Peter M. Groen / FlashMQ

Commit 80d5cf8bbe6155ca4d3c36183a1dce0691a60b7e

Authored by Wiebe Cazemier
1 parent ddf2b612

Crude websocket fuzz mode 

Probably I also need a flag to fake already being upgraded, because
otherwise we never get passed the complicated websocket handshake.
Inline Side-by-side
Showing 8 changed files with 30 additions and 2 deletions
fuzztestsplainwebsocket/plainwebsocketpacket1.dat 0 → 100644
  View file @80d5cf8
  1 +GET /mqtt HTTP/1.1
  2 +Host: localhost:8080
  3 +Upgrade: websocket
  4 +Connection: Upgrade
  5 +Origin: https://localhost:8080
  6 +Sec-WebSocket-Key: t0gTTkLcTIeCWbst7pmP3A==
  7 +Sec-Websocket-Version: 13
  8 +Sec-Websocket-Protocol: mqtt
  9 +
... ...
fuzztestsplainwebsocket/plainwebsocketpacket2.dat 0 → 100644
View file @80d5cf8
No preview for this file type
fuzztestsplainwebsocket/plainwebsocketpacket3.dat 0 → 100644
View file @80d5cf8
No preview for this file type
fuzztestsplainwebsocket/plainwebsocketpacket4.dat 0 → 100644
View file @80d5cf8
No preview for this file type
fuzztestsplainwebsocket/plainwebsocketpacket5.dat 0 → 100644
  View file @80d5cf8
  1 +¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡ÀT°«ÄP´¯È\²©ÂV¶­ÆRº¡
0 2 \ No newline at end of file
... ...
fuzztestsplainwebsocket/websocket5packets.dat 0 → 100644
View file @80d5cf8
No preview for this file type
mainapp.cpp
  View file @80d5cf8
... ... @@ -187,6 +187,9 @@ void MainApp::doHelp(const char *arg)
187 187 puts(" -t, --test-config Test configuration file.");
188 188 #ifndef NDEBUG
189 189 puts(" -z, --fuzz-file <inputdata.dat> For fuzzing, provides the bytes that would be sent by a client.");
  190 + puts(" -W, --fuzz-websockets Mark the client as websockets for fuzzing. The handshaking process makes");
  191 + puts(" it a less useful though, because the fuzzer is not able to handle");
  192 + puts(" replies from the server, which would change the internal state.");
190 193 #endif
191 194 puts(" -V, --version Show version");
192 195 puts(" -l, --license Show license");
... ... @@ -264,6 +267,11 @@ void MainApp::setFuzzFile(const std::string &amp;fuzzFilePath)
264 267 this->fuzzFilePath = fuzzFilePath;
265 268 }
266 269  
  270 +void MainApp::setFuzzWebsockets(bool val)
  271 +{
  272 + this->fuzzWebsockets = val;
  273 +}
  274 +
267 275 void MainApp::initMainApp(int argc, char *argv[])
268 276 {
269 277 if (instance != nullptr)
... ... @@ -275,6 +283,7 @@ void MainApp::initMainApp(int argc, char *argv[])
275 283 {"config-file", required_argument, nullptr, 'c'},
276 284 {"test-config", no_argument, nullptr, 't'},
277 285 {"fuzz-file", required_argument, nullptr, 'z'},
  286 + {"fuzz-websockets", no_argument, nullptr, 'W'},
278 287 {"version", no_argument, nullptr, 'V'},
279 288 {"license", no_argument, nullptr, 'l'},
280 289 {nullptr, 0, nullptr, 0}
... ... @@ -282,11 +291,12 @@ void MainApp::initMainApp(int argc, char *argv[])
282 291  
283 292 std::string configFile;
284 293 std::string fuzzFile;
  294 + bool fuzzWebsockets = false;
285 295  
286 296 int option_index = 0;
287 297 int opt;
288 298 bool testConfig = false;
289   - while((opt = getopt_long(argc, argv, "hc:Vltz:", long_options, &option_index)) != -1)
  299 + while((opt = getopt_long(argc, argv, "hc:Vltz:W", long_options, &option_index)) != -1)
290 300 {
291 301 switch(opt)
292 302 {
... ... @@ -302,6 +312,9 @@ void MainApp::initMainApp(int argc, char *argv[])
302 312 case 'z':
303 313 fuzzFile = optarg;
304 314 break;
  315 + case 'W':
  316 + fuzzWebsockets = true;
  317 + break;
305 318 case 'h':
306 319 MainApp::doHelp(argv[0]);
307 320 exit(16);
... ... @@ -339,6 +352,7 @@ void MainApp::initMainApp(int argc, char *argv[])
339 352  
340 353 instance = new MainApp(configFile);
341 354 instance->setFuzzFile(fuzzFile);
  355 + instance->setFuzzWebsockets(fuzzWebsockets);
342 356 }
343 357  
344 358  
... ... @@ -392,7 +406,7 @@ void MainApp::start()
392 406 {
393 407 std::vector<MqttPacket> packetQueueIn;
394 408  
395   - Client_p client(new Client(fd, threads[0], nullptr, false, settings, true));
  409 + Client_p client(new Client(fd, threads[0], nullptr, fuzzWebsockets, settings, true));
396 410 client->readFdIntoBuffer();
397 411 client->bufferToMqttPackets(packetQueueIn, client);
398 412  
... ...
mainapp.h
  View file @80d5cf8
... ... @@ -40,6 +40,7 @@ class MainApp
40 40 std::list<std::shared_ptr<Listener>> listeners;
41 41 std::mutex quitMutex;
42 42 std::string fuzzFilePath;
  43 + bool fuzzWebsockets = false;
43 44  
44 45 Logger *logger = Logger::getInstance();
45 46  
... ... @@ -51,6 +52,7 @@ class MainApp
51 52 void wakeUpThread();
52 53 void queueKeepAliveCheckAtAllThreads();
53 54 void setFuzzFile(const std::string &fuzzFilePath);
  55 + void setFuzzWebsockets(bool val);
54 56  
55 57 MainApp(const std::string &configFilePath);
56 58 public:
... ...