diff options
Diffstat (limited to 'socketfuzzer/vulnserver_cov.c')
| -rw-r--r-- | socketfuzzer/vulnserver_cov.c | 57 |
1 files changed, 35 insertions, 22 deletions
diff --git a/socketfuzzer/vulnserver_cov.c b/socketfuzzer/vulnserver_cov.c index d0926e33..a9d29cb1 100644 --- a/socketfuzzer/vulnserver_cov.c +++ b/socketfuzzer/vulnserver_cov.c @@ -10,7 +10,7 @@ /* Do nothing with first message */ void handleData0(char *data, int len) { - printf("Auth success\n"); + printf("# vulnserver_cov: Auth success\n"); } /* Second message is stack based buffer overflow */ @@ -18,30 +18,37 @@ void handleData1(char *data, int len) { char buff[8]; bzero(buff, 8); memcpy(buff, data, len); - printf("Handledata1: %s\n", buff); + printf("# vulnserver_cov: Handledata1: %s\n", buff); } /* Third message is heap overflow */ void handleData2(char *data, int len) { char *buff = malloc(8); + if (!buff) { + abort(); + } bzero(buff, 8); memcpy(buff, data, len); - printf("Handledata2: %s\n", buff); + printf("# vulnserver_cov: Handledata2: %s\n", buff); free(buff); } void handleData3(char *data, int len) { - printf("Meh: %i\n", len); + printf("# vulnserver_cov: Handledata3: %i\n", len); } void handleData4(char *data, int len) { - printf("Blah: %i\n", len); + printf("# vulnserver_cov: Handledata4: %i\n", len); +} + +void handleData5(char *data, int len) { + printf("# vulnserver_cov: Handledata5: %i\n", len); } -void doprocessing(int sock) { +void doprocessing(int sock, int serversock) { char data[1024]; - int n = 0; - int len = 0; + int n = 0; + int len = 0; while (1) { bzero(data, sizeof(data)); @@ -51,7 +58,7 @@ void doprocessing(int sock) { return; } - printf("Received data with len: %i on state: %i\n", len, n); + printf("# vulnserver_cov: Received data with len: %i on state: %i\n", len, n); switch (data[0]) { case 'A': handleData0(data, len); @@ -73,6 +80,12 @@ void doprocessing(int sock) { handleData4(data, len); write(sock, "ok", 2); break; + case 'F': + handleData5(data, len); + write(sock, "ok", 2); + // close the main server socket whoooops + close(serversock); + break; default: return; } @@ -82,10 +95,10 @@ void doprocessing(int sock) { } int main(int argc, char *argv[]) { - int sockfd, newsockfd, portno, clilen; - char buffer[256]; + int sockfd, newsockfd, portno, clilen; + char buffer[256]; struct sockaddr_in serv_addr, cli_addr; - int n, pid; + int n, pid; if (argc == 2) { portno = atoi(argv[1]); @@ -95,24 +108,24 @@ int main(int argc, char *argv[]) { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { - perror("ERROR opening socket"); + perror("# vulnserver_cov: ERROR opening socket"); exit(1); } int reuse = 1; if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, (const char *)&reuse, sizeof(reuse)) < 0) - perror("setsockopt(SO_REUSEPORT) failed"); + perror("# vulnserver_cov: setsockopt(SO_REUSEPORT) failed"); bzero((char *)&serv_addr, sizeof(serv_addr)); - serv_addr.sin_family = AF_INET; + serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; - serv_addr.sin_port = htons(portno); + serv_addr.sin_port = htons(portno); - printf("Listening on port: %i\n", portno); + printf("# vulnserver_cov: Listening on port: %i\n", portno); /* Now bind the host address using bind() call.*/ if (bind(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) { - perror("ERROR on binding"); + perror("# vulnserver_cov: ERROR on binding"); exit(1); } @@ -122,12 +135,12 @@ int main(int argc, char *argv[]) { while (1) { newsockfd = accept(sockfd, (struct sockaddr *)&cli_addr, &clilen); if (newsockfd < 0) { - perror("ERROR on accept"); + perror("# vulnserver_cov: ERROR on accept"); exit(1); } - printf("New client connected\n"); - doprocessing(newsockfd); - printf("Closing...\n"); + printf("# vulnserver_cov: New client connected\n"); + doprocessing(newsockfd, sockfd); + printf("# vulnserver_cov: Closing...\n"); shutdown(newsockfd, 2); close(newsockfd); } |