tests: Add ap-mgmt-fuzzer

This program can be used to run fuzzing tests for areas related to AP
management frame parsing and processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-04-18 16:27:18 +03:00
parent 0af57c3dd8
commit 26b3f64428
9 changed files with 288 additions and 9 deletions

View file

@ -1,8 +1,67 @@
all: all: libap.a
@echo Nothing to be made.
clean: clean:
rm -f *~ *.o *.d *.gcno *.gcda *.gcov rm -f *~ *.o *.d *.gcno *.gcda *.gcov libap.a
install: install:
@echo Nothing to be made. @echo Nothing to be made.
include ../lib.rules
CFLAGS += -DHOSTAPD
CFLAGS += -DNEED_AP_MLME
CFLAGS += -DCONFIG_HS20
CFLAGS += -DCONFIG_INTERWORKING
CFLAGS += -DCONFIG_IEEE80211R
CFLAGS += -DCONFIG_IEEE80211W
CFLAGS += -DCONFIG_WPS
CFLAGS += -DCONFIG_PROXYARP
CFLAGS += -DCONFIG_IAPP
LIB_OBJS= \
accounting.o \
ap_config.o \
ap_drv_ops.o \
ap_list.o \
ap_mlme.o \
authsrv.o \
beacon.o \
bss_load.o \
ctrl_iface_ap.o \
dfs.o \
dhcp_snoop.o \
drv_callbacks.o \
eap_user_db.o \
gas_serv.o \
hostapd.o \
hs20.o \
hw_features.o \
iapp.o \
ieee802_11_auth.o \
ieee802_11.o \
ieee802_11_ht.o \
ieee802_11_shared.o \
ieee802_11_vht.o \
ieee802_1x.o \
ndisc_snoop.o \
p2p_hostapd.o \
peerkey_auth.o \
pmksa_cache_auth.o \
preauth_auth.o \
sta_info.o \
tkip_countermeasures.o \
utils.o \
vlan_init.o \
wmm.o \
wnm_ap.o \
wpa_auth.o \
wpa_auth_ft.o \
wpa_auth_glue.o \
wpa_auth_ie.o \
wps_hostapd.o \
x_snoop.o
libap.a: $(LIB_OBJS)
$(AR) crT $@ $?
-include $(OBJS:%.o=%.d)

View file

@ -14,6 +14,7 @@ struct hostapd_data;
struct sta_info; struct sta_info;
struct hostapd_frame_info; struct hostapd_frame_info;
struct ieee80211_ht_capabilities; struct ieee80211_ht_capabilities;
struct ieee80211_vht_capabilities;
struct ieee80211_mgmt; struct ieee80211_mgmt;
int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,

View file

@ -1,8 +1,21 @@
all: all: libeap_server.a
@echo Nothing to be made.
clean: clean:
rm -f *~ *.o *.d *.gcno *.gcda *.gcov rm -f *~ *.o *.d *.gcno *.gcda *.gcov libeap_server.a
install: install:
@echo Nothing to be made. @echo Nothing to be made.
include ../lib.rules
CFLAGS += -DCONFIG_HS20
LIB_OBJS= \
eap_server.o \
eap_server_identity.o \
eap_server_methods.o
libeap_server.a: $(LIB_OBJS)
$(AR) crT $@ $?
-include $(OBJS:%.o=%.d)

View file

@ -1,8 +1,16 @@
all: all: libeapol_auth.a
@echo Nothing to be made.
clean: clean:
rm -f *~ *.o *.d *.gcno *.gcda *.gcov rm -f *~ *.o *.d *.gcno *.gcda *.gcov libeapol_auth.a
install: install:
@echo Nothing to be made. @echo Nothing to be made.
include ../lib.rules
LIB_OBJS = eapol_auth_sm.o eapol_auth_dump.o
libeapol_auth.a: $(LIB_OBJS)
$(AR) crT $@ $?
-include $(OBJS:%.o=%.d)

View file

@ -14,6 +14,7 @@ CFLAGS += -DCONFIG_IPV6
LIB_OBJS= \ LIB_OBJS= \
radius.o \ radius.o \
radius_client.o \ radius_client.o \
radius_das.o \
radius_server.o radius_server.o
libradius.a: $(LIB_OBJS) libradius.a: $(LIB_OBJS)

View file

@ -0,0 +1,81 @@
all: ap-mgmt-fuzzer
ifndef CC
CC=gcc
endif
ifndef LDO
LDO=$(CC)
endif
ifndef CFLAGS
CFLAGS = -MMD -O2 -Wall -g
endif
SRC=../../src
CFLAGS += -I$(SRC)
CFLAGS += -I$(SRC)/utils
CFLAGS += -DCONFIG_WNM
CFLAGS += -DCONFIG_INTERWORKING
CFLAGS += -DCONFIG_GAS
CFLAGS += -DCONFIG_HS20
CFLAGS += -DIEEE8021X_EAPOL
CFLAGS += -DNEED_AP_MLME
$(SRC)/utils/libutils.a:
$(MAKE) -C $(SRC)/utils
$(SRC)/common/libcommon.a:
$(MAKE) -C $(SRC)/common
$(SRC)/crypto/libcrypto.a:
$(MAKE) -C $(SRC)/crypto
$(SRC)/tls/libtls.a:
$(MAKE) -C $(SRC)/tls
$(SRC)/wps/libwps.a:
$(MAKE) -C $(SRC)/wps
$(SRC)/eap_common/libeap_common.a:
$(MAKE) -C $(SRC)/eap_common
$(SRC)/eap_server/libeap_server.a:
$(MAKE) -C $(SRC)/eap_server
$(SRC)/l2_packet/libl2_packet.a:
$(MAKE) -C $(SRC)/l2_packet
$(SRC)/eapol_auth/libeapol_auth.a:
$(MAKE) -C $(SRC)/eapol_auth
$(SRC)/ap/libap.a:
$(MAKE) -C $(SRC)/ap
$(SRC)/radius/libradius.a:
$(MAKE) -C $(SRC)/radius
LIBS += $(SRC)/common/libcommon.a
LIBS += $(SRC)/crypto/libcrypto.a
LIBS += $(SRC)/tls/libtls.a
LIBS += $(SRC)/wps/libwps.a
LIBS += $(SRC)/eap_server/libeap_server.a
LIBS += $(SRC)/eap_common/libeap_common.a
LIBS += $(SRC)/l2_packet/libl2_packet.a
LIBS += $(SRC)/ap/libap.a
LIBS += $(SRC)/eapol_auth/libeapol_auth.a
LIBS += $(SRC)/radius/libradius.a
LIBS += $(SRC)/utils/libutils.a
ELIBS += $(SRC)/crypto/libcrypto.a
ELIBS += $(SRC)/tls/libtls.a
ap-mgmt-fuzzer: ap-mgmt-fuzzer.o $(OBJS) $(LIBS)
$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
clean:
$(MAKE) -C $(SRC) clean
rm -f ap-mgmt-fuzzer *~ *.o *.d
-include $(OBJS:%.o=%.d)

View file

@ -0,0 +1,116 @@
/*
* hostapd - Management frame fuzzer
* Copyright (c) 2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "utils/eloop.h"
#include "ap/hostapd.h"
#include "ap/ieee802_11.h"
struct wpa_driver_ops *wpa_drivers[] =
{
NULL
};
struct arg_ctx {
const char *fname;
struct hostapd_iface iface;
struct hostapd_data hapd;
struct wpa_driver_ops driver;
struct hostapd_config iconf;
struct hostapd_bss_config conf;
};
static void test_send_mgmt(void *eloop_data, void *user_ctx)
{
struct arg_ctx *ctx = eloop_data;
char *data;
size_t len;
struct hostapd_frame_info fi;
wpa_printf(MSG_INFO, "ap-mgmt-fuzzer: Send '%s'", ctx->fname);
data = os_readfile(ctx->fname, &len);
if (!data) {
wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname);
goto out;
}
wpa_hexdump(MSG_MSGDUMP, "fuzzer - WNM", data, len);
os_memset(&fi, 0, sizeof(fi));
ieee802_11_mgmt(&ctx->hapd, (u8 *) data, len, &fi);
out:
os_free(data);
eloop_terminate();
}
static int init_hapd(struct arg_ctx *ctx)
{
struct hostapd_data *hapd = &ctx->hapd;
hapd->driver = &ctx->driver;
os_memcpy(hapd->own_addr, "\x02\x00\x00\x00\x03\x00", ETH_ALEN);
hapd->iface = &ctx->iface;
hapd->iface->conf = hostapd_config_defaults();;
if (!hapd->iface->conf)
return -1;
hapd->iconf = hapd->iface->conf;
hapd->conf = hapd->iconf->bss[0];
hostapd_config_defaults_bss(hapd->conf);
return 0;
}
int main(int argc, char *argv[])
{
struct arg_ctx ctx;
int ret = -1;
if (argc < 2) {
printf("usage: %s <file>\n", argv[0]);
return -1;
}
if (os_program_init())
return -1;
wpa_debug_level = 0;
wpa_debug_show_keys = 1;
if (eloop_init()) {
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
return -1;
}
os_memset(&ctx, 0, sizeof(ctx));
ctx.fname = argv[1];
if (init_hapd(&ctx))
goto fail;
eloop_register_timeout(0, 0, test_send_mgmt, &ctx, NULL);
wpa_printf(MSG_DEBUG, "Starting eloop");
eloop_run();
wpa_printf(MSG_DEBUG, "eloop done");
ret = 0;
fail:
hostapd_config_free(ctx.hapd.iconf);
eloop_destroy();
os_program_deinit();
return ret;
}

Binary file not shown.

Binary file not shown.