Commit Graph

6 Commits (07df1ce6afffb35c0acd25b3b787ce04643306b1)

Author SHA1 Message Date
Victor Julien c7e4433fe9 afl/decode: fix stats related memleak reports 6 years ago
Victor Julien 399ab35aa1 afl: fix compile warnings for decoder fuzz funcs 6 years ago
Victor Julien afed6fe4a2 cleanup: remove all uint use 8 years ago
Victor Julien b56b04f84c afl: pass a packet queue to decoder calls 9 years ago
Jason Ish 35488eefda afl: set the packet data so pktlen gets set 9 years ago
Victor Julien fbd69729aa afl: improve packet fuzz testing
Due to the use of AFL_LOOP and initialization/deinit outside of it,
part of the fuzzing relied on the global 'state' in flow and defrag.
Because of this crashes that were found could not be reproduced. The
saved crash input was only the last in the series.

This patch addresses that. It requires a new output directory 'dump'
where the packet fuzzers will store all their input. If the AFL_LOOP
fails the files will not be removed and this 'serie' can be read
again for reproducing the issue.

e.g.: AFL would work with:
--afl-decoder-ppp=@@

and after a crash is found the produced serie can be read with:
--afl-decoder-ppp-serie=1486656919-514163

The series have a timestamp as name and a suffix that controls the
order in which the files will be 'replayed' in Suricata.
9 years ago