie_ack; @@ -414,32 +378,18 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) usrsctp_conninput((void *)1, fuzz_cookie_ack, 16, 0); } - // Required: INIT-ACK and COOKIE-ACK - if (data[0] & (1 << 0) && - data[0] & (1 << 1) && - data[0] & (1 << 2)) { + if (data[0] & FUZZ_B_INJECT_INIT_ACK && + data[0] & FUZZ_B_INJECT_COOKIE_ACK && + data[0] & FUZZ_B_SEND_DATA) { const char *sendbuffer = "Geologie ist keine richtige Wissenschaft!"; fuzzer_printf("Calling usrsctp_sendv()\n"); usrsctp_sendv(socket_client, sendbuffer, strlen(sendbuffer), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0); } // Required: INIT-ACK and COOKIE-ACK - if (data[0] & (1 << 0) && - data[0] & (1 << 1) && - data[0] & (1 << 3)) { - fuzzer_printf("Injecting I-DATA\n"); - - common_header = (struct sctp_common_header*) fuzz_i_data; - common_header->verification_tag = assoc_vtag; - - dump_packet(fuzz_i_data, 1102, SCTP_DUMP_INBOUND); - usrsctp_conninput((void *)1, fuzz_i_data, 1102, 0); - } - - // Required: INIT-ACK and COOKIE-ACK - if (data[0] & (1 << 0) && - data[0] & (1 << 1) && - data[0] & (1 << 4)) { + if (data[0] & FUZZ_B_INJECT_INIT_ACK && + data[0] & FUZZ_B_INJECT_COOKIE_ACK && + data[0] & FUZZ_B_SEND_STREAM_RESET) { fuzzer_printf("Sending Stream Reset for all streams\n"); struct sctp_reset_streams srs; @@ -449,6 +399,26 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t data_size) assert(result == 0); } + // Required: INIT-ACK and COOKIE-ACK + if (data[0] & FUZZ_B_INJECT_INIT_ACK && + data[0] & FUZZ_B_INJECT_COOKIE_ACK && + data[0] & FUZZ_B_INJECT_DATA) { + + if (data[0] & FUZZ_B_I_DATA_SUPPORT) { + fuzzer_printf("Injecting I-DATA\n"); + common_header = (struct sctp_common_header*) fuzz_i_data; + common_header->verification_tag = assoc_vtag; + dump_packet(fuzz_i_data, 232, SCTP_DUMP_INBOUND); + usrsctp_conninput((void *)1, fuzz_i_data, 232, 0); + } else { + fuzzer_printf("Injecting DATA\n"); + common_header = (struct sctp_common_header*) fuzz_data; + common_header->verification_tag = assoc_vtag; + dump_packet(fuzz_data, 228, SCTP_DUMP_INBOUND); + usrsctp_conninput((void *)1, fuzz_data, 228, 0); + } + } + fuzz_packet_buffer = malloc(data_size - 1 + COMMON_HEADER_SIZE); memcpy(fuzz_packet_buffer, fuzz_common_header, COMMON_HEADER_SIZE); // common header memcpy(fuzz_packet_buffer + COMMON_HEADER_SIZE, data + 1, data_size - 1); diff --git a/fuzzer/fuzzer_connect_multi.sh b/fuzzer/fuzzer_connect_multi.sh index 4e2f92011..27b4a6757 100755 --- a/fuzzer/fuzzer_connect_multi.sh +++ b/fuzzer/fuzzer_connect_multi.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0:detect_leaks=1 +#export ASAN_OPTIONS=abort_on_error=1:disable_core=0:unmap_shadow_on_exit=1:disable_coredump=0:detect_leaks=1 ulimit -c unlimited mkdir -p CORPUS_CONNECT @@ -19,4 +19,4 @@ fi echo "$NPROC" -./fuzzer_connect_multi -jobs=64 -timeout=10 -max_len=32000 CORPUS_CONNECT +./fuzzer_connect_multi -jobs=64 -timeout=10 -max_len=32000 -use_value_profile=1 CORPUS_CONNECT diff --git a/programs/programs_helper.c b/programs/programs_helper.c index 49185c254..0883740f6 100644 --- a/programs/programs_helper.c +++ b/programs/programs_helper.c @@ -52,10 +52,24 @@ void debug_printf_stack(const char *format, ...) { va_list ap; + char charbuf[1024]; + static struct timeval time_main; + struct timeval time_now; + struct timeval time_delta; + + if (time_main.tv_sec == 0 && time_main.tv_usec == 0) { + gettimeofday(&time_main, NULL); + } + + gettimeofday(&time_now, NULL); + timersub(&time_now, &time_main, &time_delta); va_start(ap, format); - vprintf(format, ap); + //vfprintf(stderr, format, ap); + vsnprintf(charbuf, 1024, format, ap); va_end(ap); + + fprintf(stderr, "[S][%u.%03u] %s", (unsigned int) time_delta.tv_sec, (unsigned int) time_delta.tv_usec / 1000, charbuf); } static void diff --git a/usrsctplib/CMakeLists.txt b/usrsctplib/CMakeLists.txt index d6652c1cd..3cc425eaf 100644 --- a/usrsctplib/CMakeLists.txt +++ b/usrsctplib/CMakeLists.txt @@ -43,6 +43,8 @@ set(includedir ${prefix}/include/usrsctp) set(CMAKE_REQUIRED_INCLUDES ${CMAKE_CURRENT_SOURCE_DIR}) set(CMAKE_MACOSX_RPATH 1) +include(CheckCCompilerFlag) + add_definitions(-D__Userspace__) add_definitions(-D__Userspace_os_${CMAKE_SYSTEM_NAME}) add_definitions(-DSCTP_SIMPLE_ALLOCATOR) @@ -53,11 +55,16 @@ add_definitions(-DSCTP_PROCESS_LEVEL_LOCKS) # OS DEPENDENT ################################################# -check_c_compiler_flag(-Wno-address-of-packed-member has_wno_address_of_packet_member) -if (has_wno_address_of_packet_member) +check_c_compiler_flag(-Wno-address-of-packed-member has_wno_address_of_packed_member) +if (has_wno_address_of_packed_member) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-address-of-packed-member") endif () +check_c_compiler_flag(-Wno-deprecated-declarations has_wno_deprecated_declarations) +if (has_wno_deprecated_declarations) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-deprecated-declarations") +endif () + if (CMAKE_SYSTEM_NAME MATCHES "Linux") add_definitions(-D_GNU_SOURCE) endif () @@ -69,7 +76,6 @@ endif () if (CMAKE_SYSTEM_NAME MATCHES "Darwin") add_definitions(-U__APPLE__) add_definitions(-D__APPLE_USE_RFC_2292) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-deprecated-declarations") endif () if (CMAKE_SYSTEM_NAME MATCHES "DragonFly") diff --git a/usrsctplib/netinet/sctp_auth.c b/usrsctplib/netinet/sctp_auth.c index 65571df2d..8d188f968 100755 --- a/usrsctplib/netinet/sctp_auth.c +++ b/usrsctplib/netinet/sctp_auth.c @@ -1650,6 +1650,12 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, "SCTP AUTH Chunk: shared key %u, HMAC id %u\n", shared_key_id, hmac_id); +#if defined(__Userspace__) +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + return (0); +#endif +#endif + /* is the indicated HMAC supported? */ if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) { struct mbuf *op_err; @@ -1729,12 +1735,6 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, sctp_zero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen)); (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key, m, offset, computed_digest); - -#if defined(__Userspace__) -#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - return (0); -#endif -#endif /* compare the computed digest with the one in the AUTH chunk */ if (timingsafe_bcmp(digest, computed_digest, digestlen) != 0) { SCTP_STAT_INCR(sctps_recvauthfailed); From d520eafea3039ba883f3a449f55c4fb0283594f7 Mon Sep 17 00:00:00 2001 From: Michael Tuexen Date: Thu, 12 Mar 2020 18:32:59 +0100 Subject: [PATCH 8/8] Undo whitespace changes to the FreeBSD sources introduced by the last commit. --- usrsctplib/netinet/sctp_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usrsctplib/netinet/sctp_auth.c b/usrsctplib/netinet/sctp_auth.c index 8d188f968..640858b92 100755 --- a/usrsctplib/netinet/sctp_auth.c +++ b/usrsctplib/netinet/sctp_auth.c @@ -1655,7 +1655,6 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, return (0); #endif #endif - /* is the indicated HMAC supported? */ if (!sctp_auth_is_supported_hmac(stcb->asoc.local_hmacs, hmac_id)) { struct mbuf *op_err; @@ -1735,6 +1734,7 @@ sctp_handle_auth(struct sctp_tcb *stcb, struct sctp_auth_chunk *auth, sctp_zero_m(m, offset + sizeof(*auth), SCTP_SIZE32(digestlen)); (void)sctp_compute_hmac_m(hmac_id, stcb->asoc.authinfo.recv_key, m, offset, computed_digest); + /* compare the computed digest with the one in the AUTH chunk */ if (timingsafe_bcmp(digest, computed_digest, digestlen) != 0) { SCTP_STAT_INCR(sctps_recvauthfailed);