Skip to content

Instantly share code, notes, and snippets.

Last active Sep 12, 2015
What would you like to do?
/* Max size of a packet payload */
/* Sends packet of size length to peernumber for every relevant group message type */
static void fuzz_send_group_packet(GC_Chat *chat, uint32_t peernumber, const uint8_t *packet, size_t length)
size_t i;
/* All lossy packet types */
for (i = GP_PING; i <= GP_TCP_RELAYS; ++i)
send_lossy_group_packet(chat, peernumber, packet, length, i);
/* All lossless packet types except GP_BROADCAST */
send_lossless_group_packet(chat, peernumber, packet, length, i);
/* Broadcast types whose protocol has only a single data field (ones we don't need to smart_fuzz) */
for (i = GM_STATUS; i <= GM_PRVT_MESSAGE; ++i) {
uint8_t bc_packet[length + GC_BROADCAST_ENC_HEADER_SIZE];
uint32_t bc_packet_len = make_gc_broadcast_header(chat, packet, length, bc_packet, i);
send_lossless_group_packet(chat, peernumber, bc_packet, bc_packet_len, GP_BROADCAST);
/* Creates a randomized packet and sends it to every peer for (almost) every group message type */
static void fuzz_level_1(GC_Chat *chat)
uint8_t packet[MAX_GC_PACKET_SIZE];
U32_to_bytes(packet, chat->self_public_key_hash);
uint32_t i, j;
for (i = 1; i < chat->numpeers; ++i) {
uint32_t length = HASH_ID_BYTES + random_int_range(FUZZ_PACKET_LEN_RANGE);
if (length > sizeof(packet))
/* dumb-fuzz the app data section of the packet, starting after the sender pub-key hash */
for (j = HASH_ID_BYTES; j < length - HASH_ID_BYTES; ++j)
packet[j] = rand();
fuzz_send_group_packet(chat, i, packet, length);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment