Last active
September 12, 2015 06:19
-
-
Save JFreegman/7240bd05519876a7f772 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Max size of a packet payload */ | |
#define FUZZ_PACKET_LEN_RANGE 512 | |
/* Sends packet of size length to peernumber for every relevant group message type */ | |
static void fuzz_send_group_packet(GC_Chat *chat, uint32_t peernumber, const uint8_t *packet, size_t length) | |
{ | |
size_t i; | |
/* All lossy packet types */ | |
for (i = GP_PING; i <= GP_TCP_RELAYS; ++i) | |
send_lossy_group_packet(chat, peernumber, packet, length, i); | |
/* All lossless packet types except GP_BROADCAST */ | |
for (i = GP_PEER_INFO_REQUEST; i <= GP_HS_RESPONSE_ACK; ++i) | |
send_lossless_group_packet(chat, peernumber, packet, length, i); | |
/* Broadcast types whose protocol has only a single data field (ones we don't need to smart_fuzz) */ | |
for (i = GM_STATUS; i <= GM_PRVT_MESSAGE; ++i) { | |
uint8_t bc_packet[length + GC_BROADCAST_ENC_HEADER_SIZE]; | |
uint32_t bc_packet_len = make_gc_broadcast_header(chat, packet, length, bc_packet, i); | |
send_lossless_group_packet(chat, peernumber, bc_packet, bc_packet_len, GP_BROADCAST); | |
} | |
} | |
/* Creates a randomized packet and sends it to every peer for (almost) every group message type */ | |
static void fuzz_level_1(GC_Chat *chat) | |
{ | |
uint8_t packet[MAX_GC_PACKET_SIZE]; | |
U32_to_bytes(packet, chat->self_public_key_hash); | |
uint32_t i, j; | |
for (i = 1; i < chat->numpeers; ++i) { | |
uint32_t length = HASH_ID_BYTES + random_int_range(FUZZ_PACKET_LEN_RANGE); | |
if (length > sizeof(packet)) | |
continue; | |
/* dumb-fuzz the app data section of the packet, starting after the sender pub-key hash */ | |
for (j = HASH_ID_BYTES; j < length - HASH_ID_BYTES; ++j) | |
packet[j] = rand(); | |
fuzz_send_group_packet(chat, i, packet, length); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment